Federal agents can obtain cellphone records that reveal a caller’s location without a warrant, a Cincinnati-based federal appeals court said on Wednesday in the latest ruling to tackle the scope of privacy protections for data transmitted by personal devices.
The records obtained by the Federal Bureau of Investigation from wireless carriers in 2011 showed that two Detroit men were near the scene of several robberies at the time they were committed. Timothy Carpenter and Timothy Sanders, who were ultimately convicted of participation in nine armed robberies, sought to exclude the records, saying they were protected by the Fourth Amendment.
A 2-1 panel of the Sixth U.S. Circuit Court of Appeals ruled that location records created when a mobile phone connects to a nearby cell tower were the equivalent of the writing on the outside of an envelope, rather than the letter inside.
“Cell-site data—like mailing addresses, phone numbers, and IP addresses—are information that facilitate personal communications, rather than part of the content of those communications themselves,” wrote Judge Raymond Kethledge. “The government’s collection of business records containing these data therefore is not a search.”
Judge Jane Branstetter Stranch joined the ruling in part but was skeptical of lumping location records together with bank and credit card records that law enforcement officers can retrieve from financial firms without a warrant.
“This case involves tracking physical location through cell towers and a personal phone, a device routinely carried on the individual’s person,” she wrote. “I am not convinced that the situation before us can be addressed appropriately with a test primarily used to obtain business records such as credit card purchases.”
Harold Gurewitz, a lawyer for Mr. Carpenter, said he and his client were considering their next move. They could ask the Sixth Circuit to rehear the case or petition the U.S. Supreme Court to review it. Until the high court steps in, Mr. Gurewitz said, “I think the issue is just going to be unclear.”
A spokeswoman for the U.S. attorney’s office in Detroit, which prosecuted the case, declined to comment.
The ruling aligns the Sixth Circuit with two other regional appeals courts and means that law enforcement officers in Kentucky, Michigan, Ohio and Tennessee can obtain a court order for location data by showing merely that the records are relevant to an ongoing investigation. A warrant requires a showing of probable cause.
A three-judge panel of a fourth federal appeals court ruled in August that police need a warrant to obtain such records. That ruling is under review by the full court.
In recent years, the U.S. Supreme Court has erred on the side of privacy in disputes over whether the Fourth Amendment protects against the installation of a global positioning system tracker on a suspect’s vehicle or a search of his phone during an arrest.
But Judge Kethledge said he was bound a 1979 ruling in Smith v. Maryland in which the U.S. Supreme Court held that the numbers dialed by a caller on a landline aren’t protected by the Fourth Amendment, because the caller knowingly gives that information to phone companies.
“The same things are true as to the locational information here,” he wrote. “Any cellphone user who has seen her phone’s signal strength fluctuate must know that, when she places or receives a call, her phone ‘exposes’ its location to the nearest cell tower and thus to the company that operates the tower.”
The cell records obtained by the FBI showed that Mr. Carpenter and his half brother, Mr. Sanders, were nearby the scene of four robberies in Warren, Ohio, and Detroit in 2010 and 2011.
Mr. Carpenter was sentenced to more than 116 years in prison, while Mr. Sanders was sentenced to about 14 years.
Nathan Freed Wessler, a lawyer for the American Civil Liberties Union, which filed a brief on behalf of Messrs. Carpenter and Sanders, said the ruling failed to account for the privacy violations made possible by devices that “we all need to carry around to live our lives normally.”
He went on, “When police obtain months’ worth of cell phone data comprising thousands of individual locations, like they did in this case, they should have to get a search warrant from a judge,” he said.
For all the hoopla surrounding NSA surveillance activities, it’s shockingly easy to forget that Google often knows an awful a lot about more than 1 billion users across the globe. Google knows what you search for, what videos you watch, what music you listen to, and even the places you travel to. Of course, Google having access to this information doesn’t quite shock the system given that Google users are typically all too happy and willing to sacrifice a bit of their privacy in exchange for a wide array of free and useful services.
Still, even for those of us who don’t mind Google accumulating and processing our personalized information, there’s something jarring and eerie about seeing, in precise detail, everything Google knows about us. Highlighting this interesting dynamic, The Telegraph recently put together a quick and dirty primer which demonstrates how users can quickly and easily take a gander at all of the information Google has about them.
First things first, make sure you’re signed into your Google account. Following that, go to http://history.google.com/history and you’ll be able to see a breakdown of how many searches you’ve done throughout your Google career. The site will also provide you with a breakdown of which days during the week you happen to use Google most. What’s more, you can even see which domains you tend to click on the most following a Google search. Lastly, Google’s web activity profile lets you breakdown your search history across time, with “all time”, “last month” and “last week” being three options users can filter by.
Second, if you go to the google.com/history page listed above, you’ll note the presence of three vertical dots towards the upper right of the screen. If you select that, this opens up the “Activity controls” pane. Next, select “Show More Controls”, after which you can access a list of all the places you’ve been, the voice searches and commands you’ve given, along with videos you’ve both watched and viewed on YouTube. Notably, if you’re wary about Google storing this information, you can toggle the tracking settings for each metric on and off.
As the world watched the FBI spar with Apple this winter in an attempt to hack into a San Bernardino shooter’s iPhone, federal officials were quietly waging a different encryption battle in a Los Angeles courtroom.
There, authorities obtained a search warrant compelling the girlfriend of an alleged Armenian gang member to press her finger against an iPhone that had been seized from a Glendale home. The phone contained Apple’s fingerprint identification system for unlocking, and prosecutors wanted access to the data inside it.
It marked a rare time that prosecutors have demanded a person provide a fingerprint to open a computer, but experts expect such cases to become more common as cracking digital security becomes a larger part of law enforcement work.
The Glendale case and others like it are forcing courts to address a basic question: How far can the government go to obtain biometric markers such as fingerprints and hair?
The U.S. Supreme Court has held that police can search phones with a valid warrant and compel a person in custody to provide physical evidence such as fingerprints without a judge’s permission.
But some legal experts say there should be a higher bar for biometric data because providing a fingerprint to open a digital device gives the state access to a vast trove of personal information and could be a form of self-incrimination.
“It isn’t about fingerprints and the biometric readers,” said Susan Brenner, a law professor at the University of Dayton who studies the nexus of digital technology and criminal law, but rather, “the contents of that phone, much of which will be about her, and a lot of that could be incriminating.”
In the Glendale case, the FBI wanted the fingerprint of Paytsar Bkhchadzhyan, a 29-year-old woman from L.A. with a string of criminal convictions who pleaded no contest to a felony count of identity theft.
The FBI wanted the fingerprint of Paytsar Bkhchadzhyan, a 29-year-old woman from L.A. with a string of criminal convictions. (Handout)
She was sentenced in that case on Feb. 25 in a Van Nuys courtroom. Jail records and court documents show that about 45 minutes after Bkhchadzhyan was taken into custody, U.S. Magistrate Judge Alicia Rosenberg — sitting in a federal courtroom 17 miles away — signed off on the warrant for the defendant to press her finger on the phone.
By 1 p.m., an FBI agent specializing in cybercrimes took her print, according to court papers.
Why authorities wanted Bkhchadzhyan to unlock the phone is unclear. The phone was seized from a Glendale residence linked to Sevak Mesrobian, who according to a probation report was Bkhchadzhyan’s boyfriend and a member of the Armenian Power gang with the moniker of “40.” Asst. U.S. Atty. Vicki Chou said the search was part of an ongoing probe. She declined further comment.
Even with the limited outlines of the inquiry, Brenner said the act of compelling a person in custody to press her finger against a phone breached the 5th Amendment’s protection against self-incrimination. It forced Bkchadzhyan to testify —without uttering a word — because by moving her finger and unlocking the phone, she authenticated its contents.
“By showing you opened the phone, you showed that you have control over it,” Brenner said. “It’s the same as if she went home and pulled out paper documents — she’s produced it.”
But Albert Gidari, the director of privacy at Stanford Law School’s Center for Internet and Society, said the action might not violate the 5th Amendment prohibition of self-incrimination.
“Unlike disclosing passcodes, you are not compelled to speak or say what’s ‘in your mind’ to law enforcement,” Gidari said. “‘Put your finger here’ is not testimonial or self-incriminating.”
Unlike disclosing passcodes, you are not compelled to speak or say what’s ‘in your mind’ to law enforcement. ‘Put your finger here’ is not testimonial or self-incriminating. — Albert Gidari, director of privacy at Stanford Law School’s Center for Internet and Society
The issue partly revolves around the prevailing legal stance toward fingerprints.
Law enforcement routinely obtains search warrants to examine property or monitor telecommunications, even swab inside an inmate’s mouth for DNA. But fingerprints have long remained in the class of evidence that doesn’t require a warrant, along with providing handwriting samples or standing in a lineup. Courts have categorized fingerprints as “real or physical evidence” sourced from the body, unlike communications or knowledge, which cannot be compelled without violating the 5th Amendment.
George M. Dery III, a lawyer and criminal justice professor at California State University, Fullerton, likened the warrant to the government’s request for a key.
“Before cell phones, much of this information would be found in a person’s home,” Dery said, noting that search warrants commonly authorize police to march into a home and seize evidence. “This has a warrant. Even though it is a big deal having someone open up their phone, they’ve gone to a judge and it means there’s a likelihood of criminal activity.”
Apple’s fingerprint sensor, known as Touch ID, is installed on phones and tablets rolled out after 2013, and the optional feature has a narrow window during which it is viable for an investigator. The Touch ID biometric reader cannot be used if the phone has not been unlocked for 48 hours. If a phone is restarted, or goes beyond the 48-hour window, only a passcode can open it.
Few courts have taken up the issue of whether a defendant can be forced to unlock his or her iPhone, either with a password or fingerprint.
In a Virginia trial court, David Charles Baust was accused of trying to strangle a woman in his bedroom, which was equipped with a video recording device that the victim said could have been linked to Baust’s phone. Investigators seized the phone via search warrant, but it could only be opened with a passcode or fingerprint reader.
In 2014, a judge said Baust could be compelled to provide his fingerprint to open a locked phone but could not be ordered to disclose a passcode. The judge reasoned that providing a fingerprint was akin to giving a key, while giving a passcode — stored in one’s mind — entailed revealing knowledge and therefore testifying. Baust was later acquitted.George Mgdesyan, an attorney who has previously represented both Bkhchadzhyan and Mesrobian, said he was unsure why authorities were trying to unlock her phone. He said he was not representing Bkhchadzhyan in any federal criminal matter and believed the probe included hacking and possibly “other issues.”
The attorney denied that the search of Bkhchadzhyan’s phone was connected to Mesrobian, who has been held in North Kern State Prison since Feb. 12.