EPIC v. DOJ (CSLI Section 2703(d) Orders)

Top News

  • Report Details EU States' Use of Automated Decision-Making During Pandemic: In a report released this week, AlgorithmWatch analyzed how 16 countries throughout the European Union have adopted automated decision-making tools in response to the COVID-19 pandemic. Deployment of these tools is widespread across the EU, including voluntary exposure notification apps, a mandatory app recently greenlit by Slovenian government, and an app used in Poland and Hungary that relies on geolocation and face surveillance to enforce quarantine rules. The report notes that the effectiveness of automated contract tracing "lack[s] hard evidence . . . even months after the first deployments." EPIC has published recommendations on preserving privacy during the pandemic and has called on Congress to establish privacy safeguards for digital contact tracing. (Sep. 2, 2020)
  • Unsealed Documents: Google Employees Knew Location Privacy Settings Were Misleading: Documents recently disclosed in Arizona's consumer protection lawsuit against Google show that the company's employees admitted Google's location privacy settings were "confusing" and potentially misleading. The suit, brought by Arizona Attorney General Mark Brnovich, alleges that Google violated the Arizona Consumer Fraud Act by collecting and storing location data on mobile devices—even after users believed they had turned off location tracking. A newly-unsealed version of Arizona's complaint reveals that Google employees knew the interface was "[d]efinitely confusing from a user point of view[.]" One employee wrote that Google's interface "feels like it is designed to make things possible, yet difficult enough that people won't figure it out." In July, twenty-seven members of EPIC's advisory board signed a letter urging the court to reject Google's efforts to delay a decision on unsealing the documents. In 2018, EPIC told to the Federal Trade Commission that Google's surreptitious tracking of user location data violated the FTC's 2011 Google consent order. The 2011 settlement with Google followed a detailed complaint brought by EPIC and a coalition of consumer organizations. (Sep. 1, 2020)
  • More top news

  • D.C. Circuit Reverses District Court Ruling on Unsealing Electronic Surveillance Records + (Jul. 13, 2020)
    Last week, the D.C. Circuit reversed a lower court decision and ruled that electronic surveillance records in closed federal investigations are subject to public access. Investigative journalist Jason Leopold and the Reporters Committee for Freedom of the Press litigated for years to unseal electronic surveillance records that allow law enforcement to collect different types of electronic information for surveillance, including metadata about a telephone subscriber's activity or cell site location information. The lower court incorrectly determined that administrative burden to providing public access to these seal records was enough to justify the interminable sealing of these records. But the D.C. Circuit reversed the lower court's decision stating "although administrative burden is relevant to how and when documents are released, it does not justify precluding release forever...Production may be time-consuming, but time-consuming is not the same thing as impossible." The D.C. Circuit noted that providing public access to judicial records like the electronic surveillance records at issue "is a fundamental element of the rule of law" and "is the duty and responsibility of the Judicial Branch." EPIC is currently litigating a case against the Department of Justice seeking the public release of information about the agency's collection of cell site location information through "§ 2703(d) orders" and warrants. The case is EPIC v. DOJ, No. 18-1814 (D.D.C.)
  • EPIC Obtains Records about Utah's Contact Tracing App; State Hasn't Conducted Privacy Audit of App + (May. 29, 2020)
    Through a Freedom of Information request, EPIC has obtained records concerning Utah’s "Healthy Together” COVID-19 app. The documents include a presentation from Twenty Holdings, Inc., the company that developed the app, and include details of its development. The records reveal that “[o]nce the economy resumes normalcy, the App will continue to provide the mechanism to monitor any emerging risks.” It has been reported that Twenty hopes to sell the app and app back end to other states and private companies. The developers of the app plan to integrate the Apple/Google API when it is available. The app current methodology relies on collated location data from all users, rather than decentralized proximity tracking. The Utah Governor’s Office of Management and Budget found no records of any audits or independent privacy assessments of the contact tracing app. EPIC has called on Congress to ensure that government agencies and private companies establish privacy safeguards for digital contact tracing. But without audits and independent privacy assessments, contact tracing apps like Healthy Together cannot be "robust, scalable, and provable."
  • Senator Markey Says Contact Tracing Plans Must Protect Privacy + (Apr. 22, 2020)
    Senator Edward Markey [D-MA] has outlined nine key principles to guide federal leadership on coronavirus contact tracing in the United States. In a letter sent today to the White House Coronavirus Task Force, Senator Markey urged the administration to design and implement a comprehensive coronavirus contact tracing plan with key privacy safeguards. In a statement to the Senate and House Commerce Committees last week, EPIC said it is "essential that government agencies and private companies implement standards that safeguard privacy." EPIC's letter followed a proposal from Apple and Google for a contact tracing app to "combat the spread of the novel coronavirus." EPIC cited public health officials in support of data protection and human rights. For digital contact tracing techniques, EPIC recommended that "(1) participation should be lawful and voluntary; (2) there should be minimal collection of personally identifiable information; (3) the system should be robust, scalable, and provable; and (4) the system should only be operated during the pandemic emergency."
  • DOJ Responds to EPIC FOIA on Location Data + (Apr. 3, 2020)
    In response to EPIC's Freedom of Information Act request to the Justice Department for information about the use of location data, including cell phone records, to counter the pandemic the DOJ wrote there are no "responsive records." EPIC had asked for "all legal memos, analysis, communications, and guidance documents, in the possession of the Department of Justice, concerning the collection or use of GPS data and cell phone location data for public health surveillance." The DOJ forwarded EPIC's request to its Office of Legal Counsel to see if responsive records exist in that office. EPIC will continue to seek information about the DOJ's views on the use of location data, and particularly phone records. After 9-11, the Justice Department supported the warrantless surveillance of Americans, a program that was later terminated after the New York Times broke the story, and EPIC pursued a FOIA lawsuit and then a Supreme Court petition.
  • European Commission Seeks Anonymized Location Data, Citing Coronavirus + (Mar. 27, 2020)
    The European Commission has reportedly asked telecom companies to turn over anonymized cell phone location data, citing a need to track the spread of the novel coronavirus. The planned transfer would give the Commission access to location information and other data from hundreds of millions of cell phone users. European Data Protection Supervisor Wojciech Wiewiórowski, responding to the proposal, warned that “effective anonymisation requires more than simply removing obvious identifiers” and called on the Commission to “clearly define the dataset it wants to obtain and ensure transparency towards the public.” The European Data Protection Board explained that any use of location data in connection with the coronavirus must be “strictly limited to the duration of the emergency at hand” and “in accordance with the Charter of Fundamental Rights and the European Convention for the Protection of Human Rights and Fundamental Freedoms.” EPIC recently submitted a Freedom of Information Act request to the U.S. Department of Justice seeking legal analysis concerning the collection and use of GPS and cell phone location data for public health surveillance.
  • EPIC Seeks Records About Lawfulness of Use of Location Data for Public Health Surveillance + (Mar. 24, 2020)
    EPIC has submitted a Freedom of Information Act request to the Department of Justice seeking legal analysis concerning the collection and use of GPS and cell phone location data for public health surveillance. EPIC explained "The Department of Justice plays a key role advising the President regarding the lawfulness of proposed activities, and particularly the proposed expansion of government authorities during a time of national crisis." EPIC wrote, "If the Department of Justice is considering the use of cell phone data to address the public health crisis, it should first consider whether the use is lawful and that analysis should be made available to the public." EPIC pursued a FOIA lawsuit during the Bush Administration, EPIC v. DOJ, for the legal memos concerning the warrantless wiretapping program that was later repealed by Congress.
  • EPIC Seeks Records About White House Plan to Use Cellphone Data for Coronavirus Tracking + (Mar. 24, 2020)
    EPIC has submitted a Freedom of Information Act request to the Office of Science and Technology Policy seeking information about the White House plan to use cell phone location data for public health surveillance. According to news reports, the White House has sought the assistance of large tech companies including Facebook, Apple, and Google, to use cell phone location data. It is not clear at this time whether the U.S. program is lawful or how the data will be used. EPIC has asked the OSTP to provide "all policies, proposals, and guidance documents for the collection of cell phone location data in connection with the coronavirus" and also "any privacy assessments, including but not limited to privacy threshold assessments and privacy impact assessments, related to the collection of cell phone location data in connection with the coronavirus."
  • Government Considers Location Data to Track Coronavirus + (Mar. 19, 2020)
    According to the Washington Post, the U.S. Government is in active discussions with tech companies about tracking telephone customers to monitor the spread of the coronavirus. Cellphone data is currently protected under federal privacy law. In the Carpenter case, the Supreme Court made clear that government access to location information implicates the Fourth Amendment. EPIC has long advocated for protection of location privacy. EPIC pursued a lawsuit against a mobile app company that led to greater protection of users' location data. EPIC also successfully petitioned the FCC to safeguard sensitive data collected by phone companies. The FCC recently announced fines against T-Mobile, AT&T, Verizon, and Sprint for selling customers' location information.
  • FCC Proposes Fines for Wireless Location Data Violations + (Feb. 28, 2020)
    Today the FCC announced proposed fines against T-Mobile, AT&T, Verizon, and Sprint for selling customers' location information. FCC Chairman Ajit Pai said: "This FCC will not tolerate phone companies putting Americans' privacy at risk." The companies are given an an opportunity to respond to the FCC before the Commission makes a final decision. EPIC has long advocated for protection of location privacy. EPIC pursued a lawsuit against a mobile app company that led to greater protection of users' location data. EPIC also successfully petitioned the FCC to safeguard sensitive data collected by phone companies. And EPIC filed an amicus brief in Carpenter v. US. The Supreme Court held in that case that the Fourth Amendment protects cell site location information.
  • FCC Announces Enforcement Action on Location Privacy + (Jan. 31, 2020)
    FCC Chairman Pai has announced upcoming enforcement actions against wireless carriers that disclosed subscribers' location data. Last year Members of Congress called an emergency briefing with the FCC and urged the agency to investigate companies that were selling subscribers' location data. EPIC has long advocated for protection of location data. EPIC pursued a lawsuit against a mobile app company that led to greater protection of users' location data. EPIC also successfully petitioned the FCC to safeguard sensitive data collected by phone companies. And EPIC filed a amicus brief in Carpenter v. US. The Supreme Court held in that case that the Fourth Amendment protects cell site location information. EPIC maintains detailed webpages on location privacy.
  • Facebook Admits to Location Tracking, Ignoring Privacy Settings + (Dec. 17, 2019)
    Facebook has admitted that it can determine a user's location even after the user has disabled location services. The statement came in response to a letter from Sens. Josh Hawley (R-Mo.) and Chris Coons (D-Del.). Sen. Hawley tweeted: "There is no opting out. No control over your personal information. That's Big Tech. And that's why Congress needs to take action." The FTC's 2011 consent order with Facebook, followed EPIC's 2009 complaint which established that Facebook ignores user privacy settings. EPIC is challenging the proposed 2019 settlement in part because it does not fix the location tracking problem. A federal court has ordered both Facebook and the FTC to file replies to EPIC. In a related matter, an EPIC case required Accuweather to end surreptitious tracking of users.
  • EPIC Pursues Release of Location Tracking Orders + (Dec. 17, 2019)
    EPIC has moved for summary judgment in EPIC v. DOJ, concerning law enforcement's collection of cell site location data through "§ 2703(d) orders." In Carpenter v. United States, the Supreme Court ruled that these searches were unconstitutional. EPIC filed multiple Freedom of Information Act requests to obtain the government orders issued between 2016 and 2019. However, the DOJ claimed that it "does not track" the information EPIC sought and refused to search for records. EPIC explained to the Court that the DOJ has not satisfied its obligations under the FOIA. EPIC also charged that the agency has engaged in "an unlawful pattern and practice" of refusing to search files even when it could do so. EPIC stated that "This unlawful agency practice impacts EPIC and all other requesters who would seek disclosure of records" at the Department of Justice. The case is EPIC v. DOJ, No, 18-1814 (D.D.C.).
  • Following EPIC Suit, AccuWeather Changes Location Tracking Practices + (Nov. 12, 2019)
    Following a DC consumer protection suit that EPIC filed against AccuWeather in 2018, the company has stopped deceptively gathering users' location data. In its Complaint, EPIC charged that AccuWeather grabbed consumers' location data even when they expressly opted out of location tracking. EPIC also charged that AccuWeather failed to disclose that it transferred location data to advertisers. Now AccuWeather, following EPIC's case, has changed its business practices. Users can decline dvertising and other non-functional uses of their device information, and users can delete the information that AccuWeather collects about their device. EPIC has long advocated for the privacy of location data. EPIC filed a "friend of the court" brief with the US Supreme Court in, Carpenter v. US, a case concerning police surveillance and a complaint with the Federal Trade Commission concerning Uber's tracking of subscribers. EPIC also opposed Apple's tracking of iPhone users. EPIC also maintains detailed webpages on location privacy.
  • EPIC Challenges Justice Department's Refusal to Search for Location Tracking Orders + (Aug. 26, 2019)
    EPIC has filed an amended complaint against the Justice Department, charging that the agency engages in a "pattern and practice" of violating the Freedom of Information Act. Earlier EPIC filed a FOIA lawsuit to compel the DOJ to disclose records about locational surveillance that the Supreme Court ruled was unconstitutional in Carpenter v. United States. EPIC first filed requests in 2017 to obtain copies of government applications to ISPs that require the disclosure of customers communications. After EPIC filed suit in August 2018, the DOJ refused to search for the records and claimed that it "does not track" the surveillance orders. EPIC now alleges that the DOJ has engaged in a pattern and practice that violates the FOIA. Federal agencies are required by law to search for records that are "reasonably described." EPIC wrote "agency's unlawful policy, pattern, and practice of refusing to conduct a search in response to reasonably described FOIA requests such as EPIC's will continue absent intervention by this Court." The case is EPIC v. DOJ, No. 18-1814 (D.D.C.).
  • International Privacy Experts Adopt Recommendations for AI, Location Tracking + (May. 7, 2019)
    The International Working Group on Data Protection has adopted new recommendations for artificial intelligence and location tracking. The Berlin-based Working Group includes data protection authorities who assess emerging privacy challenges. The IWG report "Privacy and Artificial Intelligence" sets out fairness and respect for human rights, oversight, transparency and intelligibility as key elements of AI design and use. The IWG recommendations share several principles with the Universal Guidelines for Artificial Intelligence, proposed by EPIC as the basis for federal legislation and endorsed by more than 250 experts and 60 organizations. The IWG report "Wide Area Location Tracking" addresses large scale collection of location data in devices and applications, and urges limits on the transfer of the data, location tracking switched off by default, and periodic auditing by regulators. EPIC recently provided a comprehensive report for the IWG explaining recent developments in U.S. privacy law and policy.
  • Senate to Consider Nomination of William Barr for Attorney General + (Jan. 14, 2019)
    This week the Senate Judiciary Committee will begin hearings on the nomination of William Barr for Attorney General. In a statement to the Committee, EPIC warned that "Mr. Barr has consistently supported warrantless surveillance of the American people." EPIC pointed to Barr's previous Congressional testimony where he stated that FISA is "too restrictive" and that Americans have no Fourth Amendment right in records held by third parties. EPIC recommended that the Department of Justice work with Congress to update federal wiretap laws after the Supreme Court's decision in Carpenter, improve reporting on surveillance orders, and protect consumers in cases before the Supreme Court.
  • Congress Asks Google, Apple About Smartphone Data Collection + (Jul. 10, 2018)
    Members of the House Energy and Commerce Committee have sent letters to Apple CEO Tim Cook and Alphabet CEO Larry Page seeking information about the data collection capabilities of smartphones. Prompted by recent privacy scandals, the representatives asked Google and Apple whether their devices track users' location even when location services are disabled or record users' private conversations without a "trigger" word. The issue of smartphones and privacy has generated widespread attention following the Supreme Court's landmark ruling in Carpenter v. U.S. that the Fourth Amendment protects location records generated by mobile phones. EPIC recently advised Congress to strengthen privacy protections for mobile location data in response to the Supreme Court's ruling.
  • EPIC Urges Supreme Court to Steer Clear of Warrantless Vehicle Searches + (Nov. 20, 2017)
    EPIC has filed an amicus brief in Byrd v. United States, a case about warrantless searches of rental vehicles. EPIC urged the Supreme Court to recognize that a modern car collects vast troves of personal data. EPIC explained cars today "make little distinction between driver and occupant, those on a rental agreement and those who are not." EPIC pointed to the routine collection of cell phone contents with a Bluetooth connection, data which is stored in the car even after "deletion." EPIC also emphasized that the status of the driver has no bearing on Fourth Amendment privacy interests. The lower court held that because the driver was not an authorized renter, he was not entitled to privacy protection. EPIC has filed extensive comments with the National Highway Traffic Safety Administration, the Federal Trade Commission and the Department of Transportation, and testified before the U.S. Congress regarding the privacy and consumer safety risks posed by connected vehicles. EPIC also routinely participates as amicus curiae in cases before the Supreme Court, such as in United States v. Jones, Riley v. California, and Florida v. Harris.
  • Supreme Court to Hear Two Fourth Amendment Cases + (Sep. 28, 2017)
    The Supreme Court has agreed to review two Fourth Amendment car search cases. In Collins v. Virginia, the Court will decide whether police can search a vehicle parked in the driveway of a private home without first obtaining a warrant. In Byrd v. United States, the Court will decide whether a person driving a rental car loses their expectation of privacy in the vehicle solely because they are not the official driver on the rental agreement. The Court is already set to hear Carpenter v. United States this fall, a major Fourth Amendment case about warrantless searches of cell phone location data. EPIC filed a "friend-of-the-court" brief in that case urging the Court to extend Constitutional protection to cell phone data. EPIC regularly files briefs with the Supreme Court arguing for greater Fourth Amendment protections, including in Utah v. Strieff, Los Angeles v. Patel, and Riley v. California.
  • DC Court: Warrantless Tracking with "Stingray" Violates Fourth Amendment + (Sep. 22, 2017)
    The D.C. Court of Appeals has ruled that warrantless use of a cell-site simulator or "stingray" violates the Fourth Amendment. The court found that Stingray devices enable "officers who possess a person's telephone number to discover that person's precise location remotely and at will." The court held that the use of a Stingray invaded a reasonable expectation of privacy and thus, was a Fourth Amendment search. EPIC recently filed a brief in a U.S. Supreme Court case arguing that warrantless location tracking violates the Fourth Amendment. EPIC has also promoted oversight of Stingrays by law enforcement agencies. An EPIC FOIA lawsuit in 2012 revealed that the FBI was using stingrays without a warrant, and that the FBI provided Stingrays to other law enforcement agencies. EPIC has also filed amicus briefs in federal and states courts arguing that cell phone location data is protected by the Fourth Amendment.
  • EPIC Urges Supreme Court to Apply Constitution to Cell Phone Data + (Aug. 14, 2017)
    EPIC has filed a “friend-of-the-court” brief in Carpenter v. United States concerning the Fourth Amendment and location data. EPIC urged the Supreme Court to reject a 1970s case, Smith v. Maryland (1979), that allows for the warrantless collection of calling data. As EPIC told the Court, that case is from an era “when rotary phones sat on desk tops” and was decided before cell phones and location tracking. EPIC argued that "Cell phones are now as necessary to the life of Americans as they are ubiquitous.” EPIC urged the Court to extend Constitutional protection to cell phone data. Noting that Congress may also pass important privacy laws, EPIC wrote that the Supreme Court “remains the interpreter of the Fourth Amendment in our modern age." EPIC previously argued against warrantless searches of location data in Riley v. California, United States v. Jones, State v. Earls, and Commonwealth v. Connolly.
  • Supreme Court to Hear Case on Privacy of Cell Phone Location Data + (Jun. 5, 2017)
    The U.S. Supreme Court has granted review in Carpenter v. United States, a case concerning the privacy of cell phone location data. At issue is data that can be used to track cell phone users and whether police are required to obtain warrants to conduct these searches. A lower court ruled that the Fourth Amendment does not require officers to get a warrant before they obtain location records from a cell phone provider. In State v. Earls, EPIC successfully argued that a warrant is required under the New Jersey constitution. EPIC will file an amicus in Carpenter supporting the application of the warrant standard to obtain location data.
  • House Committee to Examine Cell Phone Surveillance + (Oct. 21, 2015)
    The House Subcommittee on Information Technology will examine law enforcement use of "Stingrays," a technique for tracking cell phones users. The Department of Justice adopted guidelines that require a warrant before using Stingray devices to track the location of mobile devices. Senators Grassley and Leahy recently asked DHS Secretary Jeh Johnson to adopt a similar policy for DHS. California passed a law requiring a warrant for a Stingray. Documents obtained by EPIC in a FOIA lawsuit revealed the FBI was using the cell-site simulators without a warrant. EPIC also filed amicus briefs in U.S. v. Jones and State v. Earls, arguing that a warrant is required to obtain location information from cell phone subscribers.
  • Appeals Court Upholds Fourth Amendment Protection of Location Data + (Aug. 6, 2015)
    The U.S. Court of Appeals for the Fourth Circuit ruled that the Fourth Amendment protects a cell phone user's location records and that officers must get a warrant to inspect them. The Fourth Circuit is the first federal appeals court to hold that the Fourth Amendment warrant requirement applies to location data following the decision by the Eleventh Circuit earlier this year permitting warrantless searches. The Supreme Court will likely review one of these two cases to resolve the split between federal appeals courts. EPIC has filed amicus curiae briefs in the New Jersey Supreme Court and the Fifth Circuit arguing that the Fourth Amendment protects an individual's location privacy.
  • Federal Court Finds Fourth Amendment Protects Cell Phone Location Data + (Aug. 4, 2015)
    A federal court in California ruled that police must get a warrant before obtaining a user's location records. The court found individuals have a "reasonable expectation of privacy" in their cell phone location data, based on the Supreme Court's recent decisions in United States v. Jones and Riley v. California. These records, the court found, can be even "more invasive" than the "GPS device attached to the defendant's car in Jones." EPIC has filed amicus curiae briefs in the New Jersey Supreme Court and the Fifth Circuit Court of Appeals arguing that the Fourth Amendment protects an individual's locational privacy.
  • In the States: NH Adopts Location Privacy Law + (Jul. 28, 2015)
    New Hampshire has enacted a strong location privacy law that requires a judicial warrant for access to cell phone location data. New Hampshire joins several other states that protect the privacy of cell phone location records, by public law or court decision. EPIC has filed amicus curiae briefs in the U.S. Supreme Court and the Supreme Court of New Jersey arguing that location tracking by the government is a search under the Fourth Amendment and should be conducted only with a judicial warrant.
  • EPIC Launches State Policy Project + (May. 5, 2015)
    EPIC has launched the EPIC State Policy Project to track legislation across the county concerning privacy and civil liberties. The EPIC State Project will identify new developments and model legislation. The Project builds on EPIC's extensive work on emerging privacy and civil liberties issues in the states. The new State Project will focus on student privacy, drones, consumer data security, data breach notification, location privacy, genetic privacy, the right to be forgotten, and auto black boxes.
  • FTC Reaches Settlement with Customer Tracking Technology Firm Over Privacy Violations + (Apr. 24, 2015)
    The Federal Trade Commission announced a settlement with the firm Nomi, whose sensors recorded the physical location of customers in stores using their mobile devices' MAC addresses. Nomi's privacy policy stated that customers would be able to opt out of tracking, however, customers were not informed when they were being tracked. The settlement agreement will prohibit Nomi from deceiving consumers in their privacy policies. EPIC supports the use of privacy enhancing technologies to protect consumers from tracking, including the adoption of randomized MAC addresses that prevent persistent identification.

Background

In Freedom of Information Act lawsuit EPIC v. DOJ, EPIC is seeking the public release of information detailing the Department of Justice's collection of cell site location information through S 2703(d) court orders.

Today, cell phones are as necessary as they are ubiquitous to Americans. Almost 95% of Americans own a cell phone. But, cell phones also generate precise location records that can track an individual's movements over time. As the Supreme Court recently explained in Carpenter v. United States, modern cell phones "tap into the wireless network several times a minute whenever their signal is on" and these connections generate "a time-stamped record known as cell-site location information (CSLI)." Telecommunication companies routinely collect and store this CSLI data. Prior to the Supreme Court's decision in Carpenter, law enforcement has routinely sought access to this data, without a warrant, through S 2703(d) court orders under the Stored Communications Act.

Section 2703(d) Orders Under the Stored Communications Act

Enacted in 1986, the Electronic Communications Privacy Act (ECPA) protects a wide range of electronic communications in transit and at rest. ECPA expanded and revised federal wiretapping and electronic eavesdropping provisions, including the Wiretap Act, and created the Stored Communications Act.

The Stored Communications Act requires law enforcement to obtain a court order or subpoena to access certain subscriber records. Section 2703(d) of the Act authorizes the government to compel a provider of electronic communication services to disclose certain subscriber records through a court order. Section 2703(d) orders can be granted based on a showing of "reasonable grounds to believe" that the records sought are "relevant and material" to an ongoing criminal investigation. This standard is lower than the "probable cause" standard of a warrant, which is required under the Fourth Amendment.

When law enforcement obtained CSLI through 2703(d) orders, they typically use CSLI records in investigations to pinpoint the location of individuals and create a map of their movements over time. For example, in United States v. Graham, the government compiled as much as 221 days' worth of CSLI, around 29,000 location data points generated per defendant, without a warrant. In Carpenter, the government obtained over five months of CSLI and used this data to create maps showing that the plaintiff's cell phone had been near four of the charged robberies.

Major telecommunication companies--such as Sprint, AT&T, Verizon, and T-Mobile-- have released transparency reports that include aggregate statistics about government requests for customers data. These reports, however, are neither comprehensive nor detailed enough to evaluate the full scope of law enforcement access to location data. The overall number of S 2703(d) orders cannot be assessed solely from these transparency reports because smaller telecommunications carriers do not publish transparency reporting.

CSLI and the Fourth Amendment After Carpenter

The Supreme Court in Carpenter v. United States considered the constitutionality of the Government's use of section 2703(d) orders to obtain CSLI. The Court ultimately held that cell phone location records are protected by the Fourth Amendment and that the "police must get a warrant when collecting CSLI to assist in the mine-run criminal investigation." The Court, however, left open the question of what legal process is required in emergencies or other unique situations.

The legal regime for law enforcement access to CSLI implicates privacy interests of nearly all U.S. persons. CSLI can reveal the most intimate details of everyday life: a trip to a place of worship, attendance at a political protest, or a visit to a medical specialist. Cell site location records obtained by the government are even more comprehensive than GPS records and this precision only increases with advancements in technology.

EPIC's Interest

EPIC is interested in the DOJ's use of S 2703(d) orders for law enforcement investigations because the agency has never produced any comprehensive reports concerning the use of cell site data. Unlike the use of Wiretap Act authorities, which is subject to detailed reporting requirements, law enforcement use of cell site data is not subject to any comparable public accounting. EPIC submitted two Freedom of Information Act requests seeking the release of reports on the collect and use of cell site location information. As stated in EPIC's complaint, EPIC "seeks to determine the use, effectiveness, cost, and necessity in the collection and use of cell site location information so that the public, lawmakers, and the courts may have a better understanding of the use of this investigative technique."

FOIA Documents

Legal Documents

U.S. District Court for the District of Columbia (No. 18-1814)

District-by-District Search Results

The following table reflects search results from five U.S. Attorney's Offices. EPIC's FOIA requests sought the first page of 2703(d) applications, orders, and warrants for the production of cell-site location information during 2016, 2017, 2018, and 2019. Each U.S. Attorney's Office deployed different search mechanisms ranging from keyword searches in their CaseView management system, to keyword system searches, to searching sealed filing records, to tasking criminal Assistant U.S. Attorney's to search their individual case files for the years requested. While some responsive records were withheld in full, the number of pages of responsive records reflect the total number of 2703(d) applications, orders, or warrants that the U.S. Attorney's Office sought from 2016-2019.

U.S. Attorney's Office Scope of Search Criminal Cases Filed from 2016-2019 Number of Applications, Orders, and/or Warrants from 2016-2019
District of Delaware 2703(d) applications and orders 351 150
District of Rhode Island 2703(d) orders and warrants 453 N/A
District of the Virgin Islands 2703(d) orders and warrants 283 N/A
Eastern District of Oklahoma 2703(d) orders and warrants 338 N/A
Eastern District of Pennsylvania 2703(d) orders and warrants 2140 N/A

Resources

News

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security