I recently moderated a legal seminar in Washington, D.C. on the issue of wireless location privacy.  The seminar was hosted by the Federal Communications Bar Association, and the panelists represented a variety of opposing interests.  In a series of questions, I asked them how law enforcement investigations are affected by the Supreme Court’s June 22, 2018 ruling in Carpenter v. US.  The panelists’ reactions were not as divisive as you might think.

Based on the seminar, Carpenter is impacting law enforcement investigations significantly, despite the open-ended nature of the ruling. At the same time, the ruling’s loose logic will likely spawn a generation of litigation to strengthen privacy protection for other types of personal data.

The Carpenter Ruling

Carpenter v US held that wireless communication subscribers have a reasonable expectation of privacy in the long-term accumulation of records that track their wireless locations because the records reveal personal details about their lives, and therefore law enforcement investigators may collect such data only after qualifying for a judicial warrant, which requires them to serve a judge with a demonstration of probable cause.  Probable cause is a higher standard of due process than the “2703(d)” hurdle widely observed in the pre-Carpenter days.

The Carpenter ruling was controversial.  To begin with, courts had traditionally applied the legal standard of probable cause only to communications content such as phone conversations, email and SMS texts, and everything an internet user may view and hear during a browsing session.  Carpenter applied probable cause to the non-content realm of wireless location records.

Another novel feature of Carpenter downplayed the traditional “Third Party Doctrine” of privacy protection.  The Third Party Doctrine instructed that “business records” produced by activities such as phone calls, banking transactions, credit card charges, and hotel reservations were not private for purposes of the Fourth Amendment, and therefore not subject to the probable cause standard, because the customers of these services shared those personal details with their third party service providers.  Carpenter held that wireless location records deserve Fourth Amendment protection even though subscribers share the information with their wireless carriers.

Yet another oddity of Carpenter appeared in a footnote.  The incidental remark stated that wireless location records lasting as long as seven days would receive Fourth Amendment status but a shorter span of location data might not.  In response, observers questioned why seven days of such data should deserve any more privacy protection than six days or five.

The Consensus Interpretation of the Ruling

One of the panelists at the above-described seminar was a high-ranking attorney in the Department of Justice. Another was a senior counsel in a Tier I communications company.  The third was a spokesperson for a leading public interest group that watchdogs government surveillance.  And the last was a Fourth Amendment scholar with the National Association of Criminal Defense Lawyers. You might expect these diverse experts to present different interpretations of the Carpenter case.  They did not.

All four experts agreed Carpenter raised as many questions as it answered.  What should be the scope of the probable cause standard now that it covers at least one type of non-content communications?  How will judges know whether and how to apply the Third Party Doctrine to all the myriad types of personal business records shared with service providers?  Should wireless carriers insist on probable cause-based warrants, as opposed to 2703(d) orders, before fulfilling all law enforcement requests for location records, regardless of whether the covered timeframe extends as long as seven days?

The last question may be yielding to a practical result.  When the communications provider panelist was asked how his company’s law enforcement assistance staff applies Carpenter, he said they “hold law enforcement to the highest standard.”  He explained that they expect warrants for all location records requests, even those with one-day timeframes, while accepting lower levels of due process in emergency situations, as the Carpenter Court allowed.

The DOJ representative was asked how Carpenter has changed the government’s efforts to gather location data.  He said their current policy is to meet the probable cause standard as often as possible, even when requesting fewer than seven days of records.  However, he warned that the new practice makes it harder to solve crimes.

These responses indicate that Carpenter has substantially raised the bar for nearly all law enforcement requests involving location records.

The Consensus Prediction of Outcomes from the Ruling

The four panelists also offered similar predictions of how Carpenter will shape future investigations.  They all expect abundant litigation over the questions left unanswered by the case. For example, now that law enforcement must show top-level due process to obtain records of a suspect’s past wireless locations, the investigators may eventually be held to the same high standard before engaging in real-time location monitoring.

Likewise, now that location data is subject to probable cause, other types of communications metadata may gradually fall under the same legal standard.  Knowing who called a suspect, and who the suspect called, can be revealing about the individual’s personal life.

Conceivably, we may see legal fights over the Fourth Amendment treatment of non-communications records.  Some examples include video surveillance data, facial recognition data, data generated by the “internet of things,” and of course, the records kept by banks, credit card companies and hotels.