Rebuilding Bridges: Addressing the Problems of Historic Cell Site Location Information
Berkeley Technology Law Journal
Rebuilding Bridges: Addressing the Problems of Historic Cell Site Location Information
Mark Daniel Langer 0
0 Mark Daniel Langer, Rebuilding Bridges: Addressing the Problems of Historic Cell Site Location Information , 29 Berkeley Tech. L.J. (2014). Available at:
Follow this and additional works at; http; //scholarship; law; berkele y; edu/btlj
Mark Daniel Langer †
In February 2010, the FBI began a massive manhunt for the two men
responsible for over fifteen bank robberies in Arizona and Colorado.1 When
surveillance tapes and eyewitness accounts did not provide the necessary
information to identify the suspects and regional law enforcement had been
unable to determine their identities,2 FBI agents turned to the historic cell
site location information (“CSLI”) that cell phone service providers had
collected from towers around the banks.3 Using a § 2703(d) court order (“D
Order”),4 the agents collected nearly 150,000 cell phone numbers that were in
the vicinity of four of the banks at the time of the robberies.5 Out of this
information, the FBI agents quickly isolated the two numbers that
reappeared, and by March 11, agents had arrested the two suspects.6
This is just one example of how government agents can use historic CSLI
in a criminal investigation, but it explains, at least in part, why privacy
advocates are concerned.7 A court authorized D Order can produce a vast
amount of information for government agents. As cell phone technology
develops, businesses increase the amount of information they collect, which
then increases the amount of information the government can demand. The
debate about historic CSLI is far from settled, and this dissonance highlights
a meaningful debate regarding the reach of the third-party doctrine.8 Further,
© 2014 Mark Daniel Langer.
† J.D. Candidate, 2014, University of California, Berkeley, School of Law.
1. See Nate Anderson, How “Cell Tower Dumps” Caught the High Country Bandits—and
Why It Matters, ARS TECHNICA (Aug. 29, 2013, 5:00 AM), http://arstechnica.com/tech-policy
2. See id.
3. See id.
4. 18 U.S.C. § 2703(d) (2012). The requirements and justification of D Orders will be
discussed in detail infra Section I.A.
5. See Anderson, supra note 1.
6. See id.
7. See, e.g., In re Historic Cell Site Location Information, EPIC (Dec. 20, 2013), https://
8. See infra Part I.C.
given recent developments that have challenged and minimized the
usefulness of other criminal investigatory tactics like GPS tracking,9
government agents are likely to fight for their ability to collect CSLI against
demands for reform.
Yet, a spirited discussion of reform still surrounds the government’s use
of D Orders to obtain historic CSLI, as many reformers and legal scholars
argue that the government is reaching too far into the lives of individuals.10
However, many of the potential solutions to this problem face considerable
obstacles: the Supreme Court seems hesitant to act;11 Congress is considering
a number of reforms, but these might not be successful in the present
political environment;12 and state legislatures, although often more willing to
protect privacy, are not equipped to provide adequate protection from
Using a recent Fifth Circuit opinion to present these issues, this Note
begins by discussing the background to this area of criminal surveillance law.
It then seeks to shift the focus away from specific technologies and toward
the parties caught up in the debate, arguing that the goal of reformers should
be to develop better relationships among the government, businesses, and
individuals. Strengthening these relationships would foster an environment
better suited to face the future problems that technology will pose—
specifically on historical cell site location information.
Part I of this Note provides background information on the key criminal
surveillance laws, the Electronic Communications Privacy Act (“ECPA”) and
the Stored Communications Act (“SCA”); the technology behind and use of
historic CSLI; and the development of the third-party doctrine. Part II delves
into the recent Fifth Circuit opinion on the constitutionality of using a court
order, instead of a warrant, to collect historic CSLI from service providers. It
then discusses the criticism of the government’s expansion of the third-party
doctrine with historic CSLI and the potential harms to the individual and the
relationships between government agents, businesses, and individuals arising
from such an expansionistic view. Part III describes the search for a solution
and the merits of the various avenues for reform. Part IV outlines a number
of ways to use historic CSLI reform to balance these relationships and
provide a healthier environment for future technological developments.
To assess the Fifth Circuit opinion in In re Application of the United States of
America for Historical Cell Site Data (“In re Cell Site”),14 its criticism, and
potential solutions, a basic understanding of the applicable law and
technology is necessary. This Part discusses the statutory framework of
ECPA, the technology behind CSLI, and the third-party doctrine, which
constitute the core of In re Cell Site.
THE ELECTRONIC COMMUNICATIONS PRIVACY ACT
ECPA provides structure and unification to how government agents treat
electronic information. It consists of three parts: the Wiretap Act,15 regulating
the interception of electronic communication; the Pen Register Act,16
regulating the collection of telephone metadata; and the Stored
Communications Act,17 regulating the collection of information in electronic
storage. ECPA regulates how government agents can collect such
information, providing varying levels of protection for each different type of
Although much of ECPA has met criticism, the SCA is the source of
some of the most heated debates.18 The Stored Communications Act, as the
name implies, covers electronic communications that are stored by a service
provider, including the substantive content such as emails and
nonsubstantive content like email metadata.19 The SCA, in § 2703, sets out the
general requirements that must be followed for a government agent to
compel the disclosure of stored information.20 This information can include
electronic communications in storage, electronic communications in a
remote computing service, and records concerning either electronic storage
or remote computing.21 Historical CSLI, as electronic information in the files
of service providers, falls under this last category of electronic storage.
18 U.S.C. § 2703(c) provides multiple avenues to compel disclosure of
records. The first and most obvious way to compel disclosure would be with
a search warrant,22 but the SCA also allows such compulsion with a D Order
as laid out in § 2703(d).23 Section 2703(d) requires that an officer provide
“specific and articulable facts showing that there are reasonable grounds to
believe that the contents of a wire or electronic communication, or the
records or other information sought, are relevant and material to an ongoing
criminal investigation.”24 The requirement that the information merely be
relevant and material to an ongoing investigation allows government agents
to collect a wide array of information. Although not an insignificant hurdle
for criminal investigations, it is less than the probable cause requirement of a
search warrant or the “super warrant” requirement of the Wiretap Act.25
There are two more elements of § 2703 that bear mentioning, though the
Fifth Circuit decision does not discuss them in detail. First, the SCA does not
provide a notice requirement for information that government agents
produce through § 2703(c).26 Second, government agents may request that a
company preserve the records in question pending a court order.27 These
elements do not have to do with the justification of a D Order and thus are
of less interest with regard to the Fifth Circuit’s opinion. However, these
elements will be relevant to the later discussion about how the current legal
framework has affected the landscape and potential solutions.
20. § 2703.
22. See FED. R. CRIM. P. 41.
23. 18 U.S.C. § 2703(d) (2012). For an example of a 2703(d) application and court
order, see Sample 18 U.S.C. §2703(d) Application and Order, FEDERAL JUDICIAL CENTER,
http://www.fjc.gov/public/pdf.nsf/lookup/CompIn01.rtf/$file/CompIn01.rtf (last visited
Feb. 24, 2014).
24. § 2703(d).
25. The Wiretap Act places even more limitations on collection on top of probable
cause such as minimizing the amount of intercepted information and requiring that other
investigative procedures be tried first. See 18 U.S.C. § 2518(3).
26. 18 U.S.C. § 2703(c)(3) (2012).
27. § 2703(f)(1).
CELL SITE LOCATION INFORMATION
To discern the potential problems of the use of historic cell site
information, it is helpful to isolate it from other geolocational data, especially
GPS data. Cell phone service providers collect CSLI whenever a cell phone
connects to a cell tower.28 When a cell phone is in contact with a cell tower,
both when making and receiving a call, its interaction with the closest cell
towers is recorded, thus providing potentially real-time location information
about the cell phone holder.29 Unlike a GPS device, a cell phone is not
necessarily constantly connected to a cell tower, so reconstructing a suspect’s
steps is not quite as simple or accurate.30 What is more, the precision of the
location information varies from region to region. Cell phone towers can
service a cell phone that is up to twenty-one miles away.31 However, highly
populated areas require many more cell towers to manage the traffic. Thus,
populous cities will often have many towers and thus provide more exact
geolocational information.32 A cell tower network in some cities can provide
a cell phone location accurate to within fifty meters.33
Government agents have been quick to make use of historic CSLI in
criminal investigations.34 In part, this is because of the recent holding in
United States v. Jones.35 In Jones, the Supreme Court held that placing a GPS
tracking device on a car without a warrant constituted a trespass and
therefore was an unreasonable search.36 While the Court specifically avoided
the issue of whether the use of GPS tracking, especially in the long term,
could qualify as a search, Justices Sotomayor and Alito at least expressed
their doubts about the propriety of using tracking technology this way.37
Since Jones, the FBI has stopped a large number of its GPS tracking
procedures and significantly increased its requests for CSLI.38
CSLI comes in many different categories. First, it can be either
prospective or historical.39 Because historic CSLI is information that cell
phone providers have already collected and logged, it seems intuitively less
problematic than prospective monitoring. Second, CSLI can contain multiple
types of information, including, inter alia, initiation information (where the
cell phone started a call), termination information (where the cell phone
ended the call), and duration information (where the cell phone was
throughout the duration of the call).40
CSLI can also contain logging information. Government agents can
create this information through a pinging process, by calling cell phones just
long enough to create a log in a company’s records. However, courts might
inquire as to whether the government engaged in such a practice before
deciding to grant a D Order.41 In In re Cell Site, the government agents asked
for all historic CSLI within a certain period,42 and the court did not address
whether the government agents involved used pinging to increase their
THE THIRD-PARTY DOCTRINE
In arguing for the constitutionality of using a D Order to disclose
geolocational information, both the government and legal scholars rely
heavily on the third-party doctrine.43 To understand the third-party doctrine,
it is important to first understand its context within Fourth Amendment law.
The Fourth Amendment protects “against unreasonable searches and
seizures.”44 Given the language of the Fourth Amendment, it becomes
important to discern what qualifies as an unreasonable search.
37. Id. at 957 (Sotomayor, J., concurring); id at 964 (Alito, J., concurring).
38. See Kravets, supra note 34. It is important to note that the FBI’s shift in procedure
does not mean that the use of CSLI is as accurate or invasive as the use of GPS tracking
devices. Typically a D Order is less controversial and less difficult to procure, thus giving
government agents incentive to focus first on CSLI before seeking GPS information under a
39. See Freiwald, supra note 10, at 698.
40. See id. at 702–705.
41. See id.
42. In re Cell Site, 724 F.3d 600, 602 (5th Cir. 2013).
43. See, e.g., Brief for the United States at 33–34, In re Application of the United States
of America for Historical Cell Site Data, 724 F.3d 600 (5th Cir. 2013) (No. 11-20884), 2012
44. U.S. CONST. amend. IV.
The Supreme Court provided its general test for an unreasonable search
in Katz v. United States.45 In Katz, the defendant was convicted of
“transmitting wagering information by telephone.”46 To catch him, the police
attached an electronic recording device on top of a public phone booth he
used and monitored his phone calls.47 The Supreme Court held that, although
this was a public place, Katz had a reasonable expectation of privacy in his
communications.48 Justice Harlan, in his concurring opinion, fleshed out the
reasonable-expectation-of-privacy test.49 The test consists of two prongs: (1)
whether the individual had a subjective expectation of privacy, and (2) whether
that expectation of privacy is one that society is objectively willing to accept as
reasonable.50 Justice Harlan argued that the facts of the case satisfied the test,
as Katz had the subjective intent, and society recognized an objective
expectation of privacy in the phone booth.51 Since this decision, Justice
Harlan’s two-prong test has proven to be the foundational test for
unreasonable search claims.
Although Katz provides an example of an expectation of privacy that
society is willing to consider reasonable, not every expectation of privacy will
be reasonable. The third-party doctrine is one instance in which one does not
have a reasonable expectation of privacy. The Supreme Court firmly
established this doctrine in two cases, United States v. Miller and Smith v.
In Miller, the defendant brought a Fourth Amendment challenge against
the government’s use of the defendant’s bank records and information.52 The
Court held that the defendant did not have a protectable Fourth Amendment
interest in the bank’s business records.53 Because the bank was a third party,
and the business records in question pertained to a transaction of which the
bank was a party, the Court held that the bank was able to share the
information that the defendant had provided to it.54 The Court noted that
individuals do not have a reasonable expectation of privacy in information
that they provide to third parties.55 The Court found this to be true,
regardless of whether the “information is revealed on the assumption that it
will be used only for a limited purpose and the confidence placed in the third
party will not be betrayed.”56
The Supreme Court continued to bolster the third-party doctrine in Smith
v. Maryland.57 In Smith, the government used the information from a
telephone company’s pen register to review the phone numbers that the
defendant had been calling.58 Although the defendant claimed a Fourth
Amendment interest in his phone calls and phone call information, the
Supreme Court again found no Fourth Amendment protection.59 Just like the
bank records of Miller, the Supreme Court held that an individual voluntarily
provided pen register information to the third-party telephone company.60
Even if this is information in which the defendant subjectively expected
privacy, society was not willing to accept that expectation as reasonable.61
THE IN RE: APPLICATION OF THE UNITED STATES
OF AMERICA FOR HISTORICAL CELL SITE DATA
In October 2010, government agents filed three § 2703(d) applications
under the Stored Communications Act.62 The applications asked for sixty
days of historical cell site data, as well as other subscriber information.63 The
magistrate judge granted the request for subscriber information but requested
a brief justifying the historical cell site data applications.64 After examining
the brief, the magistrate judge then declared that under Supreme Court
precedent, compelled warrantless disclosure of cell historical cell site data
violates the Constitution.65 The government brought the case before the
federal district court, which also held that the standard under the Stored
Communications Act was below constitutional requirements.66
1. Textual Argument
Before the Fifth Circuit could decide on the constitutionality of using a
D Order for historic CSLI, it had to first address the argument by the
American Civil Liberties Union (“ACLU”)67 that such an analysis would be
unnecessary. Constitutional interpretation issues, especially those
surrounding the Fourth Amendment, can be extremely controversial, and
court precedent has developed a “canon of constitutional avoidance” that
enables courts to avoid interpreting an issue so as to raise a constitutional
question.68 When applying this canon to statutory interpretation, courts must
“first ascertain whether a construction of the statute is fairly possible by
which the constitutional question may be avoided.”69
The ACLU argued that just such an interpretation was possible, relying
upon an interpretation of the SCA that arose in a Third Circuit case on the
very same matter.70 According to the ACLU, the SCA is ambiguous as to
when warrants are required to obtain certain information from third parties.71
Section 2703(d) states that a D Order “may be issued” by a competent
court.72 This language is permissive, implying that judges are able to use
discretion when providing a D Order. Also, the statute clearly states that an
order shall be provided “only if” the government meets the requirements of
the D Order, namely, making a specific and articulable showing that the
records are relevant to an ongoing criminal investigation.73 The ACLU, and
the Fifth Circuit dissent, argued that the best interpretation of this language
is that the order “may not issue unless the standard is met.”74 If that
interpretation is correct, then there might also be times when judges can
require more than the minimal specific and articulable facts standard.
Although this interpretation of the statute is not unreasonable, the
majority of the Fifth Circuit held that it was incorrect.75 The majority focused
its interpretation not on “only if” but on the “shall issue” part of the text.76
Under this interpretation, the words “may issue” merely permit courts of
competent jurisdiction to issue such orders while the phrase “shall issue”
compels judges to provide the order if the government can meet the specific
and articulable facts requirement.77 This argument did not satisfy the
dissent,78 but it allowed the majority to proceed to the constitutionality issue.
2. Reasonable Expectation of Privacy vs. Third Party Argument
Because magistrate judges do not have discretion, the Fifth Circuit had to
decide the constitutionality of the D Orders in this context.79 It began by
noting the two distinct questions that the ACLU and the government
addressed. The ACLU looked at which types of information are collected and
analyzed the D Orders based on Supreme Court’s precedent on tracking
devices.80 The government looked at who is collecting the information and
analyzed Supreme Court precedent on business records.81
Ultimately, the Fifth Circuit concluded that the government approached
the issue correctly.82 Although the ACLU brought up important concerns
with tracking cases such as United States v. Jones83 and United States v. Karo,84
those cases hinged on the fact that the government was the agent collecting
the information and tracking the people in question.85 With historic cell site
data, cell phone companies collect the information as part of ordinary
business records. Therefore, the court noted that the Supreme Court’s
precedent on third-party business records, such as Smith v. Maryland and
United States v. Miller, applied. These cases say that as long as the business
collects the information, the government will be able to use a D Order.86
Although this distinction convinced the court, the court discussed two
other factors that could potentially influence the third-party doctrine. First, it
highlighted the transactional analogy presented in United States v. Warshak.87 In
Warshak, the Sixth Circuit held that the government could not compel
disclosure of internet service providers’ records when they included the
content of emails.88 In those circumstances, the provider was merely an
intermediary between two communicating subscribers, not a party to the
transaction.89 In In re Cell Site, however, the consumer sent the cell site
information to the service provider alone, which gave the company every
right to both collect the information and provide it to the government.
Second, the ACLU expressed concern that consumers did not provide this
information voluntarily because they did not know the provider would
collect it.90 The Fifth Circuit held that cell phone users sufficiently know how
their information is collected and use their phones voluntarily.91 Further, the
court noted that even if a consumer’s reasonable expectation of privacy had
shifted, it would be for Congress to reevaluate the statute, not the courts.92
ANALYSIS OF THE FIFTH CIRCUIT DECISION
The third-party doctrine is not without its critics. Although these critics
might disapprove of the third-party doctrine in general, like the use of
undercover investigators, the use of the historic CSLI demonstrates a new
problem that arises as the government applies the third-party doctrine to new
types of technology. This Note focuses specifically on how the third-party
doctrine is being applied to CSLI. There are two main critiques that apply to
the expansion of the third-party doctrine by the Fifth Circuit to historic cell
site information, one practical and one doctrinal, and this Section discusses
each in turn.
1. The Practical Critique
The practical argument against the expansion focuses on one primary
aspect of the third-party doctrine: the idea that an individual knowingly and
86. See discussion supra Section I.C.
87. In re Cell Site, 724 F.3d at 611.
88. United States v. Warshak, 631 F.3d 266, 286 (6th Cir. 2010).
90. ACLU Brief, supra note 71.
91. In re Cell Site, 724 F.3d at 613.
92. Id. at 614–15.
voluntarily supplies her information to a company. In Smith, the Supreme
Court held that the defendant knowingly released the information.93 It argued
that, with early telephones, one would speak directly to an operator, and this
operator counted as a third party, just like the bank teller in Miller.94 Even
though telephone companies no longer used human beings as operators, the
Court believed that a telephone user would still know that she would be
giving the pen register information to the telephone company to make a
This argument seems to make sense in Smith, and the Fifth Circuit held
that the same logic holds true with CSLI today. The majority held that cell
phone customers should know that their CSLI will be collected and
potentially disclosed.96 Customers with common sense would probably know
that a cell phone company would have to relay their call through the nearest
cell tower, thus potentially providing information about their whereabouts.97
Even if customers do not know this information, the majority noted that cell
phone service providers mention this information collection in their terms of
However, this interpretation is not altogether convincing.99 First,
although the operator analogy used in Smith makes sense, as the phone user is
speaking directly with another human being, the analogy breaks down as
technology gets more and more complex. It is not likely that the average cell
phone user understands how call-relay technology works or the types of
information that a cell phone service provider might be collecting. Further, it
is also not clear that a user should be assumed to know and understand how
his or her information is collected because of the information in a contract.
In real life, customers often do not read the fine print of the contract
terms.100 Courts are still willing to find these types of agreements valid, as
93. Smith v. Maryland, 442 U.S. 735, 742–43 (1979).
94. Id. at 745.
95. Id. at 743 (“Telephone users, in sum, typically know that they must convey
numerical information to the phone company; that the phone company has facilities for
recording this information; and that the phone company does in fact record this information
for a variety of legitimate business purposes.”).
96. In re Cell Site, 724 F.3d at 613.
99. See, e.g., ACLU Brief, supra note 71 (arguing generally against this knowledge and
100. See Rainer Böhme & Stefan Köpsell, Trained to Accept? A Field Experiment in Consent
Dialogs, 2010 PROC. SIGCHI CONF. ON HUM. FACTORS COMPUTING SYS. 2403, 2405 (“More
than 50% of the users take less than 8 seconds [to read the entire end user license
agreement], which is clearly too short to read the entire notice.”).
well as click-through or shrink wrap agreements, because it is of a practical
necessity for contract law and helps both parties create the transaction they
want.101 But with the risk of potential criminal liability instead of merely civil
liability, courts should probably be more careful when assuming what a
customer does or does not know about how the technology works. This
problem will only intensify as technology increases in complexity.
2. The Doctrinal Critique
Both Susan Freiwald and the ACLU also argue that the expansion of the
third-party doctrine is not supported by recent judicial decisions. They point
to Justice Sotomayor’s concurring opinion in United States v. Jones, where she
noted that the third-party doctrine should not have the same role today as it
did in days of simpler technology.102 These scholars also look to the Sixth
Circuit’s decision in Warshak.103 In Warshak, the Sixth Circuit held that
subscribers have a Fourth Amendment right of privacy in their emails.104 This
went against the guidelines of the SCA. Critics use these new cases to show a
growing trend of reading the third-party doctrine more narrowly than the
government’s interpretation and being extremely careful when extending the
reach of government surveillance through new technological tools.105
3. Response to the Third-Party Doctrine Critics
Although the critics of the third-party doctrine provide strong arguments
for why it should not be applied, there are also strong arguments in favor of
the doctrine.106 One of the strongest arguments in favor of the third-party
doctrine is its simplicity and technologically neutral nature.107 The third-party
doctrine provides government agents with a clear model for when individuals
have a reasonable expectation of privacy. If the information has been given
to another person, it loses its reasonable expectation of privacy without need
of extensive fact-finding. Also, the third-party doctrine does not favor any
specific type of technology. It applies equally to everyone. A problem with
most alternatives to the third-party doctrine is that they necessarily focus on
some types of technology, be it cell towers and CSLI or GPS tracking. Critics
might not have a problem with certain third-party information (like
subscriber information, for example), but they do have a problem with
certain types of information and specific uses of the information (like the
extended tracking issues raised by Justice Alito in Jones).108 Alternatives
applying a less universal approach would pose serious problems for
government agents, as it simply would not be clear until an appellate court
decision just where on the sliding scale of surveillance their actions landed.
THE HARMS OF THE CURRENT APPROACH
Assessing the harms of privacy violations is no simple task. By their
nature, these types of harms are more ethereal than the average tort or crime.
Other articles discuss the harms of privacy violations in-depth,109 and
although a full discussion of the nature of historic CSLI and its potential for
misuse exceeds the scope of this Note, two specific types of harms merit
discussion. The first type of harm is the archetypal privacy harm: the
pervasive effects of government surveillance on individual development and
activity. The second harm is the harm to the relationships between the
government, businesses, and individuals.
1. Pervasive Effects of Government Surveillance
Because privacy harms rarely have an immediate or obvious physical,
emotional, or financial impact on an individual, it can be difficult to isolate
exactly what the harms are and how they arise. The classic privacy harm
derives from the fear of an all-seeing government. Scholars have likened this
harm to “Big Brother” from George Orwell’s 1984, or Bentham’s
Panopticon.110 In either case, authority figures have complete knowledge of the
activities of the individuals under their control, and the knowledge that the
government is watching has a profound impact on how individuals go about
108. United States v. Jones, 130 S. Ct. 945, 964 (2012) (Alito, J., concurring) (“But the
use of longer term GPS monitoring in investigations of most offenses impinges on
expectations of privacy.”).
109. See M. Ryan Calo, The Boundaries of Privacy Harm, 86 IND. L.J. 1131 (2011)
(discussing the types of privacy harms and their effects on the individual). See also Pell &
Soghoian, supra note 10, at 163–74.
110. See Pell & Soghoian, supra note 10.
their daily lives.111 Although these examples are perhaps a little drastic, they
help flesh out our intuitions about privacy harm and isolate potential harms,
though perhaps on a smaller scale.
Unfortunately, these discussions of privacy harms are difficult and often
philosophical, and they do not provide a clear and compelling reason why
individuals should be concerned about potential privacy risks.112 Although
they might not be enough for an individual customer to change his or her
mind when purchasing something like a cell phone, it is hard to argue that
these privacy fears are completely unjustified. A Big Brother-type
government or Panopticon used on innocent people seems intuitively wrong,
and the Constitution has protections in place to keep the government from
becoming this kind of power.113
Harm to Relationships Between Government Agents, Businesses, and
Proving convincing privacy harm can be difficult, but expanding the
third-party doctrine to a broader array of information has also had other
effects on society. The current regulatory framework covers three parties:
government agents, businesses, and individuals. As technology gets more
complex, with companies collecting more information and government
agents compelling disclosure of more information, political and economic
pressure have begun to fracture these relationships.114
The relationship between government agents and businesses is perhaps
the relationship most affected by the expansion of the third-party doctrine
and the increasing richness of metadata collection by businesses. As
mentioned in Section I.B.2, supra, government agents have significantly
increased the number of requests for historical CSLI.115 They have also
increasingly been cracking down on companies that do not comply with their
111. Id. In both of these examples, the authority figures use a lack of privacy to exert
control on individuals.
112. See Calo, supra note 109.
113. See, e.g., U.S. CONST. amend I & V (including free speech and due process clauses).
114. Clearly this type of harm is not caused solely by the expansion of the third-party
doctrine and the government’s use of historic CSLI. There are many factors to blame outside
of this specific legal area, such as customer apathy, aggression by individuals in the
government or business sector, and economic pressures. However, the fact that there are
multiple factors to blame for the state of these relationships does not mean that
improvements in this area should be avoided. Even if one disagrees that the third-party
doctrine and CSLI is the cause of these unhealthy relationships, new approaches to these
ideas can still be part of the solution.
115. See Kravets, supra note 34.
requests.116 This type of activity shifts the power in favor of government
agents and increases the likelihood that a business will surrender customer
information without a fight.
At the same time, individuals have no clarity regarding what government
agents can do and are doing when it comes to compelling businesses to turn
over records. The SCA does not require disclosure of this type of
information,117 and as more and more information falls under the SCA,
individual customers become increasingly ignorant as to how and when their
information is being used. This lack of transparency fosters apathy in
individuals, the majority of whom are not aware of how their information is
being used, and decreases the possibility that individuals can successfully seek
change through a democratic process.
If individuals are ignorant about what government agents are doing, they
are just as ignorant about how businesses are collecting and storing their
information. This is partly due to the new complexities that arise with
technological developments. It is difficult to clearly explain how businesses
collect information and how that information might be used.118 However,
when paired with the pressure that businesses receive from government
agents, businesses lose any incentive to share their businesses practices with
customers. Thus, there is a lack of accountability to customers about what
types of information a business collects, how it releases that information, and
how long it keeps that information. Customers lose any bargaining power or
accountability that they might have.
THE SEARCH FOR A SOLUTION
As described in Section II.C, supra, the government’s use of a D Order to
obtain historic CSLI has been met with resistance and criticism. Some
scholars and judges have provided their own solutions to the problem, most
of which fall into a handful of different camps. The first, a direct counter to
In re Cell Site, would provide magistrate judges with more discretion to decide
whether a D Order suffices. Another solution to the problem would be for
the Supreme Court to decide on this issue once and for all. Although this
116. See infra text notes 156–157 and accompanying text.
117. See supra note 26 and accompanying text.
118. For example, when Google and Facebook updated their privacy policies in 2012, a
survey found that the changes to the policies were too confusing for customers to
understand. Survey Finds Facebook and Google Privacy Policies Even More Confusing Than Credit Card
Bills and Government Notices, SIEGEL+GALE (Apr. 24, 2012), http://www.siegelgale.com/
would provide a more concrete solution, others have argued that any
solution should arise under broader ECPA reform. And one final solution is
simply for states to decide for themselves what to allow within their borders,
which would at least limit the extent of the problem. This Part discusses each
of these solutions in turn, outlining the potential solution as well as the pros
and cons of each. Two central problems reoccurring in these solutions are
that (1) they would each require a dramatic change to the current state of
affairs and (2) often their focus is not technologically neutral.
MAGISTRATE JUDGE DISCRETION
As mentioned in the discussion of In re Cell Site, the text of the SCA
allows for multiple interpretations.119 Discounting the argument of the
ACLU,120 the Fifth Circuit held that the SCA requires that a magistrate judge
issue a D Order as long as the government meets the requirements as
outlined in§ 2703(d). In other words, as long as the government offers
“specific and articulable facts showing that there are reasonable grounds to
believe that the contents of a wire or electronic communication, or the
records or other information sought, are relevant and material to an ongoing
criminal investigation.”121 However, the Third Circuit decided a similar case
differently.122 According to the Third Circuit, § 2703 allows for discretion on
the part of the magistrate judge.123 The court held that if Congress had meant
for judges not to have any discretion, it could have clearly limited their
authority.124 Such an interpretation could alleviate much of the concern with
the government’s use of a D Order to compel historic cell site information.
Although the government would still be able to collect historic CSLI without
a warrant, there would be an extra layer of protection for individuals in the
form of satisfying the magistrate judges’ own standard. This is not as
dramatic as requiring a warrant in all circumstances, but it is a step in that
While this solution could potentially provide more protection than the
current surveillance regime, it faces some strong criticisms. The first problem
is that it eliminates the certainty that government agents have when pursuing
119. See supra Section II.B.
120. ACLU Brief, supra note 71.
121. 18 U.S.C. § 2703(d) (2012).
122. See In re United States for an Order Directing a Provider of Elec. Commc’n Serv. to
Disclose Records to the Gov’t, 620 F.3d 304 (2010).
123. Id. at 319.
124. Id. (“We respectfully suggest that if Congress intended to circumscribe the
discretion it gave to magistrates under § 2703(d) then Congress, as the representative of the
people, would have so provided.”).
a D Order. No longer will government agents know what will be necessary to
receive the information they need because, instead of a clear statutory
requirement, they must meet the subjective standard of the particular
magistrate judge from whom they are requesting the order. This problem is
compounded by the fact that the Third Circuit does not provide a standard
for the magistrate judges to evaluate when to require a warrant in place of a
D Order.125 Some, if not most scholars, would agree that the limitations
placed on government agents should be clear if they are to be effective.126
This type of subjectivity would appear to encourage jurisdiction shopping,
assuming that not all magistrate judges have the same penchant for privacy
Judge Dennis, in the dissent to In re Cell Site, noted one more problem
with giving magistrate judges discretion to require a warrant.127 The
dissenting opinion focused on the importance of constitutional avoidance.128
This doctrine, which has been reinforced by the Supreme Court,129 requires
courts to avoid constitutional questions when at all possible. The dissent
noted that giving magistrate judges discretion would simply move the broad
constitutional analysis to a fact-intensive analysis of any particular D
Order.130 Not only does such a decision ignore the doctrine of constitutional
avoidance, Judge Dennis argued that ex parte application proceedings
provide a poor forum for Fourth Amendment analysis.131
SUPREME COURT ACTION
Another way to address the use of historic CSLI would be through a
Supreme Court holding. The Supreme Court could simply decide that the
disclosure of location information should require a warrant, not merely a D
Order. Given the existing circuit split on this issue, there is a good chance
that there also will be circuit splits on other third-party doctrine issues as
well. These types of splits might be difficult for the Supreme Court to ignore.
A Supreme Court holding could limit the third-party doctrine in multiple
ways. It could limit the disclosure of location information with a warrant
requirement, or it could eliminate certain types of information collection by
adhering to the mosaic theory of surveillance.132
Unfortunately, those looking to the Supreme Court for an answer to the
third-party doctrine, especially as it relates to technological issues like historic
CSLI, might have a long wait. In City of Ontario v. Quon, the Supreme Court
showed that it did not like to use a fact-specific case to develop
“farreaching” technology policy decisions.133 The Supreme Court continued in
this vein in United States v. Jones.134 In Jones, the court had the opportunity to
take a strong position on long-term GPS tracking.135 Although Justice
Sotomayor, in her concurring opinion, was critical of the use of long-term
GPS surveillance,136 as well as the third-party doctrine in a technology setting,
the Supreme Court intentionally avoided any specific holding on the subject,
instead focusing on the physical trespass committed by the government
agents through the surveillance.137 It seems apparent that the Supreme Court
is hesitant to make the kind of decision that many reformers seek; however,
Chief Justice Roberts has mentioned the importance of seeking a solution to
the technological challenges now facing the United States.138
Although there are multiple avenues for reform, much of the scholarly
debate has centered around ECPA reform.139 Unlike the Supreme Court,
which specifically seeks to avoid far-reaching policy decisions in the
technology field,140 Congress has the ability, and arguably the duty, to address
these issues. In enacting ECPA in 1986, the Congressional Committee
Report noted the importance of Congress’s role in ensuring that privacy
protections remained in place in the face of technological developments:
The law must advance with the technology to ensure the continued
vitality of the fourth amendment. Privacy cannot be left to depend
solely on physical protection, or it will gradually erode as
technology advances. Congress must act to protect the privacy of
our citizens. If we do not, we will promote the gradual erosion of
this precious right.141
It seems safe to say that the technological developments surrounding
smart phones, including the extended reach of government surveillance, is
part of that “gradual erosion.” If so, it would appear that Congress not only
has the ability, but also the duty to address the issue per its own mandate.
There are two other reasons why congressional reform would be a good
approach to this issue. First, any changes to ECPA would not have to be
limited to the facts of a case, like a Supreme Court opinion. That means that
Congress does not have to wait for a case with perfect facts, and it can
address issues as broadly or specifically as it wants. Second, Congress also has
the ability to develop a more complete response to technology concerns with
a statutory amendment.
Congressional reform might seem like the best possible solution to the
technology problem, but it still faces multiple issues of its own. First,
Congress has recently been stuck in a stalemate between the government and
interest groups. If Congress finds it difficult to find a compromise on a
budget even with the threat of government shutdown,142 it seems unlikely
that it will be able to address difficult and controversial privacy issues. This is
especially true as current reformers in the debate often present extreme
changes to ECPA.143 Privacy interest groups are often quite frustrated with
the current state of the law and that can lead to demands for dramatic
reform. However, this type of dramatic reform will not go without a fight.
This is especially true in the area of historic CSLI. Since the Supreme Court’s
holding in Jones, which made the use of GPS tracking more difficult for
government agents,144 the government’s use of D Orders has increased
astronomically.145 It is hard to imagine that the government would allow
reform to ECPA’s D Orders without a fight.
Furthermore, although Congress has been able to make some specific
changes to technological developments in privacy law, such as the Video
Privacy Protection Act,146 these changes have been few and far between.
Congress enacted ECPA in 1986, and it has taken nearly thirty years for
Congress to consider changing its position on the protection of emails.
Although some might take encouragement from the fact that privacy
concerns have made headlines recently,147 it is by no means certain that this
will lead to congressional action concerning historical CSLI. If anything,
other privacy matters are more pressing, and less difficult, than historic CSLI
and geolocational information. If Congress were to pass privacy legislation, it
would make sense for it to address these more politically pressing concerns
The federal government is not the only sphere where reformers have
sought change in the collection of cell phone location information. In July
2013, the New Jersey Supreme Court unanimously held that law enforcement
agents in New Jersey must have a warrant to obtain location information
from cell phone providers.148 This is not the first time that states have led the
way in protecting privacy. For example, states have led the way with regard to
data breach notification law.149 Moreover, multiple states have a right to
privacy as part of their constitution,150 whereas the U.S. Constitution does
not specifically mention a right to privacy. This constitutional right to privacy
could allow more state supreme courts to rule in favor of consumer privacy
or more state legislators to pass laws that more strictly enforce privacy rights.
State privacy solutions could be useful for multiple privacy concerns, but
they might not be as successful when it comes to the government’s use of
historic CSLI. One problem is the nationwide scope of large cell phone
companies. Although a state government might not allow agents to force
companies in its state to disclose the information, the information might not
actually be in the protected jurisdictions. Also, even though some states are
willing to bolster privacy protections for individuals, there are many other
states, even those that have been strong privacy supporters, which are not
likely to make the types of changes seen in New Jersey and Montana.151
It is also important to note that criminal investigations are fundamentally
different from state-championed data breach laws, and the reasons why
differing data breach laws work might not apply to differing surveillance
laws. Much like international privacy law, companies can choose to adhere to
the law of the strictest jurisdiction (i.e. the European Commission’s 1995
Data Protection Directive for broader information privacy law or California
law for data breaches).152 Once a business has the infrastructure in place to
handle stricter requirements, much of the economic incentive for avoiding
stricter privacy requirements fades away. However, that sort of economic
benefit does not apply in this case. The government has in place the ability to
obtain a warrant for historic CSLI, but having the ability does not make it
any more desirable to government agents to use the warrant method and
overcome its higher burden requirements. Also, it is one thing to expect a
business to absorb the cost of privacy protection, but quite another to expect
government agents to limit criminal investigations. Finally, having fifty
different laws for government agents to follow would reduce the efficiency
of criminal investigations, and it would probably be most desirable to keep
this reform in a federal forum.
SMALL STEPS: BUILDING AN ENVIRONMENT FOR
Although the previous Part outlines potential solutions to the current
government use of historic CSLI, none of these solutions will be an easy
151. See Hanni Fakhoury, Governor Brown Vetoes California Electronic Pricavy Protection.
Again., EFF (Oct. 1, 2012),
https://www.eff.org/deeplinks/2012/10/governor-brownsvetoes-california-electronic-privacy-protection-again (noting that in California, Governor
Brown vetoed a bill that would require a warrant for locational information).
152. See Directive 95/46/EC, of the European Parliament and of the Council of 24
October 1995 on the Protection of Individuals with Regard to the Processing of Personal
Data and on the Free Movement of Such Data, 1995 O.J. (L 281) 31; CAL. CIV. CODE
§ 1798.82 (West 2014).
answer to the problem, and often for similar reasons. Some of the solutions
seek changes that are too extreme or far-reaching. This can be a problem
with demanding a Supreme Court holding that will significantly change the
current Fourth Amendment doctrine and technology landscape, as well as
with seeking a new version of ECPA that would eliminate the third-party
doctrine or require warrants for all types of information. Even the idea of
giving magistrate court judges discretion in deciding the necessity of warrants
for CSLI will necessarily cause a dramatic change in the Fourth Amendment
legal landscape. If not too extreme, some of the solutions could be too
technologically specific. For example, a Supreme Court ruling on the use of
historic CSLI might be helpful for awhile, but such specific holdings might
become obsolete as soon as they are made.153
No matter what solution, or combination of solutions, reformers manage
to implement, there will be one more obstacle: an unhealthy environment
based on unhealthy working relationships among the government,
businesses, and individual consumers. The relationships among these parties
have not fared well under the government’s approach to historic CSLI, but
the blame for this should not rest solely on government’s shoulders.
Bolstering the balance of power in these relationships and rebuilding the
environment surrounding these third-party doctrine issues are vital for future
development. Current solutions addressing issues such as historic CSLI will
not be perfect, but any problems they may contain will be exploited in an
unhealthy environment. As technology advances, an unhealthy relationship
among the parties will only hinder healthy adaptation. This Part takes a closer
look at each of the individual relationships.
GOVERNMENT AND BUSINESSES
In 2007, Albert Gidari, Jr., gave the keynote address at a privacy
symposium at the University of San Francisco Law School.154 Entitled
Companies Caught in the Middle, the address presented the perspective of the
service providers as they stand on the front lines in the battle for privacy.155
Since September 11, 2001, government agents have had less patience with
service providers.156 By questioning the government’s authority or taking time
to consider a government agent’s request, companies are at risk of being
153. See Kyllo v. United States, 533 U.S. 27, 33–34 (2001) (mentioning the problem of
technology changing and holdings becoming obsolete).
154. Albert Gidari, Jr., Companies Caught in the Middle, 41 U.S.F. L. REV. 535 (2007).
156. See id. at 541.
convicted of criminal contempt.157 After years of being treated like
“piñatas,”158 companies have learned that it is easier to comply with
government requests than challenge them. This is especially true when
government access can be achieved without notifying the customer.
This was the state of affairs in 2007, and one would hope that the
situation has improved over the last six years. This might be true, but without
meaningful change in ECPA or Supreme Court holdings,159 or evidence of a
decrease in government access requests, the burden of proof should be on
the scholar arguing that the situation has improved, rather than the scholar
arguing that the status quo has remained unchanged. Although the
government’s relationship with businesses can hardly be characterized as
healthy, there are multiple ways to begin rebuilding a healthy environment
without the large-scale changes often suggested in CSLI reform demands.
1. Costs for D Orders
One way companies might seek to rebalance the power in their
relationship with the government is by continuing to charge the government
for access to their information. ECPA gives service providers the ability to
demand compensation for the costs incurred by responding to government
requests, including D Orders.160 According to statute, this amount must be
mutually agreed upon by the government entity and the service provider or
decided by a court.161 Companies take different approaches to
reimbursement. For example, Facebook has stated that it might not demand
compensation for government requests if they assist in protecting its own
interests and customers.162 Multiple companies have a simple list of costs for
each type of information requested.163 There is no uniform system for
deciding these costs.
The flaw with this system is that government agents might not actually be
charged for the information that they receive. This might occur because
companies make the choice not to pursue reimbursement.164 It also might
occur because technological advances could reduce or eliminate the cost to
the companies of complying (e.g., automatic responses). Some might argue
that it would not be good to inhibit a government investigation by requiring
payment, even when a company is willing to absorb the costs or the costs are
negligible. However, privacy advocates have called for a requirement that
government agents must pay fees for collecting information.165
There are a few strong reasons for requiring the government to pay fees
for its collection of customer information. First, it would provide more
transparency to the government’s actions. By charging the government
agents for its services, companies create a paper trail that helps keep track of
the amount and types of government actions. Currently this information is
not typically available to the public, but if these payment requirements were
paired with more freedom for companies to disclose government requests, it
would help the public see how much information the government collects.
Second, it would ensure that the government has at least some purpose for
requesting the information. If such requests for information were free, there
would be no incentive to submit narrow requests or not to collect the
information at all. Requiring at least some charge for this information would
require government agents to think twice before collecting it.166
2. Anti-pinging Requirements
Another small reform that could help bring more balance to this
relationship would be for magistrate judges to officially address the
government’s use of “pinging.” Pinging occurs when government agents call
a cell phone and then hang up before the cell actually starts to ring.167 Doing
this creates a log in the cell phone service provider’s record, and these logs
also Yahoo! Compliance Guide for Law Enforcement 12, http://pacinlaw.us/pdf/sup/
Yahoo_Compliance_Guide.php (last visited Feb. 24, 2014).
164. See supra note 162.
165. See, e.g., Anne Flaherty, What the Government Pays to Snoop on You, USA TODAY (Jul.
, 8:30 AM),
http://www.usatoday.com/story/money/business/2013/07/10/whatgovernment-pays-to-snoop-on-you/2504819 (noting Christopher Soghoian’s belief that it is
better to charge money to create a paper trail).
166. The idea of a company providing information for free is especially problematic,
given that a company is going out of its way to encourage government requests for
information. This is especially ironic as it is the customer’s money that pays for the
167. See Freiwald, supra note 10, at 704.
become historic CSLI within milliseconds after the company receives it.168
Technically, government agents could regularly ping a suspect as many times
as they want before demanding the historic CSLI from a service provider,
and thus they can map a suspect’s movements as thoroughly as they want.
Magistrate judges often push back against “pinging” when it comes to D
Orders.169 They are perfectly equipped to prevent this type of overreach by
the government; they could refuse a request if agents engaged in pinging, or
they could require government agents to affirm that they did not ping the
device for which they now are requesting historic CSLI.
BUSINESSES AND INDIVIDUALS
Unlike the relationship between the government and businesses, which is
between two powerful and informed parties, customers typically do not have
knowledge of how companies use their information or the power to
influence a company’s decision. Also, unless the information at issue relates
to a specific subset of information, like credit reports or health information,
there are not many statutes that govern how a company collects and
maintains information from an individual. To achieve more balance in this
relationship, change will have to come through contractual agreements and
increased consumer awareness.
1. Contractual Agreements
Without specific government regulation or customer influence,
companies have been able to create contracts that give them free and
extensive use of information. To create a change, customers can push for
contractual agreements that provide more protection for their information.
Without a legislative regulation, one could argue that this is a fruitless
discussion, as customers do not have the bargaining power to demand any
contractual changes. However, a recent study of consumer opinion by the
Berkeley Center for Law and Technology shows that seventy-four percent of
consumers believe that cell phone service providers should either not keep
their information at all or keep it less than a year.170 This shows an existing
demand for privacy from consumers, a demand that is not likely to decrease
given the national attention privacy issues, especially government
surveillance, have received. Companies might want to ignore calls for greater
privacy protections, but it would be foolish to completely ignore consumer
opinion.171 For this reason, at the very least, a discussion of contractual
protections for information is worthwhile.
There are many ways that a contractual provision could better protect
customer information. One of the easiest ways to protect the information is
to include a data minimization requirement in a contract. Currently,
telephone service providers do not have limitations on how long they can
retain customer information. According to the ACLU’s research in 2011,
telephone service providers vary in how long they retain customer
information, though most keep historic CSLI between one to two years.172
This is much longer than what many customers might expect or want.173
Such a minimization requirement might be the easiest way to avoid abuse of
2. Consumer Awareness
Another important way to help restore the relationship between
businesses and customers is to create more consumer awareness. Consumers
especially should know how their information will be collected, used, and
retained by a company. Most of this type of information is in that company’s
they do not always contain all the information a customer would want to
What is more, it does not say how long it retains information such as historic
CSLI, though it does promise to keep sensitive personal information, which
is not defined, “only as long as reasonably necessary.”175 A consumer might
not know how long is “reasonably necessary” for a company. This is not to
single out Verizon for criticism. Nevertheless, when a service provider’s
for retaining information, customers will be unable to understand how their
information is used and act accordingly.
GOVERNMENT AND INDIVIDUALS
Many of the individuals’ problems with businesses resurface in their
relationship with the government. Without transparency, most customers
have no reason to know how the government is collecting, using, and
retaining their information. To create meaningful change, citizens must have
the ability to influence the government’s laws, but they cannot do so if they
remain unaware of the government’s actions. By encouraging the
government to increase transparency, individuals will be able to participate
more effectively in the political process and bring more balance and
accountability to the relationship.176
1. Notification for Collection of Information
As written, ECPA does little to encourage transparency on behalf of the
government. Although it requires that customers be notified in case of a
wiretap,177 it does not have such a requirement for when companies turn over
business records, including CSLI, to the government. When this lack of any
have little knowledge of how their information will be used in theory or in
practice. By providing a notification requirement for other types of
information, customers will be able to see just how often, or not often, their
information has been accessed or used. This knowledge will let them make
an informed decision on what they would enable the government to do.
Another way to encourage notification, on a broader level, would be to
require the government to file reports on how it collects and uses service
provider records on the whole. This would not provide the immediate and
personal feedback of an individual notification requirement, but it would give
privacy advocates and individuals more awareness of current government
practices. Congress required these types of reports for wiretaps and pen
register trap and trace interception, hoping that it would provide
accountability for government activities.178 The distinction between pen
register or wiretap information and other third-party business information
makes sense in its historical context. However, these distinctions start to
176. This discussion of government and individual interaction has played an important
role in the ECPA reform forum. See Pell & Soghoian, supra note 10; Kerr, supra note 132.
177. 18 U.S.C. § 2703(b) (2012).
178. See Pell & Soghoian, supra note 10; S. REP. NO. 90-1097, at 69 (1968).
break down in today’s smartphone culture. Business records, like historic
CSLI, are now much more useful,179 and much more invasive, than they used
2. Data Minimization
Increasing transparency is not the only way to foster more individual
protections. It could also occur with data minimization requirements. The
idea of data minimization is not new to ECPA. In the Wiretap Act, law
enforcement agents must seek to “minimize the interception of
communications not otherwise subject to interception.”180 Currently there is
no such minimization requirement for minimizing information collected for
other types of information. A minimization requirement could take multiple
forms. First, it could require that government agents refrain from collecting
information that is irrelevant to an ongoing investigation. It could also
require government agencies to discard some of the general information that
it collected once it completes an investigation or closes a case.
This second minimization requirement could help to alleviate the
concerns that are arising under the mosaic theory. Under the mosaic theory,
the government is able to assemble a complete picture of a person’s activities
through many individual pieces of surveillance.181 This type of all-compassing
surveillance has caused some judicial concern.182 Although some scholars,
notably Orin Kerr, have argued that attacking government surveillance on
the basis of the mosaic theory is unconvincing,183 it could, at least, lend some
support to a data minimization requirement. Such a requirement would not
need to say that the mosaic theory should limit government surveillance in all
respects; it would simply ask that government agents discard information that
was not necessary to their investigation.
STATE LEGISLATURES ENFORCING MORE INDIVIDUAL PRIVACY
Some state legislatures have already started reforming privacy law and
adding more protections than the ECPA requires.184 These solutions,
although not perfect, as they would provide an uneven patchwork of
protection for individuals and regulation for companies, can play an
179. See Kravets, supra note 34.
180. 18 U.S.C. § 2518(5) (2012).
181. See Kerr, supra note 132, at 313.
182. See generally United States v. Maynard, 615 F.3d 544 (D.C. Cir. 2010).
183. See Kerr, supra note 132.
184. See supra Section III.D.
important role in shaping the public discussion and pressuring broader
reform. State legislatures have the ability to implement many of the solutions
outlined in this Part into their jurisdictions.
Historic CSLI is a perfect example of how dramatic changes in
technology have increased the amount and sensitivity of information that
businesses collect from their customers. In re Cell Site shows how, under the
current constitutional and regulatory framework, courts are willing to expand
the third-party doctrine to include this new and sensitive information. The
Fifth Circuit’s holding allows for an opportunity to reevaluate the flaws in the
third-party doctrine and ECPA and to reassess the harms, not just to
individuals, but to the relationships between government agents, businesses,
and individuals. Any potential solution to this problem should seek to rebuild
these relationships, not merely to address the flaws in the regulatory
framework, thus providing a healthier environment for future technological
9. See United States v . Jones , 132 S. Ct . 945 , 949 ( 2012 ) (holding that placing a GPS tracker on defendant's car qualified as a trespass).
10. See , e.g., Susan Freiwald , Cell Phone Location Data and the Fourth Amendment: A Question of Law , Not Fact, 70 MD. L. REV. 681 , 702 - 705 ( 2011 ) ; Erin Murphy, The Case Against the Case for the Third Party Doctrine: A Response to Epstein and Kerr, 24 BERKELEY TECH . L.J. 1239 ( 2009 ); Lior J . Strahilevitz , Toward a Positive Theory of Privacy Law , 126 HARV. L. REV. 2010 ( 2013 ); Stephanie K. Pell & Christopher Soghoian, Can You See Me Now?: Toward Reasonable Standards for Law Enforcement Access to Location Data that Congress Could Enact, 27 BERKELEY TECH . L.J. 117 ( 2012 ).
11. See infra Section III.B.
12. See infra Section III.C.
13. See infra Section III.D.
14. In re Application of the United States of America for Historical Cell Site Data, 724 F .3d 600 ( 5th Cir . 2013 ) [hereinafter In re Cell Site] .
15. 18 U.S.C. §§ 2510 - 2522 ( 2012 ).
16. 18 U.S.C. §§ 3121 - 3127 ( 2012 ).
17. 18 U.S.C. §§ 2701 - 2712 ( 2012 ).
18. It goes without saying that at least certain parts of ECPA are in need of reform. As the Electronic Frontier Foundation notes, Attorney General Eric Holder also supports reform . See Nate Cardozo & Mark M. Jaycox , Even Attorney General Eric Holden Supports ECPA Reform, EFF (May 23 , 2013 ), https://www.eff.org/deeplinks/2013/05/evenattorney-general -eric-holder-supports-ecpa-reform. Now, after nearly thirty years, Congress is seriously considering ECPA amendments, particularly to the statute's treatment of emails . See, e.g., Online Communications and Geolocation Act , H.R. 983 , 113th Cong. ( 2013 ).
19. 18 U.S.C. §§ 2701 - 2712 ( 2012 ).
28. See Freiwald, supra note 10 , at 702-05.
29. See id.
30. See id.
31. See WAYNE JANSEN & RICK AYERS, GUIDELINES ON CELL PHONE FORENSICS: RECOMMENDATIONS OF THE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 63 (Natl . Inst. Stand. Technol. Spec. Publ. 800 - 101 , 2007 ), available at http:// csrc.nist.gov/publications/nistpubs/800-101/ SP800 -101.pdf.
32. See Pell & Soghoian, supra note 10, at 128.
33. See id.
34. See David Kravets, After Car-Tracking Smackdown , Feds Turn to Warrantless Phone Tracking, WIRED (Mar. 31 , 2012 , 5 :13 PM), http://www.wired.com/threatlevel/2012/03/ feds-move -to-cell-site-data.
35. United States v. Jones , 132 S. Ct . 945 ( 2011 ).
36. Id . at 946.
67. The ACLU has created a campaign focused on protecting the rights of individuals in the digital age. See Protecting Civil Liberties in the Digital Age , ACLU, https://www.aclu. org/protecting-civil-liberties-digital-age (last visited Mar. 9 , 2014 ). The issue of warrantless cell phone tracking continues to be an important concern for them . See Warrantless Cell Phone Location Tracking , ACLU, https://www.aclu.org/technology-andliberty/ warrantless-cell-phone-location-tracking (last visited Mar. 9 , 2014 ).
68. Clark v. Martinez , 543 U.S. 371 , 381 ( 2005 ).
69. United States v. Sec. Indus. Bank , 459 U.S. 70 , 78 ( 1982 ) (internal quotation marks omitted) (quoting Lorillard v . Pons , 434 U.S. 575 , 577 ( 1978 )).
70. See In re United States for an Order Directing a Provider of Elec. Commc'n. Serv. to Disclose Records to the Gov't, 620 F .3d 304 ( 3d Cir . 2010 ).
71. Brief of the American Civil Liberties Union Foundation, the ACLU Foundation of Texas, the Electronic Frontier Foundation, the Center for Democracy and Technology, and the National Association of Criminal Defense Lawyers as Amici Curiae in Support of Affirmance, In re Application of the United States of America for Historical Cell Site Data, 724 F .3d 600 ( 5th Cir . 2013 ) (No. 11 - 20884 ), 2012 WL 1029813, at *8- 9 [hereinafter ACLU Brief].
72. 18 U.S.C. § 2703 (d) ( 2006 ).
73. Id .
101. See ProCD v. Zeidenberg , 86 F.3d 1447 , 1449 ( 7th Cir . 1996 ).
102. United States v. Jones , 132 S. Ct . 945 , 957 ( 2011 ) (Sotomayor , J., concurring).
103. United States v. Warshak , 631 F.3d 266 , 286 ( 6th Cir . 2010 ).
104. Id . at 283-88.
105. See , e.g., Freiwald, supra note 10 , at 700- 01 . The Ninth Circuit had a similar holding against the SCA .
106. Orin Kerr is one of the strongest supporters of the third-party doctrine . In 2009 , the Berkeley Technology Law Journal held a symposium that included a discussion of Orin Kerr's work on the third-party doctrine . See Murphy , supra note 10; Richard Epstein, Privacy and the Third Hand: Lessons from the Common Law of Reasonable Expectations, 24 BERKELEY TECH . L.J. 1199 ( 2009 ) ; Orin Kerr, Defending the Third-Party Doctrine: A Response to Epstein and Murphy, 24 BERKELEY TECH . L.J. 1229 ( 2009 ).
107. See generally Orin S. Kerr, The Case for the Third-Party Doctrine , 107 MICH. L. REV. 561 ( 2009 ).
125. Id .
126. See Pell & Soghoian, supra note 10, at 175; Orin Kerr , The Next Generation Communications Privacy Act , 162 U. PA. L. REV . 373 ( 2013 ).
127. See In re Cell Site, 724 F.3d 600 , 617 ( 5th Cir . 2013 ) (Dennis , J., dissenting) ( desiring a holding “that does not require magistrates to speculate on societal expectations in ex parte application proceedings devoid of the concrete investigative facts upon which Fourth Amendment analysis depends”).
128. Id . at 616-17.
129. See id. (citing Zadvydas v . Davis , 533 U.S. 678 , 689 ( 2001 )).
130. Id . at 630-31.
131. Id .
132. Justice Alito alludes to the mosaic theory in his discussion of long-term surveillance . United States v. Jones , 130 S. Ct . 945 , 961 ( 2012 ) (Alito , J., concurring). This is a separate issue that will not be discussed in full here. However, for an interesting discussion of the mosaic theory , compare David E. Pozen, The Mosaic Theory, National Security, and the Freedom of Information Act , 115 YALE L.J. 628 ( 2005 ) with Orin S. Kerr, The Mosaic Theory of the Fourth Amendment , 111 MICH. L. REV. 311 ( 2012 ).
133. City of Ontario v. Quon , 560 U.S. 746 , 759 ( 2010 ).
134. Jones , 132 S. Ct . 945 .
135. Id .
136. Id . at 955 (Sotomayor, J., concurring).
137. Id . at 946-47.
138. Robert Barnes , Supreme Court May Rule on Cellphone Privacy, BOSTON GLOBE (Aug. 11 , 2013 ), http://www.bostonglobe.com/news/nation/2013/08/10/supreme-court -maydecide-how-private-cellphone-supreme-court-may-decide-how-private-cellphone/PpNnx3u SelQbHteZbSsiKP/story .html.
139. See Pell & Soghoian, supra note 10 (focusing on what a new legislative framework should be ); Kerr, supra note 126.
140. City of Ontario v. Quon , 130 S. Ct . 2619 , 2629 - 30 ( 2010 ).
141. S. REP . NO. 99 - 541 , at 2 ( 1986 ).
142. See Lori Montgomery & Zachary Goldfarb, President, Congress leave one crisis behind but face long road to budget deal, WASH . POST (Oct. 17 , 2013 ), http://www.washingtonpost.com/ business/economy/president-congress -leave-one-crisis-behind-but-face-long-road- to- budget -deal/ 2013 /10/17/4e4eda14-3767 - 11e3 - ae46 -e4248e75c8ea_story .html.
143. See , e.g., Press Release, Senator Rand Paul, Sen. Paul to Introduce Fourth Amendment Restoration Act of 2013 (June 6 , 2013 ), http://www.paul.senate.gov/ ?p=press_release&id=838. Senator Paul's draft of the Act, which would require a warrant to search the phone records of Americans , is available at http://www.paul.senate.gov/ files/documents/4thAmdtRestoration.pdf.
144. United States v. Jones , 132 S. Ct . 945 ( 2012 ).
145. See Kravets, supra note 34.
146. Video Privacy Protection Act, 18 U.S.C. § 2710 ( 2006 ).
147. See , e.g., Edward Snowden, THE GUARDIAN , http://www.theguardian.com/ world/edward-snowden (last visited Feb . 24 , 2014 ) (collecting all of The Guardian articles relating to Edward Snowden and U.S. government surveillance leaks).
148. See Kate Zernike, New Jersey Supreme Court Restricts Police Searches of Phone Data, NEW YORK TIMES (July 18, 2013 ), available at http://www.nytimes.com/ 2013 /07/19/nyregion/ new-jersey -supreme-court-restricts-police-searches-of-phone-data.html?pagewanted=all.
149. See DANIEL J. SOLOVE & PAUL M. SCHWARTZ , PRIVACY LAW FUNDAMENTALS 171-84 (2d ed. 2013 ).
150. See CAL . CONST. art. I, § 1; MONT . CONST. art. I, § 10 .
157. See id.
158. Id . at 535.
159. Some Supreme Court cases have affected the government's current actions. For example, United States v. Jones limited the government's use of GPS tracking. See United States v . Jones , 132 S. Ct . 945 ( 2012 ). However, this holding only increased the government's reliance on the third-party doctrine and CSLI . See Kravets, supra note 34 . So even proprivacy developments do not appear to actually help the current relationships between the government and business .
160. 18 U.S.C. § 2706 ( 2012 ).
161. § 2706 (b).
162. Information for Law Enforcement Authorities , FACEBOOK, https://www.facebook.com/ safety/groups/law/guidelines (last visited Feb . 24 , 2014 ).
163. Andy Greenberg , These Are The Prices AT&T, Verizon and Sprint Charge For Cellphone Wiretaps , FORBES (Apr. 3 , 2012 , 3 :01 PM), http://www.forbes.com/sites/andygreenberg/ 2012/04/03/these -are-the-prices-att-verizon-and-sprint-charge-for-cellphone-wiretaps; see
168. See Gidari, supra note 154 , at 543.
169. See Freiwald, supra note 10 , at 704 n.141.
170. Jennifer Urban , Chris Jay Hoofnagle & Su Li, Mobile Phones and Privacy 19 (UC Berkeley Pub . Law Research Paper Series, Paper No. 2103405 , 2012 ), available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id= 2103405 .
171. This is especially true as privacy is becoming a growing concern for consumers. See s .e. Jones, Why 2014 May Be the Year Consumers Demand Their Privacy Back , YAHOO! VOICES (Feb. 7 , 2014 ), http://voices.yahoo.com/why-2014 - may -year-consumers-demand-theirprivacy-12518023.html. In fact, some major companies are using privacy as a selling point . See Katy Bachman , New Microsoft Privacy Campaign Promotes Consumer Control: Campaign Will Stir Debate over Do Not Track , ADWEEK (Apr. 22 , 2013 , 6 :00 AM), http://www.adweek.com/ news/advertising-branding/ new-microsoft-privacy-campaign-promotes-consumer-control148781.
172. See Cell Phone Location Tracking Request Response - Cell Phone Company Data Retention Chart , ACLU, https://www.aclu. org/cell-phone-location-tracking-request-response-cellphone-company-data-retention-chart (last visited Feb . 24 , 2014 ).
173. See Urban et al., supra note 170 , at 19.
175. Id .