Privacy advocates aren’t the only ones celebrating Friday’s watershed Supreme Court ruling on cell-phone tracking.
By blowing a hole in a long-standing legal doctrine previously exempting personal information turned over to third parties from Fourth Amendment protections, experts say, the Court’s decision in Carpenter v. United States has made it easier for tech companies to allay the growing anxiety over cutting-edge products that exploit sensitive consumer data.
Internet-connected devices, connected cars, and wearable gadgets already collect enormous amounts of sensitive information on their users. But Carpenter gives cover for companies developing those devices—along with other emerging technologies that are conceivably more intrusive—to innovate with fewer fears of granting the government an unfettered look into the lives of their customers.
“It will increase consumer confidence [and] investor confidence in moving forward in these technologies,” said Daniel Castro, the vice president of the Information Technology and Innovation Foundation, a Washington-based technology think tank.
And for those tech firms seeking to brand themselves as guardians of their users’ privacy, Carpenter is expected to provide them with additional ammunition to challenge law-enforcement demands for consumer data.
“It’s certainly a helpful holding for companies that want to push back against government requests that fall short of a warrant, that want to be able to make and uphold promises with their consumers that they’ll only comply with lawful law-enforcement requests that meet a certain standard,” said Natasha Duarte, a policy analyst with the Center for Democracy & Technology. “This should embolden companies to push back.”
The Carpenter decision is narrowly focused on limiting the government’s warrantless access to the long-term geolocation data collected by wireless carriers through their customers’ cell phones. But to reach that ruling, the justices had to challenge the long-established “third-party doctrine,” a legal principle developed in the 1970s that allowed the government to request any personal information that a suspect voluntarily shared with a wireless carrier or another third party.
Nathan Freed Wessler, the American Civil Liberties Union lawyer who successfully argued the Carpenter case, believes the new hole torn in the third-party doctrine will have a significant downstream affect on privacy cases concerning other types of technology.
“The larger precedential impact of today’s opinion is to make clear that the so-called third party doctrine is not an on-off switch,” Wessler told reporters on Friday. “The mere fact that a company has this data in their secure servers, instead of a person [having] it in their filing cabinet, doesn’t cut off your Fourth Amendment rights.”
While not all information collected by third parties is considered as sensitive as cell-phone geolocation data, some experts believe other devices may eventually fall under the Court’s new interpretation and also be exempted from warrantless access by law enforcement.
That includes smart thermostats that could reveal when users are home, vehicle sensors that track miles traveled for tax purposes, and health care wearables that traffic in sensitive health data. But it could one day include devices that are implanted into a user’s body or brain, transmitting highly precise location data back to corporate servers or even granting insight into a user’s thoughts and feelings.
Bijan Madhani, the senior policy counsel at the Computer & Communications Industry Association, said tech companies would have had a tougher time developing and marketing those technologies if the Court had failed to find some limits on the government’s power to examine those kinds of personal data.
“I think security and trust are so important for users in terms of whether they make purchases and whether they engage with connected services,” said Madhani, whose organization counts Facebook, Amazon, and Google among its members. Madhani added that he’s “optimistic” the Carpenter decision will “encourage users to trust these devices a little bit more.”
Privacy advocates largely agree that Friday’s decision benefits firms on the cutting edge of data-scraping technologies.
“It’s true that it sort of puts an additional arrow in the quiver of developers who are developing for an increasingly very privacy-conscious public,” said Rachel Levinson-Waldman, the senior counsel to the Brennan Center’s Liberty and National Security Program. “They could say, ‘Look, our technology is going to collect a lot of information about where you are, but now you have some sort of peace of mind that the government won’t be able to get it without a warrant.’”
But, Levinson-Waldman added, that kind of messaging is “probably a little self-serving from the developers, because what it doesn’t address is how the companies themselves are going to use that information.”
While concerns over data privacy continue to escalate, scandals like the one that engulfed Facebook earlier this year show that worries over corporate data collection and misuse are at least as intense as any anxiety over government snooping.
“I think a privacy-conscious public will still need to be skeptical of what the companies themselves are doing with the information in terms of selling them to each other, even if there is a little bit higher hurdle now for the government getting it,” Levinson-Waldman said.