SCOTUS to Address Whether There is a Reasonable Expectation of Privacy in Mobile Phone Location Data

On June 5, 2017, the United States Supreme Court granted a petition for a writ of certiorari in Carpenter v. United States, from the Sixth Circuit Court of Appeals. The Supreme Court will have to address whether or not the Fourth Amendment protects government access to historical cellular phonesite records. In Carpenter, the government seized several months’ worth of cell phone location records from robbery suspects without obtaining a probable cause warrant. For one suspect, Timothy Carpenter, the records revealed 12,898 separate points of location data. For another suspect, Timothy Sanders, the records revealed 23,034 separate points of location data.

FBI agent Christopher Hess offered expert testimony explaining that the cell phone data acquired under the  Stored Communications Act (“SCA”)(18 U.S.C. Chapter 121 §§ 2701–2712) indicated that Carpenter and Sanders’ phones were within one-half mile to two miles of the location of each of the robberies around the time the event occurred. Carpenter and Sanders sought to suppress this evidence under the Fourth Amendment, but the district court denied their motion.

The SCA permits the government to obtain records where “specific and articulable facts show that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation”—a much lower bar than the probable cause needed to obtain a run-of-the-mill search warrant.

A divided panel of the Sixth Circuit stated that, “although the content of personal communications is private, the information necessary to get those communications from point A to point B is not.” For example, while individuals may enjoy a reasonable expectation of privacy regarding the content of their telephone calls, they do not have the same expectation for the numbers dialed. The court concluded that, “[t]oday, the same distinction applies to internet communications,” i.e., while the Fourth Amendment protects the contents of an email, it does not protect metadata. The Sixth Circuit joins the Fourth, Fifth, and Eleventh Circuits in holding that there is no reasonable expectation of privacy in historical cell site location information under the Fourth Amendment, and therefore no warrant is required.

Numerous lower court judges encountering the issue have followed the Supreme Court’s third-party-doctrine cases, which hold that a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties. However, this line of thinking has been deemed antiquated by some in light of the vast amounts of data that are collected on a daily basis. Justice Sotomayor noted in United States v. Jones, that it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties and that this approach is ill-suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. 132 S. Ct. 945, 957 (2012).

In recognition of this changing tide, and relevant to the issue presented in Carpenter, some courts have concluded that individuals have a reasonable expectation of privacy in their location. For example, in United States v. Maynard, 615 F.3d 544 (D.C. Cir. 2010), aff’d on other grounds sub nom. Jones, 132 S. Ct. 945, the D.C. Circuit held that using a GPS device to surreptitiously track a car over the course of 28 days violated reasonable expectations of privacy and was therefore a Fourth Amendment search. Id. at 563. The court explained that “[p]rolonged surveillance reveals types of information not revealed by short-term surveillance, such as what a person does repeatedly, what he does not do, and what he does ensemble. These types of information can each reveal more about a person than any individual trip viewed in isolation.” Id. at 562. Therefore, people have a reasonable expectation of privacy in the intimate and private information.

Collecting and analyzing cell phone records can, and often does, reveal extraordinarily sensitive details about a person’s life. This case will have an enormous impact on the Fourth Amendment in connection with data collected and an individual’s expectation of privacy in the ever progressing digital age.

“From the Office to Cyberspace: Workplace Violence in the Twenty-First Century” Article Published by DRI

Gordon & Rees Partner Diane Krebs and Associate Jamie Haar authored an article, “From the Office to Cyberspace: Workplace Violence in the Twenty-First Century,” published in the January 2017 issue of DRI’s magazine, For The Defense.

In their article, Krebs and Haar, both members of Gordon & Rees’s Employment Practice Group, offer key legal considerations for employers on how to navigate workplace violence and bullying  in today’s social media-heavy world.

The article discusses the many forms of workplace violence and bullying, with a particular focus on workplace cyberbullying, as well as identifies legal implications and an employer’s potential liability. Among other things, the article discusses the privacy concerns implicated by the Stored Communications Act to assist employers in crafting their investigatory procedures.

To read the full article, click here.

For Now, Emails Stored on Foreign Servers Are Immune to Warrant Searches

On July 14, 2016, the Second Circuit Court of Appeals ruled in the potentially groundbreaking Microsoft v. United States case that the federal government cannot compel companies to turn over emails stored on servers located outside the United States. In today’s border-shrinking digital world, the Second Circuit’s ruling raises a slew of questions (that will no doubt be litigated extensively in the coming years) and more than a few concerns.

In December 2013, the United States government sought to execute a search warrant pursuant to Section 2703(a) of the Stored Communications Act (“the “SCA”) to seize the contents of an email account of a suspected participant in a narcotics ring, which was stored on Microsoft’s servers in Ireland. Microsoft refused to turn over the extraterritorial emails, and was held in contempt for failing to comply with a search warrant.

Initially, the Southern District of New York ruled that Section 2703 of the SCA applies extraterritorially, and ordered Microsoft to release the sought-after emails. On appeal, however, the Second Circuit held that Section 2703 of the SCA “does not authorize courts to issue and enforce against U.S.‐based service providers warrants for the seizure of customer e‐mail content that is stored exclusively on foreign server.”

In reversing the district court, even after noting the presumption against extraterritoriality, the Second Circuit relied heavily upon the fact that the SCA, passed in 1986, was drafted when computers were in their infancy, foreign-communicating servers did not exist, and very few lawmakers were familiar with the concept of the Internet. The Second Circuit also found persuasive the fact that the SCA’s warrant provision that allows the government to require disclosure of electronically stored communications, like any other search warrant and unlike subpoenas, is restricted by the Fourth Amendment to domestic applications only.

In the concurrence to the Microsoft opinion, the Second Circuit acknowledges that the SCA does not protect emails and other information stored on domestic servers. In fact, the Court notes, nothing prevents private companies from transferring electronically stored communications stored on foreign servers to American-based servers with the click of a button, which would give the federal government the opportunity to execute a properly obtained search warrant lawfully.

At minimum, this case signals to Congress the urgent need to updated outdated statutes like the SCA that have been rendered obsolete by decades of warp-speed technological breakthroughs and advancement. In 1986, the concept of cloud storage, extraterrestrial servers and fast-speed internet was the stuff of science fiction novels. Today, such technology is used by virtually every business and by a large percentage of the world’s population. The Second Circuit has signaled to Congress that the time to weigh privacy interests against the government’s legitimate need for evidence is now.

Social Media Providers Prevail In Quashing Subpoenas In Criminal Proceedings

Derrick Hunter and Lee Sullivan were indicted and still await trial, on murder, weapons, and gang-related charges stemming from a drive-by shooting in California which occurred in 2013. Both Defendants served a subpoena duces tecum on Facebook, Instagram and Twitter, seeking public and private content from user accounts of the murder victim and a witness to the alleged crimes. As to Facebook, the subpoena stated “[a]ny and all public and private content,” including, but “not limited to user information, associated email addresses, photographs, videos, private messages, activity logs, posts, status updates, location data, and comments including information deleted by the account holder” for accounts belonging to the murder victim, Jaquan Rice and to the only witness Renasha Lee.

In January 2015, Facebook, Instagram and Twitter moved to quash the subpoenas as violative of the Stored Communications Act (SCA) (18 U.S.C. §§2701-2712). The SCA prohibits electronic communication service providers from releasing a customer’s data without the customer’s consent. (See 18 U.S.C. §§ 2702(a)(1), 2702(b)(3).) For this reason, just about every social networking service in America regularly refuses to produce records containing the content of electronic communications. There are a few exceptions, most notably for law enforcement officers who have a warrant. (See Flagg v. City of Detroit, 252 F.R.D. 346, 350 (E.D. Mich. 2008).)

The trial court denied the motions to quash. Facebook, Instagram and Twitter appealed arguing that disclosure of the information sought was barred by the SCA. The Defendants opposed, contending that their constitutional rights to present a complete defense, cross-examine witnesses, and a fair trial prevailed over the privacy rights of account holders under the SCA. In an offer of proof as to Lee’s social media records, defendant Sullivan alleged that the records would demonstrate Lee, the sole witness who could implicate him in the shootings, was motivated by jealous rage over Sullivan’s involvement with other women, and that Lee had repeatedly threatened others with violence. Sullivan cited examples of postings that included a photograph of Lee holding a gun and making threats. In his offer of proof as to victim Rice’s social media records, Sullivan said review of the records was required to “locate exculpatory evidence” and to confront and cross-examine the prosecution gang expert from the San Francisco Police Department Gang Task Force, who testified that he “relied on social media records in forming an opinion whether a particular crime is gang related.”

Carefully reviewing, but ultimately rejecting these arguments, the Court of Appeal held the SCA provides no direct mechanism for access by a criminal defendant to private communication content, and “California’s discovery laws cannot be enforced in a way that compels . . . disclosures violating the Act.”

Although the court’s holding is limited; it left open the possibility that entities such as Facebook, Twitter or LinkedIn may be obligated to produce evidence of a person’s social media content in a criminal trial, instead of pretrial, as here. This is a curious procedural distinction, perhaps reflecting some discomfort with the holding.

The full opinion is available here.