The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee


1 Comment

Warrant Needed In Massachusetts to Obtain Cell Phone Records

The Massachusetts Supreme Judicial Court ruled 5-2 on February 18 in Commonwealth v. Augustine that the government must first obtain a warrant supported by probable cause before obtaining two weeks worth of historical cell site location information (CSLI).

Defendant had been indicted for the 2004 murder of his former girlfriend. During the investigation, the prosecution filed for an order to obtain CSLI from the suspect’s cellular service provider, but the order was filed under 18 U.S.C. § 2703(d) of the Stored Communications Act (SCA). Under that law, the government does not need to show probable cause, but only needs to show specific and articulable facts showing “that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.”

The order was granted by the Superior Court in September 2004. Defendant was indicted by a grand jury in 2011, and filed a motion to suppress evidence associated with his cell phone in November 2012.

A judge from the Superior Court granted his motion to suppress, reasoning that this was a search under article 14 of the Massachusetts Declaration of Rights – which is similar to the Fourth Amendment to the U.S. Constitution – and thus a search warrant was required.

The Commonwealth of Massachusetts appealed, arguing that the CSLI was a business record, held by a third party, and that the defendant had no expectation of privacy in this information as he had voluntarily revealed it to a third party.

This argument did not convince the Massachusetts Supreme Judicial Court, ruling instead that defendant had an expectation of privacy in the CSLI and that the prosecution therefore needed to obtain a warrant based on probable cause to obtain this information.

The Third Party Doctrine

Why did the court find that the defendant had an expectation of privacy in his CSLI, even though this information was known by a third party, his cell phone service provider?

Under the U.S. Supreme Court third party doctrine, as stated in the U.S. v. Miller 1976 case and in the 1979 Smith v. Maryland case, a defendant has no reasonable expectation of privacy in information revealed to third parties.

In Miller, the Supreme Court found that defendant has no expectation of privacy in his bank records, as they were “business records of the banks.” Similarly, in Smith v. Maryland, the Supreme Court held that installing and using a telephone pen register was not a “search” under the Fourth Amendment, and thus no warrant was required, because the defendant had no expectation of privacy in the phone numbers he had dialed.

First, the Massachusetts Supreme Judicial Court recognized article 14 of the Massachusetts Declaration of Rights affords more protection than the Fourth Amendment to the U.S. Constitution.

 

Then, the Supreme Judicial Court distinguished Miller and Smith from the case, finding “significant difference” between these two cases and the case at stake. The Court noted that “the digital age has altered dramatically the societal landscape from the 1970’s.

In Smith, the defendant had taken an affirmative step when dialing the numbers which had been communicated to the prosecution by the telephone company. He had to do it in order to be able to use his telephone service. As such, Smith had “identified] a discrete item of information…like a telephone number (or a check or deposit slip as in Miller) and then transmit it to the provider.”

But cell phone users do not transmit their data to their cell phone company in order to use the service. Instead, “CSLI is purely a function and product of cellular telephone technology, created by the provider’s system network.”

The court also noted that, while using a landline may only indicate that a particular party is at home, CSLI provides a detailed report of an individual’s whereabouts. The Massachusetts court quoted the State v. Earls case from the New Jersey Supreme Court, which stated that using a cell phone to determine the location of its owner “is akin to using a tracking device and can function as a substitute for 24/7 surveillance.”

As CSLI is business information “substantively different from the types of information and records contemplated by Smith and Miller,” the court concluded that it “would be inappropriate to apply the third-party doctrine to CSLI.” However, the court added that they saw “no reason to change [their] view thatthe third-party doctrine applies to traditional telephone records.”

Obtaining CSLI from a Cell Phone Provider is a Search and Thus Requires a Warrant

The court then proceeded to answer the question of whether the government needed a warrant to access the CSLI.

As CSLI informs law enforcement about the whereabouts of an individual, the Massachusetts Supreme Judicial Court compared it to electronic monitoring devices such as a GPS. It noted that “it is only when such tracking takes place over extended periods of time that the cumulative nature of the information collected implicates a privacy interest on the part of the individual who is the target of the tracking,” quoting the Supreme Court U.S. v. Jones case, where Justice Sotomayor and Justice Alito both noted in their concurring opinions that the length of a GPS surveillance is relevant to determine whether or not the individual monitored has or does not have an expectation of privacy.

The Massachusetts Supreme Judicial Court found relevant the duration of the period of time for which historical CSLI was sought by the government. The government may only obtain historical CSLI, meeting the SCA standard of specific and articulable facts, if the time period is “too brief to implicate the person’s reasonable privacy interest,” but the two-week period covered in this case exceeds it.

The court’s ruling was about article 14 of the Massachusetts Declaration of Rights. The Supreme Court has not yet considered the issue of whether obtaining CSLI is a search under the Fourth Amendment. Since courts are split on this issue, it is likely that the Supreme Court will answer the question of whether a warrant is required to obtain cell phone location records quite soon. 


Leave a comment

Tributes and a Call to Action – Remembering Aaron Swartz

A year ago, on January 11, 2012, 26-year-old internet activist Aaron Swartz committed suicide while facing up to 35 years in prison and up to $1 million in fines. Charges against him included violations of the Computer Fraud and Abuse Act (CFAA) as a result of “unauthorized access” for downloading millions of academic articles while on MIT’s network. On this first anniversary of his death, a reinvigorated call to action is taking place. The Electronic Frontier Foundation (EFF) has launched a “Remembering Aaron” campaign and is reactivating efforts to reform the CFAA, activists are invoking his name for an upcoming day of action against NSA surveillance, “The Day We Fight Back” to be held on February 11, lawmakers are demanding answers from the Justice Department treatment of Swartz, and a host of articles and other tributes are appearing across the internet.

The EFF’s Remembering Aaron campaign includes a tribute to Swartz’s legacy and kicks off a month of action against censorship and surveillance, toward open access. The EFF is reinvigorating efforts to reform the CFAA, encouraging supporters to send a letter to their legislative representatives that criticizes the law for its “vague language” and “heavy-handed penalties,” and its disregard for demonstrating whether an act was done to further the public good. The letter calls for: “three critical fixes: first, terms of service violations must not be considered crimes. Second, if a user is allowed to access information, it should not be a crime to access that data in a new or innovative way — which means commonplace computing techniques that protect privacy or help test security cannot be illegal. And finally, penalties must be made proportionate to offenses: minor violations should be met with minor penalties.”

In addition to calls to change the CFAA, activists are also calling a protest against laws and systems that enable government surveillance to run unchecked. Specifically, a mass movement against government surveillance is being organized by a heavy-hitting group of organizations including  EFF; the organization Swartz co-founded, Demand Progress; Fight for the Future; Reddit; and Mozilla. Organized for February 11, 2014, “The Day We Fight Back Against Mass Surveillance” invokes Swartz’s legacy in its call for a day of mass protest against government surveillance: “If Aaron were alive, he’d be on the front lines, fighting against a world in which governments observe, collect, and analyze our every digital action.” In a show of support for the planned protest, on the day before the year anniversary of Swartz’s death, Anonymous defaced MIT’s SSL-enabled Cogeneration Project page, displaying a page that called viewers to “Remember the day we fight back.”

In addition to reinvigorating the fight against laws that are abusive and can be easily abused, the key players in Swartz’s prosecution are also coming under scrutiny: the DOJ and MIT. On Friday January 10, a bipartisan group of eight lawmakers, Sens. John Cornyn, R-Texas; Ron Wyden, D-Ore.; Jeff Flake, R-Ariz.; and Reps. Darrell Issa, R-Calif.; James Sensenbrenner, R-Wis.; Alan Grayson, D-Fla.; Zoe Lofgren, D-Calif.; and Jared Polis, D-Colo, sent Attorney General Eric Holder a letter calling out inconsistencies between the DOJ’s and MIT’s reports and the DOJ’s lack of forthrightness and transparency. Additionally, the letter issues this demand: “In March, you testified that Mr. Swartz’s case was ‘a good use of prosecutorial discretion.’  We respectfully disagree. We hope your response to this letter is fulsome, which would help re-build confidence about the willingness of the Department to examine itself where prosecutorial conduct is concerned.” In Boston Magazine’s Losing Aaron, Bob Swartz, Aaron’s father, voices his deep disappointment in MIT and articulates specific ways in which he believes the institution was complicit in the DOJ’s draconian prosecution contributing to Aaron’s suicide.

Additional tributes to Swartz this month include a documentary by Brian Knappenberger, The Internet’s Own Boy: The Story of Aaron Swartz, which will play at the Sundance Film Festival beginning this week. In Wired Magazine’s article, One Year Later, Web Legends Honor Aaron Swartz, author Angela Watercutter notes “Swartz’s fight for rights online has only been brought more intensely into focus in the year since his death, largely due to NSA whistleblower Edward Snowden. To see him talk about government spying in [Knappenberger’s] documentary at a time before the Snowden leaks is especially chilling now.”  Further, in Knappenberger’s forthcoming documentary  web visionaries, including founders of the World Wide Web and Creative Commons, speak of Swartz’s work and legacy:

“I think Aaron was trying to make the world work – he was trying to fix it…  he was a bit ahead of his time.” – Tim Berners-Lee.

“He was just doing what he thought was right to produce a world that was better.” – Lawrence Lessig

 


Leave a comment

ACS Panel: is it Possible for the Constitution to Keep Pace with New Technologies?

On November 21, the American Constitution Society (ACS) presented a panel on ‘The Constitution and Privacy in a Time of Innovation.’ The participants were Stephen Vladeck of American University, Chris Calabrese of the ACLU, James Grimmelman of the University of Maryland, and Orin Kerr of The George Washington University, and the moderator was Dahlia Lithwick of Slate. The video of the panel is here.

The ACS asked the question: is it possible for the Constitution to keep pace with new technologies? The question could not have been more topical, as the panel took place just a day after it was revealed that the government has been collecting Internet metadata for many years.

Orin Kerr started by reminding the audience that the Fourth Amendment was originally applied to breaking into homes, arresting people and seizing in the physical world. However, the Fourth Amendment also addressed new issues over the years.

Professor Kerr noted that “every age is an age of innovation.” In the 20’s, the issue was how the Fourth Amendment would apply to automobiles and telephones, in the 60’s, how it would apply to phone booths, and in the 80’s, how it would apply to aerial surveillance. Today, the issues are DNA, email and GPS devices. Professor Kerr believes that we’ll see more cases similar to the 2012 U.S. v. Jones GPS case in the future.

Chris Calabrese regretted that the Supreme Court has dodged the issue of the records about each of us, not the content of our messages, but the metadata. This is “envelope information” such as who we call and when. Mr. Calebrese gave the example of an individual calling a suicide hot line:  this would be a very sensitive piece of information. However, the Supreme Court  still follows the third party doctrine, as  stated in Smith v. Maryland:  if you share info with a third party, it is no longer protected by the Fourth Amendment.

U.S. v. Jones is the first case where the Supreme Court addressed a form of metadata, location information. Mr. Calabrese stated that as “we live in a world of records,” where we constantly create records, it is thus essential to know who owns these records and how they are accessed. These are issues that both the Supreme Court and Congress must address. 

James Grimmelman reminded the audience that some third parties holding our information now actively engage in information gathering, unlike telephone companies which play a somewhat passive role. He gave Facebook as an example of a company actively trying to maximize information to gain advertising revenue and fuel activities on its site. To do so, it gives incentives to users to share information.

Professor Grimmelman pointed out that Facebook is aware that users are concerned about how their information is being shared with the government, which may chill their willingness to share information on Facebook. Mr. Calabrese later said that, according to a survey, the public dislikes corporate collection of data even more than government collection of data, as they perceive the government as giving them at least something  back.

Professor Grimmelman also believes that surveillance by drones in public places will be an important issue, as the government will know and aggregate the whereabouts of individuals on a massive scale.  Mr. Calabrese noted that we appear in public, sure, but in “an impermanent way” and that would no longer be the case if our public presence is constantly recorded and analyzed. This is a pervasive intrusion on our private lives.

Stephen Vladeck addressed the issue of whether the Fourth Amendment is affected by NSA surveillance. He reminded the audience that the FISA Act functioned in a space unoccupied by the Supreme Court. FISA was extended in 2001 and in 2008, and gave the government authority to implement programs such as PRISM. What is the role of the Fourth Amendment in these surveillance issues?

Professor Kerr does not believe the Fourth Amendment has a role to play there, under the third party doctrine, but Professor Vladeck proposed to differentiate between records that we individually share with third parties, from the fairly new ability for the government to aggregate that data.

For Professor Vladeck, the Fourth Amendment can regulate surveillance, as only the government is capable of such massive surveillance. However, Professor Kerr does not believe that the Fourth Amendment protects metadata against searches, as it only protects against government invasion into one’s private space. Metadata searches should be regulated by a law, but this is not the role of the Fourth Amendment. When reading the Jones concurrence, it seems however, that the Supreme Court may soon introduce a new category of search. It could possibly cover metadata.

That may happen this term, as Professor Kerr believes the Supreme Court will tackle this term the issue of whether the police may search a cell phone incident to an arrest, and, if they can, how far they can search. That would be an opportunity for the Supreme Court to discuss once again the issue of new technologies and the Fourth Amendment.


Leave a comment

Court of Appeals Determines E-Mail Deserves Fourth Amendment Privacy Protection

On December 14, 2010, the Court of Appeals for the Sixth Circuit determined that the Department of Justice should have obtained a search warrant before seizing and searching e-mails from a service provider, holding that e-mails are analogous to letters or telephone calls and deserve Fourth Amendment protection.

In U.S. v. Warshak, the Department of Justice issued a subpoena ordering the defendant’s e-mail provider (NuVox) to prospectively preserve copies of Warshak’s future e-mails. Subsequently, the government obtained Warshak’s stored e-mails from NuVox, basing its actions on the Stored Communications Act, which the government argued allows it to obtain e-mails already in storage with an e-mail provider without a search warrant in many situations (e.g., the law affords different levels of privacy protection to e-mails depending on where they are stored and how long they have been in storage). Despite the provisions in the Stored Communications Act, the Sixth Circuit determined that e-mails, like letters or telephone calls, deserve Fourth Amendment protection. Accordingly, the Department of Justice should have obtained a search warrant based on probable cause before seizing Warshak’s e-mails from his service provider.

The Sixth Circuit’s decision in U.S. v. Warshak is available here.


Leave a comment

Supreme Court Addresses Privacy of Personal Text Messages on Pager Supplied by Employer

The Supreme Court recently addressed the challenges created by workplace privacy for public employees in the electronic era.  The Court’s decision in City of Ontario v. Quon sidestepped the critical question of whether a government employee has a reasonable expectation of privacy in text messages transmitted on an employer-issued pager, leaving the proper test for a Fourth Amendment violation in this context unsettled.  But every member of the Court easily agreed that even assuming that a public employee has a reasonable expectation of privacy in such text messages, the City’s search in this instance did not violate the Fourth Amendment.

Continue reading


Leave a comment

Fourth Amendment warrant not required for government surveillance of internet activity to acquire internet users’ email addresses and IP addresses of visited websites.


The government is not required to obtain a warrant to engage in surveillance of internet users to obtain the to/from addresses of their email messages, the IP addresses of visited websites or the total amount of data transmitted to or from a user account, because internet users do not have a legitimate expectation of privacy in such information. United States v. Forrester, No.05-50410, 2007 U.S.App. LEXIS 17626 (9th Cir. July 25, 2007) (amended opinion). The court affirmed the lower court’s holding that the government’s monitoring of the defendant’s email and internet activity was not a search under the Fourth Amendment, likening it to a permissible search of dialed telephone numbers and the exterior of sealed postal mail. The court commented that internet and email users should know that email messages are sent and IP addresses are accessed through the equipment of ISPs, requiring people to "voluntarily turn over information to third parties."  The court also concluded that email to/from addresses and IP addresses constitute "addressing information" and do not reveal the contents of e-mails or the particular pages of Web sites viewed.