June 24, 2019 Best of ABA Sections

Privacy’s “Third-Party” Doctrine in the Wake of Carpenter

ABA Science and Technology Law Section

Rick Aldrich

In June 2018, the U.S. Supreme Court issued its long-anticipated opinion in Carpenter v. United States, No. 16-402, 138 S. Ct. 2206 (2018). The case revolved around a series of robberies of RadioShack and T-Mobile stores over four months. Prosecutors sought and obtained court orders requiring MetroPCS and Sprint to provide cell-site location information (CSLI) for Timothy Carpenter over two specified periods of time.

The third-party doctrine. At trial, Carpenter moved to suppress the CSLI data on Fourth Amendment grounds. The government relied on section 2703(d) of the Stored Communications Act to obtain the court orders requiring production of the CSLI records. That statutory section only required a showing of “reasonable grounds” for believing that the records were “relevant and material to an ongoing investigation,” and as such was a lower standard than that required for a warrant. So, the government needed to show the search was “reasonable,” generally requiring a showing that it fit within one of the Supreme Court’s recognized exceptions to the warrant requirement. The trial court fit it under the business records exception, which is a subset of the third-party doctrine. United States v. Miller, 425 U.S. 435 (1976), appears to be the seminal Supreme Court case recognizing a business records exception to the Fourth Amendment. In that case, the government had subpoenaed two banks for “all records of accounts, i.e., savings, checking, loan or otherwise, in the name of Mr. Mitch Miller.” The banks produced the documents ultimately leading to Miller’s conviction. Miller challenged the production as a violation of the Fourth Amendment. The Supreme Court held that “All of the documents obtained, including financial statements and deposit slips, contain only information voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business.”

The government argued in Carpenter that the CSLI that Carpenter’s phone sent to nearby cell towers, and back to his cell service provider, was voluntarily conveyed by him to the service providers and became part of their ordinary business records.

Does modern technology require a Fourth Amendment “equilibrium adjustment”? Complicating the analysis were two earlier Supreme Court cases suggesting that certain modern technologies were reducing the protections of the Fourth Amendment, and the Court was willing to engage in what some have termed “equilibrium adjustment” to reset the balance. Riley v. California, 573 U.S. 433 (2014), narrowed the scope of searches incident to arrest, a long-recognized exception to the Fourth Amendment’s general requirement of a warrant, when cell phones were involved. This does not prevent law enforcement from searching a cell phone; they just must get a warrant.

So, too, United States v. Jones, 565 U.S. 400 (2012), determined that the government’s employment of a modern technological device that would not have been envisioned by the framers of the Constitution, in this case a Global Positioning System (GPS) tracking device, constituted a search that required a warrant.

With this background, the Court determined that the facts in Carpenter fit at the intersection of the GPS cases and the third-party cases. That is, tracking a person through CSLI was similar to the GPS tracking in Jones, but it was also like Miller in that the tracking data were not the result of a tracker installed by the government but rather information voluntarily provided to a third party. Tying in Riley, the Court recognized that the wealth of information provided by long-term tracking contravened the reasonable expectation of privacy Americans hold in such “privacies of life.”

Decisions in the wake of Carpenter. More than 90 cases have cited Carpenter. Most of those citing Carpenter for its holding that searches and seizures of CSLI data require a warrant have refused to suppress CSLI evidence or overturn earlier decisions upholding the use of CSLI evidence on the basis of the good faith exception. The good faith exception was established in United States v. Leon, 468 U.S. 897 (1984), as an exception to the exclusionary rule. The Court held it was inappropriate to exclude evidence under circumstances in which a law enforcement officer’s reliance on a magistrate’s determination of probable cause to issue a search warrant was objectively reasonable. Based on this rationale, the good faith exception has expanded to include a much broader scope of circumstances, including where the police relied on a statute that was subsequently declared unconstitutional.

Beyond the court’s narrow holding. Perhaps of more interest are the future cases the Court identified outside the scope of its “narrow” decision in Carpenter.

Stingrays. The Court’s exclusion of “real-time CSLI” appears to be a reference to cell site simulators (sometimes referred to as stingrays); by posing as the strongest cell site signal, a stingray tricks nearby users’ phones into connecting with the stingray instead of the phone company’s legitimate cell tower.

Stingrays have become popular among law enforcement and intelligence agencies, but rules regarding their use have varied. Significantly, however, the U.S. Department of Justice issued new guidance in 2015 requiring a warrant, except in rare situations primarily related to the exigent circumstances exception. Later that same year, the U.S. Department of Homeland Security issued similar guidance. Several states now require a warrant prior to deploying stingrays.

Security cameras. The circuits are currently split on whether the long-term use of security cameras violates the Fourth Amendment. Technological improvements in security cameras and augmenting technologies pose perhaps the thorniest issues post-Carpenter. For example, video feeds from more than 3,000 cameras can be combined with license plate readers and radiation detectors, as in New York City’s Domain Awareness System (DAS), to permit tracking of a suspect’s location. The DAS can also respond to reports of a suspicious package by looking back in time to identify who left the package and where the person went thereafter. Similar systems can support sophisticated camera handoffs to permit individualized tracking across camera gaps. These examples seem to raise the same concerns identified in Carpenter, regarding how long-term tracking not only of suspects but of all persons within a large area can contravene the reasonable expectation of privacy Americans hold in such “privacies of life.” These technologies generally do not even involve the complication of the third-party doctrine because many of these systems are built and operated by the government. While observations in public areas are not normally accorded a reasonable expectation of privacy, the ease, simplicity, and cost-effective ways that such technologies can be applied retroactively to virtually anyone in the public may also argue for equilibrium adjustment.

Collection techniques involving foreign affairs or national security. The Court’s exclusion of collection techniques involving foreign affairs or national security appears aimed at least partially at electronic collections under the Foreign Intelligence Surveillance Act (FISA), especially a provision popularly known as Section 702, entitled “Procedures for targeting certain persons outside the United States other than United States persons.” That provision has been used by the U.S. intelligence community to target the communications of non-U.S. persons located outside the United States for foreign intelligence purposes, but it has been interpreted to permit the incidental collection of communications of any American who happens to communicate with foreign targets, sometimes referred to as the “incidental overhear rule.” The case law has not yet been well established because until 2013 only the FISA court could review activities taken under Section 702.

ABA Science and Technology Law Section

This article is an abridged and edited version of one that originally appeared on page 4 of The SciTech Lawyer, Spring 2019 (15:3).

For more information or to obtain a copy of the periodical in which the full article appears, please call the ABA Service Center at 800/285-2221.

WEBSITE: americanbar.org/scitech

PERIODICALS: The SciTech Lawyer, quarterly magazine; Jurimetrics|Online, quarterly scholarly journal; SciTech E-Merging News, quarterly electronic newsletter featuring up-to-date substantive practice perspectives and news on Section activities.

CLE AND OTHER PROGRAMS: The Section offers a variety of CLE and learning opportunities through webinars and in-person sessions throughout the year in addition to two free-to-members programs.

BOOKS AND OTHER RECENT PUBLICATIONS: Cybersecurity for the Home and Office; A Guide to HIPAA Security and the Law, 2d ed.; Unmanned Aircraft in the National Airspace; Guide to U.S. Government Practice on Global Sharing of Personal Information, 2d ed.

Entity:
Topic:

By Rick Aldrich

Rick Aldrich (aldrich_richard@bah.com) is a cyber-security policy and compliance analyst for Booz Allen Hamilton. The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy, opinion, or position of his employer or any other entity.