We know that technology can be used to track people's location via a
cellphone, but how difficult is it for law enforcement to get a court
order and do this legally?
An old physics joke recounts that Werner Heisenberg (of the
uncertainty principle) is pulled over by the police for speeding one
night. The police officer asks the professor, "Do you have any idea
how fast you were going?" Heisenberg replies, "No, but I know exactly
where I am."
Being tracked via your phone
Recent court cases in the United States raise the question of the
standard required when the police want to know exactly where you are,
using your cell phone to track you down. The issue again raises the
question of how new technologies can invade privacy rights, and how
quantitative changes in the type and amounts of data collected and
stored result in qualitative changes in privacy rights. These require
a reexamination of even established laws of privacy and of probable
cause. These precedents also apply to entities like ISPs and
telephone companies that routinely collect massive amounts of data
about individuals which may be subject to eventual discovery or
disclosure. It is important that we establish and apply the correct
legal standard for obtaining this information now.
Whenever you carry (much less use) a cell phone that is turned on,
the cellular network is constantly "scanning" to determine where you
are so that it can route telephone calls to the appropriate cell
location. By examining the relative signal strength of three of these
cells, through a process called "triangulation" the cell provider can
determine - with relatively low level of precision, where you are at
any point in time. Other technologies employed by cell providers,
such as those employed with E-911 services, can determine your
location with greater precision. Finally, some cell phones are also
equipped with GPS capabilities, which passively receive certain data
from geosynchronous satellites to enable the phone (but not the
provider) to determine its precise locations - often within a matter
of feet.
This digital location information, coupled with high-speed internet
access in some cell phones, can be a great boon to users. They can
use cell phones to locate restaurants, theaters, or other
entertainment in their area, make reservations or arrange for carry
out as they travel. They might use such technology to locate family
members, including children. In a disaster situation (assuming the
cell towers continue to work), the technology might be useful in
locating survivors - well, at least locating the survivor's cell
phones. One can imagine their use by law enforcement agencies in
kidnapping cases.
Such data is already being used by cellular providers to determine
demand for and therefore location of new cell towers. It is not
difficult to imagine the economic usefulness of this data as well.
Cell providers can collect this information, link it to specific
users as well as the demographic information provided when the
subscriber initiated the cellular contract. They can then sell, lease
or otherwise provide this information to third parties. In addition,
cell providers are increasingly becoming indistinguishable from
Internet Service Providers, as people use their handheld devices to
access the Internet from anywhere. Thus, cell providers will have the
ability to collect records of every place you have been, who you have
talked to, and collect location and content of text messages, e-
mails, web traffic, IP video and downloaded or streaming audio. It is
time to set some rules on what information can be collected, and what
can be done with all of this information.
Location, Location, Location
In at least three separate cases, the U.S. government has attempted
unsuccessfully to obtain court order to require the cellular
providers to provide them information about the location of a
cellular customer gleaned from the triangulation of the signals they
have received. This in and of itself is remarkable. When the
government wants a court order to obtain a wiretap, a pen register,
or to search for or seize documents or records, it files the
paperwork ex parte and in camera. What this means is that only the
government is represented. If the government believes that a certain
law applies, it and only it presents the law to the magistrate judge.
In fact, for virtually all such applications, the records relating to
the application are sealed - either automatically by statute or as a
matter of routine by application of the government. Thus, we have no
idea how many times the federal government has gone to court to
obtain cell phone location data and been granted the data, with no
questions asked. The fact that three magistrates refused the
government's request is itself amazing.
What the government was trying to do in these three cases, one in the
Eastern District of New York (Long Island), one in Maryland, and one
in Texas, was to obtain "prospective" cell location data. That is,
they wanted the court to order the cell companies to tell them
whenever a particular cell phone moved, where it went, and how long
it was there.
It is important to note that all three of the courts recognized that
the government could get this information if it needed it. All three
courts also recognized that they had the authority to order such
prospective cell location data. At issue was the legal standard the
government had to meet to obtain the information.
Legal requirements for cellphone location information
Essentially, there are four legal standards for the government to
obtain cellphone location information. First and lowest is a pen
register or a trap and trace device. This is simply a record of the
telephone calls made (from and to) and the time of each call. Because
of an assumption that these are merely records of the telephone
company, and therefore one can't possible have an expectation of
privacy in such records, for a court to order the production of such
records (even prospectively), all that needs to happen is for a
prosecutor to certify that the records are relevant to some ongoing
investigation. Indeed, with such a certification in hand, the court
is not even permitted to question or challenge this - it MUST give
the government the power to obtain the records from the provider.
Next on the list is stored communications and subscriber records.
This would include things like stored SMS messages, stored e-mails,
and the information provided to the telephone company when the
customer created the account. To obtain these records, the government
would need to meet a slightly - and only slightly - higher standard
than the above. The government would have to demonstrate specific and
articulable facts as to why such records are relevant to an ongoing
investigation. Congress made a distinction between communications in
transmission or in temporary storage versus those that are incident
to transmission and are actually stored. In the former case, the
"interception" of the electronic communication is similar to
eavesdropping on a telephone call, and in Congress' opinion the same
kind of warrant should be required. For stored communications
however, since the records already exist and are stored somewhere,
its more like seizing a printed document (a printed e-mail). Thus,
Congress presumed that a lower standard should apply.
A third standard applies for the installation of "tracking devices"
to monitor the location of people or things. To install or monitor
such a device, the government would have to show (albeit in an
affidavit that the target never gets to see or challenge in advance)
that it was more likely than not that this would reveal evidence of
some crime by somebody - and not necessarily that the person being
tracked was committing a crime.
Finally, as noted above, the highest standard is for the interception
of the contents of communications (voice or electronic) in
transmission. These warrants can be issued either on a finding of
probable cause by a regular court, or on certain finding by a special
intelligence court, or as recently disclosed by the New York Times,
by executive order and with no warrant (as was done with the National
Security Agency).
Government argues "real time" electronic data doesn't exist
In the New York, Maryland and Texas cases, the government wanted to
track the location of cell phone holders in advance under the lower
standard of simply demonstrating some facts as to why they wanted it,
rather than the slightly higher standard of providing probable cause.
They argued that the records are merely stored records of
"communications." The courts in these cases pointed out that the
signal being measured (for signal strength to determine location) was
not a "communication" under the statute. The government then argued
that, despite language in the statute mandating that phone companies
cooperate in pen registers or trap and trace installations (the
infamous Communications Assistance to Law Enforcement Act, or CALEA),
which stated that "the authority for pen registers and trap and trace
devices cannot be used to obtain tracking or location information…"
that they could get such information under a lower standard than
probable cause.
The next government argument is somewhat astounding. The courts all
agreed that the lower standard of "articulable facts" would apply to
the disclosure by the cell phone company of "historical call site
information." That is, if your phone company retained records of
where you were, the government could get them with a subpoena, a
search warrant, or even a warrant on a lower standard. Indeed, the
court recognized that the government could demand that the phone
company retain and not destroy such records in anticipation of a
later court order. The higher "probable cause" standard applied only
to the creation and dissemination to the cops of records that didn't
yet exist. This is where the astounding argument comes in - the
government claimed (with a straight face, no less) that as soon as
the cell towers in question determined your location and recorded
this fact, these were now "historical" records subject to the lower
standard. Thus, according to the government, there is no such thing
as "real time" data or even data "in transmission."
As a technical matter, this is likely true. Indeed, I have argued
that there is no such thing as interception of packets "in
transmission." The packets have to be stopped, copied, and
reassembled to be read. Nevertheless, the law makes a distinction
between historical data and real time data. That the government would
seek to extinguish this distinction in this case does not bode well
for the government's position in other cases. The government could
then argue that it could listen in on your VOIP calls with nothing
more than a subpoena (for which no probable cause is required)
because all it is doing is looking at "historical" packets - albeit
merely hundredths of a second in the past. This is clearly the
opposite of the delicate balance Congress sought to strike. Thus, it
appears that the government is seeking to convert all interceptions
into seizures of "historical" data, and adopt the lower standards for
such data.
What about your privacy?
All of this discussion is somewhat beside the point, however. The
real issue is whether people have a reasonable expectation of privacy
in the location data in the first place. As a general rule, the U.S.
Supreme Court has adopted what I call the "breeze rule." Effectively,
if I am outside (and can feel a breeze), I probably don't have an
expectation of privacy in what I am doing. Thus, if I am growing pot
in my backyard with a 20 foot un-scalable fence, the cops with a
helicopter and a telescope (or, presumably a geostationary satellite
and a keyhole telescope) can monitor me without probable cause or a
warrant. If I am walking or driving down the street, the cops can
follow me without a warrant or even suspicion. The same goes for
using technology to enhance the ability to search. Thus, drug, money
or explosive sniffing dogs can sniff me, my briefcase, my car, and
presumably my house (if there is no trespass to do so) without any
legal restriction. If I walk into my house however, the Supreme Court
has ruled, the cops can't for example use and infrared detector to
monitor my activities in the house without some kind of warrant.
Thus, the cops can follow me around, either directly or using
technology. If they use their eyes, binoculars, a telescope, a
helicopter or other similar technologies, they don't need probable
cause or a warrant. If they install a tracking device on me, however,
they do need probable cause. But what do they need to simply obtain
records from the phone company (whether in real time, slightly
historical or historically) to accomplish the same thing?
The real problem here is that the cell phone providers have the
ability to collect, store, collate and aggregate location data on
hundreds of millions of people. These records then become a
commodity: subject to use, sale, transfer, subpoena or other
discovery. In past cases, the government (with a warrant) has turned
on people's On*Star GPS tracking and telephones to track them and
listen in on their conversations. Technically, the government isn't
"installing" a tracking device on you - it is merely retrieving the
records of a tracking device you didn't know you already had. What
this means is that Congress needs to step in and establish guidelines
for both private, public, law enforcement and intelligence
acquisition and use of this passive tracking information. Will they
do this? As Dr. Heisenberg might say, it's uncertain.
search: