NSA Collection of Phone Records May Be Unconstitutional. Possibly Violates Fourth and First Amendment.

Posted on by

The New York Times is reporting that the NSA and the Federal Government “is secretly carrying out a domestic surveillance program under which it is collecting business communications records involving Americans.”  The records obtained include call logs.  It is unclear how widespread the record collecting is, and whether it includes residential or cellphone services.

The law as written, including in the Patriot Act, permits this.

The key unanswered question: is a government law that permits law enforcement to obtain cell phone records from many, or all, users permissible under the Constitution.

Here are some initial thoughts.

Fourth Amendment 

The Fourth Amendment provides that “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause . . . .”

The Supreme Court has explained that the fundamental purpose of the Fourth Amendment “is to safeguard the privacy and security of individuals against arbitrary invasions by government officials.” Camara v. Mun. Ct., 387 U.S. 523, 528 (1967).

However, the courts have created a number of exceptions to the Fourth Amendment, so that many government actions that appear to gather personal information are not considered to be “unreasonable” and therefore subject to Fourth Amendment scrutiny.

The Supreme Court has explained that a search occurs, and the Fourth Amendment is implicated, when the government intrudes on an expectation of privacy that society is prepared to consider reasonable.  In evaluating this test, courts ask two questions:  (1) has the person demonstrated an expectation of privacy; and (2)is society willing to recognize that expectation as reasonable.

The first question is likely easy.  Most people expect that phone records are be shielded from public scrutiny.  There likely is some language in the cell phone provider agreements that address this issue.  Verizon, for example, has a privacy policy which states:  “Verizon does not sell, license or share information that individually identifies our customers with others outside of Verizon for non-Verizon purposes without your consent.”

The second question is much more complicated.

The courts have generally held that the Fourth Amendment provides little to no protection for data stored by third parties.  The most famous case is United States v Miller.  Miller concerned bank records.  In that case, the Supreme Court held the Fourth Amendment did not apply to information voluntarily provided to a third party.

There are three key differences between this situation and Miller. 

First, a key to Miller was that the information sought was business records, not likely to reveal personal information.   Cell phone records can reveal a significant amount of personal information – phone calls to friends, doctor’s offices, mental health professionals, business colleagues – can all provide clues about the most intimate details of a person’s life.  A better example is United States v. Warship.  In that case, a federal appeals court found that emails were subject to the Fourth Amendment even if they are in the possession of a third party Internet Service Provider, like Gmail or Hotmail.

Second, the amount of data collected allows the government to draw conclusions about the private lives of people from aggregated data that could not be drawn from discrete sets of records.

Courts are likely to perceive a difference between gathering a reviewing months of calls for numerous users and reviewing the records of one individual.  The aggregation of seemingly innocent pieces of data allows a clever observer to determine a person’s private contacts and routine.  This is because, as some of the Supreme Court Justices recognized in reviewing the warrantless use of use GPS tracking devices, the whole of one’s movements reveals more than does the sum of its parts.  With aggregated call data, an observer can use patterns of calls to reveal details about a person that might not available from a single action or transaction.  For example, one call to a physician doesn’t mean much, but multiple calls to a physician could allow an observer to infer a medical condition.

Third, the gathering of cell phone records could permit law enforcement to conduct surveillance beyond a targeted investigation into certain crimes. Instead, the program could permit law enforcement to undertake surveillance of a particular individual over an extended period of time in the hope of piecing together evidence of illegal conduct, including evidence of illegal conduct that was not even suspected prior to the surveillance.  This is the point I made in a law review article examining GPS tracking cases before the Supreme Court in the Jones case found that the practice violated the Fourth Amendment.

First Amendment

The government program of obtaining cell phone records can provide a “map of association” of all of the contacts, associates, colleagues, and friends of users.  Indeed, this could be the purpose.

The Supreme Court has recognized a privilege, grounded in the First Amendment right of association, not to disclose information when disclosure may impede the rights of speech and assembly.  This First Amendment check on government investigative activities was most famously explored in the United States Supreme Court in NAACP v. Alabama.  In NAACP, the state of Alabama sought to compel the NAACP to reveal the names and addresses of all its Alabama members and agents.  The Court held that the constitutional right of association – which is tied to the rights of speech and assembly – could protect those who join groups from state scrutiny.  The Court explained, “It is hardly a novel perception that compelled disclosure of affiliation with groups engaged in advocacy may constitute . . . [an] effective a restraint on freedom of association. . . .  Inviolability of privacy in group association may in many circumstances be indispensable to preservation of freedom of association, particularly where a group espouses dissident beliefs.”

In regards to the NAACP, the court feared that compelled disclosure of the organization’s membership list might “induce members to withdraw from the Association and dissuade others from joining it because of fear of exposure of their beliefs shown through their associations and of the consequences of this exposure.”

The right to withhold lists of members in a group is not, however, absolute.  Rather, the right must be balanced against the government interest.  The extent of the First Amendment argument was tested in a case involving Julian Asante’s Wikileaks website.  In Re: §2703(d) Order, No. No. 1:11dm00003, E.D. Virginia 2011.  In order to aid in the investigation of possible criminal charges arising out of the recent Wikileaks disclosures, the government sought a court order requiring Twitter to turn over the customer information of various users suspected to have been involved in the disclosures.  (The government did not seek to obtain the contents of any communications.)

The users argued that the order violated the First Amendment.  They argued that allowing the government to obtain records of this information would have a chilling effect on the willingness of people to post information on Twitter, or to follow certain users.  The court rejected this argument, in large part because the users had already made their Twitter posts and associations publicly available.

Persons in private or restricted groups have a stronger argument that the disclosure may have a chilling effect on the willingness of others to be associated with the group.  In addition, courts will be more likely to be protective of records that reveal political or religious affiliations – purposes already within the core of the First Amendment protections.

 

First Circuit Limits Searches of Cell Phones Incident to Arrest

Posted on by

In a significant decision, the United State First Circuit Court of Appeals has held that the police, after seizing a cell phone from an individual’s person as part of his lawful arrest, can not search the phone’s data without a warrant.  The case addresses the the boundaries of the Fourth Amendment search-incident-to-arrest exception.

Note: This is an issue I have written about extensively, including a 2010 law review article:  Doctrinal Collapse: Smart Phones Cause Courts to Reconsider Fourth Amendment Searches of Electronic Devices. University of Memphis Law Review, Vol. 41, p. 233 (2010). Download .pdf

The case is United States of America v. Brima Wurie, No. 11-1792, United States Court of Appeals, First Circuit.

The case began in 2007 when a Boston Police Department Detective  was performing routine surveillance in South Boston. He observed the Defendant stop in the parking lot of a convenience store, pick up a man later identified, and engage in what the detective believed was a drug sale in the car.  The Detective and another officer stopped the other man and found two plastic bags containing crack cocaine in his pocket.

Continue reading

Government Can Read Credit Card Magnetic Strips Without A Warrant

Posted on by

A federal court recently considered whether the warrantless reading of magnetic strips on the backs of credit and debit cards by United States Secret Service agents violates the Fourth Amendment of the United States Constitution’s prohibition against unreasonable searches and seizures.

The case is UNITED STATES OF AMERICA v. OLADIPO ALABI And KEHINDE OGUNTOYINBO, Defendants, No. CR 11-2292 JB, D. New Mexico, April 2, 2013.

The case started in April 2011.  A New Mexico State Police Officer stopped the defendants rental car because of expired license plates.   The officer gave the driver a warning and then obtained a limited consent to search the rental vehicle and luggage. As a result of the search, the officer seized, among other things, thirty-one credit and debit cards.  The office also seized: (I) approximately sixty-seven Wal-Mart cash cards valued at $1,650.00; (ii) approximately $5,673.00 in cash; (iii) two laptop computers; (iv) six cellular telephones; (v) a bundle of paperwork which contained a list of approximately 500 names with birth dates, Social Security numbers, addresses, and telephone numbers; and (vi) two Louis Vuitton bags.

The Defendants were arrested on state charges related to identity theft. The United States Secret Service subsequently became involved.  A special Agent proceeded to scan and search each of the individual credit and debit cards to obtain the electronic information on the magnetic strips.  The court found that the magnetic strip on the back of a credit/debit card “contains three tracks on which data may be stored.” The information stored on the magnetic strip includes (i) the primary account number; (ii) the card-owner’s name; and (iii) the expiration date.  Most card readers do not read the third line of data.

The court noted that the strips can be reprogrammed for a fraudulent purpose:  “To enable a person to commit credit card theft/fraud, the original information on the back of a credit or debit card is replaced with the data taken from another person’s card’s magnetic strip, so that the card is still able to be processed by a card reader, but is processed to a person’s account other than the cardholder identified on the front of the recoded card.”   A witness explained that “a person presents a credit card to a store clerk, then if the clerk asks for identification, the person will show his or her own license, which contains the same name as embossed on the front of the card, and then “the clerk would then run the credit card through a reader that sends the billing information off to the bank. The bank doesn’t see what’s on the front of the credit card nor what’s [on] the driver’s license,” so it can charge the purchase to a person different from the cardholder named on the front of the card.

Out of the thirty-one credit/debit cards found in the Defendants’ possession, nine cards contained different information on the magnetic strips than reflected on the fronts of those cards.  There was no evidence that any of the thirty-one credit and debit cards found in the Defendants’ possession have been used.

The court found that “scanning the credit and debit cards’ magnetic strips was not a search for Fourth Amendment purposes.”  The court reasoned that the search does not violate the Supreme Court’s trespass-based search approach, and that it did not compromise any legitimate interest in privacy.

Continue reading

Cell Phone Subscriber Information Is Not Protected by Fourth Amendment

Posted on by

The case is Upshur v. State, No. 1461, Court of Special Appeals of Maryland (November 28, 2012).

The defendant challenged the use of his name and address, which law enforcement officers obtained without a warrant from his cellular telephone service provider.  This information led to his identification by law enforcement and the issuance of a search warrant for his house and automobile. The evidence obtained led to the defendant’s conviction of second degree assault, reckless endangerment, and carrying a concealed dangerous weapon. He was sentenced to ten years in prison for the assault conviction and three years in prison imprisonment, which was suspended, for the weapons charge.

The defendant argued, in part, that the Fourth Amendment of the United States Constitution and the Stored Communications Act, considered in combination, mandate exclusion.

The problem for the defendant is the doctrine that once an individual conveys information to a third party, society does not generally recognize an expectation of privacy in that information. Without an expectation of privacy, the Fourth Amendment is not applicable.  The leading case, relied on by the court, for this idea is Smith v. Maryland, 442 U.S. 735, 741-42 (1979).  In Smith, the United States Supreme Court determined that a telephone user did not have a reasonable expectation of privacy in the numbers that he or she dialed because the information was knowingly conveyed to the phone company.

The court rejected this argument because the defendant did not “produce evidence establishing that he had any constitutionally protected expectation of privacy in his subscriber name and address.”  The court noted:

Federal courts that have considered the issue of an expectation of privacy in subscriber identifying information have all determined that there is no such protected expectation: “Every federal court to address this issue has held that subscriber information provided to an [electronic communication service] is not protected by the Fourth Amendment’s privacy expectation.” United States v. Perrine, 518 F.3d 1196, 1204 (10th Cir. 2008) (collecting cases). For example, in United States v. Bynum, 604 F.3d 161 (4th Cir. 2010), the United States Court of Appeals for the Fourth Circuit determined that a person does not have a reasonable expectation of privacy in subscriber data conveyed to the provider: “[Defendant] voluntarily conveyed all this information [name, address, e-mail address, and telephone number] to his internet and phone companies. In so doing, [Defendant] `assumed the risk that th[os]e compan[ies] would reveal [that information] to police.’” Id. at 164 (quoting Smith, supra, 442 U.S. at 744).

Accordingly, the court held that the Fourth Amendment does not protect a cell phone subscriber’s name and personal information.

Kansas Court Holds That Police Can Read Text Messages of an Arrested Person

Posted on by

The Kansas Court of Appeals has held that police may search the contents of a cell phone incident to an arrest without a warrant.

The case is STATE OF KANSAS v. TOMMY RAY JAMES, No. 106,083 (November 9, 2012).

The Defendant was convicted of possession of marijuana with the intent to sell and other related offenses.  He was sentenced to 30 months in prison.

The defendant was stopped while driving his car because he had a headlight out.  The deputy smelled the odor of alcohol coming from the vehicle and the defendant later admitted he had been drinking.  He was arrested.  A search of the vehicle revealed a plastic bag containing approximately a half pound of marijuana. The defendant told the Deputy that the marijuana might belong to his brother. The Defendant suggested that he could call his brother and said that he was “pretty sure” the number was in his cell phone. The defendant, who was in handcuffs, then allowed the Deputy to retrieve the cell phone from his pants pocket. The deputy asked “are there going to be any text messages on here relating to drug sales?”  The Defendant said no.

The Deputy proceeded to look at the cell phone and found incriminating text messages:  “U got green I will meet U somewhere;” “Hey T-Ray this is Cotie. U got a 20?”

The defendant argued that the police violated his constitutional rights under the Fourth Amendment to the United States Constitution by searching the text messages on his cell phone without a warrant. In response, the State contends that the search of the text messages was part of a valid search incident to arrest.

My views on this issue can be found in this law review article.

The court noted that the scope of a search incident to a lawful arrest extends to containers found on an arrestee’s person. The court relied on United States v. Robinson, 414 U.S. 218 (1973), a case where the Supreme Court found that a law enforcement officer had the right to inspect a cigarette package found on an arrestee’s person incident to a lawful arrest.  The court found that “the weight of authority applies Robinson to cases involving the search of a cell phone— including the viewing of text messages—seized from an arrestee incident to arrest.”

The court did note that “there are jurisdictions that have found searches of cell phones incident to arrest to be illegal.”  In reviewing the Ohio case on this issue, State v. Smith, 124 Ohio St. 3d 163 (2009), the court acknowledged that the Ohio Supreme Court has held that a warrant was necessary to search a defendant’s cell phone because a cell phone is not a container “capable of holding other physical objects.” The court said in regards to this decision:  “We do not necessarily agree with the premise that the information kept on a cell phone should be treated differently than information written on a piece of paper found on an arrestee’s person.”

The court addressed concerns about the privacy implications of the decision:

The issue in dispute is not whether an individual has a reasonable expectation of privacy in the text messages found on his or her cell phone. Likewise, the issue in this case does not involve the recovery of sophisticated data from a cell phone. Rather, the issue presented is whether the scope of a search incident to a lawful arrest includes text messages contained in cell phones found on an arrestee’s person.

 

We recognize that many cell phones, tablets, and similar electronic devices are capable of storing a wealth of personal information. But we find that the Fourth Amendment and the exceptions to the warrant requirement adequately protect such information from unreasonable search and seizure. Accordingly, we conclude that as part of a search incident to arrest, it is reasonable for a law enforcement officer to view the text messages contained in a cell phone found on an arrestee’s person for evidence probative of criminal conduct. (Citations omitted.)

The court rejected the defendant’s other arguments challenging his conviction and affirmed his sentence.

Data Suggests that Public Does Not Support Warrantless GPS Tracking

Posted on by

 

A UC Hastings law student has performed an excellent experiment to test the viability of the Katz two-prong test.  The Katz test issued to determine whether police actions of the constitute a “search” within the meaning of the Fourth Amendment. The Katz test asks (1) whether there was a subjective expectation of privacy and (2) if so, whether the expectation of privacy is one that society is willing to recognize as reasonable.

The full paper can be found here:  Herding Katz: GPS Tracking and Society’s Expectations of Privacy in the 21st Century by ZACHARY GRAY*

The study asked “everyday people whether they believed that GPS tracking violated their own personal sense of privacy expectations.”  321 randomly selected individuals were asked about the use of GPS tracking devices by answering questions about four potential scenarios in which the police used GPS devices to track an individual’s movements. The questions were asked in a way that allowed respondents who “believed that the officer’s actions were unjustified, yet also felt that the individual still did not have a reasonable expectation of privacy to answer accordingly; ensuring that people who disagreed with the officer’s actions but did not believe the suspect’s privacy was violated to say so without feeling compelled to agree with the premise that his privacy was violated to channel their disapproval of the officer’s actions.”

The results, according to the author,  suggest that “society overwhelmingly believes that GPS tracking is unjustifiable and violates an individual’s privacy rights.”  In particular, the study found that the use of GPS devices based on limited probable cause for an extended period of time was a as a violation of privacy rights.  Notably, the study found that the length of time for GPS monitoring was not important, as respondents seemed as critical of tracking that occurred for 48 hours as for four months.  The results did not change much when the facts were changed to provide greater probable cause to believe that criminal activity had occurred.  The author writes:

From circumstances in which the State has probable cause to believe an individual is engaged in criminal activity to those in which the belief is merely a hunch—and from tracking that lasts anywhere from four months to 48 hours—society consistently recognizes that GPS tracking is unjustified. The strong inverse correlation between the belief that it is justified and the belief that it violates expectations of privacy indicates a strong correlative and arguably causal relationship between these beliefs.

Interestingly, the study also asked respondents about a scenario  modeled after the facts in the original Katz decision – police monitoring of a call from a payphone.  Based on this study, most people agreed that privacy rights had been violated in Katz.  The author wrote,

it is clear that Katz was correct when it held that an individual’s expectation of privacy inside of a phone booth is an expectation that “society is prepared to recognize as reasonable.”152 Despite the anachronistic nature of a phone booth in contemporary society, respondents clearly believed that state action to monitor the conversation taking place inside that phone booth violated a clearly defined privacy norm and that it was unjustifiable for the authorities to do so.

The study found that men and women answered the questions about the same.  However, the data suggest that different ethnic groups “have marginally different privacy expectations and in some cases, significantly different perspectives on what degree of state intrusion they are willing to tolerate as justifiable.”

Empirical data is always better than conjecture — kudos to Mr. Gray on his work.

 

Is A Print-Out of an Email an “Electronic Record”

Posted on by

An Ohio court had to choose how to print-outs of define electronic documents.  In particular, the court had to consider whether the print-put of an email is an electronic document.

The case is State v. Wangler, 2012 Ohio 4878.

In 2006, the defendant and his wife were sleep in separate rooms.  The defendant called 911, claiming that the carbon monoxide alarm in his residence was sounding and that his wife, a diagnosed epileptic, was having a seizure. The defendant told the dispatcher that he had opened the windows and began performing CPR. She appeared to be dead when help arrived.

As a result of testing of the furnace, the police became suspicious and executed a search warrant.  Various items, including a personal computer, a laptop, various computer accessories, various data storage devices, a portable GPS unit, miscellaneous papers, three handwritten journals, cash, credit cards, jewelry, and books were seized.  A few months later, a second search warrant was obtained and other items, including limited to, ductwork, the register from the wife’s bedroom, and a swatch of carpet surrounding the same register were seized.

As a result of testing, the defendant was charged with murder.  The prosecution theory was that a car exhaust had been hooked up to the duct and register.

The court concluded, on review that law enforcement exceeded the scope of the first search warrant when it seized miscellaneous papers, handwritten journals, cash, jewelry, credit cards, a briefcase, a safe, a disposable camera, and headphones. The search warrant permitted the seizure of, in addition to computers, of “electronic records, communications, and documents” and “any and all electronic communications including but not limited to opened and unopened e-mail messages, instant messages (IM), letters and other electronic records, documents, correspondence, notes, memoranda, address lists, telephone directories, screen name lists, buddy lists, advertisements, calendars, diaries, journals, telexes, faxes * * *[.]”

The court interpreted this to mean that the police could seize “electronic records, communications, and documents.”  The seizure of print out of emails and other documents created on a computer was permissible.  However, hand written documents, such as a journal maintained by the defendant, were not within the scope of the warrant and, therefore, should not have been seized.

The court concluded the seizure of the journals was harmless error.  The journals were used to support an argument that the defendant’s marriage was in trouble.  However, the jury also heard from “several witnesses who testified in some detail about the difficulties” in the marriage.  Accordingly, the journals were viewed as cumulative.

The court reviewed other potential claims – but rejected those arguments and affirmed the convictions.

TSA Accused of Violating Fourth Amendment. I disagree.

Posted on by

Fear of terrorism has distorted the people’s risk perception and facilitated dubious public policies, “exemplified . . . by a series of programs implemented by the Transportation Security Administration (TSA).”

This is the view of Professor Erik Luna in an essay about airport security entitled The Bin Laden Exception.  It can be found in the Northwestern University Law Review.

Luna addresses the question of whether the TSAs measures violate the Fourth Amendment.  He suggests that the TSA’s practices “undermine a basic component of the rule of law: freedom from government caprice and vindictiveness.”  He also suggests that people are afraid to challenge TSA authority at airports in order to “avoid the ire of a TSA agent, who at times appears as the spitting image of the petty tyrant to whom the Bill of Rights is addressed.”  As evidence, he cites new reports of a passenger who was arrested after he wrote the words of the Fourth Amendment across his chest – a topic we covered on the blog as part of what we called the TSA Silly Season.

Luna suggests that “The notion that a passenger implicitly consents to any TSA search by entering the security queue is no truer than the idea that someone implicitly consents to government eavesdropping by using a cell phone, for example, or that people implicitly consent to the rummaging of their cars and the contents simply by getting behind the wheel.”

This is not, in my view, correct.  While air travel may be a practical necessity for many in the 21st Century, the idea that a person is aware that he or she will be searched before boarding an airplane is part of the deal.  Also, his suggestion that it is “quite another matter to create images of a passenger’s nude body, which would seem to be the kind of intrusive search that requires individualized suspicion and possibly judicial approval” is not supported by any caselaw and, in fact, is belied by the good track record of the TSA in protecting the privacy of these images.

In general, TSA procedures are justified as reasonable intrusions necessitated by the risk of terrorism.  The author suggests that “in practice, the all-things considered weighing process seems to begin with a heavy thumb on the government side of the scale.”  Again, I am not sure that this is incorrect given the nature of the threat we face, and the possibility for one individual to create a lot of death and destruction.  The criticism that every court that has upheld TSA procedures – which is ALL of them – did so because the “courts will feel obliged to uphold the regime—maybe out of deference to the post-9/11 Executive Branch or simply to avoid the appearance of impeding antiterrorism efforts” is not well founded.  These decisions – as I noted elsewhere – are squarely within traditional Fourth Amendment jurisprudence.

The biggest issue of TSA overreach — and the only viable one at this time — is TSA searches of computers.

Links to other posts on the TSA are below.