Radio Shack robbery to have huge consequences for location privacy

Share on Twitter
Share on Google+
Share on LinkedIn
Share on Reddit
The time has come, finally, after years of confusion, to iron out what kind of privacy – if any – Americans can expect with regards to their phones’ location data.
The Supreme Court today will take up a slew of questions that arise from the modern era of ubiquitous cellphone usage. The case in question, Carpenter v. United States, is one of many that have arisen when police have used cellphone-derived location data to pinpoint suspects’ whereabouts and whenabouts.
The story of this case begins in a humble enough setting: a Radio Shack store in Detroit that was the site of an armed robbery a couple of weeks before Christmas 2010. It was one of a string of robberies in the Midwest in 2010 and 2011.
In April 2014, Timothy Ivory Carpenter was sentenced to 116 years in jail for robbing six cellular telephone stores, including that Radio Shack, at gunpoint. The robbers took with them bags filled with expensive phones. Ironically enough, it was their own phones that helped to send them to prison.
To get him convicted, prosecutors relied on vast amounts of data collected from cellphone companies that showed the movements of Carpenter, who they said was the ringleader of the robbery spree.
Sophos Home
Free home computer security software for all the family
Learn More
They got those records without a warrant. On Wednesday, the Supreme Court will start its review of the case, with the goal of determining whether that warrantless search violated Carpenter’s Fourth Amendment protection against unreasonable search.
Carpenter’s lawyers have argued that a prosecutor had sought access to more than five months of his cellphone location records. They didn’t seek warrants based on probable cause, however. Rather, they requested the records under the Stored Communications Act, which has a lower standard and allows phone companies to disclose records when the government shows “specific and articulable facts showing that there are reasonable grounds to believe” that records at issue “are relevant and material to an ongoing criminal investigation”.
The cellphone records didn’t reveal Carpenter’s conversations. Rather, they revealed that over a five-month span in 2010 and 2011, his cellphone connected with cell towers in the vicinity of the robberies.
Carpenter had argued that the records should be suppressed because the government hadn’t obtained a warrant for them.
But a district court denied the request, saying that Carpenter “had no reasonable expectation of privacy in cellphone location records held by his service provider.” He was convicted on 11 of the 12 counts for which he was indicted.
The US Court of Appeals for the Sixth Circuit upheld Carpenter’s convictions, similarly rejecting Carpenter’s arguments that disclosure of his phone records to the federal government was a “search” for which the government needed a warrant. Its rationale: cellphone companies had collected the data “in the ordinary course of business” for their own purposes, including “to find weak spots in their network and determine whether roaming charges apply”.
The court argued that Carpenter had no reason to believe that his cellphone records would be kept private, given that the records simply show where his phone connected with cell towers, without giving away any information about call content.
The Federal government had urged the Supreme Court to deny a review of Carpenter’s case. In doing so, it pointed to two Supreme Court cases from the 1970s that held that obtaining a business’ records about somebody doesn’t equate to a “search” of that person, and hence doesn’t merit a warrant even if the records contain information about the person. It shouldn’t matter that Carpenter’s case involves “new technologies” like cellphones, the government has tried to argue.
But the Supreme Court has increasingly grown uncomfortable with the notion of police having unfettered access to our digital data. Thus, in June 2017, the Supreme Court refused to go along with the Feds, instead agreeing to review Carpenter’s case.
As of May 2015, a US court had ruled that police could access phone location data without a warrant. But that decision didn’t resolve the issue, given that it ran counter to lower courts in several states having ruled that phone records are constitutionally protected, including Montana, Maine, Minnesota, Massachusetts, and New Jersey.
客户担心快递实名制会导致隐私外泄,立法允许公安加强安全监控,公安不算侵犯隐私。有没有新规,快递公司和人员那边都可能泄露,诈骗份子更可能会假借快递之名套取人们的个人信息……
Since that 2015 decision, we’ve been stuck with what Electronic Frontier Foundation civil liberties lawyer Hanni Fakhoury has called a hodgepodge, with the question of warrantless phone tracking left in limbo as state courts and some higher courts have come to contradictory decisions.
Simply put, at issue is whether the warrantless seizure and search of historical cellphone records revealing the location and movements of a cellphone user over the course of 127 days is permitted by the Fourth Amendment.
Does the Fourth Amendment to the US Constitution protect cellphones and their constant recording of cellphone locations, or not? Are those records private, or are phone companies akin to eyewitnesses to a crime – as in, it’s reasonable to interview them?
Does law enforcement need a warrant to get at months of our whereabouts, including when/where we go to church and when/where we sleep, or not? Do we have a reasonable expectation of privacy with regards to our location data?
So many questions, and such a mishmash of court decisions that have flip-flopped in their answers over the years: say, when law enforcement pored over the bank records of an illegal whiskey-distilling operation without a warrant (1976: US v. Miller – police didn’t need a warrant, the Supreme Court decided, since all they got was information voluntarily handed to banks).
Or in 1979, in Smith v. Maryland. Ditto for that one on the “nope, there’s no Fourth Amendment violation here” decision: sure, police got the phone company to install a pen register to record all phone numbers a suspected robber placed from his home. But no, how can you expect privacy when there’s a company involved to make those calls happen?
First, it is doubtful that telephone users in general have any expectation of privacy regarding the numbers they dial, since they typically know that they must convey phone numbers to the telephone company and that the company has facilities for recording this information and does, in fact, record it for various legitimate business purposes.
Experts in privacy law told the New York Times that Carpenter v. United States could spur a new era in digital privacy. The newspaper quotes Jeffrey Rosen, the president of the National Constitution Center, a nonprofit group devoted to educating the public about the Constitution:
Carpenter could be the most important electronic privacy case of the 21st century.
It’s certainly attracted a small blizzard of amicus curiae briefs. One came from a group of more than a dozen of the nation’s top tier of tech companies, including Airbnb, Apple, Cisco Systems, Dropbox, Evernote, Facebook, Google, Microsoft, Mozilla, Nest Labs, Snap, Twitter and Verizon.

Other briefs have come from rights groups, including one from the Electronic Privacy Information Center (EPIC) and another from the Electronic Frontier Foundation (EFF). Also chiming in has been the legal luminary Orin Kerr.
Kerr, a research professor at the George Washington University Law School who will soon join the faculty at the University of Southern California, argued in a post on the SCOTUSblog that what’s at issue in Carpenter is “what you might call the eyewitness rule: the government can always talk to eyewitnesses”.
In the case of Carpenter, he said, the wireless carrier is an eyewitness. “Customers use their services and hire the companies to place calls for them,” he wrote, which means the business record of what they did for customers doesn’t have Fourth Amendment protection.
网络安全法在线讲解-《网络安全法》的突出亮点 https://v.qq.com/x/page/u0514qmyllg.html
The right question for the court, he contended, is not Carpenter’s “expectation” of privacy, but whether he should “have a right to stop others from telling the government about what they saw [him] do”.
The tech companies, unsurprisingly, have urged the Supreme Court to protect privacy rights of people who use their products. To get that done, the Supreme Court would have to drag the Fourth Amendment out of the 18th century, when it was drafted, and into the modern era of devices tucked into our purses, pockets and briefcases. From their brief:
No constitutional doctrine should presume that consumers assume the risk of warrantless government surveillance simply by using technologies that are beneficial and increasingly integrated into modern life.
The court’s decision is expected by June 2018. It’s going to apply to far more than that Detroit Radio Shack and a robber’s cellphone data. As the NYT suggests, the court’s decision may also apply to email and text messages, internet searches, and bank and credit card records.
Kerr:
The case is hugely important in that it defines the constitutional role in a really wide range of cases.
在供应链的信息安全管理方面,不仅要考虑到直接供应商,而且需要增加一项条款,该供应商必需获得您的组织的授权,方可将您的数据托管或转包给第三方。

猜您喜欢

全国职工职业安全与健康普及读物推荐图书
计算机网络安全基础微课
Security-Frontline-安全前线
告诉你“什么叫恐怖”!《妖铃铃》曝预告大打反差牌
FORMULACIONQUIMICA VGU
网络安全意识教育动画之办公室安全