The question of whether law enforcement officials need a warrant to track individuals using their cellphones remains open, but the prospects for legislation on the issue are murky at best in Congress.
Maine recently became the second state to ban officials from accessing cellphone location data without a warrant, highlighting again how Congress has been unable to reach a compromise on updating various elements of federal digital privacy laws.
Today’s smartphones are equipped with GPS devices and store a wealth of data on users’ location and movements. The courts have been mixed on whether a warrant is required for officials to access this data, with some courts maintaining that the legal standard differs depending on the age of the data and how it is obtained, according to Alan Butler, appellate advisory council at the Electronic Privacy Information Center, a public-interest research group.
Cellphone location records are currently lumped under Title 1 and Title 2 of the 1986 Electronic Communications Privacy Act (PL 99-508), which cover stored communications and call details. Accessing those types of information typically requires only a court order, rather than a warrant, as is required for the contents of a phone call or digital message under Title 3.
The Justice Department maintains in court that it doesn’t need a warrant for most location data, but in practice it has sought warrants whenever it is attempting to use GPS to track a user’s current or future location, Butler said. He said some courts have also recognized the distinction between historical and real-time location records and that the issue continues to be litigated in various jurisdictions.
Law enforcement officials “are trying to fit these new investigative methods into old legal boxes drawn in the 1980s,” Butler said. “Our view is that the comprehensive location records, especially, are just as sensitive as the content of the calls. In some cases, they can be more sensitive.”
A number of lawmakers share the position that accessing any location data should require a warrant, resulting in two bills that have gained support. Sen. Ron Wyden, D-Ore., and Rep. Jason Chaffetz, R-Utah, are sponsoring legislation (HR 1312, S 639) that would require law enforcement to obtain a warrant for all location data with limited exceptions for national security and emergencies.
“The courts have been conflicted over the proper use of geolocation tracking data by law enforcement,” Wyden’s office said via email. “This clarifies the rules that law enforcement and prosecutors need to follow in order to track individuals using their cellphones or GPS devices, and ensures that private providers know exactly how and when they are required to comply with law enforcement requests for data.”
Chaffetz, for his part, contends that “the government and law enforcement should not be able to track somebody indefinitely without their knowledge or consent, or without obtaining a warrant from a judge.”
The Wyden-Chaffetz bill, known as the Geolocational Privacy and Surveillance Act, also includes a provision that would force commercial companies to obtain consumer consent before sharing their location information with third parties. That takes the bill away from Fourth Amendment search and seizure questions and into the realm of consumer privacy, where Sen. Al Franken, D-Minn., has offered his own legislation based around an opt-in standard.
The second bill designed with a flat warrant requirement for law enforcement to access all geolocation data comes from Reps. Zoe Lofgren, D-Calif., Ted Poe, R-Texas, and 15 other co-sponsors. That legislation (HR 983) would handle the location portion of the issue similarly to the GPS Act, but Lofgren’s bill also goes further by updating the 1986 ECPA law to standardize the warrant requirement for all stored electronic communications and data.
Senate Judiciary Chairman Patrick J. Leahy, D-Vt., has also offered legislation (S 607) that would update the stored electronic communications and data portion of ECPA, and his committee cleared it in May. Leahy’s staff said the chairman remains focused on his ECPA update and has not yet taken a stance on the issue, though they noted an earlier draft of his bill from the last Congress included a section on geolocation information.
A House Democratic aide suggested Leahy’s email and data update to ECPA appears to be a “slam dunk” at this point, especially after the recent revelations over National Security Agency surveillance programs. The aide expressed skepticism, however, that the Senate would be willing to significantly amend the legislation by re-inserting a location provision before sending it to the floor for a vote.
The prospects are no more clear in the House, where the Judiciary Subcommittee on Crime held hearings on ECPA earlier this year. At the time, subcommittee Chairman Jim Sensenbrenner, R-Wis., indicated a preference for updating both elements of ECPA, location data and stored communications, at the same time.
The House effort is now in the hands of Judiciary Chairman Robert W. Goodlatte, R-Va. Before gaining the gavel, Goodlatte signed on to the Chaffetz-Wyden bill as an original co-sponsor in 2011. His name is no longer listed among the co-sponsors, but a Judiciary aide said he is working on a bipartisan basis to draft an ECPA rewrite.
Congress’ bandwidth for privacy updates has been small in recent years, with only minor bills becoming law while broader changes face continued debate.
Many observers believe the recent revelations concerning NSA surveillance programs may have built momentum for new privacy rules like Leahy’s ECPA bill, even if they would not affect the intelligence programs in questions. If that is indeed the case, Leahy’s ECPA bill could find the floor later this year, where the location provisions could potentially be offered as a germane amendment.
But should that bill fail, or its sponsors seek to block the addition of location provisions, this issue will likely remain in the courts for at least another year. In the meantime, law enforcement officials will be free to continue collecting location records from any person of interest in an investigation, without facing any requirement to delete that data once they are done with it.
“Once you’ve obtained these records in one case, there’s nothing to stop officials from dumping them in a central database for other unrelated cases. There are currently no minimization rules,” Butler said. “I think it’s going to require more than just a court decision. That could be a precursor, but ultimately, it’s going to be a statutory fix. The courts can’t develop rules or procedures for minimization; those have to be adopted by DOJ or established by statute.”