Right now, many Americans generate a detailed database of their whereabouts over time—as they move throughout the day from their workplace to their doctor, from their own house to their partner’s—that they do not see or control. It’s called “cell-site location information,” or CSLI, and it can be accessed by local, state, or federal law enforcement without a warrant.
In other words, if the government wants to know your every location for the past year, they never need to prove they have probable cause to suspect you of a crime to a judge.
Does this practice violate the Constitution? Right now, no. But in the past two weeks, its critics have scored some of their first major victories in court.
Gathering this kind of location information, to be clear, is not some uncommon and esoteric procedure: In its most recent annual report, AT&T said it received 64,703 requests for CSLI in 2014. And just in the first six months of this year, Verizon says it received more than 21,000 requests.
That is, in 2015, a single carrier received more than 100 requests daily for the geographic history of an American’s life, as told through their location.
Here’s how this works, technically: At the beginning and end of every call, a cellphone checks in with its mobile carrier. The cell provider notes the phone’s approximate location—the cell tower that it’s closest to, its approximate relationship with the tower—and saves it to its servers.
In the past five years, the extent and specificity of this data has likely increased. Smartphones check in much more often than plainer feature phones, communicating with the carrier—and thus registering location data—whenever they receive a push notification or download something in the background.
Right now, U.S. law enforcement at any level can ask mobile carriers for that database of information for a customer or customers and receive it, virtually as far back in time as they need. If they want a week of data, they can get it; if they want seven months, they can just ask for that, too. Even a county-level detective, wanting to get at that information, never has to prove probable cause to a judge. (Probable cause is the legal standard for granting a warrant in the U.S.: It’s what law enforcement has to prove before they can search someone’s home.)
Instead, law enforcement has to prove to a much lower legal standard, called “reasonable suspicion.” This entails only that “specific and articulable facts” would lead the government to infer suspicion of someone in a crime: It’s the same legal standard cops use to judge whether someone on the street can be frisked for weapons. (They would need to meet probable cause to search that same person for drugs.)
Reasonable suspicion can often be quickly indicated to a judge, who can then issue a court order under the Electronic Communications Privacy Act. In 2012, all major U.S. carriers indicated to ProPublica that they comply with those orders when served.
Over the past few years, two different U.S. appeals courts have ruled on this practice. Both courts, the Fifth and Eleventh Circuits, said that it was perfectly legal: that the process of gathering cell-location data without a warrant didn’t violate the Fourth Amendment’s protection against “unreasonable searches and seizures” of homes, persons, and effects, without a warrant issued under probable cause. That’s because both were working off a piece of 1970s-era precedent called the “third-party doctrine,” which holds that people do not have a reasonable expectation of privacy for information voluntarily given to a third party, like a bank or telephone company.
This week, the Fourth Circuit disagreed. Ruling in Graham v. U.S., it said that gathering such information without a warrant violates the “reasonable expectation of privacy” to which Americans are entitled.
“The Fourth Circuit held, we think correctly, that those old cases from the 1970s were about the voluntary conveyance of really limited, discrete pieces of information to a phone company, or to a bank, or some similar business,” said Nathan Wessler, a staff attorney at the American Civil Liberties Union who filed briefs in the case. “When we’re talking about these cellphone location records, people are not voluntarily conveying that information to their cellphone service providers at all.”
“Unlike the numbers somebody dials into the phone, which have to be routed through the electronic switchboard, people are just making a call, and their location information is being logged and retained in the background without them intending it to be, without them voluntarily letting it be, without them even knowing it will be in most cases,” he told me.
The Fourth Circuit, too, turned to a different piece of precedent to make its argument. It compared the extensive amount of location information revealed by mobile providers to that collected by GPS trackers. Unlike with CSLI, there’s plenty of recent law about that technology: Over the past couple years, the Supreme Court has ruled repeatedly that attaching a GPS tracker to something or someone does constitute search and seizure, and thus requires a warrant.
“Much like long-term GPS monitoring, long-term location information disclosed in cellphone records can reveal both a comprehensive view and specific details of the individual’s daily life,” Judge Andre Davis wrote in the decision. He cited Renée Hutchins, a law professor at the University of Maryland, to make the follow-up point for him: “Citizens of this country largely expect the freedom to move about in relative anonymity without the government keeping an individualized, turn-by-turn itinerary of our comings and going.”
Most importantly, the Fourth Circuit’s decision on Wednesday increases the likelihood that the Supreme Court will take up the issue of warrantless cellphone location tracking. There’s now a circuit split on the issue, meaning two different federal appeals courts have ruled different ways on the same chunk of law. This practically begs the high court to wade into the pool and sort things out.
And it may have reason to. Last week, the American Civil Liberties Union asked the Supreme Court to take up the CSLI question in a different case, U.S. v. Davis. In that case, a U.S. attorney investigating a string of robberies in Miami asked MetroPCS, the cell provider for the suspect, not for cell-site data from the seven days when the crimes occurred, but for 67 days of complete CSLI. The question there—as was the question before the Fourth Circuit in U.S. v. Graham—is whether a warrant is required for long-term CSLI requests. (Though in the more-recent Graham, the government asked for 221 days of records—more than seven months of location history.) Experts aren’t sure if this particular case will be the one destined for the Court, but it seems likely that it will take up the issue soon.
Even before that petition, though, warrantless CSLI collection had was already back in the news, after a district-court judge in northern California, Lucy Koh, said the practice violated the Constitution. Koh’s opinion is less consequential than the various Circuits courts—it only holds in her district—but it took special aim at cell-provider privacy policies, which often allude to the practice in an attempt for legal cover.
Whether or not the Court hears a CSLI case in next year’s term or three terms from now, it’s likely to continue a trend: that the federal judiciary, not Congress, is doing the work of adjusting the Fourth Amendment for the digital age. The Supreme Court has been engaged in that effort for the past two decades: in Kyllo v. U.S., when it ruled that infrared imaging a house constituted a search; in Riley v. California, when it ruled that law enforcement could not search a smartphone without a warrant; and in U.S. v. Jones, when ruled the same about GPS trackers. Congress could take up the mantle—a bipartisan bill about CSLI has lingered in its higher chamber for years—but, in this case, the slow and steady branch is moving faster than the deadlocked one.