United States Cybersecurity Magazine

ProcessBolt

How Much Cell Phone Data Privacy Should We Expect?

According to the Pew Research Center, more than 96% of Americans own a cell phone. Among people ages 18 to 49, the number rises to 99%, with almost as many in this age group having a smart phone. Therefore, almost all of us share a common concern: cell phone data privacy.

The Right to Privacy

At its most basic level, privacy means control of personal data, i.e., how it’s collected, used, and shared. In the U.S., the Constitution also protects citizens from unreasonable government intrusion. The Fourth Amendment, specifically, describes privacy in terms of houses, papers, and effects. Obviously, technology has changed the ways personal data is handled. We still have paper records, but nearly all our personal information is now digital data, which is typically not stored in our houses, papers, and effects. In a 1967 case, the U.S. Supreme Court made the distinction that the Fourth Amendment protects a person’s right to privacy and the right to privacy belongs to the individual—not just locations, as a literal interpretation might suggest.

Digital data is any information stored on a computer system. Many entities gather our private information, including healthcare providers, companies, educational institutions, and internet service providers. Considering how many people own cell phones, it’s not surprising that cell phone providers collect and store more private information than any other single entity. Unfortunately, data revealing personal information maintained by one of these third parties does not clearly fit under existing legal precedents. Indeed, a third-party doctrine established in U.S. Supreme Court cases in the 1970s states that if we share information voluntarily with a third party, we can’t expect it to remain private. 

Reasonable Expectation of Privacy Test

The Fourth Amendment protects against arbitrary arrests. Additionally, it is the basis of the law regarding search warrants, stop-and-frisk, safety inspections, wiretaps, and other forms of surveillance. Furthermore, it protects citizens from warrant-less searches of places or seizures of persons and objects in which they have a reasonable expectation of privacy. In Katz v. United States, Supreme Court Justice John Marshall Harlan created the Reasonable Expectation of Privacy Test, which says if the expectation of privacy passes the two-part test, it is considered reasonable:  

  1. An individual has exhibited an actual (subjective) expectation of privacy  
  2. The expectation is one that society is prepared to recognize  

Privacy With a Cell Phone

Advances in Global Positioning Systems (GPS) technology have made location data from cell phones a viable source of evidence for law enforcement agencies. In fact, a cell phone’s location can be easily detected with GPS data and Cell Site Location Information (CSLI). CSLI is the information collected as a cell phone identifies its location to nearby cell towers. Using multiple cell towers, a cellphone can be located with greater precision, typically to within a 16-foot radius.

In 2019, a Motherboard investigation found approximately 250 bounty hunters and related businesses had access to AT&T, T-Mobile and Sprint customer location data. Motherboard was able to purchase the real-time location of a T-Mobile phone on the black market from a bounty hunter source for $300. Indeed, the cell phone companies sold customers’ data to CerCareOne, who then sold highly sensitive and accurate GPS data to bounty hunters. CerCareOne operated in near-total secrecy for more than five years by making customers agree to “keep the existence of CerCareOne.com confidential.” Some bounty hunters sold the data to people unauthorized to handle it. From 2012 until it closed in late 2017, CerCareOne allowed bounty hunters, bail bondsmen and bail agents to find cell phones’ real-time locations. The company would sometimes charge up to $1,100 per phone location, according to a source familiar with the company. 

The Dangers of Location Tracking

A Vice article written by Joseph Cox explains how a T-Mobile customer’s life was put in danger when her location information was placed in the wrong hands. In 2014, someone claiming to be a U.S. Marshal called her about 20 times, threatening to have a warrant for her arrest for stealing a car because she was behind on her payments.

The caller was actually a debt collector with a history of stalking and domestic violence who obtained the customer’s phone location data by tricking T-Mobile into thinking he was a U.S. Marshal with the Georgia Fugitive Task Force. He scammed T-Mobile by using a custom domain to convince them he was a legitimate requester. T-Mobile failed to check credentials before handing over the location data for this customer and 14 others. After T-Mobile gave him the customer’s cell phone location, he harassed and stalked her, causing her to move and give her car back to the dealership she owed to avoid trouble. 

Conclusion

Fortunately, in 2018, the U.S. Supreme Court addressed this issue in Carpenter v. United States, in which the FBI identified several robbery suspects’ cell phone numbers. Prosecutors were granted court orders to obtain the suspects’ cell phone records under the Stored Communication Act. As a result, the government was able to obtain 12,898 location points cataloging one suspect’s movements over 127 days without a warrant. 

The suspect moved to suppress the data, arguing the government’s seizure of records without a warrant supported by probable cause violated his Fourth Amendment rights. The District Court denied the motion and prosecutors used the data to show the suspect’s phone was near four robbery locations when the robberies occurred. The Sixth Circuit held that he lacked a reasonable expectation of privacy of location information the FBI collected because he had shared the information with his wireless carriers. The Supreme Court held that the government’s acquisition of cell site records was a Fourth Amendment search, making CSLI a Fourth Amendment protected right.  

In our next post, we will discuss cell phone data privacy rights and how to protect them.  

References: 

“U.S. Supreme Court Holds” Chronicle of Data Protection. Published: 6/26/18. Accessed: 11/14/19. 

“Supreme Court Rules” ARS Technica. Published: 6/22/18. Accessed: 11/14/19.  

“Fourth Amendment” Legal Information Institute. Accessed: 11/14/19.  

“Expectation of Privacy” Legal Information Institute. Accessed: 11/14/19. 

“Verizon- Yes, Verizon” Wired. Published: 8/16/17. Accessed: 11/14/19. 

“United States Report” Verizon. Published: 2019. Accessed 11/14/19. 

“Sprint Corporation Privacy Policy” Sprint. Published: 4/19. Accessed: 11/14/19. 

“Transparency Report” AT&T. Published: 2019. Accessed 11/14/19.  

“Motherboard Investigation” Vice. Published 2019. Accessed 11/15/19.  

“T-Mobile” Vice. Published 2019. Accessed 11/15/19. 

SUBSCRIBE HERE
Create a strong password with a minimum of 7 characters using one uppercase, one lowercase, and one number.
Show privacy policy