A Supreme Court Case This Week Could Change US Digital Privacy Standards 74
On November 29th, the U.S. Supreme Court will hear oral arguments in Carpenter v. US, a case essentially asking whether or not authorities need a warrant based on probable cause and signed by a judge to see your cellphone location data. For now, they do not. Given the fact that about 95% of Americans have cellphones, this case has major implications. Quartz reports: Mobile-service providers collect "cell site location information" (CSLI) for all phones, ostensibly to use for things like improving their networks. The U.S. government considers these data "routinely collected business records" rather than private information. That means it can demand the records without proving probable cause. That's what happened in the criminal case of Timothy Carpenter, accused of a series of Detroit, Michigan robberies. At Carpenter's trial, prosecutors presented evidence collected by private companies, obtained by the law without probable cause. They used 127 days-worth of cellphone-location data, amounting to almost 13,000 data points, to tell a circumstantial story of Carpenter comings and goings.
In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy" when it comes to these records, government attorneys wrote. Carpenter argues that the location evidence was obtained illegally. The Sixth Circuit Court of Appeals denied that claim last year, basing their decision on Supreme Court cases from the 1970s: Smith v. Maryland and US v. Miller . The appeals court concluded that, under what's called the "third-party doctrine," Americans don't have a reasonable expectation of privacy in things like check deposit slips, similar banking records, and dialed telephone numbers.
In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy" when it comes to these records, government attorneys wrote. Carpenter argues that the location evidence was obtained illegally. The Sixth Circuit Court of Appeals denied that claim last year, basing their decision on Supreme Court cases from the 1970s: Smith v. Maryland and US v. Miller . The appeals court concluded that, under what's called the "third-party doctrine," Americans don't have a reasonable expectation of privacy in things like check deposit slips, similar banking records, and dialed telephone numbers.
What should be private? (Score:5, Interesting)
A good question to ask is - what is it reasonable to expect to be private?
Here are some scenarios that most people would agree would qualify as an invasion of privacy:
- If what you did on your personal property behind closed doors was made public;
- If you gave personal information to someone, and they said that they would keep it secret, but they then disclosed it to someone else.
Here are some scenarios that would *not* qualify as invasion of privacy:
- If you did something on property that was not yours, and it was made public;
I am not sure of a situation where you give personal information to someone, and they make it public after making no guarantees to you that they would keep such information secret. Are you foolish for giving the information without such guarantees, or should you expect that because the information is personal, you should automatically assume it should be kept secret? Why should you have such an expectation?
Re: (Score:1)
Are you foolish for giving the information without such guarantees, or should you expect that because the information is personal, you should automatically assume it should be kept secret?
Are any such guarentees valid? What if it verbal guarentees vs written?
AFAIK, the theory has become that if you have given information, you have no guarentee of privacy - only an expectation and a possiblity (not guarentee) of legal recourse. Handing out personal information is thus a gamble on whether you were foolish or whther you benfited.
In the first two cases:
- What if you have signed a contract to allow recording of yourself behind closed doors, aka tv show "big brother"? Such things can be written in
Re: (Score:1)
Are any such guarentees valid? What if it verbal guarentees vs written?
That's what the court is for. In other words, you may have to prove that there is such a guarantee or warranty if you are claiming that the other violates your privacy.
AFAIK, the theory has become that if you have given information, you have no guarentee of privacy - only an expectation and a possiblity (not guarentee) of legal recourse. Handing out personal information is thus a gamble on whether you were foolish or whther you benfited.
That just confirms what the GP said. Guarantee could be a "valid" contract. Whatever information you give to someone could be disclosed without being illegal if there is no contract. And you have to be able to prove it regardless how the contract is being done.
- What if you have signed a contract to allow recording of yourself behind closed doors, aka tv show "big brother"? Such things can be written into contracts easily - it can be difficult for the average person to know what should be allowed and what should not, as well as what cannot be signed away. Harder still when rules can change.
Again, if you can prove that the contract is invalid, then the contract is null and
Re: (Score:2)
So basically having rights depends on having a good lawyer or more to go up against $BIG_COMPANY
Re: (Score:2)
So basically having rights depends on having a good lawyer or more to go up against $BIG_COMPANY
Again, why many people here assume anything to the extreme and ignore everything else? There are inherit rights and there are rights that have to be proven. If you believe that everything is your right, then I have no word to explain. Also, if you believe what you said, I also have no word to explain.
Re:What should be private? (Score:5, Informative)
I am not sure of a situation where you give personal information to someone, and they make it public after making no guarantees to you that they would keep such information secret. Are you foolish for giving the information without such guarantees, or should you expect that because the information is personal, you should automatically assume it should be kept secret? Why should you have such an expectation?
Well, Congress actually stepped in and enacted more (but not maximal) protection than required by passing the Stored Communication Act [ssrn.com]. In relevant part (Â 2702(a) for the law nerds following along) makes an ISP civilly liable if they voluntarily disclose your content except with your lawful consent. That is, the default in the "make no guarantees" is that the ISP cannot disclose anything.
So appreciate the bizarro-fact that Congress passed a law creating protection that the Constitution doesn't require and appreciate the new default :-)
Re: (Score:3, Interesting)
Re:What should be private? (Score:5, Insightful)
I get the whole private property vs. public property thing as far as things go like video recording and such. You don't have an expectation of privacy in public because there are other people physically there who can see what you're doing.
But, for fuck's sake, I should be able to drive up to the gas station to get a 6-pack without the government knowing I did so.
Sure, the gas station knows I went there. And the people at the gas station can see me there. If any of those people even know who I am, or care. And if I drive past my friend Tom's house on 4th Street to get there, he might see me driving down 4th street. But I still have my privacy to a great extent. None of those individual pieces of information are worth much to anyone.
The government, if they want to find out, can see that I left my house because my phone disconnected from Wi-Fi, they can tell I got in my car and started it because it connected to the bluetooth, they can track me either through location services or cell towers to pretty much figure out exactly where I went, what route I took to get there, how long it took, and then can see from my debit card that I bought a 6-pack and a Slim Jim. It's just all a little too much. Sure, the convenience is nice but at what cost?
As for why I should expect all that information to be private? Because keeping historical records of everywhere I go and everything thing I do is not the service I signed up for. I signed up for a mobile telephone and debit card. In the case of the debit card, I understand that records need to be kept for a certain period of time. Not indefinitely, mind you, but for a fixed period of time that should be agreed upon by the cardholder and the bank.
As for telephones? With the advent of unlimited cellular plans, there really isn't any logical excuse for telephone companies to keep personally identifiable records of really anything at this point. Sure, the cellular network needs to know where I am *right now* in order to route calls to the correct cell tower and to deliver data to any open sessions I may have. It doesn't need to know where I was on January 22, 2009 at 5:37PM in order to route calls to my phone today, and they don't need to know I texted my brother to tell him happy birthday in March of 2013 in order to deliver SMS messages today.
They don't need that data for network management, either. They can keep historical records of the load on given sites for purposes like that, to know what cells are over or underutilized, etc. But to keep a detailed historical record of my location, every call I made and to whom, every data session, and the contents of every message I've sent going back literally years or decades is obviously nefarious.
There is no legitimate reason for a service provider to keep any records for any longer than necessary to complete the business end of the service I've signed up for. In the days of metered plans and overages, there was at least a reason to keep the information until the close of the billing cycle and maybe a few more in the case of bill disputes. Today, the record of what I did should be deleted at the end of the session. Meaning this: I've closed the data connection or terminated the phone call or successfully sent or received an SMS? Then the service I asked for was completed, and the records of it should be purged.
We were warned. (Score:2, Insightful)
There have been 70+ years of science fiction covering every permutation of this technological stranglehold we are now finding ourselves in. But even in most of those there was some blind spot to the technology.
Blockchain will be the last nail in that surveillance coffin. Once you can't buy anything without it being traceable the only way left to stay hidden will be underground. And thanks to fine grained power monitoring today it won't be too hard to start looking for the 'leaks' in the powergrid to find pe
Re: (Score:3)
...and then can see from my debit card that I bought a 6-pack and a Slim Jim. It's just all a little too much.
I agree, next time skip the Slim Jim, it's a step too far.
With the advent of unlimited cellular plans, there really isn't any logical excuse for telephone companies to keep personally identifiable records of really anything at this point.
I called T-Mobile once about getting my phone records for a court case. They told me they don't keep any records for the prepaid plans. Dunno if it's true, but my lawyer couldn't get them either. Presumably they don't keep them but if they do they're hard to get.
Re: (Score:2)
But what if that join doesn't happen?
The problem today is that data aggregation is happening at an obscene rate. It is the norm for large businesses to affiliate and share data, and some business buy user data specifically to mine it.
In addition to law enforcement officials, we need to consider placing some restrictions on how private organizations can collect, share, and analyze data.
Re: (Score:2, Interesting)
A good question to ask is - what is it reasonable to expect to be private?
That's actually quite simple
Anything that's not accessible to other non-law-enforcement citizens. I can observe anyone I want in public. I can get their public data.
But I can't have their info from other companies, because they'll tell me to go away.
Re: What should be private? (Score:1)
So not private, as you told the cell phone company that it was okay for them to sell that data.
Re: (Score:2)
Around here there are stalking laws so depending on why your gathering my info and following me around, it can be illegal to observe me in public.
Re: (Score:2)
Great questions. At least to me, there's one other distinction at the heart of our expectations: did we share it incidentally or intentionally?
The phone companies only have this information because they must as a requirement for providing service, not because I'm intending to share it with them. In fact, the data is being shared from the exact same device to the exact same company by the exact same person as it would be when I make a phone call, so why wouldn't they be treated the same? I expect my calls to
"No reasonable expectation" (Score:5, Insightful)
>"In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy"
And THAT, my friends, is the slippery slope of how privacy and freedom is lost in the modern world of technology. That exact argument has been used over and over again to strip one thing after another. You will have no "reasonable" expectation of privacy wherever you go with your almost absolutely necessary cell-phone. No expectation in your car. No expectation at work. No expectation on a sidewalk. No expectation in your yard. No expectation using your private Email at home. None watching your DVR. Want to work here or just about anywhere? Sign this agreement. Want to get any type of insurance? Sign this agreement. Want to open a bank account? Sign this agreement. Want to own a car, credit card, house, software, whatever, sign this agreement. At some point we are talking about things we can't live without in the modern world and yet things in which private companies apparently conspire to all require the same often questionable and frequently unreasonable terms. And those private companies then allow all this data to flow right to any 3-letter government agency with little or zero resistance, or just "lose" it by being hacked or doing stupid crap.
Re: "No reasonable expectation" (Score:4, Insightful)
Wrong. The third party doctrine was decided wrongly too. The government is not going after "business records", they're going after people.
Allowing the government to circumvent a person's rights because of a legalism created by that very same government (that is, corporations) is as wrong as if the government planted a GPS on you themselves.
As to your righteous condemnation of anything a bunch of totally untrustworthy politicians decide is against the law, I'd invite you to consider that you probably broke half a dozen of them on your way home from work today.
Re: "No reasonable expectation" (Score:5, Insightful)
>"slippery slope" my ass. This is the worst possible point you can stress when defending your position.
Quite the opposite. The "slippery slope" is exactly the type of thing that gets society in trouble time after time. Justifying each small surrender for supposedly the "greater good", step by step walking down the slope into a future where we suddenly wake up and realize the path somewhere along the way was wrong and yet those stairs are now a greased slide.
>"Generalization and out of context statements or phrases are the social warriors main ammunition."
Trust me, I am no social [justice] warrior. I am, however, very interested in LIMITING the power of government.... exactly the principles this country [USA] were founded upon. Social warriors are those who want ever increasing [especially Federal] government powers to control everyone's behaviors because supposedly everyone is a victim that needs daddy government to run everyone's lives. Or perhaps we are all just "unsafe" and need to surrender "just a little more" privacy and freedom in the name of safety and security? "If you have nothing to hide" and all that.
>"There are bad people roaming all over the world. Some of these people are dangerous. You can't take away all the tools used by law enforcement and national security agencies."
These are "tools" they never had in the past, so nothing is being "taken away" it is just not allowing them the new-found power to track everyone both now and in the past.
>"Law enforcement and the security agencies don't have the resources to waste on the inconsequential."
Right. Because such powers are never and will never be abused. I think you need to study history more...
Re: (Score:2, Informative)
Indeed smart criminals use burner phones and change them often.
The problem is you contractually agreed to let the phone company track you, not the government.
If this court challenge fails then it is very important that it be explicitly driven home to everyone who owns a phone that they are one and the same.
Re: "No reasonable expectation" (Score:5, Insightful)
You do not have to use a cell phone, or have it turned on while doing criminal shit.
Your entire argument hinges on that fundamentally false statement.
You're carrying a GPS tracker that you contractually agreed to allow track you. End of the argument. Goodbye.
I never willingly contractually agreed to have anyone track me and I would gladly opt out of records of my GPS movement if allowed.
The services I use on my phone don't require them to actually store my location anywhere to still be able to provide me the service.
I think the correct solution is to make it illegal for cellular companies to store cellular tower or GPS locations about their customers.
As far as turning your phone off while breaking the law, I could easily see a future where an innocent person could become a
suspect just because their phone happened to be off during multiple robberies.
Re: (Score:2)
Re: "No reasonable expectation" (Score:4, Insightful)
>"You do not have to use a cell phone"
And you do not have to drive a car.
And you do not have to use Email.
And you do not have to use a credit card.
And you do not have to browse the web.
And you do not have to use electricity.
And you do not have to use a DVR.
And you do not have to work at X, Y, or Z.
And you do not have to have a bank account.
I think you totally missed the point of my post. At what point are such "normal" activities no longer "optional" in a modern society?
>"End of the argument. Goodbye."
It isn't dismissed quite that easily, I am afraid.
Re: (Score:2)
Basically there's this little thing called FREEDOM.
If the thought of freedom for yourself or, especially, for others disturbs you then GET OUT OF THE USA!
Re:"No reasonable expectation" (Score:4, Insightful)
Remember the Best Buy employee that the FBI paid per report to generate...oh, sorry, I mean "report"...child porn possessors, having him search computers in a way that would be a flagrant violation of Constitutional protections if the FBI did it directly? That's a prime example of the sort of crap that will go down a lot more often if a precedent is set that makes third parties a 100% legal Constitutional bypass. FBI can't search your history? Well, now they just go to Google and subpoena your search history, outbound clicks, and visit bounce times!
Re: (Score:2)
Re: (Score:2)
The phone companies aren't acting on behalf of the government when they gather the location data: they do that in the normal course of doing business with you. They are cooperating with the government when they surrender this data upon request. This is not much different than an eye witness to a crime voluntarily cooperating with police instead of lawyering up.
I think this data should be protected. I think some sort of covenant should exist between you and those who have custody of intimate data about you
slippery (Score:2, Interesting)
Re: (Score:3, Insightful)
Is it private information if you walk around shouting your name wherever you go? Or showing your face? Is it not just a short leap from that to your cell phone doing that for you?
Agreed. If you had told someone in 1960 that there would be a radio network broadcasting the current whereabouts of basically everyone, they would think the commies had taken over.
Re: (Score:3)
Is it private information if you walk around shouting your name wherever you go? Or showing your face? Is it not just a short leap from that to your cell phone doing that for you?
Agreed. If you had told someone in 1960 that there would be a radio network broadcasting the current whereabouts of basically everyone, they would think the commies had taken over.
Both security and privacy are no longer worth what they used to be for the average citizen. They simply don't give a shit anymore about them, and will gladly sell their digital soul to feed their e-addictions.
Re: (Score:1)
Are there microphones and cameras on every corner and every house tracking your every move? Because no matter how much I shout, I probably won't be heard in the center of my house. And in most rooms, you can't see my face from the outside.
Take it up to 11, is it okay for anyone and everyone to listen in on your cell phone calls or
Re: (Score:2)
Is it private information if you walk around shouting your name wherever you go?
"Shouting" doesn't seem like a very apt analogy for a private control message between cell phone and network generated by simply walking around with one's cell phone on. The question is whether those messages were sufficiently public to defeat the cell phone user's legitimate expectation of privacy against a warrantless communication of those messages to the government. The fact that this case has reached the Supreme Court is evidence enough this isn't a simple question.
Or showing your face?
Not literally, no, but that seems l
Re: (Score:2)
Re: (Score:2)
I don't disagree that your scenario still raises privacy concerns, but I think that situation is a much closer question than Carpenter. Even if there are discrete VHS tapes changed every 6 hours behind every one of those cameras such that people would have to sit and watch thousands of tapes to see if I happened to pass by one of those camera, I still know (or should have known) that the government was collecting all that data and they would be able to know anything that happened on those cameras if they w
Re: (Score:3, Insightful)
Re: (Score:2)
I think it depends a lot on your choice of lifestyle. I gave up carrying a cell phone almost a decade ago and very rarely miss it, we're talking a couple times a year tops. That said I'm a sedentary person who's a homebody. I spend the vast majority of my waking time at work or at home. When I'm driving from place to place it's in high population density areas. About the only time I'm more than 15 miles from home is the couple times a year when I travel on major interstates to visit family. All that said I
I don't understand (Score:5, Insightful)
what changed when we made the transition from wireline to wireless.
How is it that, by simply changing the method of transmission, we lost so much in the realm of privacy ?
( Location tracking even when disabled, cameras front and back, microphone and fully hackable )
They used the same argument when we switched from physical mail, to the electronic variety.
( Oh, it's stored on third party servers, so it's fair game. Even if stored overseas, they still try to lay claim to it. )
Why is it that I ( supposedly ) cannot be compelled to incriminate myself ( 5th amendment ) yet, I can be forced to provide
my fingerprint, face print, whatever, to unlock my phone which may or may not contain incriminating evidence during an
overly broad search of an entire building by the FBI ? ( Sans warrant I might add )
Even a fucking pen register required someone to sign off on it. ( Not a warrant, but still had to be approved )
On top of all this, it's unlikely they even bothered to go to the Phone Company for this data. They probably just fired up the damn
Stingray and are using the phone records as a nice scapegoat for how they obtained the data in the first place.
Re: (Score:2)
The cell phone was a later invention and the police and security services had more advanced tracking ready.
Different providers, networks, telcos all passing a cell phone from network to network all over there USA.
That was the legal opening needed. The user had signed away their rights when moving from telco to telco, service to service.
Eve
Re: (Score:2)
Getting cell tower association data requires a court order, just like call detail record (CDR) data does (it's basically in the CDR data for mobile).
wired is physical - nothing changed (Score:2)
Re: (Score:2)
Use HIPAA as a model... (Score:2)
The ISPs, cell companies, app authors, etc are the custodians of location data. This data can't legally be disclosed unless there's:
(a) customer consent
(b) a lawful warrant
In these days of electronic warrants, it's not a big burden to have to ask a judge, but it keeps things kosher and makes sure the government isn't asking for personal data without good reason.
Re: (Score:2)
This is not user location data, despite what the summary states. It is data about the cell tower the user phone is associated with, *when the user makes a call*. Yes, this can give you some level of location data for the user, but the location precision is quite poor, and it does not exist when you are not using the phone.
Re: (Score:2)
Try again: https://www.theverge.com/2017/... [theverge.com]
I'm OK with this... (Score:4, Insightful)
... as long as everyone can download that location info and the phone owner's name realtime.
They watch us, we watch them.
The law enforcement agencies will be OK with that, right? Because, I mean, they work for us, right?