By Charles Blain for WIRED.
The more we rely on technology, the more detailed a technological footprint we leave behind. A recent study from Deloitte shows that, on average, American millennials check their phones roughly 82 times a day. This dependence on technology has led to a world where most people are never more than a few feet away from their cell phone at any given time. Being constantly connected to the world is one of the many benefits of our advanced society, but unfortunately, privacy regulations haven’t kept pace with the advances we’ve made.
Your cell phone records every location you visit if the phone’s location services are turned on, which is more often than not. Called cell-site location information, this data is tracked on both Android devices and iPhones. The information can be quite telling; it might show the location of your home, your office, and other places you visit often. The problem is that it can teach police about a person’s behavior and then can be used against them. In some states, the data can be used without a warrant.
Across the country police are using this data to track and catch suspects, and the resulting cases are often challenged in court. Since it’s collected by cellular service providers, the data falls under what’s known as the third-party doctrine, which states that by giving information to a third party — banks, internet service providers, email servers, or in this case, phone companies — users have no reasonable expectation to privacy.
Still, suspects in these types of cases often claim that by accessing their cell phone data without probable cause or a warrant, law enforcement is violating their Fourth Amendment right against unreasonable search and seizure. In some instances courts have agreed with these arguments, resulting in a patchwork of guidance governing how the data can be used. For instance, in Commonwealth v. Augustine, Massachusetts’ highest court ruled that the government’s acquisition of this data should require a warrant. Meanwhile, four Courts of Appeals have opined on the issue, and only one, the Fourth Court of Appeals, deemed it necessary for government to obtain a warrant first.
These divergent rulings mean that a person could travel to four different states and have widely varying levels of privacy protection for the information collected in each places. In some instances, location-specific data can be fully protected, in others not at all. In one state, law enforcement may only be able to access historical data, and in another they may be able to track a person in real-time.
Six states — California, Utah, Montana, Minnesota, New Hampshire, and Maine — currently require a warrant for all cell-site location information. Illinois, New Jersey, and Indiana require warrants for real-time tracking only. Thirty-three states have no binding authority or explicitly allow for law enforcement to access this data without a warrant. That is more than half of US states that offer no protection for extremely personal information.
Because of this hodgepodge of regulation, or lack thereof, police often claim authority to access this information without a warrant. The absence of consistent protections for citizens opens up the opportunity for rampant abuse by law enforcement. Lisa Marie Roberts of Portland, Oregon, was wrongfully imprisoned for nearly 10 years because of how law enforcement used this data. Her cell phone registered a site near the scene of a murder, and because her attorney wasn’t able to analyze the data or hire an expert, he advised Roberts to plead guilty to receive a reduced sentence. In 2014, a federal judge granted her release after DNA evidence led to another suspect.
In Minnesota, Sarah Jean Mann sought a restraining orderagainst her boyfriend, a state narcotics agent who she claimed abused his access to cell-site data information to stalk her. She was granted the order and the man is no longer a police officer.
Cell phones aren’t the only devices that can be used for surveillance. Last year, police in Bentonville, Arkansas, investigating a murder case asked Amazon to provide the audio of the suspect’s Echo smart speaker. Amazon refused to provide the information, and the case is still ongoing. In 2014, law enforcement in New York obtained a warrant obligating Sirius XM to provide location data obtained from a satellite radio installed in a customer’s car.
Congress has yet to regulate this area and the Supreme Court hasn’t weighed in, but, legislatures across this country are taking up the issue and pushing for broader protections for civilians. Both the Texas and New Mexico legislatures are expected to take up the issue this year; in New Mexico, lawmakers will consider Senate Bill 61, the Electronic Communications Privacy Act, which would require government officials to have a warrant or wiretap order in order to obtain cell-site information.
Since this policy area currently resembles the Wild West, cell phone companies are taking advantage of the lax regulations as well. Many are offering a range of surveillance techniques to law enforcement for a fee, including text and call tracing and cell phone location services.
Judges in an Indiana case last summer wrote, “In the current digital age, courts have continued to accord Fourth Amendment protection to information entrusted to communications intermediaries but intended to remain private and free from inspection.” Regardless of how far technological advancements go, Americans’ civil rights should always be protected.
As long as the issue remains ignored by the federal government or dueled out in courtrooms, state legislatures should continue to strengthen privacy protections by making this data only accessible to law enforcement with a warrant or if they can show that it is relevant to an investigation.
More from WIRED: