Supreme Court ruling adds privacy protection for the digital age

Your phone knows where you’ve been. LightAndShare/Shutterstock.com

The Supreme Court has handed down a landmark privacy decision in a case about cellphone location data, suggesting there should be stronger protections against government searches for the increasing amount of private information that’s stored online.

The case relates to location information routinely collected and stored by cellphone companies. As you go about your everyday life, your mobile phone regularly connects to the nearest cell tower – when you make calls, check your email, or look something up on the web; when an app running in the background makes a connection that you didn’t initiate; and every few minutes just to tell the cell tower, “Here I am, if you need to find me to send messages or connect calls.”

Some cellphone companies record the date, time and which tower your phone connected to for every one of those contacts; other companies track everything except the “Here I am” check-ins. Either way, your cell company has stored in its databases an elaborate record of what cell towers your phone connected to and when, covering 24 hours a day, 365 days a year. The cell companies retain that information for as long as five years. It’s more than enough data to reconstruct where you were – or rather, where your phone was – anytime in that five-year period. It can pinpoint a physical location pretty closely within a city, and within a couple of miles in a rural area.

The question before the Supreme Court in this case, Carpenter v. United States, was how hard it should be for police to get that information from a cellphone company.

It used to be easy

Before the Supreme Court’s ruling in Carpenter, federal, state and local police demanded customer location records more than 200,000 times every year, with each demand covering a period of time as long as several months. The police just had to tell a judge there was some reason to think the location data might be “relevant” to a criminal investigation. That bar was extremely low; as a practical matter, police could get anyone’s location information on demand.

Some customers and scholars, including me, objected that allowing the police to trace their movements so easily violated their Fourth Amendment privacy rights. They said police should be forced to get a search warrant before exercising the power to collect, at no cost, a near-perfect record of where anyone had been. That would present a higher bar: To get a warrant, a police officer would have to produce evidence convincing a judge that there was probable cause to believe the location data would generate evidence of a crime.

However, until the Carpenter case, the federal courts of appeals said a warrant wasn’t necessary, because of two 1970s-era Supreme Court rulings. “A person,” the Supreme Court had held, “has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” As a result, for example, the government does not need a warrant to demand your financial records from your bank: As an account holder, you have voluntarily revealed that information to the bank’s employees.

Similarly, judges in cellphone location data cases ruled, because your phone broadcast your location to your mobile company, that information wasn’t really private.

Justices raise the bar

In this most recent ruling, the Supreme Court found that police need a warrant to get cellphone location data from a mobile company. The court ruled that giving the government easy access to a detailed history of a person’s whereabouts violates people’s legitimate expectation that their everyday movements will not automatically be monitored, recorded and made available to the police. And because carrying a cellphone is a necessary part of ordinary life in the U.S., it’s not realistic to say that everyone with a phone has voluntarily agreed to make their movements a matter of public record.

Exactly what this ruling means for privacy in the internet age remains to be seen – and litigated in future cases. These days, people’s most private information doesn’t reside on pieces of paper locked in office or home desk drawers; it lives on internet servers operated by private companies. The federal government has claimed sweeping power to get documents and emails from those companies without a warrant.

The Carpenter ruling has made clear that, at least some of the time, a warrant is needed. The Fourth Amendment was designed, the court explained, “to place obstacles in the way of a too permeating police surveillance.” That means that it can’t merely protect people’s physical homes from search. Sometimes it also limits the government’s ability to demand personal information in the hands of third parties.