In a big win for digital privacy advocates, the U.S. Supreme Court narrowly ruled Friday that law enforcement authorities generally need a search warrant in order to collect cellphone location data used in criminal investigations.
In Carpenter v. United States, the justices ruled 5-4 that cellphone tower records kept by service providers are protected under the Constitution and that in most cases, law enforcement authorities must seek a search warrant to obtain the information.
In delivering the majority opinion, U.S. Chief Justice John Roberts wrote that the acquisition of "cell site records was a Fourth Amendment search" requiring a warrant.
"A person does not surrender all Fourth Amendment protection by venturing into the public sphere," Roberts said.
Roberts was joined by four liberal justices.The rest of the high court's conservative wing dissented.
"We are extremely gratified by the Supreme Court's ruling today that cellphone location data is protected by the Fourth Amendment," said Andrew Crocker, a staff attorney with the Electronic Freedom Foundation, which had filed a brief in support of Carpenter.
The decision reflects "a growing recognition by the court that the way technology is used in the modern world does affect our privacy rights and that the Fourth Amendment and the Constitution need to recognize that," Crocker said. The Fourth Amendment guards against unreasonable search and seizure.
The Justice Department said it had no comment on the decision.
Expectation of privacy
At issue in the case was whether cellphone users have a "reasonable expectation of privacy" regarding data held by third parties such as a phone provider.
The case was brought before the court by Timothy Carpenter, a man who police said led a series of robberies of cellphone stores in Ohio and Michigan between 2010 and 2011.
After Carpenter and his accomplices were arrested, the FBI requested and received several months' worth of Carpenter's cell site records from two providers. The data included nearly 13,000 location points, showing Carpenter's movements over about four months.
Using the information as evidence, prosecutors were able to obtain a conviction against Carpenter on 11 counts of robbery.
Carpenter appealed, arguing that the acquisition of the data without a search warrant violated the Fourth Amendment. The 6th U.S. Circuit Court of Appeals ruled against him, arguing that customers who voluntarily turn over their information to third parties have no "reasonable expectation of privacy."
In two previous cases in the 1970s — United States v. Miller and Smith v. Maryland — the Supreme Court upheld the so-called "third-party doctrine" that said users do not have "a reasonable expectation of privacy" regarding the data kept by third parties.
Roberts wrote, "There is a world of difference between the limited types of personal information addressed in Smith and Miller and the exhaustive chronicle of location of information casually collected by wireless carriers."
He also said, "In mechanically applying the third-party doctrine to this case the government fails to appreciate the lack of comparable limitations on the revealing nature of CSLI," or cell service location information.
In recent years, the Supreme Court has increasingly sided with privacy rights advocates, recognizing the centrality of digital devices in modern life.
In a landmark decision in 2012, the court ruled that attaching a GPS monitoring device on a suspect's car required a search warrant. And in 2014, the court unanimously held that police must obtain a warrant in order to search the cellphone of a suspect under arrest.
Roberts said the court's decision applied only to cellphone records and that police could still obtain phone records without a warrant in emergencies, such as when there is a "need to pursue a fleeing suspect, protect individuals who are threatened with imminent harm, or prevent the imminent destruction of evidence."
Nick Akerman, a cybersecurity expert and partner at the international law firm Dorsey & Whitney, said the ruling in the Carpenter case brings the United States "a step closer to the European Union, which has strict laws protecting digital privacy."