Cell phone location data not private, Feds argue
- — 03 October, 2012 10:18
Individuals have no reasonable expectation of privacy in historical cell phone location data collected and maintained by phone companies, a federal prosecutor said in oral arguments Monday before a three-judge panel from the Fifth Circuit Court of Appeals in New Orleans.
The court is reviewing an appeal from the U.S government in a case pertaining to the government's authority to collect historical cell phone location data from a phone company without obtaining a formal search warrant first.
Federal prosecutors in the case have maintained that the Stored Communications Act (SCA) of 1986 allows them to use a relatively easy-to-obtain court order, called 2703 (d), to force a cellphone company to turn over historical cell-site location information on specific subscribers.
Privacy advocates have insisted that law enforcement authorities should be required to obtain search warrants based on higher reasonable cause standards before they can ask a carrier for cell phone location data. They have argued that any location data collected without such a warrant is a violation of Fourth Amendment rights against unreasonable search and seizure.
The case is an important one and comes at a time when lawmakers and courts around the country are grappling with the issue of warrantless tracking of location data by law enforcement authorities. Many have expressed concern that unbridled cell phone location tracking will let the government conduct extensive surveillance on cell phone owners.
In August, the Sixth Circuit Court of Appeals ruled that Fourth Amendment protections do not in fact extend to cell phone location data. In arriving at the decision, the court maintained that there is little constitutional difference between tracking a suspect physically on public roads and using cellular technology to do the same thing.
The Sixth Circuit's decision was somewhat at odds with one arrived at two years ago by the Third Circuit appellate court which held that law enforcement authorities needed to obtain search warrants to gather customer cellphone location data stored by phone companies.
Meanwhile in California, state lawmakers recently passed legislation that would have required law enforcement to obtain a search warrant for seeking location-tracking data. California Governor Jerry Brown however vetoed that bill last weekend.
The case before the Fifth Circuit goes back to 2010 when law enforcement authorities in Houston, Texas, tried to obtain separate, but similar court orders seeking to compel two phone companies -- T-Mobile and MetroPCS -- to give up 60-days worth of cell-site location data pertaining to criminal suspects in three separate investigations.
Two of the targets of the investigations were suspected drug traffickers while the third was suspected of being involved in gang activity.
A Texas Magistrate judge who reviewed the applications for the 2703 (d) orders denied each one on the grounds that any compelled disclosure of cell-site data would be a violation of Fourth Amendment protections.
A Houston District Court that heard the government's appeal of the decision concurred with the lower court and maintained that a compelled disclosure under a 2703(d) order was not constitutional.
In arguments Monday before the Fifth Circuit, federal prosecutor Nathan Judish reiterated the government's position that the Fourth Amendment allows the U.S. government to obtain a 2703(d) order to force a cell phone company to divulge customer records.
The SCA explicitly allows the government to seek such information without a warrant so long as it can clearly show that the information is relevant to a criminal investigation, he said.
Judish maintained that the information being sought by the government was collected and maintained totally at the discretion of the two phone companies. Neither company had any legal mandate to maintain those records, he said.
Judish characterized the information being sought as business records maintained by a third party and collected as part of doing business. Customers can have no reasonable privacy expectation over such data because the data is part of a third-party's business records, he said.
Judish downplayed the sensitivity of the data being sought and said that the government was only interested in data such as date and time of calls, the telephone numbers involved in a call, whether the call originated or terminated with a call and other such data. The only location information being sought pertains to when the phones were used to make calls or send text messages, he said.
"We would get some limited information on where they were," when making calls or sending text messages over the 60-day period, he said. "These records are the phone company's own observations of its own service made and kept at its own discretion on its own equipment."
From that standpoint the phone company's role is akin to that of a witness in a criminal investigation. "The government has a right to every person's evidence in a criminal investigation," he said.
Hanni Fakhoury, a staff attorney for the Electronic Frontier Foundation (EFF), which has filed an amicus brief in the case, rejected the government's arguments.
"Technology is changing in a way that makes cell-site information a lot more precise and accurate," said Fakhoury who presented the EFFs arguments before the Fifth Circuit judges on Tuesday. The kind of records being sought by prosecutors in the case will help them get an extremely detailed picture of the whereabouts of the targeted individuals over a 60-day period.
"What the technology allows them to do is get 60 days of your every turn, your every move and every place you have gone. Not just where you car has gone but where you yourself have gone. The way the technology has improved that could even be a particular floor or even a particular room in a building," he said.
Such data, regardless of who it is being held by, is constitutionally protected and government access to it should only be via a court-issued warrant based on reasonable cause, Fakhoury said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about privacy in Computerworld's Privacy Topic Center.