If you’re in the U.S. and concerned about data privacy, you can now breathe a sigh of relief. The nation’s highest court ruled last week that cellphone location data is protected by the 4th Amendment of the U.S. Constitution.

In the 5-4 decision, the court ruled that police must obtain a valid search warrant before obtaining location data on a suspect from cellular carriers. So, you do have some expectation of privacy while using your phone, despite the objections of law enforcement.

Origin of the Data Privacy Case

The case was brought by Michigan man, Timothy Carpenter, who was convicted of a string of robberies at both Radio Shack and T-Mobile stores. FBI agents obtained several months of location data from Carpenter’s cellular carrier, thus proving he was in the vicinity of each robbery. This piece of evidence was key in his conviction, but Carpenter’s lawyers appealed on the grounds that law enforcement didn’t get a warrant for the location data. As a result, they argued that the evidence and conviction should be thrown out.

Lower courts ruled against Carpenter, arguing that people have no reasonable expectation of privacy in their location data because they voluntarily submit it to 3rd parties (wireless service providers) and so no warrant is necessary.

The high court disagreed, however, stating:

Given the unique nature of cell phone location records, the fact that the information is held by a 3rd party does not by itself overcome the user’s claim to 4th Amendment protection… we hold that an individual maintains a legitimate expectation of privacy in the record of his physical movements as captured through CSLI. The location information obtained from Carpenter’s wireless carriers was the product of a search.

 For context: As you go about your everyday life, your mobile phone regularly connects to the nearest cell tower – when you make calls, check your email, or look something up on the web; when an app running in the background makes a connection that you didn’t initiate; and every few minutes just to tell the cell tower, “Here I am, if you need to find me to send messages or connect calls.”

Data Privacy Regarding Cellphone Companies

Some cellphone companies record the date, time and which tower your phone connected to for every one of those contacts; other companies track everything except the “Here I am” check-ins. Either way, your cell company has stored in its databases an elaborate record of what cell towers your phone connected to and when, covering 24 hours a day, 365 days a year. The cell companies retain that information for as long as 5 years. It’s more than enough data to reconstruct where you were – or rather, where your phone was – anytime in that 5-year period. It can pinpoint a physical location pretty closely within a city, and within a couple of miles in a rural area.

The question before the Supreme Court in this case, Carpenter v. United States, was how hard it should be for police to get that information from a cellphone company.

Exactly what this ruling means for privacy in the internet age remains to be seen – and litigated in future cases. These days, people’s most private information doesn’t reside on pieces of paper locked in office or home desk drawers; it lives on internet servers operated by private companies. The federal government has claimed sweeping power to get documents and emails from those companies without a warrant.

The Carpenter ruling has made clear that, at least some of the time, a warrant is needed. The 4th Amendment was designed, the court explained, “to place obstacles in the way of a too permeating police surveillance.” That means that it can’t merely protect people’s physical homes from search. Sometimes it also limits the government’s ability to demand personal information in the hands of 3rd parties.

To be continued…