At stake at US Supreme Court: privacy in the digital age
In more ways than one, Timothy Carpenter has been demonstrating the importance of smartphones in modern-day life.
Seven years ago, he began organizing and committing a series of armed robberies of cellphone stores in Michigan and Ohio. On Wednesday, he will be arguing to the United States Supreme Court that the privacy of historical location data collected by cell towers should be protected by the Constitution. If the justices agree, it will be the first time the Constitution鈥檚 privacy protections have been updated since the internet was invented. As digital technology becomes increasingly necessary for day-to-day activities, the outcome of this case could help determine how private those activities are.
鈥淔or every advance in technology, the [high] court has had an opportunity to weigh in on the effect of the new technology on privacy,鈥 says Alex Abdo, a senior staff attorney at the Knight First Amendment Institute at Columbia University. 鈥淭his case may very well decide whether we can expect privacy in the digital age.鈥
Before he was a pioneer of privacy rights, Carpenter was supplying the firearms and serving as a lookout for robberies. During that spree seven years ago, his fellow robbers would enter a store brandishing their guns, herd customers and employees to the back, and order them to fill bags with new smartphones.
While investigating the robberies, authorities ordered MetroPCS and Sprint to turn over records of every call made to and from Carpenter鈥檚 phone over a 127-day period from cell sites the two companies operated in the areas where robberies were alleged to have occurred. The records 鈥 obtained in accordance with a federal law but without a judge-approved warrant 鈥 helped authorities place Carpenter at the scenes of the robberies and, ultimately, convict him.
Carpenter, however, has argued that if the government wants to know something as sensitive as his specific location at a certain time, it should have to abide by the Fourth Amendment and show a judge probable cause that he was involved in criminal activity first.
Lower courts have disagreed with Carpenter, but the high court, after nibbling at the edges of the issue in recent years, will now confront it head-on.
Pre-internet privacy laws
The Fourth Amendment is one of the Constitution鈥檚 blunter legal instruments, and thus the justices have agreed to periodically update it throughout history to reflect technological advances. The amendment originally required a warrant only for searches of 鈥渉ouses, papers and effects,鈥 but it was expanded in the 19th century to include contents of letters carried by the postal system. In the 1970s, it was expanded to include telephone conversations, and it has not been updated since.
Significantly, throughout all these changes the content of communications has been protected by the Constitution, but information about communications (or 鈥渘on-content鈥) have not. The Supreme Court maintained that precedent in its last major Fourth Amendment decision, the 1979 case Smith v. Maryland that created what is known as the 鈥渢hird-party doctrine.鈥 The court ruled then that a person "has no legitimate expectation of privacy in information he voluntarily turns over to third parties" 鈥 in this case a pen register, created by the telephone company at the request of police, of all numbers dialed by an alleged robber.
That kind of 鈥渘on-content鈥 information now includes the metadata 鈥 the data about data 鈥 transmitted constantly by digital technologies such as smartphones. And vast amounts of that data are collected by third parties.
When investigating Carpenter, authorities used the Stored Communications Act (SCA) to seize and search metadata captured by cell towers. The federal statute, enacted in 1986, effectively enshrined the third-party doctrine into law. Under the statute, all law enforcement needs to prove in order to search information held by third parties like cell service providers is that the records are 鈥渞elevant and material鈥 to an ongoing investigation.
These precedents are now outdated tools to protect privacy in the digital age, critics argue.
The third-party doctrine was created before the internet, for example, and at a time when third parties held much less information, both in quantity and detail, than they do now. When President Reagan signed the SCA into law, only about 500,000 people subscribed to a cellphone service, according to CTIA, a trade association for wireless communications companies. Now more than three-quarters of American adults , which can each transmit more data in minutes than could fit on an entire hard drive in 1986.
鈥淢ore and more we store our private information on the servers and computers of third parties,鈥 says Mr. Abdo, who co-authored 聽supporting Carpenter. 鈥淒o we sacrifice our right to privacy by using modern technology?鈥
Slippery slopes
Expanding on that argument is a coalition of some of the largest tech companies in the world. Apple, Google, Microsoft, and Verizon, among other private industry heavyweights, 鈥 in support of neither party 鈥 that 鈥渃ourts should take a more flexible approach that realistically reflects the privacy people expect in today鈥檚 digital environment.鈥
The third-party doctrine, the brief adds, 鈥渟hould not apply in a world where devices and applications constantly transmit data to third parties by dint of their mere operation.鈥
Their fear, and the fear of some other observers, is that while law enforcement may now be using the third-party doctrine to easily obtain the location and movements of people 鈥 information that is also only getting more precise as smartphone technology improves and 鈥 the doctrine could be used in the future to easily obtain more personal information in even larger quantities.
The ever-growing 鈥淚nternet of Things鈥 offers a glimpse of that future, the tech companies write. While smartphones constantly transmit specific details about a user鈥檚 location to third parties, there are other devices transmitting other kinds of metadata. Smartwatches can transmit a user鈥檚 fitness data; smart-home devices can send metadata on room temperature and grocery orders through third parties.
鈥淲e don鈥檛 know how [third-party metadata] is going to be used in future,鈥 says Michael Overing, an expert in internet law and an adjunct professor at the University of Southern California鈥檚 Annenberg School of Communication & Journalism.
鈥淏ecause we don鈥檛 know,鈥 he adds, 鈥淚 want us to err on side of caution.鈥
But some experts worry about another kind of slippery slope: that the justices decide to expand the Fourth Amendment in a way that delivers more questions than answers.
To rule that cell tower records are protected by the Fourth Amendment would be to depart from the content/non-content rule, a bright line that has been crucial as privacy law has evolved over the centuries, says Orin Kerr, a professor at George Washington University School of Law.
鈥淭he question is what should [the Fourth Amendment] protect and what should it not protect,鈥 he adds. And the content/non-content rule 鈥渋s an essential rule for maintaining balance as we shift from a physical world to a network world.鈥
Giving historical cell tower records Fourth Amendment protection 鈥渨ould drag state and federal courts into impossible line-drawing exercises that would cause endless confusion,鈥 Professor Kerr in support of the government.
If the Constitution protects historical cell-site records, he writes, does it also protect bank records? Automatic license plate readers? And is it limited to location information? How important is the length of time the surveillance covered? At what point in time does a search stop being constitutional? And does that point in time depend on the search method being used?
鈥淭hat [would] create a quagmire for the lower courts,鈥 says Christopher Slobogin, director of the Criminal Justice Program at Vanderbilt Law School. 鈥淚t would be so hard to figure out when unconstitutional [searches] have occurred.鈥
'They need to be more aware'
The Supreme Court has avoided major Fourth Amendment questions in recent years, so predicting its decision here is even harder than usual, experts say.
Only one justice, Sonia Sotomayor, has expressed an opinion on the third-party doctrine. In a to a unanimous 2012 decision regarding warrantless GPS tracking, she wrote that the doctrine 鈥渋s ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.鈥
But while they may not know the views of the other eight justices, many experts predict the court will ultimately, as it often does with loaded constitutional questions, issue a narrow opinion and then refine that opinion over time through legal challenges stemming from the questions it leaves unanswered.
While they differ on how the Fourth Amendment should be updated, most experts agree that the SCA should be updated. They also hope that the public becomes more informed about how much information they鈥檙e giving to third parties every time they use their phones.
鈥淭hey need to be more aware of what鈥檚 being broadcasted, what the privacy settings are on their phones,鈥 says Mark Kuhr, the chief technology officer at Synack, a cybersecurity company based in Redwood City, Calif.
鈥淚t would be great to see consumers 鈥 demanding better privacy protections from their lawmakers, but also from the people they鈥檙e buying products from,鈥 he adds. 鈥淧rivacy is a little bit of a myth.鈥
