by Mason Kortz and Christopher Bavitz
Legal Analysis
Introduction
In 2014, the Supreme Judicial Court of Massachusetts ruled in Commmonwealth v. Augustine, 467 Mass. 230 (2014) that, under the Massachusetts Declaration of Rights, police must obtain a warrant in order to access cell phone records that can reveal a single person’s location over an extended period of time. Last year, the United States Supreme Court reached the same conclusion under the Fourth Amendment in Carpenter v. United States,138 S. Ct. 2206 (2018). However, neither decision addressed the practice of so-called “tower dumps,” which involve access to a different type of location information–namely, the identity of all cell phones that were in a particular location at a particular time. This article addresses law enforcement use of tower dumps, providing a technical description, an examination of current law, and some thoughts on trends in widescale data collection efforts
Technical Overview: What Are Cell Tower Dumps?
A cellular network is composed of numerous fixed-location cell towers or “cell sites,” each of which covers three or more directional “sectors.” Whenever a cell phone sends or receives data over a cellular network, it connects to one of these cell sites. The network continually tracks which phones are connected to which sites and sectors at any given time. This information — called cell site location information or CSLI — can be logged by the cellular service provider and stored, in some cases for multiple years. Depending on the density of the cellular network in a particular location, CSLI can be used to track a phone’s location with precision varying from a few miles down to a single city block. Newer cellular technologies allow for even greater detail.
The historical CSLI at issue in Augustine and Carpenter could be defined as information on all of the cell sites that a particular device had connected to over a particular interval. The Supreme Court in Carpenter defined a cell tower dump, on the other hand, as “information on all the devices that connected to a particular cell site during a particular interval.” Carpenter, 138 S. Ct. at 2220. The following examples highlight the distinction between the historical CSLI (Scenario A) and tower dumps (Scenario B):
- SCENARIO A — Police are investigating a crime that took place between November 15 and 19, 2018. Officers have probable cause to believe Smith committed the crime. Smith claims to have been nowhere near the scene of that crime, but officers question his alibi based on eyewitness testimony and other evidence. Officers seek a warrant that would require Smith’s cell phone provider to turn over CSLI indicating the location of Smith’s phone between November 15th and 19th.
- SCENARIO B — Police are investigating a crime that took place at 2:00 pm on November 19, 2018 in the 100-block of Main Street. Officers have no indication as to the identity of the perpetrator. Officers seek warrants that require cellular service providers with towers in the area to turn over CSLI for all cell phones that contacted towers near 123 Main Street between 1:50 pm and 2:10 pm on November 19th.
A tower dump, by its nature, involves access to more users’ data than historical CSLI does; indeed, one federal district court has noted that “[a]ny order authorizing a cell tower dump is likely to affect at least hundreds of individuals’ privacy interests.” In the Matters of the Search of Cellular Telephone Towers, 945 F. Supp. 2d 769, 770 (S.D. Tex. 2013). That said, a typical tower dump is confined in the sense that it covers both a small area and a relatively short time period — often a few hours or even a few minutes. Thus, a tower dump reveals less about any given individual’s movements over a period of time than does historical CSLI.
Current State of the Law
The primary legal question concerning cell tower dumps is whether they require a warrant or, alternatively, can be obtained under the Stored Communications Act (“SCA”), 18 U.S.C. § 2703(d). If the warrant requirement applies, the government would need to show probable cause in order to obtain a tower dump. Section 2703(d) of the SCA, on the other hand, requires only “specific and articulable facts showing that there are reasonable grounds to believe that the contents of [the cell tower dump] are relevant and material to an ongoing criminal investigation.”
Proponents of the warrant requirement argue that individuals have a reasonable expectation of privacy in their location information and that cell tower dumps therefore fall within the ambit of the Fourth Amendment. Alternatively, they argue that even if cell tower dumps do not infringe on any one person’s privacy, the sheer number of data points collected with each dump constitute “dragnet surveillance,” which the Supreme Court has suggested may be unlawful.
The majority of courts to consider the question have rejected these arguments and held that a warrant is not required to obtain a cell tower dump. Many of these decisions rely on the third-party doctrine, which provides that an individual has no legitimate privacy interest — and, therefore, no Fourth Amendment protection — in information that he/she voluntarily discloses to a third party (in this case, that person’s cell phone service provider). Such courts have also noted that, although cell tower dumps collect information about a large number of subscribers, they often cover relatively limited time periods.
On the other hand, at least one United States Magistrate Judge has held that cell tower dumps implicate the Fourth Amendment and therefore require a warrant. See In re United States ex rel. Order Pursuant to 18 U.S.C. Section 2703(d), 930 F. Supp. 2d 698 (S.D. Tex. 2012) (denying § 2703(d) application to obtain tower dump, holding that warrant is required). The court expressly relied on an order extending Fourth Amendment protections to historical CSLI, a decision later reversed by the Fifth Circuit. By its nature, a cell tower dump includes information that turns out not to be relevant to the investigation in question, and the Magistrate Judge was concerned that the government had made no plans for how to handle or dispose of that information. Thus, the court declined to approve an application for a cell tower dump until both (a) it was supported by probable cause; and (b) the government presented a protocol for minimizing the intrusion into the privacy of technological bystanders.
Looking Ahead: Developments Post-Carpenter
Although the Court in Carpenter did not reach the question of cell tower dumps, its decision will certainly have an impact on this evolving body of law. In holding that a warrant is not required to obtain cell tower dumps, many lower courts have expressly relied on appellate decisions permitting warrantless access to historical CSLI. Carpenter has now abrogated those decisions. Historical CSLI and tower dumps raise different privacy concerns, though, so lower courts applying Carpenter and Augustine to tower dumps will still need to engage in an independent analysis of whether the information the government seeks would invade individuals’ reasonable expectations of privacy.
Carpenter set forth two important holdings. First, it limited the application of the third-party doctrine to historical CSLI on the grounds that the pervasiveness of cell phones (and the essentially invisible way in which they generate location information) rendered any disclosure of CLSI effectively non-voluntary. The application of this holding to tower dumps should be straightforward: because tower dump CSLI and historical CSLI are generated in the same fashion, it stands to reason that the third-party doctrine does not apply to either one.
Second, Carpenter made clear that the collection of seven days of historical CSLI infringes on a cell phone user’s reasonable expectation of privacy and, absent exceptional circumstances, requires a warrant. The application of this holding to cell tower dumps is less certain. While tower dumps implicate the privacy of far more people than access to historical CSLI does, they are arguably less invasive at the individual level. The Court in Carpenter declined to state whether there is some lower limit to the collection of CSLI below which a warrant is not required. The SJC in Augustine did reach this question, setting the limit at six hours of CSLI. However, the SJC was presumably thinking of six hours CSLI for a single person–not six hours of CSLI for everyone whose cell phone passed by a specific location in that time period. Thus, the analogy between historical CSLI and tower dump CSLI is imperfect.
Finally, because the Court in Carpenter did not address tower dumps, it did not reach the question of what to do with hundreds, perhaps thousands, of innocent bystanders’ location information. Regardless of whether the warrant requirement applies, future courts that address the question of cell tower dumps will need to consider how to craft — or ensure that government entities requesting CSLI craft — mechanisms to minimize potential privacy harms caused by these broad and far-ranging requests.
Warrantless tower dumps, widely approved up until recently, are now on uncertain footing. Tower dumps that cover more than a few hours without a warrant are questionable under Carpenter and almost certainly unlawful in Massachusetts under Augustine. Even narrower tower dumps raise questions due to the number of people affected, although courts may focus more on minimizing harm through search protocols than on the warrant requirement. Courts and practitioners should also keep in mind that, as both the Supreme Court and the SJC observed, the granularity and precision of CSLI continues to increase dramatically as new network technologies are rolled out. The arguments that prevailed in Carpenter and Augustine are likely to become even more compelling as the relevant technologies continue to evolve.
Mason Kortz is a Clinical Instructor at the Harvard Law School Cyberlaw Clinic, part of the Berkman Klein Center for Internet & Society. His areas of practice include electronic search and seizure, online speech and privacy, open records and government transparency, and the law of artificial intelligence.
Christopher Bavitz is the WilmerHale Clinical Professor of Law at Harvard Law School, Managing Director of the Law School’s Cyberlaw Clinic, and a faculty co-director of the Berkman Klein Center for Internet & Society.