Agentless Backup is Not a Myth

The US government should have to obtain a warrant before mobile phone providers have to hand over multiple geolocation data records about customers, a US judge has said.

In Europe, privacy watchdogs have called on geolocation data to be classed as personal data, information that can be used to identify someone. EU data protection laws set out special rules on how personal data can be used by organisations that hold it.

The Fourth Amendment guarantees that "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

An exception to those privacy rights exists under the Fourth Amendment when it states a "person has no legitimate expectation of privacy in information he voluntarily turns over to third parties," a principle known as the "third-party-disclosure doctrine".

"The fiction that the vast majority of the American population consents to warrantless government access to the records of a significant share of their movements by 'choosing' to carry a cellphone must be rejected," the judge said in his ruling (22-page/673KB PDF).

"In light of drastic developments in technology, the Fourth Amendment doctrine must evolve to preserve cellphone user's reasonable expectation of privacy in cumulative cell-site-location records," he said.

The judge was ruling on whether to grant the US government a court order against mobile provider Verizon. The government had asked the court to issue an order forcing Verizon to hand over at least 113 days' worth of geolocation data about an individual it said was under criminal investigation.

The government had asked for the order under the terms of the US' Stored Communications Act.

The Act states that the US government can force "electronic communication service or remote computing service" providers to disclose information about customers – excluding the contents of communications – when the government obtains a court order for the disclosure. The Act states that a court should only issue an order if the government "offers specific and articulable facts showing that there are reasonable grounds" that the contents of information they are asking for is "relevant and material to an ongoing criminal investigation".

The judge said that the legal standard for obtaining information under the provisions of the Act was "lower than the probable cause standard required for a search warrant" set out in the Fourth Amendment. He said the information the US government was looking for was "protected by the Fourth Amendment".

"While the government's monitoring of our thoughts may be the archetypical Orwellian intrusion, the government's surveillance of our movements over a considerable time period through new technologies, such as the collection of cell-site-location records, without the protections of the Fourth Amendment, puts our country far closer to Oceania than our Constitution permits," the judge said in his ruling.

"It is time that the courts begin to address whether revolutionary changes in technology require changes to existing Fourth Amendment doctrine. Here, the court concludes only that existing Fourth Amendment doctrine must be interpreted so as to afford constitutional protection to the cumulative cell-site-location records requested here. For the foregoing reasons the government's motion for orders ... is denied," he said.

Copyright © 2011, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Cloud storage: Lower cost and increase uptime