Training Your Defense Team to Win: Information Technology and Communication Skills
Table of Contents
- Using Technology for the Win
- The Electronic Frontier Post-Jones
- Nuts and Bolts of Cell Phones and How Evidence is Collected
- Technologies Used by the Government to Collect Information
Trial week. You are ready and you know the state is all out of chances to say they are not ready. But, your trial team is scattered. Co-counsel is in Houston preparing for oral arguments. Your paralegal and his wife just had a baby and your clerk is studying for finals. Everyone is willing to work as much as they can, but everyone is out of pocket. How can you make the most of your team's time and work? How can you make sure that your team is on the same page?
This article will examine the ways in which your defense team can stay in communication in a way that is protected and accessible from everywhere. The current state of communication devices has allowed for new ways of accessing information and being in touch with people all over the place, all the time. The world is truly at our fingertips. However, the same devices that make keep us together can also be tracked. This new age of electronic devices has brought on a new age of electronic surveillance. This article will also update the current state of information and personal tracking in the aftermath of the recent Supreme Court decision in United States v. Jones, 132 S. Ct. 645, (2012). Part III will focus on post-Jones cases. Part IV will look at the nuts and bolts of how cell phones work. Part V will take a look at the new technologies that the government is using for surveillance today.
The key to successfully trying a case is to keep constant and efficient communication with your defense team. Lead counsel should "allocate" responsibilities among the members of the team, determining, based on the needs of the particular client and case, who will assume the various roles and duties" (Miller, "The Defense Team in Capital Cases". To accomplish effective communication, the defense team must use technology to its advantage.
An effective solution is creating personal cloud storage. This method creates upfront costs but allows an office to forego subscriptions to a third-party provider to store your client's files. A great alternative to public cloud computing is to create your own cloud with a Network Attached Storage (NAS) peripheral. Every law office, big or small, should have their personal cloud.
An NAS resembles an external drive "[b]ut instead of connecting to a computer directly, it connects to a network via a network cable (or Wi-Fi) and offers storage space to the entire network at the same time." The drives will connect wirelessly to your Wi-Fi allowing you and your defense around the clock access to all of your client's files. They are all password protect and best of all, they abjur the need for relying on a third-party to secure your files. With your personal cloud, your files are on location not at some remote server. There are drawbacks at this time, however they are slight.
First, the transfer rate is considerable slower than an internal drive, but that should not be your focus. Rather your focus should be on drive capacity (how much space the drive has). The other drawback is if some office mishap occurs and the drive is destroyed, you will lose all of your files. However, the convenience an NAS will provide your defense team cannot be overlooked. It will assist your team on keeping constant and effective communications. Every office should invest in this technology.
While corporations like Apple may claim that the cloud services they offer is protected and safe, there is no way to be sure. It is important to make sure your communications are safe. While communications from within your office team should be safe from government interference, there is no way to know that communications with your client will be protected over the cloud. In 2012 alone, the government sent Google over 21,000 requests for information affecting over 33,000 users. Microsoft received over 70,000 request affecting over 120,000 accounts.
It cannot be understated that at its core, using the Cloud through Google or Apple means that you are essentially keeping your data on someone else's server. Google Director of Security for Google apps, Eran Feignenbaum has said himself that, while he believes that the Cloud is safe for public and sensitive date, it should not be used for "top secret data." Should defense attorneys not consider their constitutionally protected communications to be top secret? Or are they only sensitive? Whether our clients are accused of selling pot to their friends or selling arms to Iran, they probably consider the strategy and work of their attorneys to be top secret. At the time of publishing their article in 2011, the ABA would not consider Dropbox a recommendable storage option for confidential documents, due to encryption issues. Due to these security issues, it is a best practice to only use a privately owned cloud or remotely accessible server like the one described above.
In U.S. v. Jones, the Supreme Court held that the installation of a GPS tracking device on a suspect's vehicle, as well as the monitoring of the movements of that vehicle, constituted a search under the Fourth Amendment. United States v. Jones, 132 S. Ct. 945, 949 (2012). The Court held accordingly due to the government's physical occupation of private property for the purpose of gathering information. Id.
Antoine Jones, a nightclub owner in Washington D.C., had become the focus of an investigation by the FBI and Metropolitan Police Department. Id. at 947. Based on information gathered from a variety of sources, including visual surveillance of the nightclub and a wiretap of Jones' cell phone, the government obtained a warrant for the use of an electronic tracking device to be installed on the undercarriage of the vehicle registered to Jones' wife. Id. The warrant authorized the installation of the device in the District of Columbia within 10 days. Id. The GPS tracking device was installed on the 11th day in Maryland. Id.
By use of the device, the government obtained over 2,000 pages of data over a 4-week period. Id. at 948–49. In 2007, after a hung jury the year before, the government used, once again, the data obtained from the use of the GPS device to connect Jones to the location that contained 97 kilograms of cocaine and $850,000 in cash. Id. at 949. Jones was sentenced to life in prison. Id. The U.S. Court of Appeals for the District of Columbia Circuit reversed the conviction of Jones, explaining that the warrantless use of the GPS device was a violation of the Fourth Amendment. United States v. Maynard, 615 F.3d 544, 568 (D.C. Cir. 2010).
The Supreme Court unanimously affirmed the decision of the appeals court. Jones, 132 S. Ct. at 945. The reasoning employed by the Justices, however, differed. Justice Scalia based the majority opinion on the fact that the government had "physically occupied private property for the purpose of obtaining information" without a warrant. Id. The text of the Fourth Amendment, Justice Scalia explained, demonstrates the close connection to property. Id. The Court explained the "common-law trespassory test" for what could be described as a Fourth Amendment violation per se. Id. at 952. Looking to language previously used by the Court, Justice Scalia explained, "when the government does engage in physical intrusion of a constitutionally protected area in order to obtain information, that intrusion may constitute a violation of the Fourth Amendment." Id. at 951 (citing United States v. Knotts, 460 U.S. 276, 286 (1983)). Essentially, if the government takes up space on private property without a warrant, there is a strong presumption that a violation of the Fourth Amendment has occurred. The Court went on to distinguish the facts in Jones from the previous cases, United States v. Knotts, 460 U.S. 276 (1983) and United States v. Karo, 468 U.S. 705 (1984) where the Court upheld government actions in which tracking devices were placed in a defendant's care by noting that in both Knotts and Karo, the "beeper" used by the government was installed in the container to be tracked before the container came into the possession of the defendant. Id. at 952 ("As in Knotts, at the time the beeper was installed the container belonged to a third party and it did not come into possession of the defendant until later." (citing United States v. Karo, 468 U.S. 705, 708 (1984))).
Justice Sotomayor noted in her concurrence that in situations involving new forms of electronic surveillance the majority opinion's trespassory test would not provide the necessary guidance. Id. at 955 (Sotomayor, J., concurring). With Justice Scalia-like wit, Justice Alito began his concurrence by noting the irony of the majority of the Court deciding a case involving 21st- century surveillance techniques by applying 18th-century tort law and pointing out that in Jones, the government might have provided grounds for a 1791 suit for trespass to chattels. Id. at 957
(Alito, J., concurring).
The main point of difference in the Court was the analysis of when and how to apply the two part test developed in Katz v. United States, 389 U.S. 347 (1967). This test was explained by Justice Harlan in his concurrence and has become the strong point of the Katz opinion. The test inquires if a private citizen can meet two requirements in order to establish that a violation has occurred, "first that a person have exhibited an actual (subjective) expectation of privacy and, second that the expectation be one that society is prepared to recognize as ‘reasonable.'" Katz v. United States, 389 U.S. 347, 361 (1967) (Harlan, J., concurring). The majority opinion in Jones did point out, "[s]ituations involving merely the transmission of electronic signals without trespass would remain subject to Katz analysis." Jones, 132 S. Ct. at 953. Justice Scalia opined that the Katz test "added to, not substituted for, the common-law trespassory test." Id. at 952 Justice Alito, on the other hand, stated that Katz "finally did away with the old approach, holding that a trespass was not required for a Fourth Amendment violation." Id. at 959 (Alito, J., concurring).
The opinion of the Court did establish that in situations in which officers have "physically occupied private property of the purpose of obtaining information," a "search" within the meaning of the Fourth Amendment has occurred. Id. at 949. The Court, however, did not provide further guidance as to when and how to apply the Katz test to situations involving 21st-century surveillance techniques or as Justice Alito would have framed the issue before the Court, "whether respondent's reasonable expectations of privacy were violated by the long-term monitoring of the movements of the vehicle he drove." Id. at 958 (Alito, J., concurring).
The holding in Jones did not, as the media reported, require a search warrant to attach a GPS device; that question was not answered. Both the concurring opinions by Justices Sotomayor and Alito raise several more questions that the majority's reliance on trespass theory seems inadequate to answer. A decision on factory or owner installed vehicle track devices or GPS enabled smartphones are absent from the opinion of the Supreme Court. Id at 956 (Sotomayor, J,. concurring). In a companion case Chief Judge Kozinski of the Ninth Circuit dissenting from the denial of rehearing en banc proclaims "1984 may have come a bit later than predicted, but it's here at last." United States v. Pineda-Moreno, 617 F.3d 1120 (9th Cir. 2010).
In an almost fatalistic dissent Chief Judge Kozinski lays out the argument that seemed to have great sway over Justice Sotomayor. The facts of Pineda-Moreno are very similar to Jones and yet the Ninth Circuit came to the conclusion that that entering onto Pineda-Moreno's property and attaching a tracking device to his car required no warrant, probable cause, founded suspicion or by-your-leave from the homeowner. The panel further held that downloading the data from the GPS device, which gave police the precise locus of all of Pineda-Moreno's movements, also was not a search, and so police can do it to anybody, anytime they feel like it." Pineda-Moreno, 617 F.3d at 112. Kozinski continues that:
if you have a cell phone in your pocket, then the government can watch you. At the government's request, the phone company will send out a signal to any cell phone connected to its network, and give the police its location. Last year, law enforcement agents pinged users of just one service provider-Sprint- over eight million times. The volume requests grew so large that the 110-member electronic surveillance team couldn't keep up, so Sprint automated the process by developing a web interface that gives agents direct access to users' location data. Id at 1125 (internal quotations omitted).
The Government has this power but it still must establish and the 5th circuit and the Western District of Texas have their individual case law regarding it.
The Third Circuit held in United States v. Katzin, 732 F.3d 187 (3d Cir. 2013), that there is "no hesitation in holding that the police must obtain a warrant prior to attaching a GPS device on a vehicle, thereby undertaking a search that the Supreme Court has compared to 'a constable's concealing himself in the target's coach in order to track its movements." United States v. Katzin, 732 F.3d 187, 198 (3d Cir. 2013) (quoting Jones, 132 S. Ct at 950 n.3.). The Court explained that "[w]hile the interests the police wished to further in this case are certainly important, the same interests arise in every investigation where the police have a potential suspect. We are hard pressed to say, therefore, that the police can—without warrant or probable cause—embark on a lengthy program of remote electronic surveillance that requires almost no law enforcement resources and physically intrudes upon an ordinary citizen's private property. Consequently, we hold that—absent some highly specific circumstances not present in this case—the police cannot justify a warrantless GPS search with reasonable suspicion alone" and refused to accept the vehicle exception as a way for the government to sanction their search of Defendant's vehicle through the "ever-watchful electronic sentinel in order to collect future evidence." Id. 198-204.
In Riley v. California, the Supreme Court unanimously held in order to search a cell phone seized post-arrest, law enforcement must get a warrant. Riley v. California, 134 S.Ct 2473 (2014) (holding a warrant is generally needed to search a cell phone incident to arrest). The Fourth Amendment is now firmly in the digital age.
A police officer initiated a traffic stop on David Riley where it was learned that his license was suspended. Id. Due to department policy, the vehicle was impounded and inventory search was conducted by another officer. Id. Subsequently, after finding loaded firearms under the hood, Riley was arrested. Id.
Upon a search incident to arrest, the police officer obtained a cell phone ("smart phone") seized from Riley's pocket. Id. The officer searched the phone at the scene followed by a detective "at the police station about two hours after the arrest." Id. The search turned up videos and photos with a connection to the "Bloods." Id at 2481. Riley was tried and convicted of multiple felonies where the evidence obtained from the warrantless search of the cell phone was admitted into evidence. Id. The California Court of Appeals affirmed the conviction and the California Supreme Court denied Riley's petition for discretionary review. Id.
In an opinion written by Chief Justice Roberts, focused on qualitative and quantitative differences between data's physical counterparts. Id at 2489. Quantitatively, cell phones, which is a "misleading shorthand", can hold "millions of pages of text, thousands of pictures, or hundreds of videos." Id. Further, cellphones are essentially a container with "many distinct types of information" in a single location. Id. Chief Justice Roberts notes "there is an element of pervasiveness that characterizes cell phones but not physical records." Id at 2490.
Also, these "minicomputers" are qualitatively different. Id. The Chief Justice looks to a 1926 opinion from Learned Hand, quoted in Chimel, observing "it is ‘totally different thing to search a man's pockets and use against him what they contain, from ransacking his house for everything which may incriminate him. Id at 2490–91 (quoting United States v. Kirschenblatt, 16 F.2d 202, 203 (CA2)). If the individual has a cell phone on his person, this observation no longer applies.
Indeed, a cell phone search would typically expose to the government far more than the most exhaustive search of a house: A phone not only contains in digital forma many sensitive records previously found in the home; it also contains a broad array of private information never found in a home in any form– unless the phone is. Id at 2491.
Thus, on the question of whether law enforcement can conduct a warrantless search on a cell phone incident to arrest, the Court responded, "Our answer to the question of what police must do before searching a cell phone seized incident to arrest is accordingly simple – get a warrant." Id at 2495.
When the first call was placed on a handheld mobile phone in 1973, the prototype device used was capable of less than 30 minutes of battery life and took 10 hours to re-charge. Today, the ownership of mobile devices has reached its critical mass both in the United States and globally. These devices function as our primary means of both daily communication and media interaction. In 2012, the average person sent/received 164.5 phone calls per month, used 644.1 voice minutes per month and sent/received 764.2 text messages per month. As Circuit Judge Posner noted in a 2012 opinion, "a modern cell phone is a computer." United States v. Flores- Lopez, 670 F.3d 803, 804 (7th Cir. 2012).
Basically, cell phones are very sophisticated radios. These phones are devices that can make and receive telephone calls over a radio link while moving around a wide geographic area. They accomplish this by connecting to a cellular network provided by a mobile phone operator, allowing access to the public telephone network.
A cellular network or mobile network is a radio network distributed over geographic areas called cells. Each cell is served by at least one fixed-location transceiver. These transceivers are known as a cell sites or base stations. In a cellular network, each cell uses a different set of frequencies from neighboring cells to reduce interference. When joined together these cells provide radio coverage over a wide geographic area. This enables a large number of portable transceivers (e.g., mobile phones, pagers, etc.) to communicate with each other and with fixed transceivers and telephones anywhere in the network, via base stations, even if some of the transceivers are moving through more than one cell during transmission.
All cell phones have special codes associated with them that are used to identify the phone, the phone's owner and the service provider. When you make a call from your phone it goes through a standard process that allows you to communicate with others.
First, when you turn the phone on, it attempts to locate a System Identification Code (SID). A SID is a unique 5-digit number that is assigned to each carrier by the Federal Communications Commission (FCC). The phone locates this SID on a control channel. A control channel is a special frequency that your phone and base station use to communicate about things like call set-up and channel changing. If the phone cannot find any control channels to communicate with, it knows it is out of range and displays a "no service" message. When it receives the SID, the phone compares it to the SID programmed into the phone. If the SIDs match, the phone knows that the cell it is communicating with is part of its home system.
In connection with the SID, your phone also transmits a registration request, and the Mobile Telephone Switching Office (MTSO) keeps track of the phone's location in a database. This allows the MTSO to identify which cell you are in when it wants to connect to your phone. A MTSO is used for switching telephone calls among landline subscribers and mobile subscribers, the office controlling the call origination, termination and release of call from both the landline and the mobile subscribers, and providing a separation between the elements associated with each function for regulatory purposes.
When the MTSO receives a call it attempts to locate you. It will search its database to identify which cell zone you are in. The MTSO selects a frequency pair that your phone will use in that cell to take the call. The MTSO communicates with your phone over the control channel to tell it which frequencies to use, and once your phone and the tower switch on those frequencies, the call is connected and you are communicating by two-way radio.
As you move toward the edge of your cell's range, your cell's base station notes that your signal strength is diminishing. Meanwhile, the base station in the cell you are moving toward (which is listening and measuring signal strength on all frequencies, not just its own one- seventh) sees your phone's signal strength increasing. The two base stations coordinate with each other through the MTSO, and at some point, your phone gets a signal on a control channel telling it to change frequencies. This hand off switches your phone to the new cell.
As you travel, the signal from your phone is passed from cell zone to cell zone. Let's say you're on the phone and you move from one cell to another, but the cell you move into is covered by another service provider and not your service provider. Rather than dropping your phone's signal, your call will be transferred to the other service provider.
If the SID on the control channel does not match the SID programmed into your phone, then the phone knows it is roaming. The MTSO of the cell zone that you are roaming contacts the MTSO of your home system, which then checks its database to confirm that the SID of the phone you are using is valid. Your home system verifies your phone to the local MTSO, which then tracks your phone as you move through its cells. All of this happens within seconds.
A smartphone is both a mobile phone and a computer. While the traditional feature phones allowed us to communicate via voice and text, smartphones allow us to communicate via talk, text and video; access personal and work e-mail; access the Internet; make purchases; manage bank accounts; take pictures and do many other activities. Smartphones are constantly becoming more integrated into our daily lives. For many people, smartphones serve as a primary source of communication with the rest of the world. While smartphones provide us with a seemingly unlimited amount of resources, the fact is that many of us do not consider the massive amount of personal data that is stored, and therefore accessible, in our smartphones.
Since 2007, more than one billion smartphones have been sold around the world. Recent reports show that two thirds of new mobile buyers are now opting for smartphones over traditional feature cellular phones. As of June 2012, 54.9% of U.S. mobile subscribers owned smartphones. It is anticipated that there will be over 192 million smartphone users by the year 2016. The total estimated population for the United States in 2016 is almost 324 million.
Smartphones now have the capabilities for text messaging/SMS, emailing, instant messaging, social networking, streaming online music, videos/mobile TV, various applications, web browsing, mobile shopping, mobile banking, barcode or QR scanning, NFC/mobile wallet and location-based services/GPS. So what is your smartphone capable of revealing about you? It is safe to assume that anything you do on your smartphone and any information you store or access is at risk of being accessed by others. Even your service providers collect your data. Unfortunately, service providers are not forthcoming in detailing exactly what data they collect, why the collect it, and what data retention policies they have in place for storage and deletion of your personal data.
What other data should you be aware of on your smartphone? In addition to the data collected by your smartphone service provider, you should also be aware of possible privacy issues surrounding the collection or disclosures of several other files and data. Any photos, videos, text messages, emails, outgoing and incoming calls, contact information, passwords, financial data, information stored on your phone's calendar, different locations you've visited, your age and your gender are all stored and accessible on your smartphone. This is valuable information for not only criminals and advertisers but also interested law enforcement and government officials.
The ability to collect data on where a person has gone and what they have been doing is valuable information for law enforcement officers. For example, if you are the subject of an investigation or even if you have just been pulled over, police may want to see what you've been doing and where you've been going – things your smartphone may be able to reveal. Thus, the data provided by your smartphone may be used against you in criminal proceedings.
In the society we live in today, there are certain States that will allow their police departments to unlawfully search a person's phone without probable cause or a valid search warrant. Michigan for example, has a device that will allow the police to extract the entire contents of a persons' cell phone. These contents include personal contacts, GPS data, videos, pictures and text messages. What's more appalling is the fact that the police are allowed to take this information from a person even if they are not suspected of a crime.
Law enforcement officers could pull a person over for having a tail light out. They would then be allowed to take all the information out of that person's cell phone using the "extraction" device. The officer will have gained access to all private communications stored in the cell phone, as well as GPS information that can tell the officer every location the driver has been to within a set period of time. That officer could then use the GPS information as well asany text communication within the cell phone to create probable cause, obtain a search warrant, and then arrest the driver for a drug smuggling crime that he is involved in.
A "Stingray" is a brand name of an International Mobile Subscriber Identity (IMSI) locator. These devices are used to locate a cell phone regardless of whether the cell phone is being used to make calls. The Federal Bureau of Investigation has determined these devices are so critical to their ability to monitor individuals that it has established a policy of deleting or "purging" all data gathered during their use. This policy was established to protect the secret workings of the device and keep civilians in the dark about their capabilities. Sherry Sabol, Chief of the Science & Technology Office for the FBI's Office of General Counsel, says that information about stingrays and related technology is "considered Law Enforcement Sensitive, since its public release could harm law enforcement efforts by compromising future use of the equipment."
Stringrays work by acting as a fake cell-phone tower that allows the government to reroute all network traffic to the fake tower. A cell phone sends out signals every 7 to 15 seconds regardless of whether its owner is making calls. These devices are especially dangerous because they have the capabilities to collect the contents of all electronic and wire communications, including innocent people, while locating a targeted individual.82 The Stringray "tricks the cell phone into connecting to it, rather than a real cell phone tower, which allows the government to determine who, when and to where the user is calling, the precise location of every device within the range, and with some devices, even capture the content of your conversations." But the Stingray does not focus on an individual. The device captures the information of everyone within its range – which can span several kilometers. This means that potentially thousands of people are having their right to privacy violated every time one of these devices is activated.
One of the greatest concerns with these devices is that they allow law enforcement to conduct broad searches amounting to "general warrants" - the exact type of evil the Fourth Amendment was intended to eliminate. To add to this concern, law enforcement officers are often interpreting the law as they see fit. These officers may obtain court orders, but not necessarily search warrants, when using the Stingray devices. It is also concerning that government agents and U.S. attorneys making those request don't provide details concerning how the devices work and seem to have difficulty explaining the technology. This has created concern among judges, asking how an order or warrant could even be obtained without first telling the judge what the technology was being used for.
Finally, and perhaps the greatest concern, is that the evidence collected against an individual is destroyed before a case ever goes to trial. The law governing search warrants establishes how warrants are executed and usually requires that information to be returned to the issuing judge. This means an individual is denied access to the same information that was used to arrest him because the evidence is destroyed before either the defendant or the fact finder has the opportunity to review it. Additionally, this policy was established internally through the FBI, not through case law or legislation. The FBI argues that they are justified in destroying the evidence for security purposes and because they don't intend to use the evidence in court because it is only used to establish the general location of their target. The fact is that when the government hides what it is doing, it bypasses an important check on government power and violates fundamental rights established by our Constitution to protect American citizens from exactly this kind of evil.
One of the most disturbing cases of cell phone tracking devices comes out of Fort Worth. In February 2012, the Fort Worth City Council granted the police department's request to spend $184,000 on technology specifically used to track cell phone locations. The department sent memo to City Council where it promised to use the "KingFish" tracking system "to establish probable cause in criminal cases." The KingFish is a device which acts like a dummy cell phone tower. Cell phones then unknowingly "ping" off the KingFish device. It is now unnecessary for police to acquire court orders making the cell phone service providers release that type of information. Law enforcement officials essentially told City Council they are going to erase the 4th amendment of the Constitution and bypass the requirement to show a judge that they have established sufficient probable cause to acquire a search warrant to get the type of information they are now able to acquire on their own.
The Board of Directors for the National Association of Criminal Defense Lawyers in February of 2012 adopted a document on "Electronic Surveillance & Government Access to Third Party Records at http://www.nacdl.org/reports/thirdpartyrecords/
The document discusses the growing debate over the preliminary showing of proof for obtaining third party information. Court precedent has been clear that a person does not have a reasonable expectation of privacy to thing that they expose to the public. See United States v. Miller, 425 U.S. 435 (1976) and its progeny. In this digital age that exposure has grown to almost an all-encompassing summary of your life. As Justice Sotomayor noted in U.S. v. Jones "people disclose the phone numbers that they dial or text to their cellular providers; the URL's that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers." Jones, 132 S.Ct. at 957. Sotomayor continues by stating that "I for one doubt that people would accept without complaint the warrantless disclosure to the government of a list of every Web site they had visited in the last week, or month, or year. But whatever the societal expectations, they can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy." Id. As the NACDL document reiterates the decision in Jones has cast doubt on the viability of the "third party doctrine." Further Sotomayor did not list facebook entries, SMS text messages (even if deleted), device locator records, keystrokes of a computer, and documents loaded on a cloud but only shared with specific people. All of these reveal intimate personal details of persons lives and yet in many instances they are subject to seizure by a simple subpoena.
The Electronic Communications Privacy Act (ECP), the Stored Communications Act (SCA), the USA Patriot Act, Wiretap Act, and the Foreign Intelligence Surveillance Act (FISA) all govern the standards which control the collection and use of third party data. These provisions create distinctions between content, non-content information, electronic communication service (ECS), remote computing service (RCS). Many of these statutes were created well before the modern proliferation of smart phones and mobile computing technologies leading the NACDL to advocate for a modern rewriting of the laws governing this all important Fourth Amendment doctrine because of the obsolete status of current statutes.
The Board of Directors for the NACDL has thus adopted "Policy Recommendations to Protect the Privacy of Electronic Communications:"
- The content of any electronic communication that is sought by a law enforcement official should only be obtained through a warrant based on probable cause, adhering to the requirements for specificity and particularity in the application for the warrant, the particularity clause of the warrant, as well as the execution of the warrant.
- The definition of "content" information should be amended to cover any information that will demonstrate the substance of an electronic communication, to include private emails, instant messages, text messages, word processing documents and spreadsheets, photos, internet search queries and private posts made over social networks. This would include any information found in any third party records, including information stored within a cloud system, and transactional information that can reveal the content of an electronic communication, including a search query string, a URL, browser history and email subject lines.
- Congress should amend the Electronic Communications Privacy Act (ECPA) and eliminate the RCS and ECS distinctions, and the 180 day "rule."
- Law enforcement must be required to obtain a warrant based on probable cause to obtain prospective or retrospective geo-location information- whether by way of a third-party service provider, or by direct use of a GPS device to track a suspect's movements.
- Opened email, even though found on a third-party service provider's service, should only be obtainable by way of a warrant based on probable cause.
- Congress should statutorily extend the exclusionary rule to apply to searches that do not comply with these warrant requirements.
These recommendations conform statutes and jurisprudence to the needs of modern technology making the third party doctrine consistent with a person's reasonable expectation of privacy.
In early 2012, Congressman Ed Markey asked major phone carriers to reveal "how often they give users' data to the government and under what circumstances." The carriers responded, but left out a lot of key information.
"Sprint received 500,000 subpoenas for its data from law enforcement in the last year. That doesn't include court orders for wiretaps and location data, which Sprint didn't track annually but which added up to 325,982 requests in the last five years. The company also says it doesn't have the resources to track how many of those requests it responded to or rejected. The company has 221 employees dedicated to processing and responding to government requests for its data."
"Verizon received 260,000 requests for its users data in 2011, including wiretaps, calling records, text message information, and location information, but doesn't add how many of them were filled."
"AT&T received 131,400 subpoenas in criminal cases for its information in 2011, as well as 49,700 warrants or orders that it hand over data. It rejected 965 of them. The company says it employs more than 100 staffers full-time to respond to law enforcement demands."
"T-Mobile told Congressman Markey it "does not disclose" the number of law enforcement requests it receives or complies with."
MetroPCS says received fewer than 12,000 requests a month on average for the last six years." "Cricket received 42,000 requests last year, and U.S. Cellular received 19,734 in 2011." "The New York Times counts a total of 1.3 million requests for users' information in the last year based on Markey's data."
The A.C.L.U. used the Freedom of Information Act to obtain information from various law enforcement agencies around the country about their policies regarding "data requests to phone carriers." The information retained by the organization revealed a frightening trend.
More agencies are using cell phones as the central tool of their investigations. Growing in popularity amongst law enforcement agencies are requests for "cell tower dumps." Upon the approval of a "tower dump" request, law enforcement officials receive "all the stored information collected from all users of a cell phone tower, without a warrant." For example, if police officers are trying to investigate the alibi of someone they suspect of murder, they would request a "cell tower dump" from towers where the suspect claims to have been. Once the request is approved, not only will officers have the location information and other cell phone data from the person they suspect of a crime, but they will have gained access to thousands of innocent peoples' information because they happened to "ping" off the same cell tower a suspected criminal used.
When it comes to internet surveillance, law enforcement officials are less likely to request information from internet services. Phone companies estimate annual information requests in the hundreds of thousands but Google reports that they received merely 12,271 requests in 2011.
In an effort to combat terrorism, the government has conducted a mass collection of data on its citizens for over seven years. "Beginning in May 2006 and continuing through the present, the FBI has obtained production orders… directing certain telecommunication companies to produce, on an ongoing daily basis, these telephone metadata records, which the companies create and maintain as part of their business of providing telecommunications services to customers." Klayman v. Obama, No. 13-0851, at 16 (D.C. Dec. 16, 2013). In Klayman, the District Court for the District of Columbia found this collection of data "involves two potential searches: (1) the bulk collection of metadata and (2) the analysis of that data through the NSA's querying process." Id. at 36. The court noted that "[v]irtually all of the Government's briefs and arguments to this Court explain how the Government has acted in good faith to create a comprehensive metadata database." Id. at 38 (emphasis in original). The court differentiated the issue from the one faced by the Supreme Court in Smith v. Maryland, 442 U.S. 725 (1979), stating "the question in this case can more properly be styled as follows: When do present-day circumstances—the evolution in the Government's surveillance capabilities, citizens' phone habits, and the relationship between the NSA and telecom companies—become so thoroughly unlike those considered by the Supreme court thirty–four years ago that a precedent like Smith simply does not apply? The answer, unfortunately for the Government, is now." Id. at 45. The court ultimately held that the plaintiffs in this civil action were likely to succeed on their Fourth Amendment claim, questioning "whether people have a reasonable expectation of privacy that is violated when the Government, without any basis whatsoever to suspect them of any wrongdoing, collects and stores for five years their telephone metadata for purposes of subjecting it to high-tech querying and analysis without any case-by-case judicial approval." Id. at 56.
Eleven days after this opinion came another opinion from the District Court for the Southern District of New York, ACLU v. Clapper, No. 13 Civ. 3994 (S.D.N.Y. Dec. 27, 2013). The court held differently from the D.C. court, noting that while the collection of data was broad, "the scope of counterterrorism investigations is unprecedented." Clapper, at 36. The court also differentiated counterterrorism efforts from regular law enforcement investigation stating "they are prospective—focused on preventing attacks—as opposed to retrospective investigation of crimes." Id. The court noted that while "[t]elephones have far more versatility now than when Smith was decided, but this case only concerns their use as telephones." Id. at 44. The court ultimately held that "[b]ecause Smith controls, the NSA's bulk telephony metadata collection program does not violate the Fourth Amendment." Id.
The Supreme Court has yet to grant Certiorari to a case which will definitively answer the question.
Until recently, most people had no clue as to what law enforcement officials actually harvested from their phones whenever a search was conducted. New information shows that whenever law enforcement officials search a person's phone, they collect all call logs, text messages, geo-locations, and on certain devices, Apple iPhone, in particular, law enforcement officials are able to collect information from the iMessage application. If law enforcement officials deem it necessary, they can use more advanced methods and acquire a device's "web history, data files, wireless networks, and the user's custom dictionary." The devices that law enforcement officials use to acquire cell phone information also extracts the device's geo- location points, including cell tower information. Once this type of information is obtained, police officers are able to pinpoint where a cell phone has been over a set period of time by tracking the cell towers the cell phone uses while a call is taking place. This is how police officers are able to discover the location of a suspect they are investigating.
With the growing popularity of smart-phones and cell phones that are capable of accessing email and the internet, law enforcement officials are able to gain access to an overwhelming amount of information, when accessing a person's cell phone, whether that information is used in the investigation or not. The Stored Communications Act gives many law enforcement agencies an excuse to bypass the need to give subpoenas or search warrants to service providers, such as, Apple, Google, or anyone who provides email or internet service to the device, because this type of information is already stored on the device of someone law enforcement officials believe committed a crime. This is a big issue for privacy groups, the A.C.L.U., for example, stated their concern, "We would have never carried around several years' worth of correspondence on our person, for example, but today, five-year-old emails are just a few clicks away using the smart-phone in your pocket. The fact that we now carry this much private, sensitive information around with us means that the government is able to get this information, too."
With the use of cell surveillance growing in popularity amongst law enforcement officials, cell phone carriers are being inundated with request from law enforcement agencies to help them with investigations by providing information regarding text messages, caller locations and other information stored by the cell phone service providers. In 2011, cell phone providers reported that they responded to over 1.3 million demands for subscriber information. Though this number is high, many cell phone service providers reject a lot of the requests coming from law enforcement agencies. Carriers report that they've considered many of the demands for information legally questionable or unjustified. Understandably, cell phone carriers are hesitant to jump at the demands of federal agencies. In 2007, the F.B.I. was criticized for improperly sending "emergency" letters to cell phone carriers. The purpose of these letters was to retain information on "thousands" of phone numbers in what they reported to be "counter-terrorism" investigations. The F.B.I. was allowed to side-step the requirement of getting a valid warrant and it was later discovered that none of these reported investigations involved actual emergencies. The reason those carriers never second guessed the F.B.I. is because when law enforcement officials deem a situation an "emergency" there are less formal requirements needed to obtain the information.
Cell phone companies report that it is not only the top federal agencies that are demanding information. They've stated that these demands are coming from all levels of the government. Local police are making request to help aid in their investigations of street crimes, while the higher up State and Federal agencies are requesting information to aid in their investigations of financial and intelligence crimes.
Due to the overwhelming amount of law enforcement agencies requesting information, cell companies have been forced to establish legal departments whose goal is to focus solely on the legitimacy of requests coming from these agencies. In 2012, AT&T reported they responded to over 700 requests a day. Many of those request being "emergency requests" that do not require the typical search warrant granted by a judge after showing proof of probable cause for the information.