District court upholds CSLI order with erroneous phone number, finds defendant doesn't have standing

In United States v. Cannon, No. 6:11-cr-02302 (D.S.C. 2012), the court held that a typographical error did not violate an order for cell site data and that the defendant's failure to prove he had an interest in the phone removed his ability to challenge the search for lack of standing.

The defendant had been charged with multiple crimes related to the distribution of drugs. As part of the investigation, law enforcement obtained GPS data from his cell phone company. He filed a motion to suppress, arguing that the data was obtained in violation of his constitutional rights.

In challenging the use of the data, the defendant argued that the court order was invalid because it contained a phone number different than the one that information was provided for. The court found the argument to be without merit, holding, "Mere typographical errors do not undermine a finding of probable cause and do not invalidate a warrant." Because the correct number was used elsewhere, it was clear that it was a mistake.

The government argued that the defendant did not have standing because he was not the owner or authorized user of the phone. The defendant was unable to prove that he had any interest in the phone, and thus could not challenge any potential Fourth Amendment violation.

Read More

Mass. trial court finds obtaining one day of CSLI without cause to violate the Mass. Constitution

In Commonwealth v. Wyatt, 30 Mass. L. Rep. 270 (Mass. Sup. Ct. 2012), the Superior Court of Massachusetts held that obtaining cell site location information (CSLI) without a showing of cause (the court did not specify if probable cause was a requirement) was a violation of the Massachusetts Constitution. As a result of this finding, the defendants' motions to suppress were granted.

As part of a murder investigation, law enforcement acquired nine 2703(d) orders covering five different cell phone companies and eighteen phone numbers seeking subscriber information and call records for a near two-month period and CSLI for one day. Officers later admitted they did not have probable cause to acquire this information. The four defendants filed a motion to suppress their historical CSLI .

The court began by discussing the similarities of cell phones and a GPS device, noting that "CSLI enables a cellular telephone to be treated as a de facto Global Positioning System (GPS) tracking device." As such, they conducted an evaluation of a state high court opinion in Connolly (holding that installation of a GPS device on a vehicle is a seizure) and the Supreme Court's opinion in Jones.

Next, the court applied the expectation of privacy test to the use of CSLI. Because "[i]t is unlikely that the average cellular telephone user knows that when he or she makes or receives a call or a text message, the service provider creates and maintains a record of the cellular telephone’s location," the defendants had a subjective expectation of privacy in the cell records.

As to an objective expectation of privacy, the court held:

Allowing the government to track our movements without evidence that the person whose CSLI is sought engaged in criminal activity compromises what it means to be a citizen of the United States of America free from arbitrary surveillance.... 

Allowing the government to track a citizen’s movement through CSLI, without requiring the government to show probable cause or even reasonable suspicion that the target is engaged in criminal activity is contrary to the very freedom we hold dear.

Thus, the defendant's motion to suppress their cell site location information was granted.

Cybercrime Review blogger Justin Webb contributed to this post.

Read More

Report reveals 1.3 million requests for cell phone subscriber information in 2011

Rep. Ed Markey

For those who have assumed that requests for subscriber information from phone companies were minimal and that there was often no charge, a release of reports today shows just how pervasive and expensive these activities are. In July, Congressman Edward Markey (D-Mass.) requested figures from nine cell phone companies and revealed the information today.

Markey, first elected to the House in 1976, said of the findings, "We cannot allow privacy protections to be swept aside with the sweeping nature of these information requests, especially for innocent consumers."

In all, law enforcement made 1.3 million requests in 2011. Sprint estimates that it received 500,000 subpoenas in 2011 and has performed over 50,000 wiretaps in the last five years.

AT&T received over 260,000 requests last year including nearly 50,000 2703(d) orders and search warrants. The company has more than 100 full-time employees fulfilling these requests and charged over $8 million in 2011 alone.

The largest mobile phone provider in the country, Verizon, also received about 260,000 requests in 2011, about half from subpoenas. They claim that requests have grown about 15% per year over the past five years. Verizon has 70 employees working around the clock to meet law enforcement's demands.

The New York Times notes these figures may be severely underestimated in terms of requests and the number of subscribers involved:

Because of incomplete record-keeping, the total number of law enforcement requests last year was almost certainly much higher than the 1.3 million the carriers reported to Mr. Markey. Also, the total number of people whose customer information was turned over could be several times higher than the number of requests because a single request often involves multiple callers. For instance, when a police agency asks for a cell tower “dump” for data on subscribers who were near a tower during a certain period of time, it may get back hundreds or even thousands of names.

Full responses from the providers can be viewed on Congressman Markey's website.

Read More

What type of process is required for a cell tower dump?

I was recently in a discussion concerning the type of process needed for law enforcement to obtain a tower dump from a service provider. A tower dump allows police to request the phone numbers of all phones that connected to a specific tower within a given period of time. Beyond this list, law enforcement could also request customer information, allowing them to match the cell numbers with a specific customer's name, address, and other account information.

Under the Stored Communications Act (SCA), information can be obtained from phone companies (and other service providers) by use of a subpoena, 2703(d) order, or search warrant, depending on the type of data requested. For example, a subpoena can be used to obtain basic subscriber information. However, account logs and transactional records require a 2703(d) order - which requires specific and articulable facts to believe the records are relevant to an ongoing criminal investigation.

So the question to my readers is this - what type of process is required for a tower dump? We're just curious as to how easily phone companies are giving the information away. The specific and articulable facts standard seems too high for a tower dump, but a subpoena doesn't exactly seem sufficient. Or does a tower dump even fit under the SCA since that report alone only gives away phone numbers and not account information? Please leave a comment to this article if you have any ideas.

After a quick search, I was only able to find one reported case that mentions tower dumps - Jackson v. State, 716 S.E.2d 188 (Ga. 2011). In that case, police had obtained the defendant's cell number from a tower dump following a series of crimes. This, of course, only showed the defendant was in the area of the crime. On appeal, Jackson argued that the records are "not sufficient corroborating evidence as they only establish where his cell phone was at the time of the crimes, and not where he was, since he may have let a friend borrow his phone." The Georgia Supreme Court upheld the use of the records. Unfortunately, proper process was not an issue in that case.

Last month, the ACLU released a report on the use of cell site data by law enforcement. Click here for my earlier post.

Read More

2703(d) order challenged in Wikileaks investigation

Information related to three Twitter accounts was recently obtained by the government by a 2703(d) order in an investigation related to Wikileaks. The account holders made many claims including: (1) they had a § 2704 right to challenge the order, (2) the release of IP address information violated their Fourth Amendment rights, (3) the order violated their due process rights, and (4) the order violated their First Amendment rights. Finding no violation of § 2704 or any constitutional arguments, the court upheld the order. There is not really anything profound in the case, but the parties were represented by the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) and presented some interesting arguments.

For those of you not very familiar with the section (like myself before reading this case), under 18 USCS § 2704 details how a user can challenge a subpoena or 2703(d) order under the SCA. It's actually very simple - when the user gets notice, they can challenge it. But the problem presented in this case is that notice is often delayed under § 2705 for fear of destruction of evidence and other considerations. The question raised is whether one should always have the right to challenge before execution of the order. As the court held - and understandably - the answer must be no. Otherwise, the delayed notice provision would be invalidated.

The Twitter users also argue that by revealing their IP addresses to the government, they are giving away their location, making a Karo tracking beeper analogy. The court strikes this argument down because disclosure of phone numbers may give away one's location and does not violate the Fourth Amendment and regardless of tracking abilities, the data was obtained by a non-governmental entity. Plus, there's the third party doctrine (which the court discusses in great detail).

They also argue a right to challenge under due process because "the SCA threatens the rights of any subscriber who cannot oppose an order because the individual does not know about it." However, the court finds that judicial review of the order satisfies due process rights.

Finally, the First Amendment claim argued that the order "has chilled [the users'] rights of association and speech." Despite good arguments, the claim didn't hold up because content wasn't requested in the order, and even if it was, the content was accessible by the public.

The case is In re United States, 2011 U.S. Dist. LEXIS 130171 (E.D. Va. 2011).

Read More