Topic: Telecom, Internet & Information Policy

Skinning the Fourth Amendment: The Sixth Circuit’s Awful GPS Tracking Decision

By
Julian Sanchez

In the summer of 2006, agents of the Drug Enforcement Agency used GPS tracking technology to locate drug courier Melvin Skinner’s prepaid phone, ultimately seizing more than 1,000 pounds of marijuana from Skinner’s mobile home. The judges on the Court of Appeals for the Sixth Circuit then apparently smoked all of it before issuing their ruling in United States v. Skinner this week, because the opinion approving DEA’s use of GPS technology in this case is easily one of the most muddled examples of legal reasoning I’ve ever encountered—a surreal potpourri of factual misunderstandings, inapt analogies, sloppy and selective appeals to precedent, and logical leaps worthy of Nijinsky.

A very brief summary of the case: DEA was already investigating a drug trafficking organization, and through the use of lawful wiretaps learned that a courier code-named “Big Foot” would be driving a large shipment of marijuana from Tucson, Arizona to Mooresburg, Tennessee in his mobile home. “Big Foot” was using a prepaid (or “burner”) mobile phone purchased for him by his co-conspirators, which meant one thing DEA didn’t know was Big Foot’s identity, because the prepaid phone wasn’t registered in his name. (While this makes them appealing to drug dealers, they’re also very popular with ordinary, law-abiding citizens: Prepaid phones now account for 25 percent of mobile phone subscriptions.) Agents then obtained a court order—but not a search warrant based on probable cause—to “ping” the phone’s GPS chip and precisely track its location in realtime. Tracing it to a truck stop near Abilene, Texas, authorities brought drug dogs to sniff the perimeter of the mobile home, and when the dogs alerted to the presence of drugs, performed a search—finding the drugs, and arresting Skinner, now revealed as “Big Foot.”

The Sixth Circuit’s Fourth Amendment analysis is disturbing right from the outset. “If a tool used to transport contraband gives off a signal that can be tracked for location,” the argument begins, “certainly the police can track that signal. The law cannot be that a criminal is entitled to rely on the expected untrackability of his tools.”  This is bizarre and circular: It suggests that criminals categorically lack Fourth Amendment privacy interests in any “tool” they use to conduct criminal activity, in which case no search would violate the Fourth Amendment if it actually turned up evidence of criminal conduct. But the whole point of requiring a warrant is to let a neutral magistrate determine whether there’s probable cause to believe such conduct will be uncovered. The court hastily acknowledges this in a footnote, clarifying that there’s no expectation of privacy for anyone in cell phone GPS data, but beginning in this way suggests the court is reasoning backwards to a desired conclusion, based on Skinner’s now-established guilt.

The court proceeds through a series of lazy and underdeveloped analogies:

Otherwise dogs could not be used to track a fugitive if the fugitive did not know that the dog hounds had his scent. A getaway car could not be identified and followed based on the license plate number if the driver reasonably thought he had gotten away unseen. The recent number of cell phone technology does not change this. If it did, then technology would help criminals but not the police. It follows that Skinner had no expectation of privacy in the context of this case, just as the driver of a getaway car has no expectation of privacy in the particular combination of colors of the car’s paint.

But it does not follow at all. “What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection,” the Supreme Court explained in the seminal case of Katz v. United States, “But what he seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected.” Any member of the public can buy a dog and follow a scent. Any member of the public can view and copy down a license plate number. Any member of the public can view the external paint job of a car. But any member of the public cannot just track the GPS signal of a random cell phone—and if they could, most of us would be extremely wary about carrying cell phones. Unlike all these other examples, GPS tracking as employed here depends crucially on the ability of police to invoke state authority—a seemingly salient distinction the court fails to take any note of.

Finally, the judges move on from these dubious analogies and cite an actual precedent: United States v. Knotts. In Knotts, police had placed a relatively short range tracking “beeper” in a can of chloroform sold to suspected drug manufacturers. Having monitored the sale of the canister, police followed the car in which the suspects had placed it, using the beeper to supplement their visual observation of the car’s public journey, and ultimately relying on it to recover the trail when they lost the suspects. The Supreme Court held that no Fourth Amendment  expectation of privacy had been violated, because the location of the car police had been tailing was information exposed to any observer on the road. Here too, the court reasoned, Skinner’s RV was moving along public roads visible to any member of the public.

Unfortunately, this falls apart as soon as you begin thinking about it for a moment. The information that is exposed to the general public, in all these cases, is that a car with a particular external appearance is at such-and-such location at such-and-such a time. Having already observed their lojacked canister being loaded into the suspect’s car, that was the very information the police needed to maintain their tail.

Skinner presents a very different situation. It’s true that any member of the public could observe that Skinner’s RV was one of probably hundreds traveling on public highways in mid July of 2006. But that was not the information investigators relied upon here: What the GPS tracking here revealed was the non-publicly observable fact that one particular mobile home, which police had never encountered before, contained a particular phone believed to be in close proximity to illegal drugs. These are importantly different facts. The Secret Service even relies on that difference to help protect the life and safety of the president: Anyone can observe dozens of limos or SUVs with tinted windows leaving the White House on public roads each day, but which of these contain the president is not so exposed. Because the salient fact for the purposes of the police investigation was not the location of a particular vehicle on public streets, but rather the location of a particular personal effect in a private mobile home, the relevant precedent isn’t Knotts, but rather United States v. Karo. The government might then argue that the contents of a mobile home aren’t entitled to the same high level of protection as the contents of the residence at issue in Karo, but having incorrectly framed the issue, the Sixth Circuit panel never takes up that question.

The court does at least gesture in the direction of the idea that it might somehow matter that police didn’t initially know the identity of “Big Foot,” and had not previously observed his vehicle. They deem this immaterial with a truly breathtaking bit of hand-waving:

As for not knowing his identity, this is irrelevant because the agents knew the identity of Skinner’s co-conspirators and could have simply monitored their whereabouts to discover Skinner’s identity. Using a more efficient means of discovering this information does not amount to a Fourth Amendment violation.

It is, I think, an open question what police could or could not have discovered in a parallel universe where they employed a completely different set of investigative methods (as opposed to the physical tail actually employed in Knotts and supplemented by a beeper), but it’s not clear why this is really germane. That a postal letter might have been retrieved from the trash of a suspect who never shreds his correspondence does not make it any less an illegal search to intercept the unopened letter. Remarkably, the court does not deign to even mention the 2001 Supreme Court case Kyllo v. United States, which contemplated and rejected a similar argument. Writing for the majority, Justice Scalia explained that the use of thermal imaging to detect marijuana growing lights in a garage was not immunized from Fourth Amendment scrutiny by the fact that other permissible means might have revealed facts about the temperature of a home:

The dissent’s comparison of the thermal imaging to various circumstances in which outside observers might be able to perceive, without technology, the heat of the home–for example, by observing snow melt on the roof […]–is quite irrelevant. The fact that equivalent information could sometimes be obtained by other means does not make lawful the use of means that violate the Fourth Amendment. The police might, for example, learn how many people are in a particular house by setting up year-round surveillance; but that does not make breaking and entering to find out the same information lawful.

That argument seems to present at least a potential problem for the court’s reasoning here, and seems more generally relevant insofar as it concerns the use of technology to gain information about the contents of a home, but again, Kyllo is not even mentioned.

Since this is a case involving phones, the Sixth Circuit also takes a stab at breezily invoking Smith v. Maryland—the basis for the much-criticized “third party doctrine”—where a suspect was held to lack an expectation of privacy in dialed phone numbers that had been voluntary exposed to the phone company, which routinely retained that information in its ordinary business records for billing purposes. Without much analysis the court asserts that “[s]imilar reasoning compels” a parallel conclusion here.

But on closer examination, the fact that both cases involve phones is about as far as the similarities go. Dialed numbers are information actively and consciously exposed to the phone company by the user, and then retained in billing records as a matter of course, independently of any government investigations. Unfortunately, as both Orin Kerr and Jennifer Granick note, the court seems fuzzy on the very different characteristics of the GPS technology used here. The GPS chip contained in the phone—which apparently the suspects were unaware of—would not normally transmit any information to the phone company at all. Rather, the chip would have calculated its precise location coordinates and transmitted them to the company only in response to a “ping” initiated by law enforcement. To be sure, the company might be physically capable of sending such a ping on its own, just as it would be physically capable of intercepting the contents of a phone call. And if it had built the phone with a secret capability to be remotely activated as a microphone, it would also be physically capable of remotely gathering information about the user’s activities in that way as well. Fortunately, the Fourth Amendment is not limited to pointlessly prohibiting only physically impossible surveillance.  The technological capabilities of the phone company or the government do not determine what has been “knowingly exposed”—and it seems clear here that Skinner did not knowingly expose, to either the general public or the phone company, the precise GPS coordinates of his phone.

The Fourth Amendment status of the kind of GPS tracking employed here is hardly a slam dunk either way: There are strong arguments on both sides, and the issues involved are complex. Alas, this opinion doesn’t even begin to address them adequately.

Topics: 
Law and Civil Liberties, Telecom, Internet & Information Policy

All Your Records Are Belong to U.S.

By
Jim Harper

Twice in the last month, the Ninth Circuit Court of Appeals has affirmed that the government can access records about you held by third parties without getting a warrant. It’s a nice illustration of the broad and deep reach of the “third party doctrine.”

U.S. v. Golden Valley Electric Association is the more recent of the two. In that case, the government delivered an administrative subpoena to a member-owned electricity cooperative asking for quite a bit of information about three residences it served:

customer information including full name, address, telephone number, and any account information for customer; method of payment (credit card, debit card, cash, check) with card number and account information; to include power consumption records and date(s) service was initiated and terminated for the period 10-01-2009 through 12-14-2010…

Golden Valley resisted the subpoena on a number of bases, including by arguing that criminal investigations require a warrant.

The court rejected the Fourth Amendment argument because the customer of a business like Golden Valley “lacks ‘a reasonable expectation of privacy in an item,’ like a business record, ‘in which he has no possessory or ownership interest.’” That’s the third-party doctrine: The government can access your electricity usage records and billing information without implicating the Fourth Amendment.

In mid-July, a different panel of the Ninth Circuit concluded the same thing about hotel records.

Los Angeles Municipal Code section 41.49 requires hotel operators to maintain information about their guests,

including name and address; total number of guests; make, type and license number of the guest’s vehicle if parked on hotel premises; date and time of arrival; scheduled date of departure; room number; rate charged and collected; method of payment; and the name of the hotel employee who checked the guest in.

These records must be held for 90 days and made available for inspection by any officers of the Los Angeles Police Department.

The owners of motels in Los Angeles challenged the law as a facial violation of the Fourth Amendment. The court rejected that argument, finding that the information the ordinance makes available to law enforcement “does not, on its face, appear confidential or ‘private’ from the perspective of the hotel operator.” For their part, hotel guests do not have a “reasonable expectation of privacy in guest registry information once they have provided it to the hotel operator.”

This is another unremarkable application of the third party doctrine, which says that people do not have Fourth Amendment rights against unreasonable search and seizure with respect to information they have shared with others.

Last January, in her concurrence to the Supreme Court’s ruling in U.S. v. Jones, Justice Sotomayor questioned the “third party doctrine” (as Justice Alito had done during oral argument).

[I]t may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers.

It is not a slam dunk that utility and hotel records should be Fourth-Amendment protected, requiring probable cause and a warrant before law enforcement can access them. But if electric providers and hoteliers maintain information in confidence due to contractual or regulatory obligations, that should extend the protection of the Fourth Amendment to what I think of as the digital effects created by modern living. This is not so much because of the sensitivities around electricity use or lodging, but because this is the rule we need to secure the much more sensitive data we routinely share and store with third parties online.

Topics: 
Law and Civil Liberties, Telecom, Internet & Information Policy

The Long and the Short on Internet Tax

By
Jim Harper

Last week, Steve Titch gave you a thorough run-down on the TechLiberationFront blog. Now Tim Carney has a quick primer on the push by big retailers to increase tax collection on goods sold online.

S. 1832, the Marketplace Fairness Act is Big Retail’s effort to increase tax collection obligations on their smaller competitors, increasing the taxes you pay along the way.

Topics: 
Tax and Budget Policy, Telecom, Internet & Information Policy

Cybersecurity Improves No Matter What Congress Does

By
Jim Harper

The Hill’s “Hillicon Valley” blog reported late Wednesday that cybersecurity legislation was likely to fail in the Senate today.

The post, originally titled “Cybersecurity Act Expected to Crash and Burn in Senate,” indulged in some typical Washington, D.C. conceit: “The Senate’s cybersecurity bill is likely to go down in defeat on Thursday,” it said, “ending any hope of passing a measure by the end of the year to protect America’s networks.”

It is highly arguable, the question whether cybersecurity legislation would protect America’s networks. Doing so is the responsibility of the owners and operators of those networks (and all other communications and computing infrastructure). They are working all the time on protecting their assets, and their capacities to do so are constantly improving.

Yes, attacks on computing are improving, too, but there is little substantiated evidence (the fear-mongering of government officials and contractors is not substantiated) that the bad guys are getting the upper hand.

The Scylla and Charybdis Senate leaders appear to have been navigating was between a bill that was too regulatory, swamping American tech companies and “critical infrastructure” providers with deadening regulation, and, on the other hand, a bill that tapped too deeply into Americans’ communications and data. I’m happy—and feel quite safe—with cybersecurity legislation breaking up on the shoals or getting sucked down into a whirlpool, either one.

It’s possible, of course, that Senate leaders could arrive at a last-minute compromise—they’ll come forth extolling their own heroism for doing so. It’s very likely that the next Congress will return with undiminished hubris to the idea that the federal government can and should secure our computers, networks, and data. But it’s not true. That is the responsibility, and far more within the capability, of the private-sector owners of the nation’s digital infrastructure.

Nothing in this post should diminish the importance of cybersecurity. It is indeed hundreds or thousands of different problems that will be addressed by manifold actors various ways over coming decades. The government has a role in cybersecurity: getting and keeping its own house in order. But the majority of the problem is ours, not the government’s, and we are slowly, surely taking care of it.

Topics: 
Telecom, Internet & Information Policy

Mass Tragedy Boilerplate and Rebuttal

By
Jim Harper

On the road last week, and allergic to getting too heavily involved in the issue de l’heure, I only today saw Holman Jenkins’ Wall Street Journal commentary: “Can Data Mining Stop the Killing?

After the Aurora theater massacre, it might be fair to ask what kinds of things the NSA has programmed its algorithms to look for. Did it, or could it have, picked up on Mr. Holmes’s activities? And if not, what exactly are we getting for the money we spend on data mining?

Other than to collect it in a great mass along with data about all of us, the NSA could not have “picked up on” Mr. Holmes’s activities. As I wrote earlier this year about data mining’s potential for averting school shootings:

“[D]ata mining doesn’t have the capacity to predict rare events like terrorism or school shootings. The precursors of such events are not consistent the way, say, credit card fraud is. Data mining for campus violence would produce many false leads while missing real events. The costs in dollars and privacy would not be rewarded by gains in security and safety.

Jeff Jonas and I wrote about this in our 2006 Cato Policy Analysis, “Effective Counterterrorism and the Limited Role of Predictive Data Mining.”

If the NSA has data about the pathetic loser, Mr. Holmes, and if it were to let us know about it, all that would do is provide lenses for some pundit’s 20/20 hindsight. Data about past events always points to the future that occurred. But there is not enough commonality among rare and sporadic mass shootings to use their characteristics as predictors of future shootings.

Jenkins doesn’t drive hard toward concluding that data mining would have helped, but his inquiry is mass tragedy boilerplate. It’s been rebutted by me and others many times.

Topics: 
Cato Publications, Telecom, Internet & Information Policy

Rand Paul on the Surveillance State

By
David Boaz

Sen. Rand Paul (R-KY) gave a great speech on surveillance last week at FreedomFest. Actually, he gave two good speeches, but the one embedded below is his short 6-minute talk at the Saturday night banquet. He talks about our slide toward state intrusion into our phone calls, our emails, our reading habits and so on. You know how big the surveillance state has gotten? The answer is “a gazillion.” Watch the speech—complete with high-falutin’ references to Fahrenheit 451 and the martyr Hugh Latimer!

Topics: 
Government and Politics, Law and Civil Liberties, Telecom, Internet & Information Policy

Net Neutrality Violates the First and Fifth Amendments

By
Ilya Shapiro

This blogpost was co-authored by legal associate Matt Gilliam.

In December 2010, the FCC adopted Preserving the Open Internet, a “network neutrality” order regulating broadband internet access service. Issued under authority (ostensibly) derived from 24 disparate provisions of federal communications law, Preserving the Open Internet is predicated on three basic rules: transparency, no blocking, and no discrimination.

Broadly speaking, “transparency” requires broadband providers to “disclose network management practices, performance characteristics, and terms and conditions of services.” The “no blocking” rule forbids fixed broadband providers from “blocking lawful content, applications, services, and non-harmful devices.” Meanwhile, mobile broadband providers are restricted from blocking “lawful websites” and certain applications. The “No Discrimination” rule prohibits broadband providers from unreasonable discrimination in transmitting lawful network traffic.

The promulgation of the FCC’s network neutrality order will have serious consequences for the constitutional rights of broadband providers. One such provider, Verizon, now seeks to challenge the FCC order in the U.S. Court of Appeals for the D.C. Circuit. This week, Cato joined TechFreedom, the Competitive Enterprise Institute, and the Free State Foundation, on a brief urging the court to uphold Verizon’s First and Fifth Amendment rights.

We first argue that the FCC order violates broadband providers’ First Amendment rights by compelling speech, forcing them to transmit messages from content providers that they might not wish to convey, preventing them from transmitting messages they want to convey, prohibiting them from exercising editorial discretion, and generally restricting the mode and content of their communications. Because the order singles out certain speakers, it demands “strict scrutiny,” which it cannot survive because it neither serves a compelling governmental interest nor is narrowly tailored. We next argue that the FCC order violates broadband providers’ Fifth Amendment rights by subjecting them to physical and regulatory takings. The FCC order enacts a physical taking by granting the content providers an unrestricted right to occupy property while slicing through the bundle of property rights broadband providers enjoy as network owners. The order essentially gives the content providers unlimited use of the network owners’ physical property without any compensation, forbidding the rightful owners from exercising their right to control the use of their property and exclude others.

Furthermore, in forcing network owners to give network space to content providers, the regulation shifts costs to consumers, discouraging them from using broadband service and thus diminishing the network’s economic value. The FCC order also constitutes a regulatory taking because it prevents broadband providers from attaining their networks’ full economic value and subverts network owners’ reasonable investment-backed expectations. Finally, we argue that the FCC’s assertion of authority to regulate the Internet is a dangerous aggrandizement of agency power. In sum, while seeking to benefit content providers, the FCC has promulgated a regulation that violates the First and Fifth Amendment rights of broadband providers.

The case of Verizon v. FCC will be argued at the D.C. Circuit later this summer.

Topics: 
Law and Civil Liberties, Telecom, Internet & Information Policy

Pages