Cell Phone and GPS Location Data in Criminal Prosecutions

18 U.S.C. § 2516, GPS, warrantless GPS surveillance, Electronic Communications Privacy Act, privacy, Cell Phone Location Data
Cell Phone and GPS Location Data
Board Certified Criminal Trial Lawyer at Law Office of W.F. ”Casey” Ebsary, Jr. notes recent developments in Cell Phone Location Data used in Criminal Prosecutions. When the government wants to track an individual’s location through his or her cell phone, it submits an application to a judge seeking an order compelling a company to provide access to location data. Cell phones generate several types of data that can be used to track their users’ past or present locations with various degrees of precision. 
Not all Courts agree on tracking. “Courts are divided as to whether the government must show probable cause before it can obtain cell phone location data, as well as on related questions regarding warrantless GPS surveillance.” “[W]ith respect to wiretapping Congress has balanced privacy interests with law enforcement needs by permitting the government to use that technique for only the more serious offenses, see 18 U.S.C. § 2516
The court found the Feds must disclose certain Cell Phone Tracking Data under the Freedom of Information Act (FOIA). “We affirm that portion of the district court’s decision directing disclosure of docket information from criminal cases in which the government prosecuted individuals after judges granted applications for cell phone location data withoutdetermining probable cause, and in which those individuals were ultimately convicted or entered public guilty pleas.”
One Court has reasoned, “In deciding whether the release of particular information constitutes an “unwarranted” invasion of privacy under Exemption 7(C), we “must balance the public interest in disclosure against the [privacy] interest Congress intended the Exemption to protect.” U.S. Dep’t of Justice v. Reporters Comm. for Freedom of the Press, 489 U.S. 749, 776 (1989); see Favish, 541 U.S. at 171; Ray, 502 U.S. at 175 (quoting Rose, 425 U.S. at 372).”
Even law enforcement agrees, “that disclosure of records revealing that an individual was involved or mentioned in a law enforcement investigation implicates a significant privacy interest.” The Government has expressed concerns that defense attorney(s) may investigate usage of Cell Phone tracking Data by contacting “convicted ‘defendants and/or their counsel to determine whether [the] defendants ever learned that they were the targets of warrantless cell phone tracking.'”
Other concerns include whether : “the Electronic Communications Privacy Act of 1986, Pub. L. No. 99-508, 100 Stat. 1848 (1986), should be revised either to limit or to facilitate the practice.” “The Supreme Court has recently granted certiorari to address the GPS issue. See United States v. Jones, 2011 WL 1456728 (June 27, 2011), granting cert. to Maynard, 615 F.3d 544.”
Criminal Defense Attorneys argue that Cell Phone Tracking data records kept by the United States Department of Justice (DOJ) “would also provide information regarding how often prosecutions against people who have been tracked are successful, thus shedding some light on the efficacy of the technique and whether pursuing it is worthwhile in light of the privacy implications. Information from suppression hearings in these cases could provide further insight regarding the efficacy of the technique by revealing whether courts suppress its fruits, and would disclose the standard or standards the government uses to justify warrantless tracking. Information from suppression hearings would also provide facts regarding the duration of tracking and the quality of tracking data, facts that would inform the public discussion concerning the intrusiveness of this investigative tool.”
A Federal Court of Appeals has just ruled: “In sum, because disclosure of the information considered in this Part would “shed[] light on [the government’s] performance of its statutory duties,” it “falls squarely within [FOIA’s] statutory purpose.” Reporters Comm., 489 U.S. at 773. And in light of the strength of the public interest in disclosure and the relative weakness of the privacy interests at stake, we conclude that production of the requested information will not constitute an “unwarranted” invasion of personal privacy under Exemption 7(C).”
The court found the Feds must disclose certain Cell Phone Tracking Data under the Freedom of Information Act (FOIA). “We affirm that portion of the district court’s decision directing disclosure of docket information from criminal cases in which the government prosecuted individuals after judges granted applications for cell phone location data withoutdetermining probable cause, and in which those individuals were ultimately convicted or entered public guilty pleas.”
Source: ACLU v USDOJ Docket No. 10-5159 (DC Cir Sept 6, 2011).
Cell Phone Data Tracking in Your Case? Call Casey at 813-222-2220.

Cell Phone and GPS Location Data in Criminal Prosecutions

Cell Phone Surveillance | Cell Tower Data | Judge’s Opinion

ECPA
Electronic Communications
Privacy Act
Author’s Comment: Your cell phone tells police a lot about you. A Judge recently provided written testimony about about the impact of the ECPA (Electronic Communications Privacy Act — that is a law that appears to be about anything but ensuring privacy of electronic communications). Title I of the ECPA 18 U.S.C.A. § 2510 allegedly protects wire, oral, and electronic communications while in transit. It was enacted to set down requirements for search warrants that are more stringent than in other settings. If you have issues or questions about this sweeping federal law, call me toll free at 1-877-793-9290.

Excerpts from the written testimony are below. We will be posting the complete testimony and will link to that for our readers.

“ECPA was passed in 1986 as a laudable attempt to balance the privacy rights of citizens and the legitimate interests of law enforcement, given the communications technology of that day.”

Author’s Comment: The ECPA provides that many of the requests and records are to remain secret. Title II of the ECPA, the Stored Communications Act (SCA) 18 U.S.C. §§ 2701 to 2712 protects communication held in electronic storage, most notably messages stored on computers. 

“By contrast, the SCA does not require $ 2703(d) orders to be sealed, and allows for “preclusion of notice” to others only if there is reason to believe the investigation would be jeopardized or other adverse consequences would result. 18 U.S.C. §§ 2705(b)(l)-(5).” 

“There are over 500 federal magistrate judges serving in district courts around the country. In addition to civil matters, our responsibilities on the criminal side generally include almost everything except conducting felony trials.”

“One of our chief functions is to issue search warrants and other orders in aid of criminal investigations. These include electronic surveillance orders for pen registers, trap and trace devices, tracking devices, 2703(d) orders for telephone and e-mail account records and activity.”

“With rare exceptions, ECPA orders pertain to ordinary crimes and criminals, not national security or terrorism cases.”

“The process is exparte, meaning only one party – law enforcement – appears before the magistrate judge. Since this is at the criminal investigation stage, no defendant has yet been charged so no defense counsel is there to challenge the government’s request. Likewise, no representative of the electronic service provider or the target phone’s subscriber is present. In fact, the orders routinely contain gag orders precluding the service provider from advising their customers that the government is accessing their cell phone or e-mail account records. The public rarely learns about these orders, even long after issuance, because they are routinely placed under indefinite (i.e., permanent) seal.”

“A reasonable estimate is that the total number of electronic surveillance orders issued at the federal level each year substantially exceeds 10,000”

“The application sought “the location of cell site sector (physical address) at call origination (for outbound calling), call termination (for incoming calls) and, if reasonably available, during the progress of a call,” in addition to “the strength, angle, and timing of the caller’s signal measured at two or more cell sites, as well as other system information such as a listing of all cell towers in the market area, switching technology, protocols, and network architecture.” 390 F. Supp. 2d at 749. “

“Under ECPA, secrecy is achieved in two-ways: (1) gag orders preventing service providers from informing customers about law enforcement monitoring of their cell phone and e-mail usage; and (2) sealing orders denying public access to judicial orders. Typically, electronic surveillance orders contain both types of provisions, but rarely impose an expiration period; instead, those orders remain in place “until further order of the court.”29 The catch is that there is no mechanism in place for the judge to revisit the sealing order. She does not retain jurisdiction over the case, which is not a “case” at all but an investigation that may or may not ripen into a real case.” 

“The brunt of such secrecy is not necessarily borne by the surveillance targets who are ultimately charged with a crime. After all, they are entitled to discover the nature and source of the prosecution’s evidence, including electronic surveillance orders leading to arrest. Suppression motions are available in the event of a constitutional violation. But not everyone caught up in the web of electronic surveillance is ultimately charged with a crime. Any target is likely to call or be called by family, friends, associates, or even total strangers who have no connection to a criminal enterprise. Yet by the fortuity of a single call, these by-standers may be swept up in a criminal investigation, their cell phone use monitored and their location tracked in real time. Unlike criminal defendants, however, these presumably law abiding citizens will never find out. The phone company cannot tell them, and courthouse records will disclose nothing. Ordinarily, a citizen whose house or office is searched is provided a warrant duly signed by a judicial officer, giving notice of the particulars of the search.33 When a citizen wishes to challenge the legitimacy of a law enforcement search of his home pursuant to a warrant, the law affords due process for that purpose. But when searches are shrouded in permanent secrecy, as in most cases of electronic surveillance, due process becomes a dead letter. Such secrecy also has a pernicious impact on the judicial process . . . .”

Author’s Comment: There are proposals to restrict the scope of this federal law, but as of today, November 22, 2010, the law and its ability to gather a diverse array of data about your cell phone usage remains a frequently used tool of federal law enforcement, including DHS (Department of Homeland Security) , DEA (Drug Enforcement Administration), FBI (Federal Bureau of Investigation), State, and Local Law Enforcement.

If you have issues or questions about this sweeping federal law, call me toll free at 1-877-793-9290.


Cell Phone, Surveillance , SCA, Stored Communications Act , ECPA , 18 U.S.C.  § 2510, 18 U.S.C. § 2701, ,  Electronic Communications Privacy Act


Cell Phone Surveillance | Cell Tower Data 

Criminal Defense Attorney | Feds on Facebook | Social Networking and Law Enforcement Tactics

W.F. “Casey” Ebsary, Jr.

Tampa Criminal Defense Expert, W.F. ”Casey” Ebsary, Jr., has suspected that cops use “fake identities” to “trick” users into accepting a government official as friend or otherwise provide information to the government. We believed that the feds watch Facebook, MySpace, Twitter, Flickr and other online social media and use the information for investigative (criminal or otherwise) or data gathering purposes.

A recent public records request by the EFF sought more information including:

Guides, manuals, policy statements, memoranda, presentations, or other materials explaining how government agents should collect information on social networking websites: how or when government agents may collect information through social networking websites; procedures government agents must follow to collect information through social networking websites; agreements with social-networking companies: using any visualization programs, data analysis programs or tools used to analyze data gathered from social networks; purchase orders for any visualization programs,data analysis programs or tools used to analyze data gathered from social networks; describing how information collected from social-networking websites is retained in government databases or shared with other government agencies.
How to be a Fed on Facebook
18 U.S.C. § 2702, Computer Crime and Intellectual Property Section, ECPA, EFF, Electronic Communications Privacy Act, Facebook, LinkedIn, Twitter, Yahoo
Prosecutor’s Obtaining Evidence From Social Networks
Training Materials

The feds produced a 33 page record. We just took a look at it and it appears to be a training program. The document was titled, “Obtaining and Using Evidence Social Networking Sites from Facebook, MySpace, Linkedin, and More.” It was authored by John Lynch, Deputy Chief, Computer Crime and Jenny Ellickson, Trial Attorney of the  Computer Crime and Intellectual Property Section.

The outline covered an Introduction to Social Networking Sites and an Overview of Key Social Networking Sites. Not suprisingly, buried in the training materials is the question: Why go undercover on Facebook, MySpace, etc? The answer in short succinct bullet points was to “Communicate with suspects / targets” and “Gain access to non-public info” and to “Map social relationships/networks.” The training session begins:  “Most social-networking sites allow users to:

•    Create personal profiles
•    Write status updates or blog entries
•    Post photographs, videos, and audio clips
•    Send and receive private messages
•    Link to the pages of others (i.e., “friends”)”

How can Law Enforcement Obtain data from these sites?

•    Some info may be public
•    Use ECPA to get info from providers
•    Undercover operations “

The ECPA is the Electronic Communications Privacy Act (ECPA) and it sets out the provisions for access, use, disclosure, interception and privacy protections of electronic communications. The feds use this information to:

•  Reveal personal communications
•  Establish motives and personal relationships
•  Provide location information
•  Prove and disprove alibis
•  Establish crime or criminal enterprise

How do the Feds get information from Facebook?

Since the Facebook Data is organized by user ID or group ID they use these resources: Data productions using the Fed’s Law Enforcement Guide includes Neoprint, Photoprint, User Contact Info, Group Contact Info, and IP Logs. The feds noted that “Facebook has other data available.” and that Facebook is “Often cooperative with emergency requests.” That means that the feds can claim urgency and shourtcut the time frames that are usually present when legal production of this information is sought.
What do the Feds Think about MySpace?

The feds noted that MySpace is owned by Fox Interactive Media and was the most popular Social Network; was passed by Facebook in 2008; True names are less encouraged than Facebook. Feds are noting there is Messaging through messages, chat, friend updates. MySpace has a Young user base,has a history of child safety concerns, and Privacy is currently less granular than Facebook. Cybercrime defense attorney notes that Granular Privacy Controls in social networks allow authorization profiles – the user gets to decide what data to show to other friends in the network. 

How do the Feds Get Info From MySpace?

The Feds know that many profiles have public content and thatData is organized by Friend ID. Notably, MySpace requires a search warrant for private messages or bulletins that are less than 181 days old. MySpace considers friend lists to be stored content and there are fixed Data retention times for User information and stored files. MySpace retains IP logs indefinitely and information for deleted accounts is kept for a year.

What the Feds believe about Twitter?

Twitter is the market leader in “micro-blogging.” Most Twitter multimedia is handled by 3d party links. Twitter allows both public or private updates. On Twitter Direct messages are private and the sender can delete these messages. the feds noted that short URLs used to serve malicious links and code.
How do the Feds Get Information from Twitter?
The good news for the Feds is that Most Twitter content is public and Private messages are kept until the user deletes them.

The bad news for the Feds is that Twitter only retains the first login IP, there is no user contact phone number, Twitter Will not preserve data without legal process, and Twitter has a stated policy of producing data only in response to legal process.

The Feds frequently use a 2702 request to short cut Search Warrant requirements. On the other hand, as of 2010, Yahoo has the following policy on 2702 requests from cybercrime investigators:

“Under 18 U.S.C. §§ 2702(b)(7) and 2702(c)(4) Yahoo! is permitted, but not required, to voluntarily disclose information, including contents of communications and customer records, to a federal, state, or local governmentalentity if Yahoo! believes in good faith that an emergency involving imminent danger of death or serious physical injury to any person requires such disclosure without delay.”

What about LinkedIn?

The feds use LinkedIn to identify experts and check the background of defense experts. The Privacy model is similar to Facebook and Profile information is not checked for reliability.

Federated Identity Issues Concern the Feds

The Feds note an upsurge in federated identity schemes. Social networking sites are increasingly adopting federated identity schemes such as OpenID, Facebook Connect. They write of concerns that Facebook, MySpace, Yahoo!, and Google authenticate identity and signin across platforms.

They give the following Example: A user can log in to a Facebook account using Google credentials. After a link is established between two accounts, Google will check and vouch for identity of its user. Authentication information split from activity information. In turn, a Facebook login may be used to authenticate.

The feds note that “If attribution is necessary, must determine identity provider – not simply the domain.”

Terms of Service TOS and Privacy Policies

The Federal Agent Training materials we reviewed after the EFF Freedom of Information Act FOIA Request noted that Social networks have extensive terms of service and privacy policies, most permit emergency disclosures to Law Enforcement. All specify exceptions to respond to legal process and protect service against fraud/damage

U.S. v. Drew addressed the failure to follow TOS and whether access to a network was unauthorized under 1030? Drew addresses whether allowing a violation of a website’s Terms of Service to constitute an intentional access of a computer without authorization or exceeding authorization would “result in transforming section 1030(a)(2)(C) into an overwhelmingly overbroad enactment that would convert a multitude of otherwise innocent Internet users into misdemeanant criminals.”

Criminal Penalties for Law Enforcement Officers for Violating the Privacy Protection Act

The feds also are concerned about the growth of social networks and the questions it raises about the breadth of the PPA. This author notes that the Privacy Protection Act provides for criminal penalties against federal officials who willfully disclose a record in violation of the Act, 5 U.S.C. § 552a(i)(1).

Ratings and Reviews

Board Certified Criminal Trial Lawyer
Google +
yelp