Expectations of Privacy: Location Matters

Expectations of Privacy: Location Matters
Sometimes law enforcement needs a warrant to access cellphone data,
sometimes a court order. Sometimes nothing is required.
By Jane E. Brown
Roaming while you roam.
Depending on where you use your cellphone, law enforcement may obtain your location records
from your wireless provider without a court order or warrant — neither is required in Washington
state. In urban areas where there are multiple cell towers, a phone’s location can be identified to
within half a mile. Turning off your location services or powering down the cellphone alone will
not shield you from law enforcement.
Are you where you said you’d be?
When processing data, cellphones communicate with the strongest available cell tower signal. Calls, texts and internet
browsing generate cell-site location information (CSLI). CSLI is time-stamped and linked to the phone number. Cell
towers emit different signals in each direction, so the phone’s movement is tracked by its angular position relative to a
tower. From CSLI, law enforcement can track where you are; what cell phones are near you; with what phone numbers
you communicate; how long you communicate; and what routes you travel. In essence, everything except the actual
communication is recorded. If you aren’t a criminal, you may not care. Depending on how CSLI is produced, even
the innocent can catch the attention of law enforcement.
Despite your innocence, law enforcement may receive your cellphone usage records.
“Tower dumps” entail producing CSLI for all cellphones that processed data sent through
a tower. If your cellphone uses a targeted tower, your data may be captured. You go from
having fun with your friends to law enforcement tracking you by your number.
Producing CSLI in real-time transfers your records contemporaneously as they are created
by cellphone usage. If this happens, you are probably having a bad day — this method
may be used in exigent circumstances. Collection of historical CSLI shows all CSLI for
a cellphone for a specific period of time.
One person’s record is another person’s dirty laundry.
In U.S. v. Timothy Carpenter,1 the Sixth U.S. Circuit Court of Appeals2joined the Eleventh Circuit in
ruling that law enforcement agencies do not need a warrant to track a caller’s location through cell
tower records. Timothy Carpenter and Timothy Sanders robbed nine cellphone stores (ironic, isn’t it?)
in Michigan and Ohio within four months.
Expectations of Privacy: Location Matters
Jane E. Brown
The FBI requested the “transactional records” of the Timothys’ wireless providers, aka, the Timothys’ historical CSLI.
Court orders were issued pursuant to the Stored Communications Act (SCA) after the FBI showed there were reasonable
grounds to believe the CSLI was relevant to the investigation. The FBI reviewed 127 days of CSLI for one Timothy
and 88 days for the other. The government established through the historical CSLI that the Timothys were located
within a half-mile to two miles of each armed robbery when they occurred. On appeal, the defendants argued that
the Fourth Amendment required the government to show probable cause and use a search warrant to access the CSLI.
The opinion focused on the following:
1.There was no search, because the FBI collected the wireless providers’ data routing information, which was
gathered in the ordinary course of business.
2. CSLI does not refer to the content of the defendants’ private communications.
3. Every cellphone user who has paid roaming fees knows that wireless carriers collect locational information, so
there was no expectation of privacy.
4. The CSLI is so comparatively imprecise compared to GPS, that there is no expectation that the cellphone user
can be located exactly.
5.The SCA requires the government to meet the “reasonable grounds” to get a court order, not the “probable
cause” standard to obtain CSLI.
Tracking or stalking? Duration matters.
The concurring opinion in Carpenter questioned whether the business record standard of proof applies in the review
of an alleged violation of Fourth Amendment rights. The rationale behind the question is that a business’s production
of credit card records showing purchases, for example, may be sufficiently distinct from the production of cellphone
records showing personal location to require a more stringent analysis. The concurring justice also found the scope of
the location monitoring troubling. Lawfully tailing a suspect is one thing. Lawfully tailing a suspect for a period of
three to four months transmutes the surveillance into the realm of privacy invasion.
So, how do I keep law enforcement out of my data?
iOS and Android operating systems and apps offer some protection of CSLI location data. Start
by turning off the location services for all your existing apps. Download apps that discard the
location data cached on your cellphone. Get and stay off the grid by using localized Wi-Fi
connections. Rely on an offline map or app that anonymizes the cellphone, encrypts the location
data and permanently deletes your data within a certain amount of time. Regularly monitor new
technology used by law enforcement and cybersecurity experts.
After all, when you build a better mousetrap, law enforcement will build a better mouse. Justice
William O. Douglas called upon his Pacific Northwest ideals when he wrote, “The right to be let
alone is indeed the beginning of all freedom.” Cheers to freedom.
Jane E. Brown
Jane is Counsel to the Firm at Lane Powell and focuses her practice on both transactional matters and civil litigation. As
former in-house counsel, she is skilled in focusing and quickly assessing the circumstances, alerting clients to potential
revenue streams and liabilities, and working toward cost-effective resolutions. Jane’s litigation experience includes
representation of clients in highly regulated industries. She assists clients with the development and maintenance of
privacy policies, drafting provisions to protect privacy, and complying with state, federal and international regulations
regarding cybersecurity and data breach response. She can be reached at 206.223.7126 or brownje@lanepowell.com
This article was previously published on Lane Powell’s Beyond IP Law blog on April 25, 2016.
Expectations of Privacy: Location Matters
Jane E. Brown