Cell Phones and Emails: Big Case, Big Grant, Big Issues
The Supreme Court has entered the digital age. Starting on November 13, 2017, filings with the Court will be both the traditional paper and electronic, which means if I have a case there, I will have to file both ways (I've already registered for electronic filing) and you will be able to see the filings in any case after that date, so you too can follow along and read briefs and other papers.
But the Court also has to confront the legal issues that come with the digital age, and they now have before them two cases (one set for argument and one just granted yesterday) that are at the intersection of digital technology and the 4th Amendment (search and seizure). And these aren't esoteric cases. They concern two technologies that you use every day: your cell phone and email. Believe me when I tell you, you will want to pay attention to these. This post is a bit long, so grab a beverage.
November 29: Carpenter v. United States
You know that when you make or receive a call or text, your cell phone has to connect to the nearest cell tower. What you might or might not know is that the connection creates a record of the phone's location. Under a federal statute known as the Stored Communications Act, the government can obtain a court order for access to those location records in the possession of a cell phone company if they can establish reasonable grounds that the records are relevant to a criminal investigation. That is exactly what happened in this case. The government obtained 127 days of location records for Carpenter's cell phone (12,898 points of location data), data which showed Carpenter being within 1/2 to two miles of armed robberies when they were occurring. Based in part on this evidence, Carpenter was convicted of nine armed robberies. Carpenter argues that the government's collection of these records constituted a warrantless search under the Fourth Amendment.
Three Supreme Court cases bear on Carpenter. United Staes v. Miller, 425 U.S. 435 (1976) held that the government's acquisition of several months of bank records from a bank was not a search. In Smith v. Maryland, 442 U.S. 735 (1979), the Supreme Court held that the acquisition of several days of phone numbers from the phone company was not a search. The Court that a robbery suspect had no reasonable expectation that his right to privacy extended to the numbers dialed from his phone, reasoning that the suspect had voluntarily turned over that information to a third party: the phone company. This gave the name to the "third party doctrine" which has been a staple of 4th Amendment case law, circuit courts holding that people have no "reasonable expectation of privacy" (which is in quotes because it is a key legal concept in Fourth Amendment cases) in information they share with a third party. The Sixth Circuit (map here) gave that same reading in the Carpenter case: government investigators seeking cell records for a suspect's movements do not need a warrant because the location data was shared with a third party, the cell company. (The government does have to go to court under the Stored Communications Act to get a court order, but it only has to show that there are reasonable grounds to believe that they are relevant to an ongoing criminal investigation; a warrant requires probable cause, a much higher standard).
However (and here comes technology) the Court held in United States v. Jones, 565 U.S. ___ (2012) that using GPS technology to track a person's movements does constitute a search for which a warrant is needed. (As a side note, the opinion was written by the late Justice Scalia with no dissents, so its the same Court with Justice Gorsuch instead of Scalia). Notably, five of the Justices held that the long-term monitoring using GPS violates a "reasonable expectation of privacy".
How will Carpenter be argued? Well, the government will rely on Smith and Miller and the third party doctrine; Carpenter will rely on Jones and its reasonable expectation of privacy/long-term monitoring approach, emphasizing the 127 days of data. The government will argue that cell phone records are the same as landline records and that Jones is different and does not apply because the government monitored the person's movements by putting a GPS on his car rather than getting the information from a third party; Carpenter will argue that the disclosures to a third party in Miller and Smith were meaningfully voluntary in a way that the location data was not. And while the general framework for search and seizure and surveillance law is that the contents of communications have 4th Amendment protection, and the non-content metadata (records about communications and other third-party business records) do not, it's an easy distinction in theory, not so easy to apply in practice.
This Court has not felt overly constrained by existing Fourth Amendment precedents. Prior to the Jones case, it was assumed that people had no reasonable expectation of privacy in their in their public movements. No more. Much will depend on how far the Court thinks the third party doctrine extends and whether they can define a principled line between that doctrine and the long-term monitoring standard, and see if that distinction can be applied to other areas where the Fourth Amendment could come into play, such as websites we visit, our online purchases, our search queries, and the email addresses we correspond with and the contents of those emails.
This Court has not felt overly constrained by existing Fourth Amendment precedents. Prior to the Jones case, it was assumed that people had no reasonable expectation of privacy in their in their public movements. No more. Much will depend on how far the Court thinks the third party doctrine extends and whether they can define a principled line between that doctrine and the long-term monitoring standard, and see if that distinction can be applied to other areas where the Fourth Amendment could come into play, such as websites we visit, our online purchases, our search queries, and the email addresses we correspond with and the contents of those emails.
As I said, a big and very important case.
**********
And speaking of emails, the Court granted review (cert) yesterday in another big case: United States v. Microsoft, a case about whether federal prosecutors can obtain emails for a Microsoft customer stored in an overseas server. A case that again arises under the Stored Communications Act (SCA), the issue is whether emails, stored on Microsoft's server in Dublin, are beyond the reach of a domestic search warrant. The emails, stored exclusively on the server in Ireland (some have dubbed this case the "Microsoft Ireland" case) are sought by federal prosecutors in a drug trafficking investigation. Microsoft refused to comply with the federal subpoena; the federal authorities argue that a company must turn over materials within its control even if they are stored abroad. The District Court sided with the government; a three-judge panel of the Second Circuit (map here) reversed and sided with Microsoft, holding that the SCA cannot be used to acquire emails stored exclusively on foreign servers. The Second Circuit split 4-4 on whether to reargue the case before the whole court.
Both sides see this as a major case, and it is. The government argues that if Microsoft wins, it will create a major loophole for criminals ranging from drug dealers to terrorists to child pornographers. Microsoft argues that if the government can seize emails outside the United States, what is to stop foreign governments from seizing emails within the United States? The arguments are technical (the definition of "warrant", its geographic scope and what constitutes a "compelled disclosure") but the issues are very real to anyone who uses email, which is everyone you and I know.
Stay tuned for this case and Carpenter. They will be major decisions on the law of the Fourth Amendment and digital privacy and will set the stage for what is sure to be many more cases to come.
**********
And speaking of emails, the Court granted review (cert) yesterday in another big case: United States v. Microsoft, a case about whether federal prosecutors can obtain emails for a Microsoft customer stored in an overseas server. A case that again arises under the Stored Communications Act (SCA), the issue is whether emails, stored on Microsoft's server in Dublin, are beyond the reach of a domestic search warrant. The emails, stored exclusively on the server in Ireland (some have dubbed this case the "Microsoft Ireland" case) are sought by federal prosecutors in a drug trafficking investigation. Microsoft refused to comply with the federal subpoena; the federal authorities argue that a company must turn over materials within its control even if they are stored abroad. The District Court sided with the government; a three-judge panel of the Second Circuit (map here) reversed and sided with Microsoft, holding that the SCA cannot be used to acquire emails stored exclusively on foreign servers. The Second Circuit split 4-4 on whether to reargue the case before the whole court.
Both sides see this as a major case, and it is. The government argues that if Microsoft wins, it will create a major loophole for criminals ranging from drug dealers to terrorists to child pornographers. Microsoft argues that if the government can seize emails outside the United States, what is to stop foreign governments from seizing emails within the United States? The arguments are technical (the definition of "warrant", its geographic scope and what constitutes a "compelled disclosure") but the issues are very real to anyone who uses email, which is everyone you and I know.
Stay tuned for this case and Carpenter. They will be major decisions on the law of the Fourth Amendment and digital privacy and will set the stage for what is sure to be many more cases to come.
So, re: Carpenter, it would seem to come down to differentiating live/prospective GPS tracking from past GPS records, the former not being 'stored'? In which case, lots of luck Carpenter? I also wonder whether 'communications' is defined in the Stored Communications Act. I don't think a lay person would view a GPS marker as a 'communication'. On the other hand, our phone settings do give us an opportunity to opt out of GPS tracking, so, by failing to do so, are we constructively sharing with a third party? The last thought this triggers is what I perceive to be the fiction of voluntarily sharing with a third party. It's not like we have a choice in the matter - we can't make a phone call without a third party after all. And since telephony is a basic utility, might an argument be fashioned [and I know I am stretching here, bastardizing a common concept in the insurance contract world] that the relationship between consumer and phone provider is one of 'adhesion', therefore giving preference and the benefit of any doubts to the consumer? Hmmm...
ReplyDeletePatti:
DeleteGreat comments! Let me answer in reverse order. "Adhesion" is a very interesting concept to bring into this discussion, and while I haven't seen it used, it does address one of the problems people have with the third party doctrine: the giving of information is "voluntary" only in the sense that you don't have to get insurance or have to make a phone call, but once you do you "voluntarily" give up information. Your point (benefit of the doubt) might be met by this argument: one of the Fourth Amendment's key concepts is "reasonable expectation of privacy" and, the argument would go, you just really don't have a "reasonable" expectation making a phone call. But this is part of why the intersection of technology and the Fourth Amendment is so muddled. Before the Jones case, people thought you had no expectation of privacy at all if you were out in public: GPS put on by the police changed that.
As for Carpenter and the SCA: the term "communication(s)" is not directly defined in the Stored Communication Act (18 U.S.C. §§2701-2712). The "definitions" section (§2711) refers you back to §2510 (a different chapter of Title 18) and those definitions only refer to "wire" and "oral" communications. So is the location data (which does not relate to the GPS being on or off, so no help there: Google/Apple won't know, but the carrier will) constitute (1) the digital equivalent of the phone numbers that you "voluntarily" gave up (the Smith case) or (2) similarly to the GPS tracking in the Jones case, is it more like long-term monitoring? And while the Carpenter case is not strictly about GPS, obviously Carpenter's attorney will make that argument, saying "Our case is like Jones rather than Smith", although I think your "live versus stored" argument is on point and may be made by the government. And yes, I think Carpenter loses either way.
They're just really important issues, and it's just too bad that there is so much other news sucking up all the oxygen that they don't get the coverage I think they deserve.