OWI Labs op-ed: Carpenter v. US & fate of 4th Amendment in digital age

The OWI Labs op-ed series breaks down the latest news with an inside look at identity industry dynamics our team of experts are closely following. This week, OWI Senior Analyst Simeon Beal talks Carpenter v. United States, the digital age, and the evolution of Fourth Amendment rights.

From 2010 to 2013, Timothy Carpenter allegedly coordinated over a dozen armed robberies of cellphone stores. Carpenter was arrested after one of his co-conspirators confessed, naming him and 16 other people in connection to the crime spree. As the FBI built their case against Carpenter, they contacted MetroPCS, Carpenter’s known cell phone carrier, and requested location data for his number for a 127-day period — without a warrant.

Traditionally, a warrant is obtained by the police after they have convinced a court they have probable cause to believe waiving a citizen’s Fourth Amendment rights — the prohibition of unlawful search and seizures — would lead to a criminal arrest. However, under the Stored Communications Act, law enforcement agents only require reasonable suspicion and not probable cause to obtain communication data from third-party internet service providers. In contrast, it reasonable suspicion requires much less evidence to prove. Moreover, telecommunication companies such as MetroPCS, Verizon, AT&T, and others have a longstanding history of generously sharing their customer data with governmental agencies — the FBI, NSA, CIA, etc. — as there is no explicit law prohibiting them from doing so.

The cellphone records obtained by the FBI showed that Carpenter was within two miles of several of the robbery locations during the corresponding times in question. This evidence helped build a substantial case against Carpenter, and he was ultimately sentenced to 119 years in prison. However, his lawyers filed an appeal claiming that the FBI had violated his Fourth Amendment rights by obtaining his location data from MetroPCS without a warrant.

The Sixth Circuit Court of Appeals upheld that no warrant was necessary for Carpenter’s cellular location data in a 2-1 decision. The case was appealed again, and will be heard by the Supreme Court this fall.

As part of his defense, Carpenter’s lawyers argue that the mobile data — all of the data — shared with the third-party service providers should have been considered private information under the Fourth Amendment, therefore requiring a court-issued warrant before being obtained. This position will force the Supreme Court to revisit the question of what constitutes private data, as well as what protocols should governmental agencies be forced to comply with in order to access it.  

The current definition of private data in the U.S. was established in the 1967 case of Katz v. United States with the creation of the third-party doctrine. The third-party doctrine states that in the public domain, where there is not a reasonable expectation to privacy, there is a clear distinction between the content of a communication, and the information necessary to convey the direction or purpose of where that communication is intended to end up or “routing”.

Think about bringing a package into a post office — a big package wrapped in bright pink wrapping paper. Once you walk into the post office it is unreasonable to expect people to not notice your presence or the vibrant package you are carrying. Therefore, the logical conclusion must be that all of the information on the outside of the package is now in the public domain, including the routing information of where the package is to be shipped. Nevertheless, the contents of that package cannot be seen by anyone in the store, making the information yours and yours alone. Because that knowledge is private, the post office or any citizen of the U.S. would be breaking the law, in violation of the Fourth Amendment, if they were to open your package without permission.

While the package example is simple, privacy has become more complicated in the digital age, where people send text messages far more frequently than mailing packages. New online communication methods pose a credible challenge to the traditional bifurcation of the content and routing paradigm of private data.

So instead of mailing a package, let’s consider sending a text. Just like when you mail a package, there is certain identifiable information attached to the item, including routing information, the user’s current location, the time the message was sent, and what phone number or contact the message was sent to. And like the package containing items inside, our text contains the actual words being sent. With this analogy, a user sending a text would reasonably expect that the contents of the text message itself would be private. But what about the other information, such as location data — is it reasonable to expect it to remain private? Or should the government be able to access that information without a warrant?

Furthermore, another area of contention in this case is the growing capability of service providers to accurately record your location. In order to meet the growing demand for cellphones and to provide better cell-service to their customers, service providers have had to introduce more cell towers with increased capabilities into their network. This more robust infrastructure has enabled telecom companies to track your movements in real-time with up to as little as 50 meters of variation, and sometimes provide latitude and longitude coordinates that rival the abilities of GPS. As their ability to triangulate your location becomes more accurate, does this begin to infringe on your reasonable expectation of privacy? Should the governmental agencies be required to ascertain a warrant before having access to this data? These questions are going to be central in the Supreme Court’s debate this fall.

The Supreme Court’s decision will have vast implications on either the private sector or on the governmental agencies currently using the third-party doctrine for location data collection.

If the court decides to affirm the verdict of the Sixth Circuit Court of Appeals, the telecommunication and big data providers will be compelled to continue providing police officers with their customers’ location data without a warrant. Additionally civil-rights activist groups, including the American Civil Rights Union, who see this case as an opportunity to increase the scope of data protection rights in the United States will be outraged. Conversely, if the Supreme Court were to overturn the verdict governmental agencies will be forced to obtain warrants before requesting location information from companies. Furthermore, in recent years private companies have been collecting their customer’s geolocation data and leveraged it to refine their business’ operations. If the court were to overturn the verdict, private companies might be compelled to discontinue this practice.  

Investigators have come to rely heavily on the cooperation of service providers and big data providers for location data of criminal suspects over the past several years, and argue this relationship has greatly served to benefit national security interests. However, Carpenter’s legal team believes their defense strongly rests on their ability to argue that the legal paradigm of private data established by the third-party doctrine in 1967 is ill-equipped to handle the nuances of modern day communication platforms. Privacy in the digital age remains a murky subject, but it’s possible we’ll have some legal clarity when the Supreme Court weighs in on the case this fall.