By Julian Sanchez
In the summer of 2006, agents of the Drug Enforcement Agency used GPS tracking technology to locate drug courier Melvin Skinner’s prepaid phone, ultimately seizing more than 1,000 pounds of marijuana from Skinner’s mobile home. The judges on the Court of Appeals for the Sixth Circuit then apparently smoked all of it before issuing their ruling in United States v. Skinner this week, because the opinion approving DEA’s use of GPS technology in this case is easily one of the most muddled examples of legal reasoning I’ve ever encountered—a surreal potpourri of factual misunderstandings, inapt analogies, sloppy and selective appeals to precedent, and logical leaps worthy of Nijinsky.
A very brief summary of the case: DEA was already investigating a drug trafficking organization, and through the use of lawful wiretaps learned that a courier code-named “Big Foot” would be driving a large shipment of marijuana from Tucson, Arizona to Mooresburg, Tennessee in his mobile home. “Big Foot” was using a prepaid (or “burner”) mobile phone purchased for him by his co-conspirators, which meant one thing DEA didn’t know was Big Foot’s identity, because the prepaid phone wasn’t registered in his name. (While this makes them appealing to drug dealers, they’re also very popular with ordinary, law-abiding citizens: Prepaid phones now account for 25 percent of mobile phone subscriptions.) Agents then obtained a court order—but not a search warrant based on probable cause—to “ping” the phone’s GPS chip and precisely track its location in realtime. Tracing it to a truck stop near Abilene, Texas, authorities brought drug dogs to sniff the perimeter of the mobile home, and when the dogs alerted to the presence of drugs, performed a search—finding the drugs, and arresting Skinner, now revealed as “Big Foot.”
The Sixth Circuit’s Fourth Amendment analysis is disturbing right from the outset. “If a tool used to transport contraband gives off a signal that can be tracked for location,” the argument begins, “certainly the police can track that signal. The law cannot be that a criminal is entitled to rely on the expected untrackability of his tools.” This is bizarre and circular: It suggests that criminals categorically lack Fourth Amendment privacy interests in any “tool” they use to conduct criminal activity, in which case no search would violate the Fourth Amendment if it actually turned up evidence of criminal conduct. But the whole point of requiring a warrant is to let a neutral magistrate determine whether there’s probable cause to believe such conduct will be uncovered. The court hastily acknowledges this in a footnote, clarifying that there’s no expectation of privacy for anyone in cell phone GPS data, but beginning in this way suggests the court is reasoning backwards to a desired conclusion, based on Skinner’s now-established guilt.
The court proceeds through a series of lazy and underdeveloped analogies:
Otherwise dogs could not be used to track a fugitive if the fugitive did not know that the dog hounds had his scent. A getaway car could not be identified and followed based on the license plate number if the driver reasonably thought he had gotten away unseen. The recent number of cell phone technology does not change this. If it did, then technology would help criminals but not the police. It follows that Skinner had no expectation of privacy in the context of this case, just as the driver of a getaway car has no expectation of privacy in the particular combination of colors of the car’s paint.
But it does not follow at all. “What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection,” the Supreme Court explained in the seminal case of Katz v. United States, “But what he seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected.” Any member of the public can buy a dog and follow a scent. Any member of the public can view and copy down a license plate number. Any member of the public can view the external paint job of a car. But any member of the public cannot just track the GPS signal of a random cell phone—and if they could, most of us would be extremely wary about carrying cell phones. Unlike all these other examples, GPS tracking as employed here depends crucially on the ability of police to invoke state authority—a seemingly salient distinction the court fails to take any note of.
Finally, the judges move on from these dubious analogies and cite an actual precedent: United States v. Knotts. In Knotts, police had placed a relatively short range tracking “beeper” in a can of chloroform sold to suspected drug manufacturers. Having monitored the sale of the canister, police followed the car in which the suspects had placed it, using the beeper to supplement their visual observation of the car’s public journey, and ultimately relying on it to recover the trail when they lost the suspects. The Supreme Court held that no Fourth Amendment expectation of privacy had been violated, because the location of the car police had been tailing was information exposed to any observer on the road. Here too, the court reasoned, Skinner’s RV was moving along public roads visible to any member of the public.
Unfortunately, this falls apart as soon as you begin thinking about it for a moment. The information that is exposed to the general public, in all these cases, is that a car with a particular external appearance is at such-and-such location at such-and-such a time. Having already observed their lojacked canister being loaded into the suspect’s car, that was the very information the police needed to maintain their tail.
Skinner presents a very different situation. It’s true that any member of the public could observe that Skinner’s RV was one of probably hundreds traveling on public highways in mid July of 2006. But that was not the information investigators relied upon here: What the GPS tracking here revealed was the non-publicly observable fact that one particular mobile home, which police had never encountered before, contained a particular phone believed to be in close proximity to illegal drugs. These are importantly different facts. The Secret Service even relies on that difference to help protect the life and safety of the president: Anyone can observe dozens of limos or SUVs with tinted windows leaving the White House on public roads each day, but which of these contain the president is not so exposed. Because the salient fact for the purposes of the police investigation was not the location of a particular vehicle on public streets, but rather the location of a particular personal effect in a private mobile home, the relevant precedent isn’t Knotts, but rather United States v. Karo. The government might then argue that the contents of a mobile home aren’t entitled to the same high level of protection as the contents of the residence at issue in Karo, but having incorrectly framed the issue, the Sixth Circuit panel never takes up that question.
The court does at least gesture in the direction of the idea that it might somehow matter that police didn’t initially know the identity of “Big Foot,” and had not previously observed his vehicle. They deem this immaterial with a truly breathtaking bit of hand-waving:
As for not knowing his identity, this is irrelevant because the agents knew the identity of Skinner’s co-conspirators and could have simply monitored their whereabouts to discover Skinner’s identity. Using a more efficient means of discovering this information does not amount to a Fourth Amendment violation.
It is, I think, an open question what police could or could not have discovered in a parallel universe where they employed a completely different set of investigative methods (as opposed to the physical tail actually employed in Knotts and supplemented by a beeper), but it’s not clear why this is really germane. That a postal letter might have been retrieved from the trash of a suspect who never shreds his correspondence does not make it any less an illegal search to intercept the unopened letter. Remarkably, the court does not deign to even mention the 2001 Supreme Court case Kyllo v. United States, which contemplated and rejected a similar argument. Writing for the majority, Justice Scalia explained that the use of thermal imaging to detect marijuana growing lights in a garage was not immunized from Fourth Amendment scrutiny by the fact that other permissible means might have revealed facts about the temperature of a home:
The dissent’s comparison of the thermal imaging to various circumstances in which outside observers might be able to perceive, without technology, the heat of the home–for example, by observing snow melt on the roof [...]–is quite irrelevant. The fact that equivalent information could sometimes be obtained by other means does not make lawful the use of means that violate the Fourth Amendment. The police might, for example, learn how many people are in a particular house by setting up year-round surveillance; but that does not make breaking and entering to find out the same information lawful.
That argument seems to present at least a potential problem for the court’s reasoning here, and seems more generally relevant insofar as it concerns the use of technology to gain information about the contents of a home, but again, Kyllo is not even mentioned.
Since this is a case involving phones, the Sixth Circuit also takes a stab at breezily invoking Smith v. Maryland—the basis for the much-criticized “third party doctrine”—where a suspect was held to lack an expectation of privacy in dialed phone numbers that had been voluntary exposed to the phone company, which routinely retained that information in its ordinary business records for billing purposes. Without much analysis the court asserts that “[s]imilar reasoning compels” a parallel conclusion here.
But on closer examination, the fact that both cases involve phones is about as far as the similarities go. Dialed numbers are information actively and consciously exposed to the phone company by the user, and then retained in billing records as a matter of course, independently of any government investigations. Unfortunately, as both Orin Kerr and Jennifer Granick note, the court seems fuzzy on the very different characteristics of the GPS technology used here. The GPS chip contained in the phone—which apparently the suspects were unaware of—would not normally transmit any information to the phone company at all. Rather, the chip would have calculated its precise location coordinates and transmitted them to the company only in response to a “ping” initiated by law enforcement. To be sure, the company might be physically capable of sending such a ping on its own, just as it would be physically capable of intercepting the contents of a phone call. And if it had built the phone with a secret capability to be remotely activated as a microphone, it would also be physically capable of remotely gathering information about the user’s activities in that way as well. Fortunately, the Fourth Amendment is not limited to pointlessly prohibiting only physically impossible surveillance. The technological capabilities of the phone company or the government do not determine what has been “knowingly exposed”—and it seems clear here that Skinner did not knowingly expose, to either the general public or the phone company, the precise GPS coordinates of his phone.
The Fourth Amendment status of the kind of GPS tracking employed here is hardly a slam dunk either way: There are strong arguments on both sides, and the issues involved are complex. Alas, this opinion doesn’t even begin to address them adequately.
View full post on Cato @ Liberty
Google has come under attack for violating users’ privacy and ignoring their wishes after admitting that it intentionally circumvented security settings in Apple’s Safari browser to track users on both desktop computers and iPhones.
A number of other advertisers exploited the loophole it had created to track those users too.
"Our data suggests that millions of users may have been affected," Jonathan Mayer, the independent researcher at Stanford University who discovered the workaround by the search giant, told the Guardian.
An Apple spokesman said: "We are aware that some third parties are circumventing Safari’s privacy features and we are working to put a stop to it."
The Electronic Frontier Foundation (EFF), a pressure group for users’ rights online, said that then admission was bad news for the company, coming so soon after the news that it is aiming to unite the data it keeps about people using different parts of its services such as YouTube and its main search engine.
"It’s time for Google to acknowledge that it can do a better job of respecting the privacy of web users," the EFF said in a statement, in which it warned: "Google, the time has finally come. You need to make a pro-privacy offering to restore your user’s trust … it’s time for a new chapter in Google’s policy regarding privacy. It’s time to commit to giving users a voice about tracking and then respecting those wishes."
The company may also be tracking people without their knowledge on other browsers, including those on its own Android phones, because those do not implement the same security restrictions as Apple does.
The admission will put extra pressure on the company in the US where it has already fallen foul of the US Federal Trade Commission over privacy practices, and in Europe where it could still be subject to an antitrust investigation by the European Commission.
The circumvention, carried out by a small piece of code, meant that people could see messages indicating whether their associates in Google "Circles" on its Google+ social network had clicked on ads – but it also let Google and other advertisers see which websites people landed on.
Mayer told the Guardian that his team had been looking into what was being done for two months, and was sure it had been used by Google certainly since December – though it could have been running since July 2011.
Google declined to answer a Guardian request to say when it had begun the tracking.
The search giant insisted that a report in the Wall Street Journal, which first revealed the tracking, mischaracterised its actions, and that the users’ identities had remained anonymous throughout – although they were signed in to Google’s systems.
At least three other advertising companies – Vibrant Media, WPP Plc’s Media Innovation Group and Gannett’s PointRoll – also exploited the Google code to track users.
Google’s search engine is the default on all Apple’s mobile devices and in its Safari browser, of which there are more than 100m in use.
By default, Apple’s Safari browser only accepts cookies – small chunks of text with unique information such as the time of a user’s visit to a site – which come directly from by the sites that users are browsing.
But Google wanted to use its DoubleClick and other ad systems to track where people go online, so that it can serve "relevant" ads. It also wanted to be able to integrate its Google+ data into that information.
To get around Safari’s blocking, the Wall Street Journal explains, Google put code onto some of its ads served by DoubleClick’s servers at doubleclick.net to fool the Safari browser into thinking the user was interacting with DoubleClick.
But, the EFF notes: "That had the side effect of completely undoing all of Safari’s protections against doubleclick.net."
That meant that other DoubleClick cookies, including the principal tracking one which Safari would normally block, were allowed.
"Like a balloon popped with a pinprick, all of Safari’s protections against DoubleClick were gone," the EFF said.
In a statement, Google said: "We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.
"Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as [Facebook's] ‘Like’ buttons.
"Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalised ads and other content – such as the ability to ‘+1′ [the equivalent of Facebook's 'Like' for Google's new Google+ social network] things that interest them.
"To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalisation.
"But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous – effectively creating a barrier between their personal information and the web content they browse.
"However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser [by other advertising companies using the DoubleClick network]. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information."
While the data collected by the cookies would not contain the user’s name or personal details, privacy campaigners have long pointed out that the pattern of a user’s web browsing allows a picture of them to be built up which can led to direct identification or profiling so precise that it leave little doubt about their identity.
Google’s use of such systems in defiance of the settings of the user’s browser is the first time the company has been found doing so.
Google said: "Users of Internet Explorer, Firefox and Chrome were not affected. Nor were users of any browser (including Safari) who have opted out of our interest-based advertising program using Google’s Ads Preferences Manager.
"We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers."
Cory Doctorow, a novelist and columnist for the Guardian, commented at the Boing Boing blog that he believed the tactic by Google indicated that the internal pressure put on staff by chief executive Larry Page to integrated "social" elements into all its work – which has included the announcement that all staff bonuses are now tied to Google’s success in social software – "is leading the company to take steps to integrate G+ at the expense of the quality of its other services.
He pointed out that his own Google Mail account, whose address he has never made public, "has somehow become visible to G+ users, so that I get many, many G+ updates and invites to this theoretically private address, every day, despite never having opted into a directory and never having joined G+
Statistics: Posted by yoda — Fri Feb 17, 2012 2:51 pm
View full post on opinions.caduceusx.com