February 20, 2020

February 20, 2020

Subscribe to Latest Legal News and Analysis

February 19, 2020

Subscribe to Latest Legal News and Analysis

February 18, 2020

Subscribe to Latest Legal News and Analysis

Carpenter v. United States Privacy Case Pushes Supreme Court to Decide Fourth Amendment Protections of Cell Phone Metadata

The U.S. Supreme Court heard oral arguments in what may become one of the defining consumer privacy cases of our generation. The central question in Carpenter v. United States asks whether the government violates the Fourth Amendment by accessing an individual’s historical cell phone locations records without a warrant. The Court’s decision, expected by June 2018, could draw a more concrete legal line for what constitutes “reasonable search and seizure” when government agencies seek to gather potentially incriminating smartphone data from third-party communication providers. The outcome of the case may significantly reshape consumer expectations of electronic privacy, and even alter the disclosures companies across all sectors must make in their privacy policies.

The case begins in April 2011, when police arrested four men in connection with a series of armed robberies in Michigan and Ohio. This group did not originally include complainant Timothy Carpenter; he was later targeted by law enforcement when one of the arrestees confessed and handed over his cell phone number to the FBI. Federal investigators used the number to obtain “transactional records” from a cell phone company, which included the date, time, and location of calls based on proximity to nearby cell towers (“cell-sites”). Using this information, the government determined that Carpenter’s cell phone also communicated with cell towers nearby and at the time of the four robberies. He was convicted of aiding and abetting robbery that affected interstate commerce, and sentenced to 116 years in federal prison.

Carpenter appealed his case on the grounds that because the FBI did not have a warrant based on probable cause in order to obtain the phone records that led to his arrest, the cell-site evidence violates his Fourth Amendment rights. The FBI originally received authorization to obtain these records by way of three orders from magistrate judges granted under the Stored Communications Act, which provides that the government may require the disclosure of certain telecommunications records when “specific and articulable facts show[] that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.”  The Sixth Circuit Appeals Court denied Carpenter’s appeal, claiming that the Fourth Amendment may apply to the content of personal phone calls but does not protect metadata about the calls, including location data. The case has already drawn a number of parallels with the 2012 case of United States v. Joneswhich involved the warrantless tracking of a vehicle with a planted GPS device.

Several amicus briefs have been submitted to the Court, including statements from tech giants Apple, Google, Facebook, Microsoft, Twitter, Verizon, and several others. These companies have historically taken a hard stance when responding to government requests for consumer data (e.g. Apple’s refusal of an FBI request to unlock a gunman’s iPhone in 2016). As privacy concerns continue to occupy public dialogue in light of wide-scale data breaches and concerns about government surveillance, consumers are increasingly opting to do business with companies that offer stronger data and privacy protections by design (such as WhatsApp’s end-to-end encrypted text message service). A ruling against Carpenter would exacerbate public confusion about who “owns” their call and text records, and could place the burden on telecommunications companies to inform users that their personal data may not be so “personal” in the eyes of the law even if it is not obtained directly.

Carpenter may be decided narrowly or broadly, based on the justices’ decision to emphasize the geolocation data provided by cell-site evidence or the overarching expectation of privacy when using personal devices. Either way, the case offers the Supreme Court to harmonize our interpretation of the Fourth Amendment with the new realities of the digital age. Consumers and companies alike will be watching closely to see how the government’s stance will shape the technological landscape and the economy that surrounds it.

©1994-2020 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.


About this Author

Joanna Hawana, Mintz Levin, FDA Lawyer, Clinical Trials & Research Consumer Product Safety FDA Regulatory Health Care Compliance, Fraud & Abuse, and Regulatory Counseling Health Care Transactional Due Diligence
Of Counsel

Joanne counsels global clients on regulatory and distribution-related considerations to bringing a new FDA-regulated product to market and how to ensure continued compliance after a product is commercialized. She also advises on the business impact of new US federal and state actions that affect those regulated products, such as drugs, foods, cosmetics, electronic nicotine delivery systems, and medical devices, including in vitro diagnostics, lab tests, and mobile medical applications. In recent years she has been advising clients in different industries regarding FDA’s approaches to...

Brian H. Lam, Mintz Levin, software licensing lawyer, vendor agreements attorney

Brian Lam is a member of Mintz’s Privacy & Security Practice and Technology Transactions Practice. Brian focuses his practice on providing practical advice that enables companies to pursue their business in a competitive environment while reducing risk associated with the collection, use, storage, transfer, and potential loss of data. He frequently negotiates complex data-centric information technology agreements, and designs policies and corresponding controls for the implementation of best practices, compliance with state and federal law, and international considerations. He often reviews the data flows within an organization from both a senior leadership perspective as well as at the implementation level, and provides actionable recommendations to engineer such data flows in order to reduce compliance risk and engender consumer trust.

Brian frequently provides advice to clients that wish to buy or sell corporate entities whose business models leverage data and information technology, including data aggregation, analytics, and open source software.

Brian has been designated a Fellow of Information Privacy (FIP) by the International Association of Privacy Professionals, and is also a Certified Information Privacy Professional (CIPP) (US Specialization), Certified Information Privacy Manager (CIPM), and a Certified Information Systems Security Professional (CISSP). He has a B.S. in Computer Science and an M.S. in Telecommunications from the University of Colorado at Boulder, College of Engineering and Applied Science.

He is also a member of Governor Brown’s California Cybersecurity Task Force, a statewide partnership comprised of key stakeholders, subject matter experts, and cybersecurity professionals from California's public and private sectors, academia, and law enforcement that serves as an advisory body to the State of California Senior Administration Officials in matters related to cybersecurity.

Before becoming an attorney, Brian worked at one of the country’s leading information security firms, where he focused on analyzing the existing network security controls of financial institutions, online merchants, and government organizations. He also conducted penetration tests, provided guidance on PCI-DSS compliance, and assisted federal law enforcement with digital forensics post security incident. Subsequently, he joined one of the world’s largest management consulting and information services firms, where he led efforts to design and implement large-scale information security initiatives for Fortune 500 companies, including one of the world’s largest banking and consumer credit companies.