The Supreme Court is hearing a case this month, Carpenter v. the United States, that represents an opportunity for the country to move in the right direction on privacy. It’s only fitting that a conviction for a series of armed robberies involving the theft of smartphones may determine the way investigators and prosecutors can use cellphone data in the future.
Timothy Ivory Carpenter was convicted of planning, supplying guns and acting as a lookout in the smartphone robberies, which took place in 2010 and 2011. Key evidence was 127 days of cell tower records that included nearly 13,000 locations Carpenter’s cellphone had been, which were handed over to investigators without a warrant. Carpenter was sentenced to 116.25 years in federal prison.
Even occasional fans of police procedural shows can tell you how hard it is to get a conviction using cellphone data. Judges never want to sign that warrant.
The prohibition creates no end of good and bad leads hoofed by intrepid detectives, shaggy dogs, red herrings, and, with them, plot twists. Sadly, that may be about to change if Carpenter loses, and SCOTUS finds that cell-site information is fair game, and doesn’t require a warrant.
The upshot: There would be virtually no cost associated with the tracking of an individual
Such a decision would, however, cost a lot of TV crime writers their jobs since that old-fashioned gumshoe stuff would immediately go the way of the rotary phone and the casting couch. A simple call for cell tower data would tell prosecutors and defense attorneys what they need to know to do their thing.
It should go without saying that this super convenient situation (for everyone but the presumed innocent defendant, and the spirit if not the letter of the law) would be disastrous for our collective Constitutional guarantees.
New Tech, Old Laws
While Carpenter v. the United States is aimed at the court’s interpretation of the Fourth Amendment, the case hinges more specifically on an interpretation the Stored Communications Act of 1986.
Remember the 80s? Needless to say, it’s an old law that was written when mobile phones were the size of a Scottish terrier, and the only people who had them were drug lords, Japanese real estate moguls and Ivan Boesky.
Times have changed — there are more than 224 million active smartphones in the United States — and so must the laws that ride herd over the here and now of our digital existence.
The Fourth Amendment, of course, protects Americans from unreasonable searches and seizures. The question at hand in Carpenter is whether the Constitution can still do what it was designed to do (when it comes to the prosecution of crimes) as the number, nature and quality of the ways available to investigate and prosecute crimes has changed so radically.
The ever-expanding surface area of highly personal data that investigations can access has increased exponentially with the rise of affordable consumer technology, and in ways that earlier laws simply could not have predicted.
Investigations no longer require endless overtime and other expensive resources. Tracking devices are no longer necessary, nor the court’s approval for planting one. Why bother when almost everyone carries a GPS tracking device in their purse or pocket — voluntarily — in the form of a mobile phone, and the companies that power them are obliging law enforcement when they are asked for information related to them?
What Is Reasonable?
Citizens enjoy the reasonable expectation of privacy in the United States, with some caveats around issues such as sharing information willingly with third parties.
While states offer various privacy protections as can be seen by the mix of pending investigations and lawsuits pointed at Uber in the days following the disclosure that they tried to cover up a massive hack — so far in Washington, Illinois, Massachusetts, Missouri, New York and Connecticut — we need a more reliable approach, and it needs to come in the form of a federal law.
With more than 20 billion internet of things devices connected to the internet worldwide, the huge number of smartphones and other digital devices, information about us — the most private details of our daily life — is all but certain to be exposed until there are enforceable federal guidelines that define security and privacy.
Earlier this year, the Centers for Disease Control and Prevention reported, “90 percent of U.S. households contain at least one of these devices (smartphone, desktop/laptop computer, tablet or streaming media device), with the typical (median) American household containing five of them. And nearly one-in-five American households (18 percent) are “hyper-connected” — meaning they contain 10 or more of these devices.”
These devices create a forever expanding universe of information that does not enjoy very good protection by way of the Constitution or the businesses that manufacture them. The radical expansion of things related to us that can be searched and-or seized in the process of conducting a criminal investigation — and the ability to sift through it — is something the Constitution’s authors could not have foreseen. It needs to be addressed, and the spirit of the Fourth Amendment should be kept intact.
The Wild West atmosphere of our hyper-connected society threatens to kill privacy. It’s time for Congress and our courts to provide Americans with some much-needed, not-at-all-Trump-related law and order.
Adam Levin is chairman and co-founder of CyberScout. This article originally appeared on AdamLevin.com, a top 100 infosec blog.