Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Supreme Court Case This Week Could Change US Digital Privacy Standards

Posted by BeauHD on from the digital-age dept.

On November 29th, the U.S. Supreme Court will hear oral arguments in Carpenter v. US, a case essentially asking whether or not authorities need a warrant based on probable cause and signed by a judge to see your cellphone location data. For now, they do not. Given the fact that about 95% of Americans have cellphones, this case has major implications. Quartz reports: Mobile-service providers collect "cell site location information" (CSLI) for all phones, ostensibly to use for things like improving their networks. The U.S. government considers these data "routinely collected business records" rather than private information. That means it can demand the records without proving probable cause. That's what happened in the criminal case of Timothy Carpenter, accused of a series of Detroit, Michigan robberies. At Carpenter's trial, prosecutors presented evidence collected by private companies, obtained by the law without probable cause. They used 127 days-worth of cellphone-location data, amounting to almost 13,000 data points, to tell a circumstantial story of Carpenter comings and goings.

In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy" when it comes to these records, government attorneys wrote. Carpenter argues that the location evidence was obtained illegally. The Sixth Circuit Court of Appeals denied that claim last year, basing their decision on Supreme Court cases from the 1970s: Smith v. Maryland and US v. Miller . The appeals court concluded that, under what's called the "third-party doctrine," Americans don't have a reasonable expectation of privacy in things like check deposit slips, similar banking records, and dialed telephone numbers.

74 comments

  1. The ONLY way to win is to by Anonymous Coward · · Score: 0

    not play.

  2. What should be private? by axlash · · Score: 4, Interesting

    A good question to ask is - what is it reasonable to expect to be private?

    Here are some scenarios that most people would agree would qualify as an invasion of privacy:
    - If what you did on your personal property behind closed doors was made public;
    - If you gave personal information to someone, and they said that they would keep it secret, but they then disclosed it to someone else.

    Here are some scenarios that would *not* qualify as invasion of privacy:
    - If you did something on property that was not yours, and it was made public;

    I am not sure of a situation where you give personal information to someone, and they make it public after making no guarantees to you that they would keep such information secret. Are you foolish for giving the information without such guarantees, or should you expect that because the information is personal, you should automatically assume it should be kept secret? Why should you have such an expectation?

    --
    Deal with reality - the world as it is - rather than ideality - the world as you would like it to be.
    1. Re:What should be private? by Anonymous Coward · · Score: 1

      Are you foolish for giving the information without such guarantees, or should you expect that because the information is personal, you should automatically assume it should be kept secret?

      Are any such guarentees valid? What if it verbal guarentees vs written?
      AFAIK, the theory has become that if you have given information, you have no guarentee of privacy - only an expectation and a possiblity (not guarentee) of legal recourse. Handing out personal information is thus a gamble on whether you were foolish or whther you benfited.
      In the first two cases:
      - What if you have signed a contract to allow recording of yourself behind closed doors, aka tv show "big brother"? Such things can be written into contracts easily - it can be difficult for the average person to know what should be allowed and what should not, as well as what cannot be signed away. Harder still when rules can change.
      - How do you prevent companies from writing sale of information into their contract? The idea of "go somewhere else" is fine until all of the providers do it.

    2. Re:What should be private? by Wrath0fb0b · · Score: 4, Informative

      I am not sure of a situation where you give personal information to someone, and they make it public after making no guarantees to you that they would keep such information secret. Are you foolish for giving the information without such guarantees, or should you expect that because the information is personal, you should automatically assume it should be kept secret? Why should you have such an expectation?

      Well, Congress actually stepped in and enacted more (but not maximal) protection than required by passing the Stored Communication Act. In relevant part (Â 2702(a) for the law nerds following along) makes an ISP civilly liable if they voluntarily disclose your content except with your lawful consent. That is, the default in the "make no guarantees" is that the ISP cannot disclose anything.

      So appreciate the bizarro-fact that Congress passed a law creating protection that the Constitution doesn't require and appreciate the new default :-)

    3. Re:What should be private? by sinij · · Score: 2, Interesting

      Your honor, obviously axlash is premeditated and conspired to commit crime, as he refused to carry his smartphone with him on the day of the event.

    4. Re:What should be private? by clonehappy · · Score: 5, Insightful

      I get the whole private property vs. public property thing as far as things go like video recording and such. You don't have an expectation of privacy in public because there are other people physically there who can see what you're doing.

      But, for fuck's sake, I should be able to drive up to the gas station to get a 6-pack without the government knowing I did so.

      Sure, the gas station knows I went there. And the people at the gas station can see me there. If any of those people even know who I am, or care. And if I drive past my friend Tom's house on 4th Street to get there, he might see me driving down 4th street. But I still have my privacy to a great extent. None of those individual pieces of information are worth much to anyone.

      The government, if they want to find out, can see that I left my house because my phone disconnected from Wi-Fi, they can tell I got in my car and started it because it connected to the bluetooth, they can track me either through location services or cell towers to pretty much figure out exactly where I went, what route I took to get there, how long it took, and then can see from my debit card that I bought a 6-pack and a Slim Jim. It's just all a little too much. Sure, the convenience is nice but at what cost?

      As for why I should expect all that information to be private? Because keeping historical records of everywhere I go and everything thing I do is not the service I signed up for. I signed up for a mobile telephone and debit card. In the case of the debit card, I understand that records need to be kept for a certain period of time. Not indefinitely, mind you, but for a fixed period of time that should be agreed upon by the cardholder and the bank.

      As for telephones? With the advent of unlimited cellular plans, there really isn't any logical excuse for telephone companies to keep personally identifiable records of really anything at this point. Sure, the cellular network needs to know where I am *right now* in order to route calls to the correct cell tower and to deliver data to any open sessions I may have. It doesn't need to know where I was on January 22, 2009 at 5:37PM in order to route calls to my phone today, and they don't need to know I texted my brother to tell him happy birthday in March of 2013 in order to deliver SMS messages today.

      They don't need that data for network management, either. They can keep historical records of the load on given sites for purposes like that, to know what cells are over or underutilized, etc. But to keep a detailed historical record of my location, every call I made and to whom, every data session, and the contents of every message I've sent going back literally years or decades is obviously nefarious.

      There is no legitimate reason for a service provider to keep any records for any longer than necessary to complete the business end of the service I've signed up for. In the days of metered plans and overages, there was at least a reason to keep the information until the close of the billing cycle and maybe a few more in the case of bill disputes. Today, the record of what I did should be deleted at the end of the session. Meaning this: I've closed the data connection or terminated the phone call or successfully sent or received an SMS? Then the service I asked for was completed, and the records of it should be purged.

    5. Re:What should be private? by Anonymous Coward · · Score: 2, Interesting

      A good question to ask is - what is it reasonable to expect to be private?

      That's actually quite simple
      Anything that's not accessible to other non-law-enforcement citizens. I can observe anyone I want in public. I can get their public data.
      But I can't have their info from other companies, because they'll tell me to go away.

    6. Re:What should be private? by dcollins117 · · Score: 2

      ...and then can see from my debit card that I bought a 6-pack and a Slim Jim. It's just all a little too much.

      I agree, next time skip the Slim Jim, it's a step too far.

      With the advent of unlimited cellular plans, there really isn't any logical excuse for telephone companies to keep personally identifiable records of really anything at this point.

      I called T-Mobile once about getting my phone records for a court case. They told me they don't keep any records for the prepaid plans. Dunno if it's true, but my lawyer couldn't get them either. Presumably they don't keep them but if they do they're hard to get.

    7. Re:What should be private? by Anonymous Coward · · Score: 0

      " It doesn't need to know where I was on January 22, 2009 at 5:37PM in order to route calls to my phone today, and they don't need to know I texted my brother to tell him happy birthday in March of 2013 in order to deliver SMS messages today."

      They do if your phone was stolen but you didn't notice until today, and you want to dispute the bill. Then the government wants ISP's and telecomms providers to retain communication records so they can uncover a terrorist cell through association if they catch one loony.

    8. Re:What should be private? by parkinglot777 · · Score: 0

      Are any such guarentees valid? What if it verbal guarentees vs written?

      That's what the court is for. In other words, you may have to prove that there is such a guarantee or warranty if you are claiming that the other violates your privacy.

      AFAIK, the theory has become that if you have given information, you have no guarentee of privacy - only an expectation and a possiblity (not guarentee) of legal recourse. Handing out personal information is thus a gamble on whether you were foolish or whther you benfited.

      That just confirms what the GP said. Guarantee could be a "valid" contract. Whatever information you give to someone could be disclosed without being illegal if there is no contract. And you have to be able to prove it regardless how the contract is being done.

      - What if you have signed a contract to allow recording of yourself behind closed doors, aka tv show "big brother"? Such things can be written into contracts easily - it can be difficult for the average person to know what should be allowed and what should not, as well as what cannot be signed away. Harder still when rules can change.

      Again, if you can prove that the contract is invalid, then the contract is null and void. Even though what you said could be written in a contract, anything can't go beyond your constitution right. In your example, recording video or audio of you and others watching the show 'big brother' would violate your privacy, but recording how you watch the show (time-wise or switching channel) very unlikely violates your privacy. Nowadays, big corporations, such as cable companies, would know exactly how to word their contracts. The only choice you have is to determine whether you want to trade in your information for your convenience (in this case is entertainment). You have to make a decision. Different people see privacy in different ways.

      - How do you prevent companies from writing sale of information into their contract? The idea of "go somewhere else" is fine until all of the providers do it.

      Actually that is the way corporations do nowadays. This kind of situation could lead to a class action, and then the court will decide whether or not they can do it. Again, if you think certain information of yours is private, then a certain number of other people must think the same in order to pursue the rest. Until you can convince enough people to think the same, the information is not private.

    9. Re: What should be private? by Anonymous Coward · · Score: 1

      So not private, as you told the cell phone company that it was okay for them to sell that data.

    10. Re:What should be private? by dryeo · · Score: 1

      Around here there are stalking laws so depending on why your gathering my info and following me around, it can be illegal to observe me in public.

      --
      https://en.wikipedia.org/wiki/Inverted_totalitarianism
    11. Re:What should be private? by dryeo · · Score: 1

      So basically having rights depends on having a good lawyer or more to go up against $BIG_COMPANY

      --
      https://en.wikipedia.org/wiki/Inverted_totalitarianism
    12. Re:What should be private? by Anonymous Coward · · Score: 0

      There is no legitimate reason for a service provider to keep any records for any longer than necessary to complete the business end of the service I've signed up for.

      Really? Pretend you're a service provider. Are you sure user statistics aren't useful in predicting the future needs of your business (both engineering and marketing)? Are you sure they're not interesting, in some not-illicit way?

      It's useful to remember, after the billing period, that some of our customers sent SMS messages instead of using some internet service. This many happened, and we made this much money from it. It used this much of our resources.

      It's useful to remember, after the billing period, that cell tower got used n times per minute vs that other one over there.

      (Iutr,atbp, you communicated with that person and so you might have a relationship so maybe I can advertise something to you indirectly by advertising it to your broth-- ok, you're calling bullshit and reminding me that you said "legitimate.")

      And so on. I could try to enumerate all the ideas, and then you could propose summarizing and anonymizing the records to provide that stats I want. But what if I didn't remember them all? It's daamn nice and convenient to have a big history table that I can query however I want. It's easier and cheaper and it's motivated by legitimate purposes. But even the ease and cheapness, themselves, I think counts as pretty legitimate.

      I have Apache logs that are ten years old! Do I need them? I don't know, honestly, but it's so easy ot keep a few files around. And sometimes I do see that traffic now is different than traffic in 2007. Who is someone else to tell me I might not want to look at these logs again? And even if you persuade me that I don't really need them (you'll probably have an easy time!), what's the cost to me keeping them? It's just disk space, and it's tiny to the point of approaching free.

      But I don't bear the other "costs" of that information existing. Yeah, if someone else has records of who had what IP address when, then joining that data to my data could maybe let me blackmail some nobody about an embarrassing search they did ten years ago. Ewww!! I can see why people would hate that. Me too. But what if that join doesn't happen? They're just my logs. Get your hands off my computer.

    13. Re:What should be private? by Anonymous Coward · · Score: 0

      "You don't have an expectation of privacy in public because there are other people physically there who can see what you're doing."

      Actually you do or should have some limited expectation of privacy even in public.

      --Filming someone in the restroom
      --Filming or looking up someone's skirt/dress or down a dress/top
      --Keeping your ideas, thoughts, etc inside your head -- i.e. not being forced to says something or be blamed for not saying something
      --Not having to be subjugated to excessive noise, smell, language, visual images, light, etc just to be in the public space
      --Not being intimidated or threatened

    14. Re:What should be private? by Anonymous Coward · · Score: 0

      Bottom line is that as soon as you signed up for cell service YOU AGREED TO EVERYTHING YOU STATED. Because that's how the service operates. Just because you're to stupid to turn off your cell phone before you rape that 6 year old boy at your GF's house doesn't mean that the cell company should protect your information collected in the normal process of providing service to you.

    15. Re:What should be private? by Anonymous Coward · · Score: 0

      Your honor, the state intents to prove that Mr clonehappy purchased a 6 pack and a Slim Jim on 4th street, but all records related to that event have been purged. Instead, we submit his post on /. as evidence. The prosecution rests.

    16. Re:What should be private? by EndlessNameless · · Score: 1

      But what if that join doesn't happen?

      The problem today is that data aggregation is happening at an obscene rate. It is the norm for large businesses to affiliate and share data, and some business buy user data specifically to mine it.

      In addition to law enforcement officials, we need to consider placing some restrictions on how private organizations can collect, share, and analyze data.

      --

      ---
      According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
    17. Re:What should be private? by parkinglot777 · · Score: 1

      So basically having rights depends on having a good lawyer or more to go up against $BIG_COMPANY

      Again, why many people here assume anything to the extreme and ignore everything else? There are inherit rights and there are rights that have to be proven. If you believe that everything is your right, then I have no word to explain. Also, if you believe what you said, I also have no word to explain.

    18. Re:What should be private? by Anubis+IV · · Score: 1

      Great questions. At least to me, there's one other distinction at the heart of our expectations: did we share it incidentally or intentionally?

      The phone companies only have this information because they must as a requirement for providing service, not because I'm intending to share it with them. In fact, the data is being shared from the exact same device to the exact same company by the exact same person as it would be when I make a phone call, so why wouldn't they be treated the same? I expect my calls to be private, even though the phone company incidentally has access to them as a necessity for the operation of their service. Why wouldn't I expect my location data to be private as well, given that it's only shared to them incidentally for the operation of their service?

  3. "No reasonable expectation" by markdavis · · Score: 4, Insightful

    >"In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy"

    And THAT, my friends, is the slippery slope of how privacy and freedom is lost in the modern world of technology. That exact argument has been used over and over again to strip one thing after another. You will have no "reasonable" expectation of privacy wherever you go with your almost absolutely necessary cell-phone. No expectation in your car. No expectation at work. No expectation on a sidewalk. No expectation in your yard. No expectation using your private Email at home. None watching your DVR. Want to work here or just about anywhere? Sign this agreement. Want to get any type of insurance? Sign this agreement. Want to open a bank account? Sign this agreement. Want to own a car, credit card, house, software, whatever, sign this agreement. At some point we are talking about things we can't live without in the modern world and yet things in which private companies apparently conspire to all require the same often questionable and frequently unreasonable terms. And those private companies then allow all this data to flow right to any 3-letter government agency with little or zero resistance, or just "lose" it by being hacked or doing stupid crap.

    1. Re: "No reasonable expectation" by Anonymous Coward · · Score: 4, Insightful

      Wrong. The third party doctrine was decided wrongly too. The government is not going after "business records", they're going after people.

      Allowing the government to circumvent a person's rights because of a legalism created by that very same government (that is, corporations) is as wrong as if the government planted a GPS on you themselves.

      As to your righteous condemnation of anything a bunch of totally untrustworthy politicians decide is against the law, I'd invite you to consider that you probably broke half a dozen of them on your way home from work today.

    2. Re: "No reasonable expectation" by Anonymous Coward · · Score: 2, Informative

      Indeed smart criminals use burner phones and change them often.

      The problem is you contractually agreed to let the phone company track you, not the government.

      If this court challenge fails then it is very important that it be explicitly driven home to everyone who owns a phone that they are one and the same.

    3. Re: "No reasonable expectation" by Wycliffe · · Score: 4, Insightful

      You do not have to use a cell phone, or have it turned on while doing criminal shit.

      Your entire argument hinges on that fundamentally false statement.

      You're carrying a GPS tracker that you contractually agreed to allow track you. End of the argument. Goodbye.

      I never willingly contractually agreed to have anyone track me and I would gladly opt out of records of my GPS movement if allowed.
      The services I use on my phone don't require them to actually store my location anywhere to still be able to provide me the service.
      I think the correct solution is to make it illegal for cellular companies to store cellular tower or GPS locations about their customers.

      As far as turning your phone off while breaking the law, I could easily see a future where an innocent person could become a
      suspect just because their phone happened to be off during multiple robberies.

    4. Re:"No reasonable expectation" by Anonymous Coward · · Score: 4, Insightful

      Data held by third parties ABOUT you needs to be considered YOUR property (and rules must be set to where it cannot be turned over even by the third party without you being granted the right to challenge the seizure) for the purposes of compliance with the Constitution, full stop. What happens if we do not take an absolutist position on this issue is simple: the government can't get what they want from you so they have corporations do it for them.

      Remember the Best Buy employee that the FBI paid per report to generate...oh, sorry, I mean "report"...child porn possessors, having him search computers in a way that would be a flagrant violation of Constitutional protections if the FBI did it directly? That's a prime example of the sort of crap that will go down a lot more often if a precedent is set that makes third parties a 100% legal Constitutional bypass. FBI can't search your history? Well, now they just go to Google and subpoena your search history, outbound clicks, and visit bounce times!

    5. Re: "No reasonable expectation" by markdavis · · Score: 4, Insightful

      >"slippery slope" my ass. This is the worst possible point you can stress when defending your position.

      Quite the opposite. The "slippery slope" is exactly the type of thing that gets society in trouble time after time. Justifying each small surrender for supposedly the "greater good", step by step walking down the slope into a future where we suddenly wake up and realize the path somewhere along the way was wrong and yet those stairs are now a greased slide.

      >"Generalization and out of context statements or phrases are the social warriors main ammunition."

      Trust me, I am no social [justice] warrior. I am, however, very interested in LIMITING the power of government.... exactly the principles this country [USA] were founded upon. Social warriors are those who want ever increasing [especially Federal] government powers to control everyone's behaviors because supposedly everyone is a victim that needs daddy government to run everyone's lives. Or perhaps we are all just "unsafe" and need to surrender "just a little more" privacy and freedom in the name of safety and security? "If you have nothing to hide" and all that.

      >"There are bad people roaming all over the world. Some of these people are dangerous. You can't take away all the tools used by law enforcement and national security agencies."

      These are "tools" they never had in the past, so nothing is being "taken away" it is just not allowing them the new-found power to track everyone both now and in the past.

      >"Law enforcement and the security agencies don't have the resources to waste on the inconsequential."

      Right. Because such powers are never and will never be abused. I think you need to study history more...

    6. Re: "No reasonable expectation" by markdavis · · Score: 3, Insightful

      >"You do not have to use a cell phone"

      And you do not have to drive a car.
      And you do not have to use Email.
      And you do not have to use a credit card.
      And you do not have to browse the web.
      And you do not have to use electricity.
      And you do not have to use a DVR.
      And you do not have to work at X, Y, or Z.
      And you do not have to have a bank account.

      I think you totally missed the point of my post. At what point are such "normal" activities no longer "optional" in a modern society?

      >"End of the argument. Goodbye."

      It isn't dismissed quite that easily, I am afraid.

    7. Re: "No reasonable expectation" by Anonymous Coward · · Score: 0

      You are still allowed to buy SIM cards without showing a passport and confirming the biometric data in the USA? My guess is... Not for long

    8. Re: "No reasonable expectation" by Anonymous Coward · · Score: 0

      And you do not have to have a bank account.

      By law I'm required to have a bank account.

    9. Re:"No reasonable expectation" by currently_awake · · Score: 1

      Federal Government employees (in America) are limited by the American Constitution. Anyone who works for the Gov is an employee, including employees of a cellphone company who do jobs for the police, and therefore should be under Constitutional limits. Gathering location data for the purpose of handing over to police counts as working for the government.

    10. Re: "No reasonable expectation" by Anonymous Coward · · Score: 0

      I personally know several people who do not have any sort of bank account, no credit cards, no PayPal.

      They have to obtain money orders to pay rent (one of them pays me rent).

      They have to go everywhere they need to pay a bill. Their utility account is settled at a kiosk, and they pay a service fee for that.

      Some are convicted felons, finding it hard to rent an apartment, afford auto insurance much less paying for it, finding steady work because the jobs they can get aren't very stable (and serendipitously don't pay by direct deposit, so they pay a fee to cash their paycheck). Some are just contrary. One just doesn't bother, he can't seem to manage his money any other way than by holding it in his hands and working it out visually.

      None of these people are illegal aliens, nor fugitives from the law, so far as I know.

      I'm a little curious, where you live and what law requires you to have a bank account. I'm not ready to call BS on that claim quite yet because our government, at all levels is capable of such action. THAT is the problem.

    11. Re: "No reasonable expectation" by edtice1559 · · Score: 1

      I'm not sure how I feel about this particular issue, but if you decide on a life of crime. 1) Don't turn your phone off during a robbery. Leave it at home. Claim it as an alibi. See my phone was home. 2) Use a burner during the actual crime. 3) Maybe neither of us is cut out for a life of crime.

    12. Re: "No reasonable expectation" by Anonymous Coward · · Score: 0

      End of the argument. Goodbye.

      That's comedy gold right there.

    13. Re:"No reasonable expectation" by flink · · Score: 1

      The phone companies aren't acting on behalf of the government when they gather the location data: they do that in the normal course of doing business with you. They are cooperating with the government when they surrender this data upon request. This is not much different than an eye witness to a crime voluntarily cooperating with police instead of lawyering up.

      I think this data should be protected. I think some sort of covenant should exist between you and those who have custody of intimate data about you such that a warrant is required to obtain this type of information from a third party. However, I think that trying to stretch the definition of government employee to typical industry practice is weak enough that it's likely to fail or backfire.

    14. Re: "No reasonable expectation" by Anonymous Coward · · Score: 0

      You forgot to mention that you don't have to buy food at the grocery store.

    15. Re: "No reasonable expectation" by erapert · · Score: 1

      This.
      Basically there's this little thing called FREEDOM.
      If the thought of freedom for yourself or, especially, for others disturbs you then GET OUT OF THE USA!

  4. slippery by supernova87a · · Score: 1, Interesting

    Is it private information if you walk around shouting your name wherever you go? Or showing your face? Is it not just a short leap from that to your cell phone doing that for you?

    1. Re:slippery by FatdogHaiku · · Score: 2, Insightful

      Is it private information if you walk around shouting your name wherever you go? Or showing your face? Is it not just a short leap from that to your cell phone doing that for you?

      Agreed. If you had told someone in 1960 that there would be a radio network broadcasting the current whereabouts of basically everyone, they would think the commies had taken over.

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
    2. Re:slippery by Anonymous Coward · · Score: 1

      Is it private information if you walk around shouting your name wherever you go? Or showing your face?

      Are there microphones and cameras on every corner and every house tracking your every move? Because no matter how much I shout, I probably won't be heard in the center of my house. And in most rooms, you can't see my face from the outside.

      Is it not just a short leap from that to your cell phone doing that for you?

      Take it up to 11, is it okay for anyone and everyone to listen in on your cell phone calls or otherwise intercept the data it sends? Can they track your every move off your property? And how much would it cost to actual track you on that scale no matter where you went? Or going back to your original statement, would you expect the police could demand the CCTV of every shop in town as business records, without a warrant, to track down any person they like?

      PS - I don't own a cell phone, and I don't have an expectation of privacy if I leave my home. At the same time, the notion that the police can just go to every business in town without a warrant to basically spy on everyone is beyond creepy.

    3. Re:slippery by geekmux · · Score: 2

      Is it private information if you walk around shouting your name wherever you go? Or showing your face? Is it not just a short leap from that to your cell phone doing that for you?

      Agreed. If you had told someone in 1960 that there would be a radio network broadcasting the current whereabouts of basically everyone, they would think the commies had taken over.

      Both security and privacy are no longer worth what they used to be for the average citizen. They simply don't give a shit anymore about them, and will gladly sell their digital soul to feed their e-addictions.

    4. Re:slippery by SlaveToTheGrind · · Score: 1

      Is it private information if you walk around shouting your name wherever you go?

      "Shouting" doesn't seem like a very apt analogy for a private control message between cell phone and network generated by simply walking around with one's cell phone on. The question is whether those messages were sufficiently public to defeat the cell phone user's legitimate expectation of privacy against a warrantless communication of those messages to the government. The fact that this case has reached the Supreme Court is evidence enough this isn't a simple question.

      Or showing your face?

      Not literally, no, but that seems like another inapt analogy. That seems more like the government putting cameras on every street corner, which they're certainly entitled to do (and people on notice of that are entitled to adjust their behavior accordingly). This is essentially a post-hoc, high-level query of a private database about where your face has been.

    5. Re:slippery by fafalone · · Score: 1

      If the government put cameras on every corner, then paired that with working facial recognition, then made the database searchable by person for anyone with a badge, that too is a totally unreasonable invasion of privacy. Like the court ruling that disallowed sticking a GPS on your car without a warrant; sure it would be ok for a cop to follow you, but the level of invasiveness that comes with automated technology gives rise to valid privacy concerns.

    6. Re:slippery by SlaveToTheGrind · · Score: 1

      I don't disagree that your scenario still raises privacy concerns, but I think that situation is a much closer question than Carpenter. Even if there are discrete VHS tapes changed every 6 hours behind every one of those cameras such that people would have to sit and watch thousands of tapes to see if I happened to pass by one of those camera, I still know (or should have known) that the government was collecting all that data and they would be able to know anything that happened on those cameras if they worked hard enough. The fact that in Carpenter the private entity is the one collecting the data (and for a benign purpose that has nothing to do with surveillance) and the government is silently co-opting that data for surveillance purposes, is what I think really differentiates it.

    7. Re:slippery by Anonymous Coward · · Score: 0

      Both security and privacy are no longer worth what they used to be for the average citizen. They simply don't give a shit anymore about them, and will gladly sell their digital soul to feed their e-addictions.

      And therein lies the problem. Those people are the majority, and dictate the nature of the modern world through their actions and choices.

      We do not have this world because it was forced upon us. We have it because we begged for it. (We = amply enough of us to compel it).

  5. I don't get it by Anonymous Coward · · Score: 0

    ATT has my data
    Google has my data
    Apple has my data
    Microsoft has my data
    Facebook has my data and my thoughts
    Amazon has my data
    Snapchat has my thoughts
    Instagram has my photos and memories .... ....

    And we're worried the government would have location data??? Really????

    1. Re: I don't get it by Anonymous Coward · · Score: 0, Insightful

      The difference is you volunteered to give those companies your information. The government? That was taken by force.

    2. Re: I don't get it by nctritech · · Score: 2, Insightful

      Your choice to avoid these major services forces you to opt out of society so while you do technically have a choice, it's a choice between being part of society and "choosing" to be a social outcast. Since not participating in society all but guarantees you'll have a hard time even getting a job or communicating with other people, the "choice" is not much better than having to choose between eating or not eating a box of arsenic.

    3. Re: I don't get it by Whorhay · · Score: 1

      I think it depends a lot on your choice of lifestyle. I gave up carrying a cell phone almost a decade ago and very rarely miss it, we're talking a couple times a year tops. That said I'm a sedentary person who's a homebody. I spend the vast majority of my waking time at work or at home. When I'm driving from place to place it's in high population density areas. About the only time I'm more than 15 miles from home is the couple times a year when I travel on major interstates to visit family. All that said I would probably still have a cell phone if my employer hadn't banned them from the workplace. When I realized I'd be spending considerable amounts of money every month for a device I'd likely go whole months without needing I ditched it.

      I haven't really noticed any issues with keeping up with society. I'm always on a computer at work. At home I use my computer extensively, the wife would say constantly. When people ask for a phone number they get my home or work number, and have no idea if it's a cell or landline unless they specifically ask.

      The only way I could see not having a cellphone costing you a job offer is if the hiring manager assumes that a phone number is a cell, that is setup for sending and receiving text messages, then instead of professionally calling to extend a job offer sends a text. At which point I have to ask myself do I really want to work for an employer that already demonstrates so little professional competence. Well actually I'm spared having to ponder that because not having a cell phone automatically filters out such idiots.

    4. Re:I don't get it by Anonymous Coward · · Score: 0

      See all those different parties and the data they have? The government can join the tables in these different databases. It can know something that none of those others can know:

      The person with those Snapchat thoughts is the person who did those Amazon product services, and whose Google Play services said he was at these coordinates on this day...

  6. I don't understand by nehumanuscrede · · Score: 4, Insightful

    what changed when we made the transition from wireline to wireless.
    How is it that, by simply changing the method of transmission, we lost so much in the realm of privacy ?
    ( Location tracking even when disabled, cameras front and back, microphone and fully hackable )

    They used the same argument when we switched from physical mail, to the electronic variety.
    ( Oh, it's stored on third party servers, so it's fair game. Even if stored overseas, they still try to lay claim to it. )

    Why is it that I ( supposedly ) cannot be compelled to incriminate myself ( 5th amendment ) yet, I can be forced to provide
    my fingerprint, face print, whatever, to unlock my phone which may or may not contain incriminating evidence during an
    overly broad search of an entire building by the FBI ? ( Sans warrant I might add )

    Even a fucking pen register required someone to sign off on it. ( Not a warrant, but still had to be approved )

    On top of all this, it's unlikely they even bothered to go to the Phone Company for this data. They probably just fired up the damn
    Stingray and are using the phone records as a nice scapegoat for how they obtained the data in the first place.

    1. Re:I don't understand by AHuxley · · Score: 1

      Wireline went from an account as a direct wire to the exchange line building or hardware (a very simple way of considering how a POTS worked before digital changes)
      The cell phone was a later invention and the police and security services had more advanced tracking ready.
      Different providers, networks, telcos all passing a cell phone from network to network all over there USA.
      That was the legal opening needed. The user had signed away their rights when moving from telco to telco, service to service.
      Every service and telco was allowed to collect data needed for billing, tracking, account details and that was on their network, not an account with one provider.
      Voice prints had to be gathered too. Just enough protection to keep out random strangers making recordings of calls, real time access for the security services and police.
      Color of law got access on legality of how the users have to allow different networks to hand over the cell phone data when on the move.

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:I don't understand by Mondragon · · Score: 1

      Getting cell tower association data requires a court order, just like call detail record (CDR) data does (it's basically in the CDR data for mobile).

    3. Re:I don't understand by Anonymous Coward · · Score: 0

      With regard to pen registers, they only require a warrant because a long time ago Congress passed laws making wiretaps and pen registers illegal with certain exceptions. Before then, the Supreme Court had actually ruled that wiretaps were legal for more or less the sames reason as above. C.f. Olmstead v. U.S. (1928).

      For a detailed history: https://www.americanbar.org/content/dam/aba/administrative/litigation/materials/sac_2012/29-1_history_and_law_of_wiretapping.authcheckdam.pdf

    4. Re:I don't understand by Anonymous Coward · · Score: 0

      They would open letters sent overseas. Sometimes even no we find envelopes slit open where the sender used sellotape to seal the envelope, especially African countries. Some countries, parcels won't even arrive.

    5. Re:I don't understand by Anonymous Coward · · Score: 0

      ... by simply changing the method of transmission ...

      Because governments of the world are able to declare that digital data is not personal effects. That fact that digital data is shared with third-parties is supposed proof of this. This denies historical fact that personal data has always been shared with third-parties.

      Worse, governments declare that personal effects containing digital data (ie. cell-phones), are not protected. The only justification for this being, the device is a 'something' that someone has.

    6. Re:I don't understand by edtice1559 · · Score: 1

      There isn't enough detail in the article or summary. But it *seems* that what they did was, once they had a suspect, they went to the phone company to see if he was in the vicinity of the robberies. if they had reason to suspect him, they probably could have gotten the warrant if they needed it. So this may create an interesting legal outcome but probably has no practical implications. If you commit a crime and the police have reasonable suspicion, they may not have to get a warrant, but they're still going to use your location data as part of their case against you. The reason we care about a warrant is an alternative scenario where the police have no leads and ask the phone company who was in the area and then somehow use that information in an abusive way. However, it also seems reasonable that the police may want to know who was in the area so they can ask if you saw anything. If a serious crime happened and I was in the vicinity, I would *want* the police to be able to talk to me. Maybe I saw something and didn't realize it was important.

    7. Re:I don't understand by Anonymous Coward · · Score: 0

      This. Technology should not invalidate constitutional rights.

      I recall some courts permitting anyone to come and examine records of trials, etc, without prior permission or even having to demonstrate a need to know, as these were by law public records. Then the Internet happened, and people started checking the dockets, coming to the court, and asking for these public records with alarming frequency. The courts' responses? Varied from assessing fees to deter such lawful behavior (digitizing records having been done, they charged attorneys etc subscriptions and individuals substantially higher fees) to convincing the legislatures to prohibit such access. Not because there was some sudden need for confidentiality, but because suddenly it was actually accessible, and well, technology enabled the ability of the public to know these things with minimal cost and effort, and that enabling technology threatened the establishment. technology enabling a right, which led to denying the right...

      Now we have these problems with technology simplifying the ability of the police etc. to conduct surveillance, in arrears, and somehow technology excuses them from having to submit to oversight by courts. No. this should not be. The tool may make it easier, but it does not make ti right.

  7. Use HIPAA as a model... by b0s0z0ku · · Score: 1

    The ISPs, cell companies, app authors, etc are the custodians of location data. This data can't legally be disclosed unless there's:
    (a) customer consent
    (b) a lawful warrant

    In these days of electronic warrants, it's not a big burden to have to ask a judge, but it keeps things kosher and makes sure the government isn't asking for personal data without good reason.

    1. Re:Use HIPAA as a model... by Mondragon · · Score: 1

      This is not user location data, despite what the summary states. It is data about the cell tower the user phone is associated with, *when the user makes a call*. Yes, this can give you some level of location data for the user, but the location precision is quite poor, and it does not exist when you are not using the phone.

    2. Re:Use HIPAA as a model... by Anonymous Coward · · Score: 0

      HIPAA needs to be modified for part A as consent cannot be compulsory for ANY reason and not an opt out kinda thing.

      Some employers have found this loophole so their employees have to consent to provide access to their records, other companies wold be happy to do this at the behest of the govt,

    3. Re:Use HIPAA as a model... by Pimpy · · Score: 2

      Try again: https://www.theverge.com/2017/...

  8. We were warned. by Anonymous Coward · · Score: 2, Insightful

    There have been 70+ years of science fiction covering every permutation of this technological stranglehold we are now finding ourselves in. But even in most of those there was some blind spot to the technology.

    Blockchain will be the last nail in that surveillance coffin. Once you can't buy anything without it being traceable the only way left to stay hidden will be underground. And thanks to fine grained power monitoring today it won't be too hard to start looking for the 'leaks' in the powergrid to find people hiding from the system. The ones on solar will be picked up by satellite or surveillance planes. You MIGHT be able to hide wind power in some regions, whether due to windtunnel effects outside of satellite view, or artificial constructs.

    It is certainly working hard towards being a brave new world to rediscover privacy, liberty and freedom in.

    Information Asymmetry is always a bad thing, but we have officially kicked it into overdrive.

  9. Re: Why would you have such an expectation? by Anonymous Coward · · Score: 0

    Because you're the Hulkamaniac brother!

  10. wired is physical - nothing changed by aepervius · · Score: 1

    just like with wired they did not need a warrant to know where the physical phone were (they just had to ask the company where the phone number it was linked to, which address, by reading the company documentation (phonebook) or just plain asking the company which complied warrantlessly. This is the same here, the company has your location, and is complying mostly warrantlessly. This is one of the case where you think there is a difference, but when you dig deeper, there is not. In both case the company knows your location, and happily give it to the cop. Now for email/mail you have a point, but for phone ? not really.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
  11. I'm OK with this... by cyn1c77 · · Score: 3, Insightful

    ... as long as everyone can download that location info and the phone owner's name realtime.

    They watch us, we watch them.

    The law enforcement agencies will be OK with that, right? Because, I mean, they work for us, right?

  12. They are definitely business records by Anonymous Coward · · Score: 0

    CSLI is required for the efficient administration of their networks, site planning, capital investment strategy, and other business-related processes. They don't collect it because they want to, or to provide user features. They collect it because they HAVE to in order to stay in business.

    There is absolutely no reason to consider this data otherwise.

  13. Not with standing by Anonymous Coward · · Score: 0

    I don't recognize the supreme court any more. I don't care how they rule.

    If I own the cell tower and authorities come to me for information related to data collected, I will require them to present a bona fide warrant issued by a bona fide seated judge. If they don't have it, they will not get the data. PERIOD.

    My constitutional rights are not subject to lower laws. The highest law in the land prevails over all others.

    1. Re: Not with standing by Anonymous Coward · · Score: 0

      That is in fact your right (and the phone companies right). The defense in this case is arguing that you as the cell tower operator no longer have the right to decide what to do with the data.