The Supreme Judicial Court of Massachusetts issued two rulings last week addressing law enforcement access to and use of cell phone location data. In the first, the court found that pinging a cell phone’s real-time location constitutes a search in the constitutional sense. In the second, the court held that warrantless location tracking was an unlawful search and that information obtained as a result of that tracking was “fruit of the poisonous tree” that the defendant could suppress. The rulings acknowledge the challenges inherent in adapting age-old legal concepts to new technology, but also show that some invasions of privacy may be permissible depending upon the circumstances. While the court’s decisions addressed Article 14 of the Massachusetts Declaration of Rights rather than the Fourth Amendment to the U.S. Constitution, the analytical decisions may offer guidance as to how other courts may rule on similar issues in the absence of on-point precedent from the U.S. Supreme Court.

Commonwealth v. Almonor

On April 23, 2019, the court ruled that law enforcement compelling a suspect’s wireless service provider to ping the suspect’s cell phone, revealing its GPS coordinates, was a constitutional search for purposes of Article 14 of the Massachusetts Declaration of Rights, which states, in relevant part, that “[e]very subject has a right to be secure from all unreasonable searches, and seizures, of his person, his houses, his papers, and all his possessions.” However, after deciding that issue of first impression, the court found the warrantless search was adequately supported by probable cause and was thus reasonable under the exigent circumstances exception to the warrant requirement.

In Almonor, the defendant was suspected of murder. After the police learned Almonor’s phone number, they requested real-time location of his cell phone from his wireless service provider. The provider pinged the phone, and police used the resulting GPS coordinates to find the defendant and subsequently seized a sawed-off shotgun and bulletproof vest from his hiding place pursuant to a search warrant. Almonor successfully moved to suppress the evidence as fruit of an unlawful search, and the government appealed.Continue Reading Massachusetts High Court issues rulings defining contours of constitutional protection for cell phone location data

The Fourth Amendment right of the people “to be secure in their persons, houses, papers, and effects” has been center stage in debates over technology that scarcely could have been imagined at the time it was written. See, e.g., Carpenter v. United States, 138 S. Ct. 2206 (2018); United States v. Jones, 565 U.S. 400 (2012). With less fanfare, however, the Fifth Amendment has emerged as another critical consideration in recent cases focused on the protection of information accessible only through biometric scans (such as fingerprint or facial recognition). In the latest example of this trend, the U.S. District Court for the Northern District of California found that the Fifth Amendment right against self-incrimination prohibited the compelled use of biometric smartphone unlocking features, such as fingerprint, thumbprint, facial, or iris recognition, in In the Matter of the Search of a Residence in Oakland, California, No. 4-19-70053, 2019 WL 176937 (N.D. Cal. Jan. 10, 2019). Cases like this one read the right even more broadly than those dealing with the compelled production of passwords. Practitioners should monitor this ongoing judicial dialogue about how the Fifth Amendment should apply to issues newly arising in the information age.

The Northern District of California’s Fifth Amendment analysis in Oakland

In Oakland, the Government applied for a warrant authorizing investigators to compel any individual present at a residence connected to two extortion suspects to utilize biometric features to unlock digital devices found at the residence. Relying on recent U.S. Supreme Court decisions directly addressing the Fourth Amendment, including Carpenter, U.S. Magistrate Judge Kandis A. Westmore ruled that law enforcement could not force suspects to use biometric features to unlock digital devices because using such a feature would be testimonial for purposes of the Fifth Amendment’s protection against self-incrimination. In addition, Judge Westmore ruled that the “foregone conclusion” exception did not apply. She thus denied the warrant application.

In her analysis of whether using biometric features would be testimonial, Judge Westmore was mindful of the fact that “technology is outpacing the law” in some areas. She noted the U.S. Supreme Court’s direction in Carpenter to take technological advances into account when addressing constitutional issues and noted that courts “have an obligation to safeguard constitutional rights and cannot permit those rights to be diminished merely due to the advancement of technology.” 
Continue Reading Recent rulings indicate Fifth Amendment may join Fourth Amendment as critical consideration in courts’ efforts to apply constitutional protections to smartphones and other new technology

On October 24, 2018, the Florida Court of Appeal for the Fourth District ruled that the state could not compel the production of a defendant’s iPhone passcode and iTunes password because doing so would violate the Fifth Amendment’s protection against self-incrimination. The ruling in G.A.Q.L. v. State of Florida is encouraging for privacy advocates but may set up a showdown at the Florida Supreme Court, as it conflicts with a 2016 ruling from the Florida Court of Appeal for the Second District in which the court ruled that compelled production of a passcode did not violate the Fifth Amendment. The two pair of decisions highlights the variety of ways courts can choose to apply long-standing legal principles to new technology – and the resulting lack of predictability for practitioners.

Would compelled passcode production violate the Fifth Amendment?

The issue in G.A.Q.L. arose after G.A.Q.L., a minor, crashed his vehicle while driving under the influence, resulting in the death of one of his passengers. Upon searching the vehicle, police found an iPhone 7 alleged to belong to the minor. After obtaining a warrant to search the phone, the police sought an order compelling the minor to provide the iPhone passcode and the password for an associated iTunes account because the phone couldn’t be searched before an update was installed. The police wanted to search the phone because a surviving passenger stated she had communicated with G.A.Q.L. on the day of the crash via text messages and Snapchat. In response to the police’s motion to compel, the minor argued that compelled disclosure of the iPhone passcode and iTunes password would violate the Fifth Amendment. The trial court disagreed and ordered the production, so G.A.Q.L. petitioned the Florida Court of Appeal for a writ of certiorari to quash the trial court’s order.Continue Reading Florida Appeals Court rules Fifth Amendment bars compelled production of iPhone passcode, iTunes password

In his dissent in Carpenter v. United States, 138 S. Ct. 2206 (2018), Justice Kennedy observed that “the Cyber Age has vast potential both to expand and restrict individual freedoms in dimensions not contemplated in earlier times.” Justice Kennedy worried that the ruling, which held that a warrant is generally required for police to access cell site location information, would hamstring law enforcement by “transform[ing]” prior precedent into “an unprincipled and unworkable doctrine.” The Carpenter majority insisted, however, that its June 2018 decision was “a narrow one.” Future decisions will determine how far Carpenter will in fact reach, but recent decisions from the U.S. Courts of Appeals for the Second and Seventh Circuits demonstrate one important limit: the “good faith” exception to the exclusionary rule. While acknowledging Carpenter’s holding, both courts rejected the respective defendant-appellants’ appeals of suppression motion denials relating to searches predating Carpenter based on that exception.

Most recently, in United States v. Curtis, No. 17-1833, 2018 WL 4042631 (7th Cir. Aug. 24, 2018), the Seventh Circuit held that “even though it is now established that the Fourth Amendment requires a warrant for the type of cell-phone data present [t]here, exclusion of that information was not required because it was collected in good faith.” In Curtis, the appellant challenged the district court’s denial of his motion to suppress cell phone location information collected pursuant to the Stored Communications Act (SCA). Mr. Curtis did not dispute that the government had complied with the SCA, but argued he had a reasonable expectation of privacy in the location information and thus a search warrant was required. The district court denied the motion and permitted the location information to be offered as evidence, and Mr. Curtis was convicted of various crimes.

On appeal, the Seventh Circuit agreed that, per Carpenter, a warrant was required for the information, but that the Supreme Court “has not spoken to what should happen next.” According to the Curtis court, the answer was clear: the evidence did not have to be excluded because it was obtained in good-faith reliance on pre-Carpenter precedent.Continue Reading Federal Appeals courts decline to exclude cell phone location information collected without warrants pre-Carpenter, but Carpenter’s future impact still unclear

In a decision that may give genetic testing companies reason to breathe a sigh of relief, the U.S. Court of Appeals for the Ninth Circuit affirmed on August 21 the denial of a class certification bid by consumers suing under Alaska’s Genetic Privacy Act (the Act). In Cole v. Gene by Gene, Ltd., Plaintiff sought to represent a class of individuals alleging that Gene by Gene, Ltd. (Gene by Gene) violated Alaska Stat. Ann. § 18.13.010(a)(1) by disclosing customer DNA results and information without informed, written consent. According to the Ninth Circuit, the U.S. District Court for the District of Alaska did not abuse its discretion in finding that Plaintiff failed to show that common questions predominated over any questions affecting only individual members of the proposed classes, and that a class action was not superior to other methods of resolution. Thus, Plaintiff could not satisfy Fed. R. Civ. P. 23(b), and the litigation was not suitable for class treatment.

Plaintiff brought suit alleging that when consumers return DNA testing kits provided by Gene by Gene, the company not only permits consumers to view the results of its analysis, but also publishes the results of the DNA testing on publicly available websites – unbeknown to consumers. According to Plaintiff, this disclosure without consumer permission “carries serious and irreversibly privacy risks” and violates the Act. In his class certification motion, Plaintiff emphasized issues he claimed were common to all class members, such as whether consent was provided and whether the disclosure of information was for profit. Additionally, Plaintiff pointed out that the process for genetic information collection was the same, and the same types of genetic information were disclosed for each consumer.Continue Reading Ninth Circuit affirms class certification denial in genetic information privacy case