Do you have a reasonable expectation of privacy in your whereabouts outside such that the government needs to get a search warrant to invade it? Magic 8 ball says — situation unclear, ask again later. While the U.S. Supreme Court has held that a warrant issued by a judge is necessary to install a GPS tracker on your car, to examine the contents of your cell phone for location information, or to obtain records of your location from a third party like a cell provider, it has also said that no such warrant is necessary to, for example install a beeper in a bottle of chemicals you sell to someone and track the beeper as the driver goes down the highway, or to follow someone in a car, helicopter or airplane. Whether a warrant is necessary to use things like IMSI devices to capture location, or satellites or Automated License Plate readers or facial recognitions software has not yet been decided by the Supreme Court.
On June 16, the federal appeals court in Boston ruled that the police needed neither probable cause nor a warrant to install and monitor a “pole cam” across the street from a suspect, because the people in the house had no “reasonable expectation of privacy” in what they “knowingly expose[d] to public view.” If they didn’t want the world to know what they were doing, they should have stayed inside. With the windows shut. And the curtains shut. And maybe the phones disconnected.
The federal government was investigating a Springfield Massachusetts government employee and lawyer who was the Assistant Clerk Magistrate for the Hampden County, Massachusetts, Superior Court, his girlfriend (later wife) and his mother in law, all of whom lived in the same house. From May 2017 through January 2018, the camera could be used to pan and tilt and zoom in on people’s faces and license plates, but not peer inside the house. The question for the Boston court was whether the Supreme Court’s ruling that a warrant was necessary to get cell data (location data) from a cell phone company because people had a reasonable expectation of privacy in such data — even if held by a third party (phone company) meant that they needed a warrant to install and view the pole cam.
The Court ruled that they did not.
Even though the police can’t “peer inside” your home with technology like an InfraRed camera, and can’t walk by your front door with a drug sniffing dog (but they can stop your car with such a dog), they can still follow you around without a warrant. While the Supreme Court famously said that the Fourth Amendment protects people, not property, as a practical matter it depends HOW your privacy is invaded. We don’t have a comprehensive privacy law in the U.S., nor do we have a comprehensive consensus on what information about us IS and is NOT private. We know that when we go outside, we “publicly display” our license plate (if we drive). We also publicly display our face, our clothing, the date and time, location and destination. A cop, a bystander, a curious neighbor can simply follow us and capture that data. No muss, no fuss, no warrant. But the same “location data” when we are outside, captured by a cell tower, a GPS device, an app, an IMSI device, an e911 system, or an ALPR might be protected. But why? If we have no reasonable expectation of privacy in our location because we have knowingly exposed it to the public, then why should we have any expectation of privacy in that data collected from our cell phone, the GPS in our car, or anywhere else?
Relying on an earlier case from the same Court, the federal court in Boston found that there was neither a subjective or an objective expectation of privacy in the front of the subjects’ home, as viewed by the camera, again focusing on the fact that the subject “knowingly exposed” their activities in the front or side of their house to the public. Nothing in the Supreme Court’s finding about cell towers, or dog sniffs, or GPS devices changes that fact.
Or does it?
The problem with the Boston court’s analysis is not how it treats privacy or people’s expectation thereof, but its failure to understand and appreciate the role of technology in both establishing and potentially diminishing people’s expectation of privacy. If I were to ask you, “hey, is it OK it I put a camera outside your house, pointing at your house and capturing images of everyone you interact with?” You would probably say no. Put another way, could bad guys install similar pole cameras outside FBI headquarters, or the local police precinct to monitor the activities of the cops or FBI? What about putting one outside an ex-girlfriend’s house? A blanket exception to the privacy principle based on “knowingly exposing” information to the public treats privacy as a binary thing. People’s expectations of privacy are much more nuanced. Do you have a reasonable expectation of privacy in the contents of your personal emails? Sorta. You always run the risk that your correspondent will expose your emails or forward them. You know that there are security issues. You also know that your emails are routinely scanned by Google or others for security and advertising purposes. When you say that you “knowingly expose” information about you to the public, and therefore there’s no right to privacy in that information, then why would cell tower location data – which is nothing more than an aggregation of the same data that you have “knowingly exposed” to the public any different? Why can’t police monitor your house with an infrared detector to capture heat signatures that you have “knowingly exposed” to the public? Why can’t a police officer capture the smell of drugs or use a dog to do the same when you have “knowingly exposed” that odor to the public? Expectations of privacy are based on what ordinary people expect to have happen in ordinary places under ordinary circumstances. When we add technological enhancements to the ability to invade privacy, we add a new wrinkle to the question. As the Bard of Baltimore, H.L. Menken once famously said, “for every complex problem, there is an answer that is clear, simple and wrong.”
Mark Rasch is an attorney and author of computer security, Internet law, and electronic privacy-related articles. He created the Computer Crime Unit at the United States Department of Justice, where he led efforts aimed at investigating and prosecuting cyber, high-technology, and white-collar crime.