Last year, the Supreme Court issued a landmark opinion in a case we’ve written about a lot, called Carpenter v. United States, ruling that the Fourth Amendment protects data generated by our phones called historical cell-site location information or CSLI. The Court recognized that CSLI creates a “detailed chronicle of a person’s physical presence compiled every day, every moment over years.” As a result, police must now get a warrant to access it. 

In the year and a half since the Supreme Court’s ruling, Carpenter has been cited in more than 450 criminal and civil cases across the country. Carpenter caused a sea change in Fourth Amendment law because it expressly recognized that, under the right circumstances, we have a reasonable expectation of privacy in information we share with third parties and in our actions while we’re in public. The question courts began to grapple with in 2019 and will continue to address in 2020 is what those circumstances are.

Here are two areas where courts applied Carpenter outside the narrow scope of historical CSLI in 2019 and three where we expect to see further attention in 2020. 

Real Time Location Tracking 

In 2019, several courts looked to Carpenter in addressing the constitutionality of real-time location tracking. For example, in Commonwealth v. Almonor, police had a phone carrier “ping” the cell phone of a suspect in a murder case—surreptitiously accessing GPS functions and causing the phone to send its coordinates back to the phone carrier and the police. This real-time location data pinpointed Mr. Almonor’s phone to inside a private home. We, along with the ACLU, filed an amicus brief arguing that people have a constitutional right to privacy in their physical movements and in their location in the moment. The Massachusetts Supreme Judicial Court agreed, ruling that police access to real-time cell phone location data—whether it comes from a phone company or from technology like a cell site simulator—intrudes on a person’s reasonable expectation of privacy. Absent exigent circumstances, the court held, police must get a warrant.

Similarly, in State v. Muhammad, the Washington Supreme Court held that a cell phone ping used to locate the defendant’s vehicle in real time is a search under the Fourth Amendment and the Washington state constitution and requires a warrant absent exigent circumstances. This case was especially interesting because the court held that Carpenter precluded warrantless access to any amount of cell phone location data, no matter how minimal and no matter whether it was historical or prospective. In doing so, the court rejected the “mosaic theory”—which the court describes as one where “discrete acts of law enforcement surveillance may be lawful in isolation but may otherwise intrude on reasonable expectations of privacy in the aggregate”—as unworkable in practice.

24/7 Video Surveillance

 In 2019, courts also struggled with how to apply Carpenter to 24/7 video surveillance in a series of “pole camera” cases. Pole cameras are exactly what they sound like—video cameras mounted by the police on utility poles or other fixed locations outside of a defendant’s property that continuously record everything that happens on the property, often for months at a time. Police can control the cameras remotely using pan, tilt, and zoom features and can review past footage at any time to look for patterns, visitors, and routines. In the past, many courts have found this kind of surveillance does not violate the Fourth Amendment, but that may be changing after Carpenter. In a Massachusetts federal district court case called United States v. Moore-Bush, the court explicitly held that, after Carpenter, circuit appellate court precedent upholding pole camera surveillance was no longer binding. The Moore-Bush court held that eight months of warrantless video surveillance violated the defendants’ reasonable expectations of privacy and the Fourth Amendment. 

Similarly, in People v. Tafoya, the Colorado Court of Appeals held that police use of a video camera installed at the top of a utility pole to conduct continuous video surveillance for more than three months of the defendant’s fenced-in backyard was a warrantless search that violated the Fourth Amendment. Citing an earlier Fifth Circuit Court of Appeals case, the court noted “[A] camera monitoring all of a person’s backyard activities . . . provokes an immediate negative visceral reaction: indiscriminate video surveillance raises the spectre of the Orwellian state.” The court recognized that at least one “lesson from the [Supreme Court’s United States v.] Jones concurrences and Carpenter is that not all governmental conduct escapes being a ‘search’ simply because a citizen’s actions were otherwise observable by the public at large.”     

Automated License Plate Readers

 In 2020, we expect to see courts applying Carpenter to other kinds of technologies as well. Earlier in 2019, EFF filed amicus briefs in three cases in which automated license plate reader (ALPR) data was used to implicate the defendant: People v. Gonzales (California Court of Appeal), United States v. Yang (Ninth Circuit Court of Appeal), and Commonwealth v. McCarthy (Massachusetts Supreme Judicial Court). In each of these cases, we argued Carpenter should apply to ALPRs. Like CSLI, the aggregation of ALPR data can paint a picture of where a vehicle and its occupants have traveled, including to sensitive and private places like homes, doctors’ offices, and places of worship. ALPR data collection is detailed and indiscriminate; anyone who drives is likely to have their past locations logged in a database available to police. And, like CSLI databases, ALPR databases facilitate retrospective searches of cars whose drivers were not under suspicion when the plates were scanned. So far, we’ve only heard from the Gonzales court, which chose not to address the ALPR issues. We expect rulings from the Massachusetts SJC and Ninth Circuit some time in 2020.

Reverse Location Searches

 This past year, several news outlets reported on a new technique increasingly used by law enforcement to try to identify the perpetrator of a crime when the police don’t have a suspect. The technique, frequently called a “reverse location search” or a “geofence warrant,” allows law enforcement to figure out everyone who was within a certain geographic area during a specific time period in the past—perhaps hundreds or even thousands of people. The technique relies on detailed location data collected by Google from most Android devices as well as iPhones and iPads that have Google Maps and other apps installed. Google stores this location data in a database called “Sensorvault.” Although it’s possible to prevent the collection of this data and to delete it after it’s been collected, most users have not done so and may not even know Google is collecting this data on them. This is in part because Google encourages users to turn on location data collection to take advantage of features in apps like traffic alerts and in part because data collection is challenging to turn off on Android devices. Because Google stores this data indefinitely, the company may have nearly a decade’s worth of location information for hundreds of millions of devices worldwide. That has made it a honeypot for police.

We are starting to see cases involving reverse location searches appear in courts across the country, and we are currently consulting with defense attorneys in several of those cases. For reasons we detailed in a post earlier this year, we think these kinds of searches clearly violate the Fourth Amendment, even when they are conducted with a warrant.

Genetic Genealogy Searches 

2019 also saw a stark increase in law enforcement searches of consumer-facing DNA databases, including genetic genealogy websites, which are set up to help people find distant biological relatives. Estimates are that these sites were used in around 200 cases just last year. For many of those cases, officers never sought a warrant or any legal process at all. 

The use of genetic genealogy in criminal cases is highly problematic. Like CSLI, genetic data can reveal a whole host of extremely private and sensitive information about people, from their likelihood to inherit specific diseases to where their ancestors are from to whether they have a sister or brother they never knew about. Also like CSLI, genetic genealogy searches impact millions of people—research shows that 60% of white Americans can already be identified just from the DNA data uploaded by the 1.3 million users of one genealogy site called GEDmatch.  Finally, like reverse location searches, the police are using genetic genealogy searches expressly in cases where they don’t have a suspect, which makes these searches no more than a giant fishing expedition through our genetic data. Our founding fathers drafted and ratified the Fourth Amendment specifically to prevent these kinds of general searches.  

In 2020, we expect to see more cases involving all of these technologies bubble up through the courts. When they do, we’ll be there.

This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2019.

DONATE TO EFF

Like what you're reading? Support digital freedom defense today!