The Supreme Court has a case before it, Carpenter v US (it heard oral argument Wednesday), concerning the 4th Amendment and the personal data of a defendant in the form of his cell phone location data. The data were obtained from the cell phone company by police without first getting a search warrant. There is precedent.
The high court reasoned then [in ’70s cases involving business records that banks and landline phone companies maintain about customer transactions and that the Supreme Court then reasoned police could seize without warrants] that individuals had voluntarily revealed their financial transactions or numbers they dialed to a third party—the bank or phone company—and so had forfeited any privacy interest in that information.
Smith v Maryland is illustrative of that general position.
There is growing criticism of that position.
allowing authorities to compile such granular data about an individual’s life, without a judicial warrant, no longer meets society’s “reasonable expectation of privacy”—the touchstone of the Supreme Court’s approach to constitutional limits on searches and seizures.
The objectors’ heart is in the right place, but their criticism is wide of the mark. Compiling data—seizing a person’s personal information, which most assuredly includes where he situates himself from time to time—without a court’s order never has met society’s or that individual’s “reasonable expectation of privacy.”
Consumers (the individuals, the particular members of society in question here) have a reasonable—indeed, a loud and vociferously stated—expectation of privacy concerning their personal data, and an equally loud and vociferously asserted ownership of those data held by third parties. This is clearly demonstrated by the raucous and repeated hoo-raw raised every time a Facebook or a Twitter or a bank or a phone company gets caught using those personal data in ways to which the consumer-owner objects.
This is further and just as clearly established by the even louder hoo-raw raised every time one of those third parties is discovered to have inadequately protected those personal data entrusted to it by being hacked and those personal data stolen, and too often exposed.
The Supreme Court ruled erroneously then, and Carpenter is a good opportunity to correct that error. The Court should have known at the time that revealing financial transactions or numbers they dialed to a third party was not at all a voluntary action. The revealing was a mandatory condition of doing business with the bank or phone company, and there was no opportunity to go elsewhere—all the banks and phone companies required that: give up the financial data or the phone numbers, or don’t do business at all. Take careful note: that the technology of the time—or today—means that [phone numbers] must be revealed to [phone companies] in no way makes the reveal voluntary: it’s still a wholly involuntary privacy exposure. The data are owned in whole by the consumer; the third party is merely a caretaker, bound to protect the privacy and sanctity of these papers, and effects.
Prosecutors can indict ham sandwiches with their grand juries, and policemen can just as easily get search warrants, but do get the warrant. Cell phone location data, financial transaction data, et al., all are part of the papers, and effects, of the individual.
Full stop.