06 July 2022

Kentucky Supreme Court Says Warrants Are Needed For Real-Time Cell Location Pings...

Thus and so forth -- in Kentucky the court suppressed real-time location info law enforcement obtained without a warrant from a cell service provider. . .And, again, the Kentucky court system holds officers in the state to a higher “good faith” standard — one that says cops don’t get to play fast and loose with unsettled law unless they like seeing their evidence tossed. More courts should do the same.

An animated image showing location pins dropping onto a street map from above, tracing several paths

Kentucky Supreme Court Says Warrants Are Needed For Real-Time Cell Location Pings

from the get-a-warrant dept

In 2018, the Supreme Court declared warrantless access to historical cell site location information unconstitutional, given the privacy implications of being able to track someone’s movements over days or weeks without bothering to secure a warrant. Prior to this decision, cell site location info (CSLI) was treated as a third party record, requiring neither a warrant nor probable cause to obtain.

It did not extend this coverage to real-time access to CSLI, tower dumps, or ping requests made to service providers to engage in quasi-real time tracking. However, other courts in the nation have been willing to extend the coverage of the Carpenter decision, applying it to other third party records, including real-time acquisition of cell location info. . .

Key to the court’s findings here is how this information is obtained. Rather than being a third party record created by someone simply having their phone on while near cell towers, the location data obtained here required the interference of the cell service provider.

Real-time CSLI is not a passive location record but data generated by an affirmative action—a “ping” taken by the cell-service provider at the behest of a law enforcement officer. By “pinging” an individual’s cell phone, the cell service provider is able to determine, instantaneously, the cell phone’s location in relation to the available cell sites and to communicate that location information to law enforcement.

And that’s where the search moves from “reasonable” to “unreasonable,” says the court.

In obtaining an individual’s cell phone’s real-time CSLI, police commandeer the cell phone and its transmissions for the purpose of locating that individual. We find this usurpation of an individual’s private property profoundly invasive, and we liken it to a technological trespass. Such an appropriation of an individual’s cell phone is precisely the sort of invasion that we find the average citizen unwilling to accept.

Historic CSLI is intrusive because it allows law enforcement to track someone’s movements after the fact, providing officers with plenty of information about a person’s life, habits, contacts, and other activities. Prospective (“real-time”) CSLI is intrusive because it forces someone’s phone to, in essence, “answer” to law enforcement by providing its current location.

The government tried to argue that real-time pings were no different than observing a driver on a public road… apparently because law enforcement performed the stop on a public road. The court finds this argument ridiculous.

We do not disagree that an individual has no reasonable expectation of privacy in his movements on a public road and, thus, law enforcement may constitutionally observe those movements. But at issue in this case is not the observation of Reed’s movements on a roadway or the traffic stop performed on Reed’s vehicle but the acquisition of Reed’s CSLI that enabled officers to conduct a dragnet to intercept Reed’s vehicle. At the time police pinged Reed’s cell phone, Reed was not under visual police surveillance. Instead, the only reason police were able to locate and surveil Reed on a roadway was as a result of their acquisition of Reed’s CSLI. It is the constitutionality of the acquisition of Reed’s CSLI, not of his traffic stop, that we consider today. As such, we regard Knotts as inapplicable in this case. We find that a person’s reasonable expectation of privacy in his CSLI is unaffected by his or his cell phone’s physical location at the time the CSLI is generated or acquired by police.

Furthermore, the court says, giving the government’s other argument (that the third party doctrine is engaged just because a cell user has granted permission for third parties to gather data) credence would allow widespread abuse of third parties to bypass the Fourth Amendment.

Permitting application of the third-party doctrine to real-time CSLI would drastically alter the landscape of digital privacy. By the same logic offered by the Commonwealth, law enforcement could contact application developers whose applications are authorized to use the camera and microphone on a cell phone. Law enforcement could then, via those application developers, commandeer the cell phone as a photo, video, and audio surveillance device, simply because the cell phone’s owner granted authorization to those applications.

The government loses its evidence (again) and the case returns to the trial court where prosecutors can try to put the suspect behind bars, but without the benefit of the CSLI info or evidence derived from the traffic stop that followed the warrantless pings. . ."

Filed Under: , , , , , , ,  

==============================================

RELATED

How the Federal Government Buys Our Cell Phone Location Data

An animated image showing location pins dropping onto a street map from above, tracing several paths

DEEPLINKS BLOG
June 13, 2022

"Over the past few years, data brokers and federal military, intelligence, and law enforcement agencies have formed a vast, secretive partnership to surveil the movements of millions of people. Many of the mobile apps on our cell phones track our movements with great precision and frequency. Data brokers harvest our location data from the app developers, and then sell it to these agencies. Once in government hands, the data is used by the military to spy on people overseas, by ICE to monitor people in and around the U.S., and by criminal investigators like the FBI and Secret Service. This post will draw on recent research and reporting to explain how this surveillance partnership works, why is it alarming, and what can we do about it.

Where does the data come from?

Weather apps, navigation apps, coupon apps, and “family safety” apps often request location access in order to enable key features. But once an app has location access, it typically has free rein to share that access with just about anyone.

That’s where the location data broker industry comes in. Data brokers entice app developers with cash-for-data deals, often paying per user for direct access to their device. Developers can add bits of code called “software development kits,” or SDKs, from location brokers into their apps. Once installed, a broker’s SDK is able to gather data whenever the app itself has access to it: sometimes, that means access to location data whenever the app is open. In other cases, it means “background” access to data whenever the phone is on, even if the app is closed...

 

[    ]

Who sells location data? 

Dozens of companies make billions of dollars selling location data on the private market. Most of the clients are the usual suspects in the data trade—marketing firms, hedge funds, real estate companies, and other data brokers. Thanks to lackluster regulation, both the ways personal data flows between private companies and the ways it’s used there are exceedingly difficult to trace. The companies involved usually insist that the data about where people live, sleep, gather, worship, and protest is used for strictly benign purposes, like deciding where to build a Starbucks or serving targeted ads. 

But a handful of companies sell to a more action-oriented clientele: federal law enforcement, the military, intelligence agencies, and defense contractors. Over the past few years, a cadre of journalists have gradually uncovered details about the clandestine purchase of location data by agencies with the power to imprison or kill, and the intensely secretive companies who sell it.

A flow chart showing how location data travels from a person's phone to federal government agencies. It summarizes the information in the next section about how Venntel and Babel Street sell to federal agencies.

This chart illustrates the flow of location data from apps to agencies via two of the most prominent government-facing brokers: Venntel and Babel Street.

The vendor we know the most about is Venntel, a subsidiary of the commercial agency Gravy Analytics. Its current and former clients in the US government include, at a minimum, the IRS, the DHS and its subsidiaries ICE and CBP, the DEA, and the FBI. Gravy Analytics does not embed SDKs directly into apps; rather, it acquires all of its data indirectly through other data brokers. 

 

Continue reading >> https://www.eff.org/deeplinks/2022/06/how-federal-government-buys-our-cell-phone-location-data

 

If you liked this post, you may also be interested in...

No comments: