Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy The Courts Businesses Government Software United States Technology

A Supreme Court Case This Week Could Change US Digital Privacy Standards 74

On November 29th, the U.S. Supreme Court will hear oral arguments in Carpenter v. US, a case essentially asking whether or not authorities need a warrant based on probable cause and signed by a judge to see your cellphone location data. For now, they do not. Given the fact that about 95% of Americans have cellphones, this case has major implications. Quartz reports: Mobile-service providers collect "cell site location information" (CSLI) for all phones, ostensibly to use for things like improving their networks. The U.S. government considers these data "routinely collected business records" rather than private information. That means it can demand the records without proving probable cause. That's what happened in the criminal case of Timothy Carpenter, accused of a series of Detroit, Michigan robberies. At Carpenter's trial, prosecutors presented evidence collected by private companies, obtained by the law without probable cause. They used 127 days-worth of cellphone-location data, amounting to almost 13,000 data points, to tell a circumstantial story of Carpenter comings and goings.

In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy" when it comes to these records, government attorneys wrote. Carpenter argues that the location evidence was obtained illegally. The Sixth Circuit Court of Appeals denied that claim last year, basing their decision on Supreme Court cases from the 1970s: Smith v. Maryland and US v. Miller . The appeals court concluded that, under what's called the "third-party doctrine," Americans don't have a reasonable expectation of privacy in things like check deposit slips, similar banking records, and dialed telephone numbers.
This discussion has been archived. No new comments can be posted.

A Supreme Court Case This Week Could Change US Digital Privacy Standards

Comments Filter:
  • by axlash ( 960838 ) on Tuesday November 28, 2017 @07:54PM (#55640817)

    A good question to ask is - what is it reasonable to expect to be private?

    Here are some scenarios that most people would agree would qualify as an invasion of privacy:
    - If what you did on your personal property behind closed doors was made public;
    - If you gave personal information to someone, and they said that they would keep it secret, but they then disclosed it to someone else.

    Here are some scenarios that would *not* qualify as invasion of privacy:
    - If you did something on property that was not yours, and it was made public;

    I am not sure of a situation where you give personal information to someone, and they make it public after making no guarantees to you that they would keep such information secret. Are you foolish for giving the information without such guarantees, or should you expect that because the information is personal, you should automatically assume it should be kept secret? Why should you have such an expectation?

    • by Anonymous Coward

      Are you foolish for giving the information without such guarantees, or should you expect that because the information is personal, you should automatically assume it should be kept secret?

      Are any such guarentees valid? What if it verbal guarentees vs written?
      AFAIK, the theory has become that if you have given information, you have no guarentee of privacy - only an expectation and a possiblity (not guarentee) of legal recourse. Handing out personal information is thus a gamble on whether you were foolish or whther you benfited.
      In the first two cases:
      - What if you have signed a contract to allow recording of yourself behind closed doors, aka tv show "big brother"? Such things can be written in

      • Are any such guarentees valid? What if it verbal guarentees vs written?

        That's what the court is for. In other words, you may have to prove that there is such a guarantee or warranty if you are claiming that the other violates your privacy.

        AFAIK, the theory has become that if you have given information, you have no guarentee of privacy - only an expectation and a possiblity (not guarentee) of legal recourse. Handing out personal information is thus a gamble on whether you were foolish or whther you benfited.

        That just confirms what the GP said. Guarantee could be a "valid" contract. Whatever information you give to someone could be disclosed without being illegal if there is no contract. And you have to be able to prove it regardless how the contract is being done.

        - What if you have signed a contract to allow recording of yourself behind closed doors, aka tv show "big brother"? Such things can be written into contracts easily - it can be difficult for the average person to know what should be allowed and what should not, as well as what cannot be signed away. Harder still when rules can change.

        Again, if you can prove that the contract is invalid, then the contract is null and

        • by dryeo ( 100693 )

          So basically having rights depends on having a good lawyer or more to go up against $BIG_COMPANY

          • So basically having rights depends on having a good lawyer or more to go up against $BIG_COMPANY

            Again, why many people here assume anything to the extreme and ignore everything else? There are inherit rights and there are rights that have to be proven. If you believe that everything is your right, then I have no word to explain. Also, if you believe what you said, I also have no word to explain.

    • by Wrath0fb0b ( 302444 ) on Tuesday November 28, 2017 @08:40PM (#55641037)

      I am not sure of a situation where you give personal information to someone, and they make it public after making no guarantees to you that they would keep such information secret. Are you foolish for giving the information without such guarantees, or should you expect that because the information is personal, you should automatically assume it should be kept secret? Why should you have such an expectation?

      Well, Congress actually stepped in and enacted more (but not maximal) protection than required by passing the Stored Communication Act [ssrn.com]. In relevant part (Â 2702(a) for the law nerds following along) makes an ISP civilly liable if they voluntarily disclose your content except with your lawful consent. That is, the default in the "make no guarantees" is that the ISP cannot disclose anything.

      So appreciate the bizarro-fact that Congress passed a law creating protection that the Constitution doesn't require and appreciate the new default :-)

    • Re: (Score:3, Interesting)

      by sinij ( 911942 )
      Your honor, obviously axlash is premeditated and conspired to commit crime, as he refused to carry his smartphone with him on the day of the event.
    • by clonehappy ( 655530 ) on Tuesday November 28, 2017 @08:55PM (#55641125)

      I get the whole private property vs. public property thing as far as things go like video recording and such. You don't have an expectation of privacy in public because there are other people physically there who can see what you're doing.

      But, for fuck's sake, I should be able to drive up to the gas station to get a 6-pack without the government knowing I did so.

      Sure, the gas station knows I went there. And the people at the gas station can see me there. If any of those people even know who I am, or care. And if I drive past my friend Tom's house on 4th Street to get there, he might see me driving down 4th street. But I still have my privacy to a great extent. None of those individual pieces of information are worth much to anyone.

      The government, if they want to find out, can see that I left my house because my phone disconnected from Wi-Fi, they can tell I got in my car and started it because it connected to the bluetooth, they can track me either through location services or cell towers to pretty much figure out exactly where I went, what route I took to get there, how long it took, and then can see from my debit card that I bought a 6-pack and a Slim Jim. It's just all a little too much. Sure, the convenience is nice but at what cost?

      As for why I should expect all that information to be private? Because keeping historical records of everywhere I go and everything thing I do is not the service I signed up for. I signed up for a mobile telephone and debit card. In the case of the debit card, I understand that records need to be kept for a certain period of time. Not indefinitely, mind you, but for a fixed period of time that should be agreed upon by the cardholder and the bank.

      As for telephones? With the advent of unlimited cellular plans, there really isn't any logical excuse for telephone companies to keep personally identifiable records of really anything at this point. Sure, the cellular network needs to know where I am *right now* in order to route calls to the correct cell tower and to deliver data to any open sessions I may have. It doesn't need to know where I was on January 22, 2009 at 5:37PM in order to route calls to my phone today, and they don't need to know I texted my brother to tell him happy birthday in March of 2013 in order to deliver SMS messages today.

      They don't need that data for network management, either. They can keep historical records of the load on given sites for purposes like that, to know what cells are over or underutilized, etc. But to keep a detailed historical record of my location, every call I made and to whom, every data session, and the contents of every message I've sent going back literally years or decades is obviously nefarious.

      There is no legitimate reason for a service provider to keep any records for any longer than necessary to complete the business end of the service I've signed up for. In the days of metered plans and overages, there was at least a reason to keep the information until the close of the billing cycle and maybe a few more in the case of bill disputes. Today, the record of what I did should be deleted at the end of the session. Meaning this: I've closed the data connection or terminated the phone call or successfully sent or received an SMS? Then the service I asked for was completed, and the records of it should be purged.

      • We were warned. (Score:2, Insightful)

        by Anonymous Coward

        There have been 70+ years of science fiction covering every permutation of this technological stranglehold we are now finding ourselves in. But even in most of those there was some blind spot to the technology.

        Blockchain will be the last nail in that surveillance coffin. Once you can't buy anything without it being traceable the only way left to stay hidden will be underground. And thanks to fine grained power monitoring today it won't be too hard to start looking for the 'leaks' in the powergrid to find pe

      • ...and then can see from my debit card that I bought a 6-pack and a Slim Jim. It's just all a little too much.

        I agree, next time skip the Slim Jim, it's a step too far.

        With the advent of unlimited cellular plans, there really isn't any logical excuse for telephone companies to keep personally identifiable records of really anything at this point.

        I called T-Mobile once about getting my phone records for a court case. They told me they don't keep any records for the prepaid plans. Dunno if it's true, but my lawyer couldn't get them either. Presumably they don't keep them but if they do they're hard to get.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      A good question to ask is - what is it reasonable to expect to be private?

      That's actually quite simple
      Anything that's not accessible to other non-law-enforcement citizens. I can observe anyone I want in public. I can get their public data.
      But I can't have their info from other companies, because they'll tell me to go away.

      • by Anonymous Coward

        So not private, as you told the cell phone company that it was okay for them to sell that data.

      • by dryeo ( 100693 )

        Around here there are stalking laws so depending on why your gathering my info and following me around, it can be illegal to observe me in public.

    • Great questions. At least to me, there's one other distinction at the heart of our expectations: did we share it incidentally or intentionally?

      The phone companies only have this information because they must as a requirement for providing service, not because I'm intending to share it with them. In fact, the data is being shared from the exact same device to the exact same company by the exact same person as it would be when I make a phone call, so why wouldn't they be treated the same? I expect my calls to

  • by markdavis ( 642305 ) on Tuesday November 28, 2017 @08:01PM (#55640859)

    >"In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy"

    And THAT, my friends, is the slippery slope of how privacy and freedom is lost in the modern world of technology. That exact argument has been used over and over again to strip one thing after another. You will have no "reasonable" expectation of privacy wherever you go with your almost absolutely necessary cell-phone. No expectation in your car. No expectation at work. No expectation on a sidewalk. No expectation in your yard. No expectation using your private Email at home. None watching your DVR. Want to work here or just about anywhere? Sign this agreement. Want to get any type of insurance? Sign this agreement. Want to open a bank account? Sign this agreement. Want to own a car, credit card, house, software, whatever, sign this agreement. At some point we are talking about things we can't live without in the modern world and yet things in which private companies apparently conspire to all require the same often questionable and frequently unreasonable terms. And those private companies then allow all this data to flow right to any 3-letter government agency with little or zero resistance, or just "lose" it by being hacked or doing stupid crap.

    • by Anonymous Coward on Tuesday November 28, 2017 @09:43PM (#55641365)
      Data held by third parties ABOUT you needs to be considered YOUR property (and rules must be set to where it cannot be turned over even by the third party without you being granted the right to challenge the seizure) for the purposes of compliance with the Constitution, full stop. What happens if we do not take an absolutist position on this issue is simple: the government can't get what they want from you so they have corporations do it for them.

      Remember the Best Buy employee that the FBI paid per report to generate...oh, sorry, I mean "report"...child porn possessors, having him search computers in a way that would be a flagrant violation of Constitutional protections if the FBI did it directly? That's a prime example of the sort of crap that will go down a lot more often if a precedent is set that makes third parties a 100% legal Constitutional bypass. FBI can't search your history? Well, now they just go to Google and subpoena your search history, outbound clicks, and visit bounce times!
      • Federal Government employees (in America) are limited by the American Constitution. Anyone who works for the Gov is an employee, including employees of a cellphone company who do jobs for the police, and therefore should be under Constitutional limits. Gathering location data for the purpose of handing over to police counts as working for the government.
        • by flink ( 18449 )

          The phone companies aren't acting on behalf of the government when they gather the location data: they do that in the normal course of doing business with you. They are cooperating with the government when they surrender this data upon request. This is not much different than an eye witness to a crime voluntarily cooperating with police instead of lawyering up.

          I think this data should be protected. I think some sort of covenant should exist between you and those who have custody of intimate data about you

  • slippery (Score:2, Interesting)

    Is it private information if you walk around shouting your name wherever you go? Or showing your face? Is it not just a short leap from that to your cell phone doing that for you?
    • Re: (Score:3, Insightful)

      by FatdogHaiku ( 978357 )

      Is it private information if you walk around shouting your name wherever you go? Or showing your face? Is it not just a short leap from that to your cell phone doing that for you?

      Agreed. If you had told someone in 1960 that there would be a radio network broadcasting the current whereabouts of basically everyone, they would think the commies had taken over.

      • Is it private information if you walk around shouting your name wherever you go? Or showing your face? Is it not just a short leap from that to your cell phone doing that for you?

        Agreed. If you had told someone in 1960 that there would be a radio network broadcasting the current whereabouts of basically everyone, they would think the commies had taken over.

        Both security and privacy are no longer worth what they used to be for the average citizen. They simply don't give a shit anymore about them, and will gladly sell their digital soul to feed their e-addictions.

    • by Anonymous Coward

      Is it private information if you walk around shouting your name wherever you go? Or showing your face?

      Are there microphones and cameras on every corner and every house tracking your every move? Because no matter how much I shout, I probably won't be heard in the center of my house. And in most rooms, you can't see my face from the outside.

      Is it not just a short leap from that to your cell phone doing that for you?

      Take it up to 11, is it okay for anyone and everyone to listen in on your cell phone calls or

    • Is it private information if you walk around shouting your name wherever you go?

      "Shouting" doesn't seem like a very apt analogy for a private control message between cell phone and network generated by simply walking around with one's cell phone on. The question is whether those messages were sufficiently public to defeat the cell phone user's legitimate expectation of privacy against a warrantless communication of those messages to the government. The fact that this case has reached the Supreme Court is evidence enough this isn't a simple question.

      Or showing your face?

      Not literally, no, but that seems l

      • If the government put cameras on every corner, then paired that with working facial recognition, then made the database searchable by person for anyone with a badge, that too is a totally unreasonable invasion of privacy. Like the court ruling that disallowed sticking a GPS on your car without a warrant; sure it would be ok for a cop to follow you, but the level of invasiveness that comes with automated technology gives rise to valid privacy concerns.
        • I don't disagree that your scenario still raises privacy concerns, but I think that situation is a much closer question than Carpenter. Even if there are discrete VHS tapes changed every 6 hours behind every one of those cameras such that people would have to sit and watch thousands of tapes to see if I happened to pass by one of those camera, I still know (or should have known) that the government was collecting all that data and they would be able to know anything that happened on those cameras if they w

  • I don't understand (Score:5, Insightful)

    by nehumanuscrede ( 624750 ) on Tuesday November 28, 2017 @08:39PM (#55641033)

    what changed when we made the transition from wireline to wireless.
    How is it that, by simply changing the method of transmission, we lost so much in the realm of privacy ?
    ( Location tracking even when disabled, cameras front and back, microphone and fully hackable )

    They used the same argument when we switched from physical mail, to the electronic variety.
    ( Oh, it's stored on third party servers, so it's fair game. Even if stored overseas, they still try to lay claim to it. )

    Why is it that I ( supposedly ) cannot be compelled to incriminate myself ( 5th amendment ) yet, I can be forced to provide
    my fingerprint, face print, whatever, to unlock my phone which may or may not contain incriminating evidence during an
    overly broad search of an entire building by the FBI ? ( Sans warrant I might add )

    Even a fucking pen register required someone to sign off on it. ( Not a warrant, but still had to be approved )

    On top of all this, it's unlikely they even bothered to go to the Phone Company for this data. They probably just fired up the damn
    Stingray and are using the phone records as a nice scapegoat for how they obtained the data in the first place.

    • by AHuxley ( 892839 )
      Wireline went from an account as a direct wire to the exchange line building or hardware (a very simple way of considering how a POTS worked before digital changes)
      The cell phone was a later invention and the police and security services had more advanced tracking ready.
      Different providers, networks, telcos all passing a cell phone from network to network all over there USA.
      That was the legal opening needed. The user had signed away their rights when moving from telco to telco, service to service.
      Eve
    • by Mondragon ( 3537 )

      Getting cell tower association data requires a court order, just like call detail record (CDR) data does (it's basically in the CDR data for mobile).

    • just like with wired they did not need a warrant to know where the physical phone were (they just had to ask the company where the phone number it was linked to, which address, by reading the company documentation (phonebook) or just plain asking the company which complied warrantlessly. This is the same here, the company has your location, and is complying mostly warrantlessly. This is one of the case where you think there is a difference, but when you dig deeper, there is not. In both case the company kn
    • There isn't enough detail in the article or summary. But it *seems* that what they did was, once they had a suspect, they went to the phone company to see if he was in the vicinity of the robberies. if they had reason to suspect him, they probably could have gotten the warrant if they needed it. So this may create an interesting legal outcome but probably has no practical implications. If you commit a crime and the police have reasonable suspicion, they may not have to get a warrant, but they're still g
  • The ISPs, cell companies, app authors, etc are the custodians of location data. This data can't legally be disclosed unless there's:
    (a) customer consent
    (b) a lawful warrant

    In these days of electronic warrants, it's not a big burden to have to ask a judge, but it keeps things kosher and makes sure the government isn't asking for personal data without good reason.

    • by Mondragon ( 3537 )

      This is not user location data, despite what the summary states. It is data about the cell tower the user phone is associated with, *when the user makes a call*. Yes, this can give you some level of location data for the user, but the location precision is quite poor, and it does not exist when you are not using the phone.

  • by cyn1c77 ( 928549 ) on Wednesday November 29, 2017 @03:23AM (#55642309)

    ... as long as everyone can download that location info and the phone owner's name realtime.

    They watch us, we watch them.

    The law enforcement agencies will be OK with that, right? Because, I mean, they work for us, right?

"Your stupidity, Allen, is simply not up to par." -- Dave Mack (mack@inco.UUCP) "Yours is." -- Allen Gwinn (allen@sulaco.sigma.com), in alt.flame

Working...