Feeds

US judge: Warrant required to access mobile location data

'We're getting too close to Orwell's 1984 Oceania'

High performance access to file storage

The US government should have to obtain a warrant before mobile phone providers have to hand over multiple geolocation data records about customers, a US judge has said.

In Europe, privacy watchdogs have called on geolocation data to be classed as personal data, information that can be used to identify someone. EU data protection laws set out special rules on how personal data can be used by organisations that hold it.

Mr Justice Garaufis said that an exception to privacy rights set out in the United States' Fourth Amendment should not apply to the collection of multiple records of mobile users' geolocation data.

The Fourth Amendment guarantees that "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

An exception to those privacy rights exists under the Fourth Amendment when it states a "person has no legitimate expectation of privacy in information he voluntarily turns over to third parties," a principle known as the "third-party-disclosure doctrine".

"The fiction that the vast majority of the American population consents to warrantless government access to the records of a significant share of their movements by 'choosing' to carry a cellphone must be rejected," the judge said in his ruling (22-page/673KB PDF).

"In light of drastic developments in technology, the Fourth Amendment doctrine must evolve to preserve cellphone user's reasonable expectation of privacy in cumulative cell-site-location records," he said.

The judge was ruling on whether to grant the US government a court order against mobile provider Verizon. The government had asked the court to issue an order forcing Verizon to hand over at least 113 days' worth of geolocation data about an individual it said was under criminal investigation.

The government had asked for the order under the terms of the US' Stored Communications Act.

The Act states that the US government can force "electronic communication service or remote computing service" providers to disclose information about customers – excluding the contents of communications – when the government obtains a court order for the disclosure. The Act states that a court should only issue an order if the government "offers specific and articulable facts showing that there are reasonable grounds" that the contents of information they are asking for is "relevant and material to an ongoing criminal investigation".

The judge said that the legal standard for obtaining information under the provisions of the Act was "lower than the probable cause standard required for a search warrant" set out in the Fourth Amendment. He said the information the US government was looking for was "protected by the Fourth Amendment".

"While the government's monitoring of our thoughts may be the archetypical Orwellian intrusion, the government's surveillance of our movements over a considerable time period through new technologies, such as the collection of cell-site-location records, without the protections of the Fourth Amendment, puts our country far closer to Oceania than our Constitution permits," the judge said in his ruling.

"It is time that the courts begin to address whether revolutionary changes in technology require changes to existing Fourth Amendment doctrine. Here, the court concludes only that existing Fourth Amendment doctrine must be interpreted so as to afford constitutional protection to the cumulative cell-site-location records requested here. For the foregoing reasons the government's motion for orders ... is denied," he said.

Copyright © 2011, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Combat fraud and increase customer satisfaction

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.