The Supreme Court’s Mobile Privacy Stand Should Prompt Further Changes
This article first appeared in Data Sheet, Fortune’s daily newsletter on the top tech news. To get it delivered daily to your in-box, sign up here.
There was an important, close, widely watched Supreme Court decision last week that could have big implications for parts of the tech industry for decades to come. No, not the 5-4 ruling allowing states to require sales tax collection from e-commerce sites in the South Dakota v. Wayfair case. (Though if that’s your bag, The Economist had a good analysis.)
Instead, it’s the 5-4 decision in Carpenter v. United States that’s also worth examining deeply.
Carpenter in this case is “Little Tim” Carpenter, who was convicted as the alleged organizer of a crime spree where a gang of crooks stole bags of brand new smartphones at gunpoint from more than half a dozen Radio Shack and T-Mobile stores in and around Detroit. In 2011, Carpenter was nabbed, in part, because the police had subpoenaed records from his cellphone provider that included somewhat crude but voluminous realtime location data covering 127 days. And Carpenter was around the robbed stores at the times of the robberies, the records showed.
Typically, the Supreme Court has allowed police to collect almost any kind of information generated by third parties, such as bank records or a list of phone numbers called, with just a subpoena. It’s known as the third party doctrine. You knew the bank or the phone company was collecting that data, so you had no “reasonable expectation” of privacy. Something more like papers you kept in a locked drawer in your desk required a full search warrant, with a showing of probable cause that evidence of a crime might be found.
Maybe you can see where Chief Justice John Roberts took this analysis in Carpenter’s case. The level and amount of detail that companies are collecting about us has exploded. Where once the phone could simply tell the police who you called and for how long, now they have a precise and comprehensive map of everyplace you’ve been, not to mention every web site you visited. “This case is not about ‘using a phone’ or a person’s movement at a particular time,” Roberts wrote. “It is about a detailed chronicle of a person’s physical presence compiled every day, every moment, over several years.”
A bevy of tech companies, ranging from big players like Apple (AAPL), Google (GOOGL), and Microsoft (MSFT), to smaller cloud-related outfits such as Dropbox (DBX), Evernote, and Airbnb, had written a brief for the court arguing that the rules of the third party doctrine “make little sense” when applied to the new kinds of digital online data now being collected. Urging the court to rethink its view of when people have a reasonable expectation of privacy, they noted digital devices and apps unavoidably generate deeply personal data:
Short of forgoing all use of digital technologies, they are unavoidable. And this transmission of data will only grow as digital technologies continue to develop and become more integrated into our lives. Because the data that is transmitted can reveal a wealth of detail about people’s personal lives, however, users of digital technologies reasonably expect to retain significant privacy in that data, notwithstanding that technology companies may use or share the data in various ways to provide and improve their services for their customers.
That made sense to Roberts and a majority of the court. New Justice Neil Gorsuch dissented, but only because he thought the majority should go even further and practically dump the whole third party doctrine. Expect more knotty conflicts over digital data privacy, not just among Supreme Court justices, but with lawmakers, regulators and law enforcers across the country.