The U.S. Supreme Court on Monday agreed to decide whether law enforcement authorities must obtain a warrant before obtaining cell phone records that reveal individuals' locations over time.
The criminal case, which stems from a police investigation of a robbery suspect, could have a significant impact on people's privacy rights to a broad swath of digital data, including material stored in the cloud.
The underlying dispute dates to 2011, when federal prosecutors obtained court orders requiring Sprint and MetroPCS to turn over 127 days' worth of cell phone location records for Timothy Carpenter, a suspect in robberies in Michigan and Ohio. The prosecutors sought the orders under the Stored Communications Act -- which doesn't require authorities to show they have probable cause to believe the records will yield evidence of a crime.
Some of the records showed that Carpenter was at the locations of the robberies. He was convicted of six robberies and sentenced to almost 116 years.
Carpenter argued that the authorities shouldn't have been able to access the location data without first obtaining a warrant -- which would have required them to convince a judge they had probable cause to think the records would connect Carpenter to the robberies.
The 6th Circuit Court of Appeals sided against Carpenter, ruling that the authorities didn't need a search warrant on the grounds that he lacked a "reasonable expectation of privacy" in records that were held by third parties -- his wireless carriers.
He then asked the Supreme Court to hear his appeal. "Monitoring an individual’s location and movements over an extended period of time by collecting and analyzing cell phone records can and frequently will expose extraordinarily sensitive details of a person’s life," he argued in a petition seeking review.
The 6th Circuit's decision drew on a Supreme Court case from 1979, when the court held that the police didn't need a warrant to obtain a list of phone numbers dialed by a suspect. The court ruled in that case that people have no reasonable expectation of privacy in the phone numbers they dial because they have shared that information with their telephone carriers.
That reasoning has been called into question in the digital age. In 2012, the Supreme Court ruled that the police violated a suspect's rights by installing a GPS device on his car without a warrant. In that case, Justice Sonia Sotomayor said in a concurring opinion that people might have an expectation of privacy in certain data -- including Web sites visited, books purchased and email addresses in their contact lists -- even when they share such information with outside companies.
Three years ago, the Supreme Court unanimously ruled that police need to obtain a warrant before searching a suspect's cell phone.
While the ruling dealt specifically with searches by the police, the decision was later cited by consumers who brought a privacy lawsuit against Google and other companies.
A group of Safari users argued in that case argued that Google and the other companies violated the federal wiretap law by circumventing their browsers' privacy settings in order to track the Web sites they visited for ad-targeting purposes. The consumers contended that Google and the other companies illegally intercepted the "content" of their communications -- meaning the specific URLs. The Safari users argued that specific URLs should be considered "content" under the rationale of the Supreme Court's decision to require warrants for cell phone searches.
Google ultimately agreed to pay $5.5 million in order settle the litigation.