EPIC v. DOJ (CSLI Section 2703(d) Orders)

Top News


In Freedom of Information Act lawsuit EPIC v. DOJ, EPIC is seeking the public release of information detailing the Department of Justice's collection of cell site location information through S 2703(d) court orders.

Today, cell phones are as necessary as they are ubiquitous to Americans. Almost 95% of Americans own a cell phone. But, cell phones also generate precise location records that can track an individual's movements over time. As the Supreme Court recently explained in Carpenter v. United States, modern cell phones "tap into the wireless network several times a minute whenever their signal is on" and these connections generate "a time-stamped record known as cell-site location information (CSLI)." Telecommunication companies routinely collect and store this CSLI data. Prior to the Supreme Court's decision in Carpenter, law enforcement has routinely sought access to this data, without a warrant, through S 2703(d) court orders under the Stored Communications Act.

Section 2703(d) Orders Under the Stored Communications Act

Enacted in 1986, the Electronic Communications Privacy Act (ECPA) protects a wide range of electronic communications in transit and at rest. ECPA expanded and revised federal wiretapping and electronic eavesdropping provisions, including the Wiretap Act, and created the Stored Communications Act.

The Stored Communications Act requires law enforcement to obtain a court order or subpoena to access certain subscriber records. Section 2703(d) of the Act authorizes the government to compel a provider of electronic communication services to disclose certain subscriber records through a court order. Section 2703(d) orders can be granted based on a showing of "reasonable grounds to believe" that the records sought are "relevant and material" to an ongoing criminal investigation. This standard is lower than the "probable cause" standard of a warrant, which is required under the Fourth Amendment.

When law enforcement obtained CSLI through 2703(d) orders, they typically use CSLI records in investigations to pinpoint the location of individuals and create a map of their movements over time. For example, in United States v. Graham, the government compiled as much as 221 days' worth of CSLI, around 29,000 location data points generated per defendant, without a warrant. In Carpenter, the government obtained over five months of CSLI and used this data to create maps showing that the plaintiff's cell phone had been near four of the charged robberies.

Major telecommunication companies--such as Sprint, AT&T, Verizon, and T-Mobile-- have released transparency reports that include aggregate statistics about government requests for customers data. These reports, however, are neither comprehensive nor detailed enough to evaluate the full scope of law enforcement access to location data. The overall number of S 2703(d) orders cannot be assessed solely from these transparency reports because smaller telecommunications carriers do not publish transparency reporting.

CSLI and the Fourth Amendment After Carpenter

The Supreme Court in Carpenter v. United States considered the constitutionality of the Government's use of section 2703(d) orders to obtain CSLI. The Court ultimately held that cell phone location records are protected by the Fourth Amendment and that the "police must get a warrant when collecting CSLI to assist in the mine-run criminal investigation." The Court, however, left open the question of what legal process is required in emergencies or other unique situations.

The legal regime for law enforcement access to CSLI implicates privacy interests of nearly all U.S. persons. CSLI can reveal the most intimate details of everyday life: a trip to a place of worship, attendance at a political protest, or a visit to a medical specialist. Cell site location records obtained by the government are even more comprehensive than GPS records and this precision only increases with advancements in technology.

EPIC's Interest

EPIC is interested in the DOJ's use of S 2703(d) orders for law enforcement investigations because the agency has never produced any comprehensive reports concerning the use of cell site data. Unlike the use of Wiretap Act authorities, which is subject to detailed reporting requirements, law enforcement use of cell site data is not subject to any comparable public accounting. EPIC submitted two Freedom of Information Act requests seeking the release of reports on the collect and use of cell site location information. As stated in EPIC's complaint, EPIC "seeks to determine the use, effectiveness, cost, and necessity in the collection and use of cell site location information so that the public, lawmakers, and the courts may have a better understanding of the use of this investigative technique."

FOIA Documents

Legal Documents

U.S. District Court for the District of Columbia (No. 18-1814)



Share this page:

Defend Privacy. Support EPIC.
EPIC Mueller Report book
US Needs a Data Protection Agency