A Supreme Court Case This Week Could Change US Digital Privacy Standards

On November 29th, the U.S. Supreme Court will hear oral arguments in Carpenter v. US, a case essentially asking whether or not authorities need a warrant based on probable cause and signed by a judge to see your cellphone location data. For now, they do not. Given the fact that about 95% of Americans have cellphones, this case has major implications. Quartz reports: Mobile-service providers collect "cell site location information" (CSLI) for all phones, ostensibly to use for things like improving their networks. The U.S. government considers these data "routinely collected business records" rather than private information. That means it can demand the records without proving probable cause. That's what happened in the criminal case of Timothy Carpenter, accused of a series of Detroit, Michigan robberies. At Carpenter's trial, prosecutors presented evidence collected by private companies, obtained by the law without probable cause. They used 127 days-worth of cellphone-location data, amounting to almost 13,000 data points, to tell a circumstantial story of Carpenter comings and goings.

In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy" when it comes to these records, government attorneys wrote. Carpenter argues that the location evidence was obtained illegally. The Sixth Circuit Court of Appeals denied that claim last year, basing their decision on Supreme Court cases from the 1970s: Smith v. Maryland and US v. Miller . The appeals court concluded that, under what's called the "third-party doctrine," Americans don't have a reasonable expectation of privacy in things like check deposit slips, similar banking records, and dialed telephone numbers.

Re:What should be private?

[clonehappy]

I get the whole private property vs. public property thing as far as things go like video recording and such. You don't have an expectation of privacy in public because there are other people physically there who can see what you're doing.

But, for fuck's sake, I should be able to drive up to the gas station to get a 6-pack without the government knowing I did so.

Sure, the gas station knows I went there. And the people at the gas station can see me there. If any of those people even know who I am, or care. And if I drive past my friend Tom's house on 4th Street to get there, he might see me driving down 4th street. But I still have my privacy to a great extent. None of those individual pieces of information are worth much to anyone.

The government, if they want to find out, can see that I left my house because my phone disconnected from Wi-Fi, they can tell I got in my car and started it because it connected to the bluetooth, they can track me either through location services or cell towers to pretty much figure out exactly where I went, what route I took to get there, how long it took, and then can see from my debit card that I bought a 6-pack and a Slim Jim. It's just all a little too much. Sure, the convenience is nice but at what cost?

As for why I should expect all that information to be private? Because keeping historical records of everywhere I go and everything thing I do is not the service I signed up for. I signed up for a mobile telephone and debit card. In the case of the debit card, I understand that records need to be kept for a certain period of time. Not indefinitely, mind you, but for a fixed period of time that should be agreed upon by the cardholder and the bank.

As for telephones? With the advent of unlimited cellular plans, there really isn't any logical excuse for telephone companies to keep personally identifiable records of really anything at this point. Sure, the cellular network needs to know where I am *right now* in order to route calls to the correct cell tower and to deliver data to any open sessions I may have. It doesn't need to know where I was on January 22, 2009 at 5:37PM in order to route calls to my phone today, and they don't need to know I texted my brother to tell him happy birthday in March of 2013 in order to deliver SMS messages today.

They don't need that data for network management, either. They can keep historical records of the load on given sites for purposes like that, to know what cells are over or underutilized, etc. But to keep a detailed historical record of my location, every call I made and to whom, every data session, and the contents of every message I've sent going back literally years or decades is obviously nefarious.

There is no legitimate reason for a service provider to keep any records for any longer than necessary to complete the business end of the service I've signed up for. In the days of metered plans and overages, there was at least a reason to keep the information until the close of the billing cycle and maybe a few more in the case of bill disputes. Today, the record of what I did should be deleted at the end of the session. Meaning this: I've closed the data connection or terminated the phone call or successfully sent or received an SMS? Then the service I asked for was completed, and the records of it should be purged.