By Gabrielle Mainiero
Over the past decade, the Supreme Judicial Court (“SJC”) has grappled with the evolving contours of constitutional privacy rights in our digital age. As modern technology continues to advance, Fourth Amendment jurisprudence has struggled to keep up. Maintaining constitutional protections against unreasonable government searches and seizures has proved challenging where personal devices like cell phones—which contain a quality and quantity of digital surveillance and personal data beyond what the framers could have ever imagined—are on our person, recording our locations, at virtually all times.
In the Spring of 2022, the SJC decided a novel issue involving cell phone location information in Commonwealth v. Perry, 489 Mass. 436 (2022). In an effort to identify an individual suspect, the government sought the data of tens of thousands of cell phone users. While reaffirming that individuals have a reasonable expectation of privacy in their location data, the Court also held that broad searches sweeping thousands of innocent individuals onto the government’s radar are not necessarily so general as to be unconstitutional.
In 2018, law enforcement officials investigated a string of armed robberies, one of which resulted in a homicide. Law enforcement believed that the same individual was ultimately responsible. Investigators aimed to narrow in on a suspect by seeking two search warrants for a series of “tower dumps”—voluminous records maintained by cellular network providers which contain the historical cell site location information (“CSLI”) for all cell phone users in the vicinity of the crimes during the relevant time periods. While the CSLI records requested only totaled three cumulative hours of data, they contained glimpses into the locations of over 50,000 unique cell phone users for a time period spanning seven separate days over the course of five weeks.
Typically, the government seeks a warrant for the targeted, individualized CSLI data of a known, single suspect. In Perry, by contrast, the government sought to obtain the CSLI data of every individual who connected to cell towers near the scenes of the crimes. After cross-referencing the data from each tower dump, police discovered that Jerron Perry’s phone number appeared in at least two of the tower dumps. He was eventually indicted in 2019 on a number of charges including one count of first-degree murder and multiple counts of masked armed robbery.
In advance of trial, Perry moved to suppress the evidence derived from the tower dumps as the fruits of an unconstitutional search. He argued that search warrants seeking CSLI data from tower dumps, as opposed to the targeted CSLI data of an individual suspect, are general warrants, and therefore per se unconstitutional. He also argued that the underlying search warrants were not supported by probable cause.
What is CSLI?
When a cell phone is turned on, it registers its location with nearby “cell cites” or “cell towers” every seven seconds. Commonwealth v. Estabrook, 472 Mass 852, 858 n.12 (2015). When a cell phone user sends or receives a phone call or text message, their phone must connect with a nearby cell tower to do so. Perry at 438. This connection generates a time-stamped record known as Cell Site Location Information (“CSLI”), which contains the precise location of the cell tower as well as the specific sectors that provided service to the cell phone user. Id. at 438-39. With varying degrees of accuracy and specificity, this information can be used to triangulate a user’s general location, allowing a cell phone to function much like a GPS tracker. Id.
Prior to 2014 in Massachusetts, the government typically obtained CSLI data without a warrant pursuant to 18 U.S.C., § 2703(d) of the Federal Stored Communications Act. To obtain a § 2703(d) warrant, the government must essentially meet a reasonable suspicion standard, providing “specific and articulable facts showing that there are reasonable grounds to believe that the contents . . . are relevant and material to an ongoing criminal investigation.” [18 U.S.C., § 2703(d)]. However, as CSLI data became an increasingly powerful tool for law enforcement agencies, privacy experts became concerned about the right to privacy in the whole of one’s movements and demanded that the government meet a more stringent standard before accessing this kind of data. As a result, the courts have heard a number of cases concerning the growing threat that cell phone location data poses to individual privacy rights in a society where we rely on cell phones to participate in everyday life. A series of landmark decisions established that cell phone users have a reasonable expectation of privacy in their CSLI data, and therefore, a warrant supported by probable cause must be issued before law enforcement may gain access to six or more hours of such data. Carpenter v. United States, 138 S. Ct. 2206 (2018); Commonwealth v. Perry, 489 Mass. 436 (2022); Commonwealth v. Estabrook, 472 Mass 852 (2015); Commonwealth v. Augustine, 467 Mass. 230 (2014).
In Perry, the SJC held that the tower dumps intruded upon the defendant’s reasonable expectation of privacy, and therefore constituted a search under Article 14 of the Massachusetts Declaration of Rights. Tower dumps, unlike targeted CSLI data, provide the historical location data for all cell phone users connected to specific cell towers—in this case, over 50,000 individuals. Among those tens of thousands of individuals was the defendant—an individual otherwise unknown to investigators.
When the government engages in data collection as a form of long-term surveillance, as it did in Perry, its actions must be analyzed in the aggregate. This Fourth Amendment framework, known as the “mosaic theory,” acknowledges that discrete acts of surveillance may, in totality, impermissibly intrude upon our constitutionally protected privacy rights.
CSLI data allows for an individual’s location to be tracked in constitutionally protected areas such as the home or a place of worship. It allows for the identification of both individual cell phone users and the users with whom they communicate, thereby revealing private associations to the government. The data can then be used in the aggregate to piece together broader patterns of private behaviors and practices. Further, CSLI data provides law enforcement with information that would otherwise be unknowable, as it would be impossible for police to obtain the quantity and quality of information provided by tower dumps using traditional law enforcement techniques. Perry at 452.
Moreover, prior to Perry, the Commonwealth did not need a probable cause warrant for CSLI data spanning less than six hours. Commonwealth v. Estabrook, supra. However, the tower dumps in Perry, despite producing only three cumulative hours of CSLI data, were not protected by this “safe harbor rule.” Estabrook, the Court clarified, imagined a rule exempting six continuous hours of data collection, and was thus inapplicable where the government obtained data in small increments over a longer period of time.
The SJC disagreed, however, that the search warrants for tower dumps were akin to general warrants, and as such, were per se unconstitutional. A search warrant must describe with particularity the places to be searched and items to be seized. Perry argued that while targeted CSLI data for an individual may be constitutionally permissible, warrants for tower dumps—which expose the data of individuals not otherwise suspected of any crime or wrongdoing—necessarily lack the particularity required to pass constitutional muster. In this instance, the warrants allowed the government to comb through the data of over 50,000 innocent individuals for which they did not have probable cause to search—a practice antithetical to basic Fourth Amendment principles.
The SJC was unpersuaded, finding that because the warrants in question authorized the further analysis of only a narrow subset of the CSLI data—those phone numbers appearing in two or more tower dumps—they were sufficiently particular and thus properly limited in scope.
To protect against further privacy intrusions, the SJC announced a prospective rule. In the future, the government must obtain a search warrant from a judge before acquiring a series of tower dumps and, also, that judge must be assured that there exist protocols for the prompt and permanent disposal of any and all data of uninvolved persons at the conclusion of the case. Perry at 463-64.
Questions remain as to how this decision will impact law enforcement’s continued access to, and use of, ever expanding surveillance technologies.
Consider for instance the government’s growing reliance on reverse keyword search warrants—orders permitting companies like Google to comb through their databases containing the search histories of billions of unique individuals in order to identify devices used to search key words or phrases deemed relevant to a criminal investigation. Broad law enforcement requests for information on individuals who searched the address of a crime scene or the name of a victim have been allowed in Colorado, Minnesota, Texas, and Wisconsin. Thomas Brewster, Government Secretly Orders google to Identify Anyone Who Searched A Sexual Assault victim’s Name, Address Or Telephone Number, Forbes, (October 4, 2021), https://www.forbes.com/sites/thomasbrewster/2021/10/04/google-keyword-warrants-give-us-government-data-on-search-users/ . These warrants, like those in Perry, seek to obtain the data of enormous groups of people in order to find a suspect, rather than pursuing the targeted data of an already identified individual.
Importantly, the privacy implications at issue extend to conduct beyond that which is criminalized. Consider the ways in which broad keyword warrants may be used to implicate anyone seeking information about an abortion—rather than just those individuals accessing or providing services in states where abortion is criminalized. Consider further a routine investigation into a hate crime or the illegal purchase of a firearm. Rather than identifying a suspect, and obtaining a warrant for that individual’s internet search history, law enforcement officers may be permitted to obtain information on any individual who searched terms like “mosque near me” or “where can I buy a gun?” These digital dragnet searches threaten to sweep increasingly large numbers of innocent individuals into the purview of criminal investigations based upon non-criminal—if not entirely innocuous—internet searches.
While the Perry decision advanced privacy rights by strengthening certain protections around our digital data, it leaves open the question of just how far the government can go in searching the private data of innocent individuals in the hopes of developing a suspect. Without a doubt, the Court will continue to face challenges to the government’s ever-expanding use of surveillance technologies and the growing threat of general warrants resurfacing in our modern digital age.
Gabrielle Mainiero is an associate at Swomley & Tennen, LLP, a law firm focusing on criminal defense and civil rights litigation. Her practice primarily involves representing clients facing criminal charges in the district and superior courts. Eric Tennen, who litigated this case at the SJC, provided invaluable insight and guidance to this article.