Do cops need a warrant to search your smart phone?
You’re driving along the interstate when you see a familiar yet terrifying sight in the rear view mirror: A cop, right on your rear bumper, lights blazing. You pull over to the side of the road and get your license and registration ready. But the cop isn’t so interested in those things. He wants your phone.
Can the cop paw through your smart phone, see who you called, read all your texts and email, check your map locations, and leer at your Snapchat photos without getting permission from a judge?
It all depends on where that road is. If you’re in the deep south or California, the answer is likely to be yes. If you’re in the far Northeast or Florida, the answer is no. And if you’re anywhere else, it’s more or less up to the cop.
Kash Hill at Forbes’ The Not-So Private Parts blog has published a map that shows how different jurisdictions treat cell phone privacy. As she noted in another post, your cell phone data is much more private in Ohio than it is in California.
The reason for this disparity is that different courts have established different rules about what constitutes a legal search under the Fourth Amendment, and which types of searches require a showing of probable cause (and a warrant).
Just last week, for example, the US Court of Appeals for the Fifth District held that consumers have no reasonable expectation of privacy over the location data contained in their cell phones. Other federal courts have ruled the exact opposite.
This is something that will ultimately have to be decided by the Supreme Court. But given its spotty history with regards to personal privacy, there’s no predicting which way the court will land.
GPS: friend or foe?
The problem is that Fifth District court is treating location data the same as if it were any other metadata, like the number of someone you just called. It’s much more than that.
When correlated with a tiny bit of publicly available information, location data can tell the story of your life. Say you spend the noon hour every Friday at the corner of Third and Main, where there happens to be a mosque. There’s a pretty good chance you’re a devout Muslim. Or maybe you can be found nearly every night near a building in the warehouse district where 12-step groups hold meetings. Odds are you’ve got a substance abuse problem.
Drug treatment centers, gay bars, public assistance offices, activist organizations, political protests, churches, swingers clubs—all have physical locations that can be matched to cell phone records. All of them paint a portrait of you with just a few GPS coordinates. And 99.999 percent of the time, none of this is anyone else’s business.
Unless you’re a complete shut-in, where you are says a lot about who you are. And if you couple that with your Web and search history—as the NSA’s PRISM program does—well, that’s pretty much the ballgame. Walter Isaacson couldn’t produce a more complete biography of you.
Legal theory and practice
The justification for cops being able to obtain data directly from your phone or telecom is based largely on the 1979 case Smith v. Maryland. In Smith, the U.S. Supreme Court ruled that the cops could legally obtain the phone numbers dialed by a suspect in a criminal case directly from the phone company. The suspect, the Supes ruled, had voluntarily given the numbers to Ma Bell, and thus no longer had a “reasonable expectation” they would remain private.
In Smith it wasn’t even a choice: To use one’s phone, one has to dial numbers, and the phone company has to know what numbers were dialed. The notion that this information was offered up voluntarily is a joke. Yet this has been the legal basis for tens of thousands of police investigations ever since, and similar rules have been applied to email and other electronic communications.
The implications of this are broader than just phone numbers. Smith has been used to justify the procurement of any “business record” from any entity. The Patriot Act goes a step farther and allows law enforcement to not only demand records from businesses, it forbids them from telling you about it, so you can’t even lodge a legal protest.
In the age of the Internet, everything we do is shared with something or someone. Everything is a “business record.” And thus everything is fair game to the feds.
19th century law in 21st century
The justices in Smith and in other courts seem to have a fundamental misunderstanding of what the word “privacy” actually means.
Privacy is not a state of perfect anonymity. It does not mean “no one else knows anything else about me.” Privacy means “I control—as much as it’s possible to control—what others know about me. I choose to share certain information with certain parties.” It does not mean that once I’ve shared information with one other party I lose all rights to it.
As I’ve written elsewhere: People tell their doctors things they wouldn’t tell their boss. They tell their divorce attorneys things they wouldn’t dream of telling their soon-to-be ex-spouse. They share secrets with friends over drinks they wouldn’t (or at least shouldn’t) post on Facebook. And so on.
It’s called selective disclosure. It happens to all of us, every day, many times a day. And if your doctor tells your boss about your terminal condition, or your attorney spills the beans to opposing counsel about that dirty weekend you spent with your old high school sweetheart, there can be serious legal consequences.
The problem is that there aren’t serious legal consequences to sharing other types of information. But there should be. I spend in excess of $2000 on cell phones every year for my family. I expect my data to be treated with respect and confidentiality, the same way my doctor treats my medical history with respect and confidentiality.
Don’t misunderstand me. I’m not saying suspected criminals (or terrorists) should never be forced to reveal the contents of their smart phones. But I want a judge to make that determination, not just anybody with a badge.