Tracking Big Foot: Why GPS Location Requires a Warrant | Center for Democracy & Technology

In a case that raises as many questions as the average sighting of Big Foot, a panel of the Sixth Circuit Court of Appeals ruled earlier this week that law enforcement officers didn’t need a warrant to obtain GPS location information generated by his cell phone.

The court’s analysis has been roundly criticized as legally incorrect, lazy, shallow, and vague. I’d like to focus on one aspect of the case that the court missed:  the Department of Justice recommends that police obtain warrants in the scenario presented by this case, does so for good reason, and there were sufficient facts for the government to obtain the warrant that the Department of Justice recommends investigators obtain.

In this case, U.S. v. Skinner law enforcement officers obtained an order that allowed them to monitor for 60 days the location of a pre-paid cell phone they had good cause to believe was being used by Big Foot, the nickname given trucker eventually identified as Melvin Skinner, who they alleged was transporting marijuana.  They obtained a court order under which the provider, Sprint/Nextel, acting at the behest of law enforcement, pinged the phone repeatedly so it would reveal its location over a three-day period and eventually activated the phone’s GPS functionality to locate the phone’s GPS coordinates.   (Sprint/Nextel recently developed a web portal through which law enforcement can do this automatically for the duration of the court authorization, without contacting the provider each time officers ping the phone.)

The court found that there was “… no Fourth Amendment violation because Skinner did not have a reasonable expectation of privacy in the data given off by his voluntarily procured … cell phone.”  But, as Jennifer Grannick points out cell phones don’t normally “give off” the kind of GPS location data that law enforcement used to locate Skinner.  Unless the user is employing location services – and Skinner wasn’t – the GPS location data has to be created.  In this case, the provider, under court order, remotely activated the GPS function of Skinner’s phone so the police could track him.

There’s a critical difference between GPS location information and cell tower location information a mobile phone creates during normal use.  The GPS data in this case is created at the request of law enforcement for tracking purposes and not through the normal use of the mobile phone. The GPS data doesn’t even exist until the provider prompts the device to deliver its GPS location to the provider so law enforcement can access it.  In contrast, providers maintain cell tower location information for business reasons.  Because providers do not normally maintain GPS location information and because it was not voluntarily conveyed to the provider, it is not a “business record” and does not fit into the third party records doctrine, which says that a person has no Fourth Amendment interest in information that is voluntarily revealed to, and held by, a third party.  While the third party doctrine should probably be re-examined, for now we have to live with it, but not for GPS data created by providers at the behest of law enforcement.  For that data, we retain our Fourth Amendment rights against warrantless GPS tracking.  

Blind Eye to Justice

Apparently recognizing that GPS is different, the Justice Department recommends that prosecutors obtain a warrant to get GPS location information from mobile communications service providers.  For example, in this power point presentation the Associate Director of the Justice Department Office of Enforcement Operations recommends that prosecutors use search warrants to get prospective GPS location information (referred to as “lat/long data” or latitudinal and longitudinal data) for constitutional, not statutory reasons, and because “anything less presents significant risks of suppression.”  In addition, the Justice Department Associate Deputy Attorney General, testified in April last year that when the government seeks to compel disclosure of prospective GPS coordinates generated by cell phones, it relies on a warrant.

The Sixth Circuit missed this point entirely.  It blithely rejected Skinner’s Fourth Amendment claims and implicitly bought into the government’s argument that orders under the Stored Communications Act provision at 18 USC 2703(d) can be used to obtain prospective location information that has never been stored.  It did not consider whether the information sought was within the third party records doctrine and it cited no statutory authority for the proposition that the government can compel a provider to create the GPS information for the government to seize.  

Perhaps most ironically, it seems pretty clear that the government had facts establishing probable cause and could have obtained a warrant if it had applied for one.  As the concurring opinion in Skinner noted, law enforcement officials were watching the drug operation for months, had recorded conversations about an upcoming drug run, learned that the courier was carrying a particular phone that they could track, and that a half ton of marijuana was in transit.  

A warrant requirement for location information, as advocated by the Digital Due Process coalition, would still mean a drug courier like Skinner would get caught.  If followed, a statutory warrant requirement decreases the chances a criminal would elude jail because the seized evidence would not be at risk of suppression, as it is now for Big Foot if he appeals this decision. 

For updates, follow us on Twitter at @CenDemTech.

Related Posts

Defending networks from malicious hacking exploits depends in large part on the voluntary, cooperative efforts of network operators, device makers, and Internet users.Today the Broadband Internet Technical Advisory Group (BITAG) — a group of technical experts dedicated to building consensus about broadband network management — has released a series of targeted, balanced recommendations to help stifle an emerging type of network attack. That attack has been used in recent years by the hacker…

[Editors Note: This is one in a of series of blog posts from CDT on the Cybersecurity Act, S. 3414, a bill co-sponsored by Senators Lieberman and Collins that is slated to be considered on the Senate floor soon.]Two amendments to the Senate cybersecurity bill now being debated would require government agents to get a warrant before reading a person’s email or secretly tracking someone through their mobile phone.  The amendments, if adopted, would be a huge privacy gain and address a long-…

In a new book, CDT experts debate some of the most pressing issues in surveillance law today.Patriot Debates: Contemporary Issues in National Security Law features CDT’s Greg Nojeim in a debate on the third-party records doctrine and its application to criminal investigations in the digital age. The doctrine holds that law enforcement does not need a warrant to search and seize information lawfully held by third parties, such as online file hosting services like Dropbox or online email…

[Editors Note: This is one in a of series of blog posts from CDT on the Cybersecurity Act, S. 3414, a bill co-sponsored by Senators Lieberman and Collins that is slated to be considered on the Senate floor soon.]  

Congress is about to decide whether it is a crime to violate terms of service governing your use of Gmail, Facebook, Hulu, or any other on-line service.

One of the amendments to the Cybersecurity Act that the Senate is likely to take up this week would substantially increase…

https://www.cdt.org/blogs/greg-nojeim/1708tracking-big-foot-why-gps-location-…

Advertisements

Tracking Big Foot: Why GPS Location Requires a Warrant | Center for Democracy & Technology

In a case that raises as many questions as the average sighting of Big Foot, a panel of the Sixth Circuit Court of Appeals ruled earlier this week that law enforcement officers didn’t need a warrant to obtain GPS location information generated by his cell phone.

The court’s analysis has been roundly criticized as legally incorrect, lazy, shallow, and vague. I’d like to focus on one aspect of the case that the court missed:  the Department of Justice recommends that police obtain warrants in the scenario presented by this case, does so for good reason, and there were sufficient facts for the government to obtain the warrant that the Department of Justice recommends investigators obtain.

In this case, U.S. v. Skinner law enforcement officers obtained an order that allowed them to monitor for 60 days the location of a pre-paid cell phone they had good cause to believe was being used by Big Foot, the nickname given trucker eventually identified as Melvin Skinner, who they alleged was transporting marijuana.  They obtained a court order under which the provider, Sprint/Nextel, acting at the behest of law enforcement, pinged the phone repeatedly so it would reveal its location over a three-day period and eventually activated the phone’s GPS functionality to locate the phone’s GPS coordinates.   (Sprint/Nextel recently developed a web portal through which law enforcement can do this automatically for the duration of the court authorization, without contacting the provider each time officers ping the phone.)

The court found that there was “… no Fourth Amendment violation because Skinner did not have a reasonable expectation of privacy in the data given off by his voluntarily procured … cell phone.”  But, as Jennifer Grannick points out cell phones don’t normally “give off” the kind of GPS location data that law enforcement used to locate Skinner.  Unless the user is employing location services – and Skinner wasn’t – the GPS location data has to be created.  In this case, the provider, under court order, remotely activated the GPS function of Skinner’s phone so the police could track him.

There’s a critical difference between GPS location information and cell tower location information a mobile phone creates during normal use.  The GPS data in this case is created at the request of law enforcement for tracking purposes and not through the normal use of the mobile phone. The GPS data doesn’t even exist until the provider prompts the device to deliver its GPS location to the provider so law enforcement can access it.  In contrast, providers maintain cell tower location information for business reasons.  Because providers do not normally maintain GPS location information and because it was not voluntarily conveyed to the provider, it is not a “business record” and does not fit into the third party records doctrine, which says that a person has no Fourth Amendment interest in information that is voluntarily revealed to, and held by, a third party.  While the third party doctrine should probably be re-examined, for now we have to live with it, but not for GPS data created by providers at the behest of law enforcement.  For that data, we retain our Fourth Amendment rights against warrantless GPS tracking.  

Blind Eye to Justice

Apparently recognizing that GPS is different, the Justice Department recommends that prosecutors obtain a warrant to get GPS location information from mobile communications service providers.  For example, in this power point presentation the Associate Director of the Justice Department Office of Enforcement Operations recommends that prosecutors use search warrants to get prospective GPS location information (referred to as “lat/long data” or latitudinal and longitudinal data) for constitutional, not statutory reasons, and because “anything less presents significant risks of suppression.”  In addition, the Justice Department Associate Deputy Attorney General, testified in April last year that when the government seeks to compel disclosure of prospective GPS coordinates generated by cell phones, it relies on a warrant.

The Sixth Circuit missed this point entirely.  It blithely rejected Skinner’s Fourth Amendment claims and implicitly bought into the government’s argument that orders under the Stored Communications Act provision at 18 USC 2703(d) can be used to obtain prospective location information that has never been stored.  It did not consider whether the information sought was within the third party records doctrine and it cited no statutory authority for the proposition that the government can compel a provider to create the GPS information for the government to seize.  

Perhaps most ironically, it seems pretty clear that the government had facts establishing probable cause and could have obtained a warrant if it had applied for one.  As the concurring opinion in Skinner noted, law enforcement officials were watching the drug operation for months, had recorded conversations about an upcoming drug run, learned that the courier was carrying a particular phone that they could track, and that a half ton of marijuana was in transit.  

A warrant requirement for location information, as advocated by the Digital Due Process coalition, would still mean a drug courier like Skinner would get caught.  If followed, a statutory warrant requirement decreases the chances a criminal would elude jail because the seized evidence would not be at risk of suppression, as it is now for Big Foot if he appeals this decision. 

For updates, follow us on Twitter at @CenDemTech.

Related Posts

Defending networks from malicious hacking exploits depends in large part on the voluntary, cooperative efforts of network operators, device makers, and Internet users.Today the Broadband Internet Technical Advisory Group (BITAG) — a group of technical experts dedicated to building consensus about broadband network management — has released a series of targeted, balanced recommendations to help stifle an emerging type of network attack. That attack has been used in recent years by the hacker…

[Editors Note: This is one in a of series of blog posts from CDT on the Cybersecurity Act, S. 3414, a bill co-sponsored by Senators Lieberman and Collins that is slated to be considered on the Senate floor soon.]Two amendments to the Senate cybersecurity bill now being debated would require government agents to get a warrant before reading a person’s email or secretly tracking someone through their mobile phone.  The amendments, if adopted, would be a huge privacy gain and address a long-…

In a new book, CDT experts debate some of the most pressing issues in surveillance law today.Patriot Debates: Contemporary Issues in National Security Law features CDT’s Greg Nojeim in a debate on the third-party records doctrine and its application to criminal investigations in the digital age. The doctrine holds that law enforcement does not need a warrant to search and seize information lawfully held by third parties, such as online file hosting services like Dropbox or online email…

[Editors Note: This is one in a of series of blog posts from CDT on the Cybersecurity Act, S. 3414, a bill co-sponsored by Senators Lieberman and Collins that is slated to be considered on the Senate floor soon.]  

Congress is about to decide whether it is a crime to violate terms of service governing your use of Gmail, Facebook, Hulu, or any other on-line service.

One of the amendments to the Cybersecurity Act that the Senate is likely to take up this week would substantially increase…

https://www.cdt.org/blogs/greg-nojeim/1708tracking-big-foot-why-gps-location-…

‘Safe Data’ Strategies for Health Info on Mobile Devices | Center for Democracy & Technology

Consumer use of mobile technologies to stay healthy or manage a chronic health condition is increasing; likewise, an increasing number are using these technologies as a digital link to their doctors.  Yet, unlike health care providers who must follow federal privacy and security rules when using mobile technologies to share a patient’s health information, no such rules apply to consumers or their devices.

Building and maintaining consumer and patient trust in the use of mobile devices is key to delivering on the promise that these mobile tools can bring to improving patient care.  And a key to cultivating that trust is building basic security safeguards into those devices.
 
CDT teamed up with the law firm of Manatt, Phelps & Phillips LLP to develop “Strategies for Safeguarding Patient-Generated Health Information Created or Shared Through Mobile Devices.”1 The paper comes from CDT and Manatt’s work with the Robert Wood Johnson Foundation’s Project HealthDesign, which is exploring patients’ use of personal health applications to promote better health decision-making by both patients and providers.

The paper discusses what factors should be considered when protecting patient-generated health information created on or shared through mobile devices, including:

•    The complexity and cost of the security measure;
•    The ability (or willingness) of the patient or consumer to deploy the security measure;
•    The effect the security measure will have on the health or health care management; and
•    The probability of potential risks to the information, and the potential consequences of a breach of information.

The paper also recommends specific strategies for securing information on patient mobile devices; such strategies include providing patients with clear information on privacy and security risks and providing them with technical tools to help them manage those risks.

  1. 1. The article was originally published in the Journal of Health Information Management (JHIM), vol. 26, no. 3, by the Health Information Management Systems Society.
For updates, follow us on Twitter at @CenDemTech.

https://www.cdt.org/blogs/deven-mcgraw/1608safe-data-strategies-health-info-m…

‘Safe Data’ Strategies for Health Info on Mobile Devices | Center for Democracy & Technology

Consumer use of mobile technologies to stay healthy or manage a chronic health condition is increasing; likewise, an increasing number are using these technologies as a digital link to their doctors.  Yet, unlike health care providers who must follow federal privacy and security rules when using mobile technologies to share a patient’s health information, no such rules apply to consumers or their devices.

Building and maintaining consumer and patient trust in the use of mobile devices is key to delivering on the promise that these mobile tools can bring to improving patient care.  And a key to cultivating that trust is building basic security safeguards into those devices.
 
CDT teamed up with the law firm of Manatt, Phelps & Phillips LLP to develop “Strategies for Safeguarding Patient-Generated Health Information Created or Shared Through Mobile Devices.”1 The paper comes from CDT and Manatt’s work with the Robert Wood Johnson Foundation’s Project HealthDesign, which is exploring patients’ use of personal health applications to promote better health decision-making by both patients and providers.

The paper discusses what factors should be considered when protecting patient-generated health information created on or shared through mobile devices, including:

•    The complexity and cost of the security measure;
•    The ability (or willingness) of the patient or consumer to deploy the security measure;
•    The effect the security measure will have on the health or health care management; and
•    The probability of potential risks to the information, and the potential consequences of a breach of information.

The paper also recommends specific strategies for securing information on patient mobile devices; such strategies include providing patients with clear information on privacy and security risks and providing them with technical tools to help them manage those risks.

  1. 1. The article was originally published in the Journal of Health Information Management (JHIM), vol. 26, no. 3, by the Health Information Management Systems Society.
For updates, follow us on Twitter at @CenDemTech.

https://www.cdt.org/blogs/deven-mcgraw/1608safe-data-strategies-health-info-m…

Tracking Big Foot: Why GPS Location Requires a Warrant

Tracking Big Foot: Why GPS Location Requires a Warrant

https://www.cdt.org/print/19546

Tracking Big Foot: Why GPS Location Requires a Warrant

Tracking Big Foot: Why GPS Location Requires a Warrant

https://www.cdt.org/print/19546

Access denied | Center for Democracy & Technology >> How Ironic!

Recent Blog Posts

The staggering amount of personal health data now being collected for treatment or billing purposes has a life beyond the doctor’s clipboard. The data is collected, stripped of personally identifying information (“de-identified”) and re-used in ways that are vital for medical breakthroughs, improving patient care, or predicting public health trends.  And it’s just as valuable when used for targeted marketing campaigns or eliminating inefficiencies in the healthcare…

In a case that raises as many questions as the average sighting of Big Foot, a panel of the Sixth Circuit Court of Appeals ruled earlier this week that law enforcement officers didn’t need a warrant to obtain GPS location information generated by his cell phone.

The court’s analysis has been roundly criticized as legally incorrect,…

Consumer use of mobile technologies to stay healthy or manage a chronic health condition is increasing; likewise, an increasing number are using these technologies as a digital link to their doctors.  Yet, unlike health care providers who must follow federal privacy and security rules when using mobile technologies to share a patient’s health information, no such rules…

Access denied

You are not authorized to access this page.

https://www.cdt.org/job/job-opportunity-national-security-law-fellow