How an Armed Robber’s Supreme Court Defense Could Protect Everyone’s Email

The Supreme Court agreed to hear a court case today that could impact cops' access to lots of records in the cloud

Chicago police search a building during a standoff with a bank robber 30 August 2007. Police searched the bank in Chicago's North Side where a gunman reportedly took hostages. The FBI said about six hostages had been taken and that all of them had been released. The FBI did not have any information on the suspect, and Chicago police said no arrests had been made. AFP PHOTO/JEFF HAYNES (Photo credit should read JEFF HAYNES/AFP/Getty Images)

Police search a Chicago building during a bank robbery investigation. JEFF HAYNES/AFP/Getty Images

A lot has changed since 1979. Back then, most records were kept on paper, phones hung on walls and all musical recordings were still analog. That’s also the year that the Supreme Court nailed down what’s called “the third-party doctrine” for electronic information. In Smith v. Maryland (1979), the court ruled that once a person shares information with a third party, police no longer need to attain a warrant to attain that information. In that case, police accessed call records from a phone company, and the court contended that the phone company is not a person’s home, so the person had no expectation of privacy under the Fourth Amendment, which protects against unreasonable search and seizure.

Fast forward to 2017, and everyone who ones a cellular phone is constantly creating records with phone companies, tech companies and startups. At a bare minimum, as long as even a basic flip phone is powered on, it’s checking and double-checking that it’s in touch with the nearest cell tower, just in case its owner wants to make a call or send a text. Its pings create records with the mobile company. That’s how police were able to map the whereabouts of Timothy Carpenter and Timothy Sanders during a 2011 spree of armed robberies in Michigan and Ohio.

Monday, the Supreme Court agreed to revisit their case, Carpenter vs. the United States, in which attorneys argue that law enforcement violated the Fourth Amendment of the Constitution by attaining location records for the two men without a warrant. The issues at the heart of the case touch on some of the same questions that moved Microsoft to sue the Justice Department last year over the gag orders it issues when law enforcement searches people’s email.

SCOTUSBlog confirmed that Carpenter’s case would go before the court this morning.

What is the third-party doctrine?

In short, the court has contended that a person has no reasonable expectation of privacy when they create records held by businesses conducting normal operations. For example, if you make a phone call, the phone company keeps a record of the call. The phone company doesn’t single any one person out. Keeping records of calls is how the phone business works, because they use it for billing. Bizarrely, in Smith v. Maryland, a robber was busted because he robbed a woman and then followed it up with a series of phone calls in which he admitted he was the robber.

The police went to the phone company, asked for call records and simply found out who was making the harassing calls. In their argument that police did not need a warrant to attain these records, the court referred to a case from three years prior, 1976’s United States v. Miller. Then, the court held that a bank depositor could not reasonably expect privacy for records of deposits made into their checking or savings accounts.

What have justices said about the third-party doctrine?

The winds of change may be blowing. This word “reasonable” in the Miller case could be important. Reasonable expectations of how the world works may have changed. One sign of the times came in 2014 when the Supreme Court ruled 9-0 that police needed a warrant to search the contents of a person’s cell phone.

Bush appointee Chief Justice John Roberts wrote the opinion of the court, in which he wrote that mobile phones had become “such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy.” Roberts is considered a member of the conservative side of today’s court, and yet even he seems to have found that the world is different today than it was in the 70s, and the court may need to take the into consideration going forward.

Is it reasonable in 2017 to expect someone with privacy concerns to not own or not carry a mobile phone? If it’s not, then it might also be reasonable for users of mobile devices to assume that police can’t look at their location records without a warrant.

A more liberal-leaning member of the court, Justice Sonia Sotomayor, suggested in an opinion concerning 2012’s United States v. Jones, that it could be time for the court to reevaluate its stance on records held by third parties, as we previously reported. That case concerned whether or not police needed a warrant to place GPS tracking devices on automobiles.

Police don’t even need to put trackers on Android-phone owners. Google Maps keeps a record of where Android phone users go by default. Police have been querying Google for those records in order to build cases against robbery suspects, as The Verge reported last year.

What does this case mean for people who don’t rob banks?

It could mean that the government won’t be able to easily read people’s email quite so easily.

Microsoft sued the federal government over gag orders it has received over warrants to search users’ email. This case also hinges on the third-party doctrine. Microsoft didn’t challenge the government’s right to do the search, but argued that people should know a search has been undertaken. That case took a step forward in February, as Bloomberg reported.

The judge who allowed Microsoft’s case to advance admitted in doing so that the government’s position squares solidly with precedent. But if the Supreme Court takes a significantly different stance on the third-party doctrine in Carpenter, it could make it much easier for Microsoft’s case to move forward.

So can police just ask telephone companies for location data of anyone and everyone?

This case would probably be a lot simpler if the answer were simply “no.” Unfortunately for privacy proponents, the answer is a “No, but…”

No, the police did not get a warrant, but they did go to the court. Police got location records for 16 different phone numbers under the Stored Communications Act of 1986, as SCOTUSBlog explains.

To search someone’s home, police need to convince a judge that they have attained enough facts already that the person to be searched is likely to have committed a crime. This is known as “probable cause.” The Stored Communications Act has a lower standard, only requiring police to convince judges that records held by a third-party could be relevant to an investigation. So they did go to the courts and got permission, but they didn’t have to be as rigorous about it.

So it’s not as if Congress hasn’t considered these issues, which could cause judges to hesitate to make a very wide ruling on the third-party doctrine. Even if justices do want to revisit the third-party doctrine in Timothy Carpenter’s case, they might do it in such a way that it only impacts similar criminal proceedings, without touching Microsoft’s concerns about email at all.

That said, Congress has also shown signs of reevaluating its stance on digital privacy. The US House of Representatives has passed the Email Privacy Act twice now. The bill would require law enforcement to show probable cause and attain a search warrant in order to search someone’s email. The legislation currently awaits action in the US Senate.