Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Supreme Court Case This Week Could Change US Digital Privacy Standards

Posted by BeauHD on from the digital-age dept.

On November 29th, the U.S. Supreme Court will hear oral arguments in Carpenter v. US, a case essentially asking whether or not authorities need a warrant based on probable cause and signed by a judge to see your cellphone location data. For now, they do not. Given the fact that about 95% of Americans have cellphones, this case has major implications. Quartz reports: Mobile-service providers collect "cell site location information" (CSLI) for all phones, ostensibly to use for things like improving their networks. The U.S. government considers these data "routinely collected business records" rather than private information. That means it can demand the records without proving probable cause. That's what happened in the criminal case of Timothy Carpenter, accused of a series of Detroit, Michigan robberies. At Carpenter's trial, prosecutors presented evidence collected by private companies, obtained by the law without probable cause. They used 127 days-worth of cellphone-location data, amounting to almost 13,000 data points, to tell a circumstantial story of Carpenter comings and goings.

In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy" when it comes to these records, government attorneys wrote. Carpenter argues that the location evidence was obtained illegally. The Sixth Circuit Court of Appeals denied that claim last year, basing their decision on Supreme Court cases from the 1970s: Smith v. Maryland and US v. Miller . The appeals court concluded that, under what's called the "third-party doctrine," Americans don't have a reasonable expectation of privacy in things like check deposit slips, similar banking records, and dialed telephone numbers.

11 of 74 comments (clear)

  1. What should be private? by axlash · · Score: 4, Interesting

    A good question to ask is - what is it reasonable to expect to be private?

    Here are some scenarios that most people would agree would qualify as an invasion of privacy:
    - If what you did on your personal property behind closed doors was made public;
    - If you gave personal information to someone, and they said that they would keep it secret, but they then disclosed it to someone else.

    Here are some scenarios that would *not* qualify as invasion of privacy:
    - If you did something on property that was not yours, and it was made public;

    I am not sure of a situation where you give personal information to someone, and they make it public after making no guarantees to you that they would keep such information secret. Are you foolish for giving the information without such guarantees, or should you expect that because the information is personal, you should automatically assume it should be kept secret? Why should you have such an expectation?

    --
    Deal with reality - the world as it is - rather than ideality - the world as you would like it to be.
    1. Re:What should be private? by Wrath0fb0b · · Score: 4, Informative

      I am not sure of a situation where you give personal information to someone, and they make it public after making no guarantees to you that they would keep such information secret. Are you foolish for giving the information without such guarantees, or should you expect that because the information is personal, you should automatically assume it should be kept secret? Why should you have such an expectation?

      Well, Congress actually stepped in and enacted more (but not maximal) protection than required by passing the Stored Communication Act. In relevant part (Â 2702(a) for the law nerds following along) makes an ISP civilly liable if they voluntarily disclose your content except with your lawful consent. That is, the default in the "make no guarantees" is that the ISP cannot disclose anything.

      So appreciate the bizarro-fact that Congress passed a law creating protection that the Constitution doesn't require and appreciate the new default :-)

    2. Re:What should be private? by clonehappy · · Score: 5, Insightful

      I get the whole private property vs. public property thing as far as things go like video recording and such. You don't have an expectation of privacy in public because there are other people physically there who can see what you're doing.

      But, for fuck's sake, I should be able to drive up to the gas station to get a 6-pack without the government knowing I did so.

      Sure, the gas station knows I went there. And the people at the gas station can see me there. If any of those people even know who I am, or care. And if I drive past my friend Tom's house on 4th Street to get there, he might see me driving down 4th street. But I still have my privacy to a great extent. None of those individual pieces of information are worth much to anyone.

      The government, if they want to find out, can see that I left my house because my phone disconnected from Wi-Fi, they can tell I got in my car and started it because it connected to the bluetooth, they can track me either through location services or cell towers to pretty much figure out exactly where I went, what route I took to get there, how long it took, and then can see from my debit card that I bought a 6-pack and a Slim Jim. It's just all a little too much. Sure, the convenience is nice but at what cost?

      As for why I should expect all that information to be private? Because keeping historical records of everywhere I go and everything thing I do is not the service I signed up for. I signed up for a mobile telephone and debit card. In the case of the debit card, I understand that records need to be kept for a certain period of time. Not indefinitely, mind you, but for a fixed period of time that should be agreed upon by the cardholder and the bank.

      As for telephones? With the advent of unlimited cellular plans, there really isn't any logical excuse for telephone companies to keep personally identifiable records of really anything at this point. Sure, the cellular network needs to know where I am *right now* in order to route calls to the correct cell tower and to deliver data to any open sessions I may have. It doesn't need to know where I was on January 22, 2009 at 5:37PM in order to route calls to my phone today, and they don't need to know I texted my brother to tell him happy birthday in March of 2013 in order to deliver SMS messages today.

      They don't need that data for network management, either. They can keep historical records of the load on given sites for purposes like that, to know what cells are over or underutilized, etc. But to keep a detailed historical record of my location, every call I made and to whom, every data session, and the contents of every message I've sent going back literally years or decades is obviously nefarious.

      There is no legitimate reason for a service provider to keep any records for any longer than necessary to complete the business end of the service I've signed up for. In the days of metered plans and overages, there was at least a reason to keep the information until the close of the billing cycle and maybe a few more in the case of bill disputes. Today, the record of what I did should be deleted at the end of the session. Meaning this: I've closed the data connection or terminated the phone call or successfully sent or received an SMS? Then the service I asked for was completed, and the records of it should be purged.

  2. "No reasonable expectation" by markdavis · · Score: 4, Insightful

    >"In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy"

    And THAT, my friends, is the slippery slope of how privacy and freedom is lost in the modern world of technology. That exact argument has been used over and over again to strip one thing after another. You will have no "reasonable" expectation of privacy wherever you go with your almost absolutely necessary cell-phone. No expectation in your car. No expectation at work. No expectation on a sidewalk. No expectation in your yard. No expectation using your private Email at home. None watching your DVR. Want to work here or just about anywhere? Sign this agreement. Want to get any type of insurance? Sign this agreement. Want to open a bank account? Sign this agreement. Want to own a car, credit card, house, software, whatever, sign this agreement. At some point we are talking about things we can't live without in the modern world and yet things in which private companies apparently conspire to all require the same often questionable and frequently unreasonable terms. And those private companies then allow all this data to flow right to any 3-letter government agency with little or zero resistance, or just "lose" it by being hacked or doing stupid crap.

    1. Re: "No reasonable expectation" by Anonymous Coward · · Score: 4, Insightful

      Wrong. The third party doctrine was decided wrongly too. The government is not going after "business records", they're going after people.

      Allowing the government to circumvent a person's rights because of a legalism created by that very same government (that is, corporations) is as wrong as if the government planted a GPS on you themselves.

      As to your righteous condemnation of anything a bunch of totally untrustworthy politicians decide is against the law, I'd invite you to consider that you probably broke half a dozen of them on your way home from work today.

    2. Re: "No reasonable expectation" by Wycliffe · · Score: 4, Insightful

      You do not have to use a cell phone, or have it turned on while doing criminal shit.

      Your entire argument hinges on that fundamentally false statement.

      You're carrying a GPS tracker that you contractually agreed to allow track you. End of the argument. Goodbye.

      I never willingly contractually agreed to have anyone track me and I would gladly opt out of records of my GPS movement if allowed.
      The services I use on my phone don't require them to actually store my location anywhere to still be able to provide me the service.
      I think the correct solution is to make it illegal for cellular companies to store cellular tower or GPS locations about their customers.

      As far as turning your phone off while breaking the law, I could easily see a future where an innocent person could become a
      suspect just because their phone happened to be off during multiple robberies.

    3. Re:"No reasonable expectation" by Anonymous Coward · · Score: 4, Insightful

      Data held by third parties ABOUT you needs to be considered YOUR property (and rules must be set to where it cannot be turned over even by the third party without you being granted the right to challenge the seizure) for the purposes of compliance with the Constitution, full stop. What happens if we do not take an absolutist position on this issue is simple: the government can't get what they want from you so they have corporations do it for them.

      Remember the Best Buy employee that the FBI paid per report to generate...oh, sorry, I mean "report"...child porn possessors, having him search computers in a way that would be a flagrant violation of Constitutional protections if the FBI did it directly? That's a prime example of the sort of crap that will go down a lot more often if a precedent is set that makes third parties a 100% legal Constitutional bypass. FBI can't search your history? Well, now they just go to Google and subpoena your search history, outbound clicks, and visit bounce times!

    4. Re: "No reasonable expectation" by markdavis · · Score: 4, Insightful

      >"slippery slope" my ass. This is the worst possible point you can stress when defending your position.

      Quite the opposite. The "slippery slope" is exactly the type of thing that gets society in trouble time after time. Justifying each small surrender for supposedly the "greater good", step by step walking down the slope into a future where we suddenly wake up and realize the path somewhere along the way was wrong and yet those stairs are now a greased slide.

      >"Generalization and out of context statements or phrases are the social warriors main ammunition."

      Trust me, I am no social [justice] warrior. I am, however, very interested in LIMITING the power of government.... exactly the principles this country [USA] were founded upon. Social warriors are those who want ever increasing [especially Federal] government powers to control everyone's behaviors because supposedly everyone is a victim that needs daddy government to run everyone's lives. Or perhaps we are all just "unsafe" and need to surrender "just a little more" privacy and freedom in the name of safety and security? "If you have nothing to hide" and all that.

      >"There are bad people roaming all over the world. Some of these people are dangerous. You can't take away all the tools used by law enforcement and national security agencies."

      These are "tools" they never had in the past, so nothing is being "taken away" it is just not allowing them the new-found power to track everyone both now and in the past.

      >"Law enforcement and the security agencies don't have the resources to waste on the inconsequential."

      Right. Because such powers are never and will never be abused. I think you need to study history more...

    5. Re: "No reasonable expectation" by markdavis · · Score: 3, Insightful

      >"You do not have to use a cell phone"

      And you do not have to drive a car.
      And you do not have to use Email.
      And you do not have to use a credit card.
      And you do not have to browse the web.
      And you do not have to use electricity.
      And you do not have to use a DVR.
      And you do not have to work at X, Y, or Z.
      And you do not have to have a bank account.

      I think you totally missed the point of my post. At what point are such "normal" activities no longer "optional" in a modern society?

      >"End of the argument. Goodbye."

      It isn't dismissed quite that easily, I am afraid.

  3. I don't understand by nehumanuscrede · · Score: 4, Insightful

    what changed when we made the transition from wireline to wireless.
    How is it that, by simply changing the method of transmission, we lost so much in the realm of privacy ?
    ( Location tracking even when disabled, cameras front and back, microphone and fully hackable )

    They used the same argument when we switched from physical mail, to the electronic variety.
    ( Oh, it's stored on third party servers, so it's fair game. Even if stored overseas, they still try to lay claim to it. )

    Why is it that I ( supposedly ) cannot be compelled to incriminate myself ( 5th amendment ) yet, I can be forced to provide
    my fingerprint, face print, whatever, to unlock my phone which may or may not contain incriminating evidence during an
    overly broad search of an entire building by the FBI ? ( Sans warrant I might add )

    Even a fucking pen register required someone to sign off on it. ( Not a warrant, but still had to be approved )

    On top of all this, it's unlikely they even bothered to go to the Phone Company for this data. They probably just fired up the damn
    Stingray and are using the phone records as a nice scapegoat for how they obtained the data in the first place.

  4. I'm OK with this... by cyn1c77 · · Score: 3, Insightful

    ... as long as everyone can download that location info and the phone owner's name realtime.

    They watch us, we watch them.

    The law enforcement agencies will be OK with that, right? Because, I mean, they work for us, right?