Privacy activists scored a legal victory this week after the Supreme Court ruled it unlawful for law enforcement and federal agencies to access cellphone location records without a warrant.
Cellular carriers can track your phone’s location using either built-in GPS data or by triangulating location data between nearby cellphone towers. This information is logged and can be used to create a detailed picture of where you were, and when.
Just ask Malte Spitz, the German Green Party politician who in 2011 went to court to find out how much his cellphone carrier, Deutsche Telekom, knew about his whereabouts. It logged his cellphone location over 35,000 times in a six-month period. Now, imagine combining that with other information from social media, and with the cellphone records of people that you interact with. Before long, you can paint a highly-detailed picture of your life.
This week, the Supreme Court, in a 5-4 vote, aimed to remove some of the detail of this picture by ruling that law enforcement in the US must obtain a warrant before accessing cellphone location data.
In its opinion, the court explained that these records provide “near perfect surveillance, as if it had attached an ankle monitor to the phone’s user”. Because phone companies keep these records, law enforcement officials have been able to check up on anyone they wanted, after the fact.
The Court was ruling on an appeal bought by Tim Carpenter, who was convicted in 2011 based on his cellphone data. After analyzing calls made from the phone of a separate party arrested for armed robbery, FBI agents obtained the phone location for numbers called around the time of the robberies. Using this data, they were able to tie Carpenter’s phone to the time and location of several robberies, leading to his conviction and sentencing.
Prior to this week’s ruling, the FBI was legally allowed to access this information under a 1994 amendment to the 1986 Stored Communications Act, which enables a judge to grant a court order for access to records if prosecutors can prove that they are “relevant and material to an ongoing investigation”.
Carpenter appealed the case, arguing it was a breach of his Fourth Amendment rights. The Fourth Amendment requires the government to have probable cause when accessing private data. This is a higher legal standard than the Stored Communications Act which only requires a search warrant.
Prosecutors had argued successfully on appeal that only the content of a call, not the metadata, is protected under the Fourth Amendment. In addition, the appeals court also found that the ‘third party doctrine’ exempted private data stored by a third party such as a cellphone carrier, making it possible for the government to see that information. This week’s Supreme Court ruling overturns that decision.
It isn’t just direct government access to carrier data that privacy advocates must worry about. Law enforcement officials have in the past used private services such as Securus, which accesses carrier location records and then sells access to them. Last month, the New York Times reported on a Mississippi County sheriff who accessed those records without a warrant.
Separate from accessing stored third-party records is the use of devices dedicated to live cellphone tracking. Cell site simulators (also known as Stingrays) impersonate cell towers, effectively mounting a man in the middle attack on local phones in the area. This enables users to intercept the location of phones connecting in the local area.
In 2015, the Department of Justice mandated warrants for the use of Stingray devices, but only for federal agencies rather than local law enforcement. More recently, both the Supreme Court in New York and the DC Court of Appeals ruled that prosecutors could not use data obtained via cell site simulators without a warrant.