Location Data: The More They Know
Written by Mana Azarmi
The Supreme Court will hear oral arguments in Carpenter v. United States on November 29th. Carpenter centers on whether law enforcement needs a warrant to access 127 days of historic cell-site location information (CSLI). The case is important because of the great quantity of demands for location information now being made by law enforcement, because the location information that is sought is very revealing, and because law enforcement often obtains such data without obtaining a warrant, which increases the likelihood that sensitive location information about innocent people is collected.
“CSLI” refers to the information that is created as a cell phone identifies its location with respect to nearby cell towers that will process a network transaction, such as a phone call or a text message. There are currently 327.6 million cell phones in use in the United States – more than the 315 million people who live here. As the cell phone travels, it connects to various cell phone towers, which means a record of its location is created absent user permission; it is simply a technological byproduct of having a mobile phone. This “metadata,” or record of a cell phone’s location, is held by the telecommunications company that services the device. CSLI can be “historic,” in which case the record is of the phone’s past movements, or it can be “real-time” or prospective, in which case the information reveals the phone’s current location.
Law enforcement frequently approaches the telecommunications companies with demands for CSLI. Currently, relatively few jurisdictions in the United States require a warrant for historic CSLI, based on interpretive disagreements about the application of Fourth Amendment doctrine. A warrant requires that there be a finding by a judge or magistrate of probable cause that a crime has been committed, is being committed, or will be committed, and the information sought will provide evidence of that crime. This is a high standard.
However, in many jurisdictions, law enforcement officers can gain access to this data under a much lower standard. Specifically detailed location information can be disclosed via a court order issued under 18 U.S.C. 2703(d) based on a less stringent standard of “specific and articulable facts” that the information sought is “relevant and material to an ongoing criminal investigation.”
Location information can also be sought on a massive scale in criminal investigations. For example, in a “cell-tower dump,” law enforcement seeks a record of the identifying information for all of the cell phones and other devices that connected to a specific cell tower at a certain time or for a certain length of time. In this case almost every record disclosed will have no relation to a crime. Verizon sounded the alarm in its recent transparency report about the growing use of cell tower dumps: “This tool is being used much more frequently by law enforcement. We previously reported that in 2013 we received approximately 3,200 warrants or orders for cell tower dumps; we received 14,630 warrants or orders for cell tower dumps in 2016.”
That law enforcement can gain access to this data without a warrant is troubling; location information reveals your habits, beliefs, and social proclivities. Law enforcement could request months of your historic CSLI and reconstruct a map of your life, as well as make inferences about, for example, your faith, based on your location at places of religious worship, and your health, based on your trips to medical clinics. They could even track you to Alcoholics Anonymous meetings or note your participation in a political protest. In short, historic CSLI reveals incredibly personal and sensitive information.
Further cause for concern is the frequency with which law enforcement demands access to historic CSLI. Transparency reporting by major telecommunications companies reveals that they receive tens of thousands of civil and criminal demands for CSLI and other location information every year. For example, AT&T transparency reports from 2014-2016 note that historic CSLI demands numbered at 49,468; 58,189; and 53,107 respectively. So far through June 2017, AT&T reports that historic CSLI demands number at 26,941. (AT&T’s transparency reporting is particularly helpfully because it divides its location demands by historic, real time, and cell tower dumps, which should serve as a model for other companies.) Verizon reported that in the first half of 2017 it received 20,422 requests for location data, only a quarter of which came from a warrant – the rest were from court orders. Sprint’s transparency report helpfully provides data on real-time CSLI demands (made by a warrant, court order, or emergency request), but it does not break out the number of historic CSLI demands. T-Mobile recently began breaking out location data requests. In 2016 T-Mobile received 51,557 historic CSLI requests.
Combined with the disclosures from other cellular service providers, this means that in recent years hundreds of thousands of Americans have had their historic CSLI provided to law enforcement. By comparison, AT&T reported that it received 7,611 stored content requests in the U.S. in 2016 (which require a warrant). Verizon reports that in the first half of 2017 it received 4,436 warrant requests for stored content. The number of location demands far exceed the number of content demands made on cellular service providers.
Cell-site location information provides law enforcement a road-map of your life. The Court’s decision in Carpenter will almost certainly leave room for Congress to intervene. For example, the Court may well limit its decision to lengthy periods of location tracking using stored data, and leave real time tracking and tracking with historic data over a short time to Congress to address. In addition, even if the Court issues a ruling suggesting that tower dumps require a warrant, Congress should intervene to establish rules about destruction of the data obtained in a tower dump that reveals the location of hundreds or even thousands of non-targets.
CDT argued strenuously that the Supreme Court should require law enforcement to get a warrant before accessing CSLI in its amicus brief in Carpenter v. United States. We hope the Supreme Court will agree. CDT’s general counsel, Lisa Hayes, spoke at an event that addressed the Carpenter case and its implications for citizens, technology companies, and the intersection between privacy and security. Watch video of the event.