The U.S. Supreme Court has two privacy cases on its docket, both addressing the application of the Stored Communications Act. The SCA, passed more than 30 years ago, was enacted to address voluntary and involuntary disclosure of “stored wire and electronic communications and transactional records” held by third-party service providers. Currently, in order to obtain electronic communications, the government is required to have a warrant for any communications held for 180 days or fewer. A warrant requires probable cause and the suspicion of a crime being committed. For anything older than 180 days, the government only needs a grand jury or administrative subpoena so long as the individual is notified. However, notice may be delayed up to 90 days if notification could adversely affect the investigation.

When the regulation was enacted in 1986, Congress viewed communications more than 180 days old to be abandoned, an idea that has not withstood technological advances as today's data can be stored indefinitely. One provision of the SCA allows the government to compel service providers to disclose information about a customer regarding any electronic service provided, requiring only a court order based on “reasonable grounds to believe” that there is information pertinent to an ongoing investigation. This reasonable grounds standard is significantly lower than probable cause, the typical requirement to obtain a search warrant.

Carpenter v. United States

Carpenter puts the scope of the Fourth Amendment directly into question, asking: Does data generated by a citizen’s electronic device fall within the definition of “persons, houses, papers and effects”? Carpenter is accused of coordinating a series of armed robberies in two different states. Law enforcement, relying on the standard of reasonable grounds under the SCA, obtained phone records for 16 different phones. Using several months of cell-site records, the government determined that Carpenter’s cellphone connected with cell towers close to the location of the robberies. The defendant’s legal team filed a motion to suppress the phone records, arguing that law enforcement conducted a search and therefore, per the Fourth Amendment, required a warrant to obtain the records.

The U.S. Court of Appeals for the Sixth Circuit rejected the argument, adding that Carpenter had no reasonable expectation that his cellphone records would be kept private since the records did not disclose the content of his calls.

Although difficult to predict how the court will rule, two previous cases heard by the Supreme Court provide some insight to how the justices feel about cellphones and privacy in general. In Riley v. California (2014), Chief Justice John Roberts opined that cellphones are now “such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude that they were an important feature of human anatomy.” In that case, the court ultimately ruled that searching the content of an individual’s cellphone required a warrant. In United States v. Jones (2012), law enforcement officials had attached a GPS tracker to the defendant’s car without obtaining a warrant. Justice Sonia Sotomayor stated in her concurring opinion that a person did have an expectation of privacy regarding their specific location and that such information required a warrant because location “enables the government to ascertain, more or less at will, their political and religious beliefs, sexual habits, and so on.” In this case, as well, the court ultimately ruled that attaching a GPS tracker to a citizen’s car required a warrant.

In Carpenter, the court will have to decide if government access to cell-site data is less intrusive than giving access to the content of a cellphone and is different from a GPS tracker. However the court rules, devices connected to the internet are as much a part of daily life as anything else, and the justices will have to clearly define to what degree electronic information is protected by the Fourth Amendment.

United States v. Microsoft

The second case looming in the court’s docket, United States v. Microsoft, also involves the Stored Communications Act. At issue in this case is whether a warrant has the territorial reach to compel Microsoft to hand over emails stored on a foreign server.

Specifically, the warrant issued required Microsoft to seize and produce the contents of an email account that it maintains for a customer on a server in Dublin, Ireland. However, Microsoft only produced the content that was kept on servers within the United States. Microsoft argued, “Warrants traditionally carry territorial limitations: United States law enforcement officers may be directed by a court-issued warrant to seize items at locations in the United States and in United States-controlled areas, but their authority generally does not extend further.” In the end, the lower court agreed with Microsoft and found that warrants did not have extraterritorial reach.

Although the case has not been certified for review yet, it is very likely to be picked up for two reasons. One, a number of lower federal courts around the country have ruled differently on the issue of a warrant’s ability to reach outside the United States. Second, the Department of Justice filed a petition with the Supreme Court asking it to review the case because the lower court’s decision in Microsoft was “detrimental to criminal law enforcement.” Such petitions are often granted as the Supreme Court relies heavily upon the solicitor general to identify cases with significant ramifications for law enforcement officials.

For Microsoft, the specific issue is whether a warrant issued in the enforcement of the SCA applies extraterritorially. There is one Supreme Court case that can help shed light on how the court may decide this issue. In Morrison v. Nat’l Australia Bank, the court instituted a clear two-part test for extraterritorial application of statutes. The test looks to the statutory text for a clear indication by Congress of intent to apply the legislation extraterritorially, and, if no such indication is apparent, the court examines the facts to determine whether the proposed use of the statute would be extraterritorial.

Importantly, the court gives a strong presumption against extraterritorial application of statutes, and there is no language within the SCA that specifically addresses extraterritoriality. Furthermore, the government has argued that an SCA warrant is a hybrid search warrant and subpoena; yet, the SCA itself distinguishes between the two. As such, the court’s determination will boil down to whether the use of the statute would be extraterritorial. This interpretation will hinge on whether the court considers the location of the entity (the United States) or the location of the data (Ireland) as where the statute is being “used.”

With the rapid advancement of technology, the court’s decisions and interpretations in these two cases will have long-standing effects on the citizens and businesses of the United States. It would not be surprising if interpretations made by the court would, in turn, spur Congressional action to address wider privacy issues.

photo credit: Themis via photopin (license)