Feeds

US judge: Warrant required to access mobile location data

'We're getting too close to Orwell's 1984 Oceania'

Designing a Defense for Mobile Applications

The US government should have to obtain a warrant before mobile phone providers have to hand over multiple geolocation data records about customers, a US judge has said.

In Europe, privacy watchdogs have called on geolocation data to be classed as personal data, information that can be used to identify someone. EU data protection laws set out special rules on how personal data can be used by organisations that hold it.

Mr Justice Garaufis said that an exception to privacy rights set out in the United States' Fourth Amendment should not apply to the collection of multiple records of mobile users' geolocation data.

The Fourth Amendment guarantees that "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

An exception to those privacy rights exists under the Fourth Amendment when it states a "person has no legitimate expectation of privacy in information he voluntarily turns over to third parties," a principle known as the "third-party-disclosure doctrine".

"The fiction that the vast majority of the American population consents to warrantless government access to the records of a significant share of their movements by 'choosing' to carry a cellphone must be rejected," the judge said in his ruling (22-page/673KB PDF).

"In light of drastic developments in technology, the Fourth Amendment doctrine must evolve to preserve cellphone user's reasonable expectation of privacy in cumulative cell-site-location records," he said.

The judge was ruling on whether to grant the US government a court order against mobile provider Verizon. The government had asked the court to issue an order forcing Verizon to hand over at least 113 days' worth of geolocation data about an individual it said was under criminal investigation.

The government had asked for the order under the terms of the US' Stored Communications Act.

The Act states that the US government can force "electronic communication service or remote computing service" providers to disclose information about customers – excluding the contents of communications – when the government obtains a court order for the disclosure. The Act states that a court should only issue an order if the government "offers specific and articulable facts showing that there are reasonable grounds" that the contents of information they are asking for is "relevant and material to an ongoing criminal investigation".

The judge said that the legal standard for obtaining information under the provisions of the Act was "lower than the probable cause standard required for a search warrant" set out in the Fourth Amendment. He said the information the US government was looking for was "protected by the Fourth Amendment".

"While the government's monitoring of our thoughts may be the archetypical Orwellian intrusion, the government's surveillance of our movements over a considerable time period through new technologies, such as the collection of cell-site-location records, without the protections of the Fourth Amendment, puts our country far closer to Oceania than our Constitution permits," the judge said in his ruling.

"It is time that the courts begin to address whether revolutionary changes in technology require changes to existing Fourth Amendment doctrine. Here, the court concludes only that existing Fourth Amendment doctrine must be interpreted so as to afford constitutional protection to the cumulative cell-site-location records requested here. For the foregoing reasons the government's motion for orders ... is denied," he said.

Copyright © 2011, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Application security programs and practises

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.