Blog

Class aptent taciti sociosqu ad litora

Digital Crumbs

  • May 26, 2017
  • Clayton Rice, Q.C.

A witch lives in a gingerbread house in the forest. The rural by-laws governing home construction in this forest are a little lax. You must take your cellphone if you go there so you can leave digital crumbs to find your way back. Because if you get lost, well, that would be the cruellest thing of all.

On May 21, 2017, The Atlantic published an article by Matt Ford titled Roaming Charges. Mr. Ford began his piece this way:

“Statistically speaking, you’re most likely reading this story on a cellphone somewhere in the United States. If you are, you’re using one of more that 378 million cellphone accounts in the country. The data forming these words is beaming to your phone by way of between 300,000 and 600,000 cell towers – a vast telecommunications archipelago that spans from Seattle to Orlando, binding Americans and their devices to one another in a tangled digital web.

Traversing that web leaves tracks. By tracing the cell towers an individual device interacts with, law-enforcement agencies can track where you’ve been, how long you were there, and when you left. What’s more, the police can obtain all of that data without a warrant. But that could change if the U.S. Supreme Court agrees to take up two major Fourth Amendment cases, Graham v. United States [824 F.3d 421 (4th Cir. 2016] and Carpenter v. United States [819 F.3d 880 (6th Cir. 2016], for its upcoming term in October.”

Cell site location information (CSLI) is routinely acquired by law enforcement in the investigation of serious crime. I have not had a homicide case in years where I did not receive disclosure of this kind of data dump from which investigators extract circumstantial evidence putting a suspect at or near a crime scene at the relevant time. The reasoning thread being – if the cellphone was there, so was the suspect. But the constitutional law governing the search and seizure of CSLI in the United States and Canada is markedly different. The Fourth Amendment to the Constitution of the United States has been historically restricted by the law of trespass and the third party doctrine both of which have limited application to digital privacy under s. 8 of the Canadian Charter of Rights.

As Mr. Ford observed, the information available from cellphones is not limited to the data stored on the device itself. In the Brief of Amici Curiae by the Electronic Frontier Foundation (and others), filed on the certiorari petition in Carpenter, Jennifer Lynch, counsel of record, put it this way, at p. 2: “For a phone to receive and share much of that data – in other words, to be usable – it must connect with a cell tower. Every time it does, it generates information, stored by the phone company, about which tower the phone connected to – essentially where the phone was – on a given date and time. These small bits of data…are aggregated by providers and, like GPS data that may be stored on the phone itself, ‘generate a precise, comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.’ United States v. Jones, 132 S.Ct. 945, 955 (2012) (Sotomayor, J., concurring).”

The EFF brief goes on, at pp. 2-3, to summarize the Graham and Carpenter petitions (Case Nos.: 16-6308 and 16-402) this way: “The petitions…ask this Court to address whether the Fourth Amendment prohibits the warrantless seizure and search of CSLI. Both cases relied on this Court’s opinion in Smith v. Maryland, 442 U.S. 735 (1979), to hold Americans lack a reasonable expectation of privacy in CSLI because it is a business record held by third party service providers. But the few days of numbers dialled in Smith are so qualitatively different from the months of detailed location data collected in these cases as to prove Justice Sotomayor’s point that Smith’s premise is ‘ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.’ Jones, 182 S.Ct. at 957 (Sotomayor, J. concurring).” (See also: Graham v United States. Brief for the CATO Institute As Amicus Curiae, at pp. 1-2. November 3, 2016; and, Stevenson. A Growing Consensus: A Comment on United States v. Carpenter, and the U.S. Supreme Court’s Opportunity to Protect Privacy. 78 Ohio State LJ 13 (2017), at p.  27)

The EFF brief then paints a picture of the growth in cellphone technology that is breathtaking in its pervasiveness. I will give you these highlights:

  • As in Riley v California, 134 S.Ct. 2473, 2490 (2014) the “element of pervasiveness” that characterizes cellphones has a crucial impact on Fourth Amendment issues. Today, owning a cellphone is not a luxury. More than 91% of all American adults have a cellphone and most carry it with them everywhere they go. (p. 4)
  • As cellphone use has increased, service providers have installed more cell sites to handle the load. These sites include an estimated 1.85 million antennae constantly communicating with all phones within range. (p. 6)
  • Smartphones allow users to share photos, use video and text based communication tools, find routes to new locations, stream music, research health information, play games and track finances – and do all these things at the same time. The amount of data transferred over wireless networks has increased 2,400% between 2010 and 2015. (p. 8)
  • Cellphones generate this vast amount of data because they constantly send and receive whenever they are on. Cellphones generate CSLI even in the absence of user interaction due, in part, to applications that run in the background that send and receive data (e.g., email applications) without a user interacting with the device. (p. 9)
  • As the number of cell towers has increased and cell sites have become more concentrated, the geographic area covered by each cell sector has shrunk. Cellphone triangulation (data from three towers instead of one), allows more precise location tracking, and with newer cell technology, providers can determine not just the location of the cell site the phone connects to, but, by “correlating the precise time and angle at which a given device’s signal arrives at multiple sector base stations”, they can determine where the phone is located within a sector. This can shrink accuracy down to within 50 metres. (pp. 10-1)

CSLI data is quantitatively and qualitatively different from GPS data that was in issue in Jones. A GPS device is usually attached to a car and therefore only goes where the car goes. As the court observed in Riley, 12% of Americans have reported that they use their cellphones in the shower! CSLI coughs up far more information about geographic movement than a GPS device. Most importantly, a GPS device functions in real time harvesting data during the period authorized by a warrant. But CSLI data is also historical allowing law enforcement to reconstruct past movement. And that capacity to reconstruct a person’s past applies to all cellphones – not only the ones under police investigation.

The position developed in the EFF brief is that (a) users do not voluntarily convey CSLI to a cell provider because it is transmitted automatically during the registration process independently of the user’s input, control or knowledge and (b) a normative inquiry shows that Americans believe that location data generated and stored by cellphones is private and that expectation is reasonable. Both arguments would be unnecessary under Canadian law.

I have argued previously on this blog that, unlike the Supreme Court of the United States, the Supreme Court of Canada has recognized a general right to privacy under s. 8 of the Charter. A reasonable expectation of privacy in Canadian constitutional law is not necessarily compromised by disclosure to a third party by virtue of the restricted purpose doctrine. There are many circumstances where an individual will have a reasonable expectation that information voluntarily disclosed will remain confidential and restricted to the purpose for which is is divulged. In the context of CSLI, the disclosure of data for the purpose of maintaining cellular service does not mean that an individual’s privacy interest in that data is relinquished for all other purposes. CSLI is usually obtained by Canadian law enforcement pursuant to a production order issued by a judge under s. 487.014(1) of the Criminal Code. (See e.g., R v Dyment, [1988] 2 SCR 417 per La Forest J., at paras. 429-30; R v Spencer, [2014] 2 SCR 212 per Cromwell J., at para. 44; and, On The Wire. Just A Face In The Crowd, November 6, 2016)

It is important, however, that in Jones, Sotomayor J. urged her colleagues to consider the Fourth Amendment in the context of the digital age in the language of the restricted purpose doctrine, at p. 957: “I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection. See Smith, 442 U.S., at 749, 99 S.Ct. 2377 (Marshall, J., dissenting) (“Privacy is not a discrete commodity, possessed absolutely or not at all. Those who disclose certain facts to a bank or phone company for a limited business purpose need not assume that this information will be released to other persons for other purposes”), see Katz, 389 U.S., at 351-352, 88 S.Ct. 507 (“[W]hat [a person] seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected”).” The Graham and Carpenter petitions present the court with another opportunity to consider the restricted purpose doctrine.

Although the warrantless seizure of CSLI continues to be the subject of judicial debate in the United States, the frontline cases of Carpenter and Graham will not answer the broader concerns about the collection of personal information by governments and corporations. In a paper titled Does Seeking Cell Site Location Information Require a Search Warrant published by the Center for Advancement of Public Integrity at Columbia Law School (2016) this conclusion is reached, at p. 4:

“CSLI is only the tip of the iceberg when it comes to personal data that is now routinely being collected by third parties. As technology advances, more and more companies and other entities are collecting personal information about users. Online streaming provider Netflix keeps track of a user’s personal preferences for movies. The relatively new Apple Watch has the ability to track an individual much in the same way that smartphones can. Online retailers such as eBay and Amazon track personal shopping habits. Those are just a few examples of the ways in which third parties are increasingly collecting information that might be useful to law enforcement, but might also implicate an individual’s privacy concerns.”

It is not only laws governing the construction of gingerbread houses that are a little lax.

Comments are closed.