Geographical Data and Carpenter

Carpenter v. United States, 138 S. Ct. 2206, 2221 (2018).

Background on Cellular networks

(This section by Levine & Shields (c) all rights reserved)

Cellular networks are deployed across large geographic areas to allow for a user to be mobile and stay connected. Originally, cellular networks were deployed to support voice phone calls. Over time, the networks have evolved to support the data connections required by internet-enabled apps and services common on smart phones.

Each tower that a cellular provider deploys covers a geographic cell in which users have connectivity. The towers are often called cell sites. The towers are connected to a complex set of systems that route data to users and ensure that only paying, authenticated customers have access. Commonly, a subscriber identity module (SIM) card is issued by the cellular provider and inserted into the user’s mobile device. The SIM card uses cryptography to authenticate the user’s subscription. Records help by the cellular provider link the user’s identity and billing information to an International Mobile Subscriber Identity (IMSI) value stored on the SIM card. Additionally, the user has an assigned phone number, confusingly called a Mobile Station International Subscriber Directory Number (MSISDN) in technical jargon. The mobile device has an International Mobile Equipment Identity (IMEI) assigned to it.

As cellular networks have advanced in terms of range and available bandwidth, they have changed names; these include 2G, 3G, LTE, and 5G. These names represent a combination of changing technical specifications and marketing efforts. The basics have remained the same even if internally the industry has changed its terminology continually. Let’s describe these basics with high-level terms instead of this changing terminology.

When a user powers on her mobile device, it seeks out a nearby cell site. Using the credentials held in the SIM card and via a well-defined signaling protocol, the device authenticates to the cellular provider. As the user moves, the device will associate to a new tower with a stronger wireless signal. Voice calls and data are routed to the tower the device is associated to. Typically, the provider stores a record of these associations called cell site location information (CLSI).

If a device is in range of three or more towers, the device’s geographic position can be estimated from the signal strengths. This estimation can be performed after the fact if the signal strengths are recorded, or performed in the moment and the estimation stored in a record. Alternatively, if the mobile device contains GPS functionality, it can tell the cellular provider of its location. Geographic location is not required to provide wireless communications; it’s required to assist with calls emergency 911 services.

There are many cellular providers, but only a few operator their own infrastructure. In the US, such mobile network operators (MNOs) currently include Verizon, AT&T, T-Mobile. MNOs lease capacity to resellers called mobile virtual network operators (MVNOs)s, such as Tracfone or Virgin Mobile.

The internet includes mobile devices attached to cellular networks. These devices typically are assigned an IP address via the cellular provider’s NAT gateway. Some cellular providers keep records of these NAT assignment; some do not, which can make investigations challenging. The amount of time the records are kept by providers also varies.

Facts of the case

Here are the facts of the case as summarized by the court.

Cell phones perform their wide and growing variety of functions by continuously connecting to a set of radio antennas called “cell sites.” Each time a phone connects to a cell site, it generates a time-stamped record known as cell-site location information (CSLI). Wireless carriers collect and store this information for their own business purposes.

Here, after the FBI identified the cell phone numbers of several robbery suspects, prosecutors were granted court orders to obtain the suspects’ cell phone records under the Stored Communications Act. Wireless carriers produced CSLI for petitioner Timothy Carpenter’s phone, and the Government was able to obtain 12,898 location points cataloging Carpenter’s movements over 127 days—an average of 101 data points per day.

Carpenter moved to suppress the data, arguing that the Government’s seizure of the records without obtaining a warrant supported by probable cause violated the Fourth Amendment. The District Court denied the motion, and prosecutors used the records at trial to show that Carpenter’s phone was near four of the robbery locations at the time those robberies occurred.

The case was before the supreme court to determine if the district court should have suppressed the CSLI records. The records were not obtained with a search warrant; instead the government made use of a “(d) order”, which is something between a subpoena and a search warrant. Warrants are needed for content whereas subpoenas are used for non-content meta data. Is GPS information content or not? And should Carpenter really expect any privacy in his public movements, or any privacy for information he gave away to a third party?

Before we get to the court’s decision, let’s remind ourselves of the details of these legal mechanisms.

What’s the difference between a subpoena, a “(d) order”, and a warrant?

A subpoena allows for the government to demand “basic subscriber information” from a telephone company or internet service provider (and similar services). This can include

• name
• address
• local and long distance telephone connection records, or records of session times and durations
• length of service (including start date) and types of service utilized
• telephone or instrument number or other subscriber number or identity, including any temporarily assigned network address; a
• means and source of payment for such service (including any credit card or bank account number)

There is a very low threshold for issuing subpoena. Basically, if it’s relevant to a legitimate investigation, the government can issue the subpoena.

A “(d) order” refers to the section of the law that allows for it: 18 U.S.C. § 2703(d). To obtain on, the government “must present specific facts to a judge or magistrate demonstrating that the requested information is relevant and material to an ongoing criminal investigation” (reference). What can you get from a d-order?

• everything a subpoena can get (above)
• Other transactional and account records. That is “record[s] or other information pertaining to a subscriber to or customer of such service – but not including the contents of communications”.

What would those records be? Well, how about the list of cellular towers that their mobile phone connected to during the last 3–4 months?

A warrant allows for the government to obtain the content of communications held in storage, as well as anything obtainable by a subpoena or (d)-order. Warrants are only issued for specific items to be search and seized, and only after presentation to a judge/magistrate of probable cause by the government supported by oath and affirmation. (Warrants cannot be used to obtain communications in real time; for that a wiretap order is required.)

Some background on precedents

There are at least four cases that are very important to know about before understanding the result in Carpenter.

1. US v. Katz (1967): In this case, Katz entered a public telephone booth and made calls. The FBI placed a listening device on the outside of the telephone booth (they turned it on only when they saw him entering the booth). The 7-1 decision introduced a two-prong test for courts to determine if search warrant is required for obtaining the content of communication.

   • 1) Did the person express subjectively a reasonable expectation of privacy?

   • 2) Does society objectively recognize their expectation of privacy as reasonable?

   For example, if you have conversation about something with a friend in class, where others can overhear it, you may demand that the conversation stay private, but objectively, it’s not reasonable to expect privacy in a public space. But if you were to enter a phone booth, you are demonstrating a reasonable expectation of privacy that the court recognizes, even if the government could hear you voice outside the booth. (Side note: We have these booths again in the CS building but not for phone calls, they are for zoom calls! Conference space is limited in the building.)

   The court wrote that the reach of the Fourth Amendment does not “turn upon the presence or absence of a physical intrusion”. Often the test is reduced to the question “was this a reasonable expectation of privacy?”.

2. Smith V Maryland (1979): In this case, the courts applied the Katz test to the installation of a pen trap on Smith’s phone (which captured the numbers he dialed, but not the content of his communications). In a 5-3 decision (1 abstained), the court decided the two-prong Katz test as follows:

   “First, it is doubtful that telephone users in general have any expectation of privacy regarding the numbers they dial, since they typically know that they must convey phone numbers to the telephone company… Second, even if [Smith] did harbor some subjective expectation of privacy, this expectation was not one that society is prepared to recognize as “reasonable.” When [Smith] voluntarily conveyed numerical information to the phone company and “exposed” that information to its equipment in the normal course of business, he assumed the risk that the company would reveal the information to the police.”

   There is an earlier, related case US v Miller (1976) on the subpoena of bank records, “The Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities.” The concepts decided in these two cases are sometimes refereed to as the “third-party doctrine”.

3. Kyllo v US (2001): In this case, law enforcement went to a local camera store (like a Best Buy) and purchased a video camera that included infrared imaging. Using the camera, they determined that the heat emanating from a house was significantly higher than the houses around it (they didn’t use the camera to see images of people through walls). They used that information to obtain a search warrant for a home, and indeed they found lights and heaters used to grow illegal drugs. In a 5-4 decision, the court threw out the results of the search because law enforcement used technology that “wasn’t in general use”. The court reasoned:

   “Thus, obtaining by sense-enhancing technology any information regarding the home’s interior that could not otherwise have been obtained without physical “intrusion into a constitutionally protected area,” constitutes a search–at least where (as here) the technology in question is not in general public use. This assures preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted.”

4. US v Jones (2012): In this case, law enforcement placed a tracking device on a suspect’s car. The device recorded the GPS location of the car over time. (Law enforcement actually obtained a warrant for placing the device on the car, but the warrant was limited to ten days and within DC, and then the tracking device was installed on the eleventh day and in Maryland.) Lower courts held that Jones had no reasonable expectation of privacy when the vehicle was on public streets. The Supreme Court overruled the lower court in a 5-4 decision, holding that the installation of the tracking device on the car was a violation of the 4th Amendment. The majority of the court agreed that the installation of the device was a trespass on Jones’ property (his “person, houses, papers, and effects”). But it’s the concurring opinion that is most relevant here.

   Other justices in Jones believed it was a 4th Amendment violation for other reasons. They wrote:

   “GPS monitoring generates a precise, comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations. … I would ask whether people reasonably expect that their movements will be recorded and aggregated in a manner that enables the Government to ascertain, more or less at will, their political and religious beliefs, sexual habits, and so on. … More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties (Smith and Miller). This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. “

(Bee.tee.dubs., if these decisions are of interest to you generally, you should look into the decisions for US v Knotts (1982), US v Karo (1984), and US v Riley (2014).)

The Carpenter Decision

In this 5-4 decision majority of the court agreed that the acquisition of the CLSI records by the government with a 2703(d) order (rather than a search warrant) was a violation of the 4th Amendment. In their reasoning, the court found that Katz is still relevant. The court pointed out that in Jones it said that people’s movements in public are deserving of privacy (even if the majority opinion was about trespass and not the Katz test). The court also noted that Smith tells us there is not a reasonable expectation of privacy for information given to a third party. Which precedents are more important here? Katz (and Jones) or Smith?

• Here’s the court’s reasoning:

  • “Given the unique nature of cell-site records, this Court declines to extend Smith and Miller to cover them… historical cell-site records present even greater privacy concerns than the GPS monitoring considered in Jones: They give the Government near perfect surveillance and allow it to travel back in time to retrace a person’s whereabouts… There is a world of difference between the limited types of personal information addressed in Smith and Miller and the exhaustive chronicle of location information casually collected by wireless carriers. Cell phone location information is not truly ‘shared’ as the term is normally understood. First, cell phones and the services they provide are ‘such a pervasive and insistent part of daily life’ that carrying one is indispensable to participation.”

• The court added

  • “This decision is narrow. … Not all orders compelling the production of documents will require a showing of probable cause. A warrant is required only in the rare case where the suspect has a legitimate privacy interest in records held by a third party. And even though the Government will generally need a warrant to access CSLI, case-specific exceptions—e.g., exigent circumstances—may support a warrantless search.”

• The minority of the court disagreed, finding that the majority’s ruling

  • “draws an unprincipled and unworkable line between cell-site records on the one hand and financial and telephonic records on the other. According to today’s majority opinion, the Government can acquire a record of every credit card purchase and phone call a person makes over months or years without upsetting a legitimate expectation of privacy. But, in the Court’s view, the Government crosses a constitutional line when it obtains a court’s approval to issue a subpoena for more than six days of cell-site records in order to determine whether a person was within several hundred city blocks of a crime scene. That distinction is illogical and will frustrate principled application of the Fourth Amendment in many routine yet vital law enforcement operations.”

While minority opinions can be influential later, it is the majority opinion that sets the precedent.