EPIC v. DOJ (CSLI Section 2703(d) Orders)
- Report Details EU States' Use of Automated Decision-Making During Pandemic: In a report released this week, AlgorithmWatch analyzed how 16 countries throughout the European Union have adopted automated decision-making tools in response to the COVID-19 pandemic. Deployment of these tools is widespread across the EU, including voluntary exposure notification apps, a mandatory app recently greenlit by Slovenian government, and an app used in Poland and Hungary that relies on geolocation and face surveillance to enforce quarantine rules. The report notes that the effectiveness of automated contract tracing "lack[s] hard evidence . . . even months after the first deployments." EPIC has published recommendations on preserving privacy during the pandemic and has called on Congress to establish privacy safeguards for digital contact tracing. (Sep. 2, 2020)
- Unsealed Documents: Google Employees Knew Location Privacy Settings Were Misleading: Documents recently disclosed in Arizona's consumer protection lawsuit against Google show that the company's employees admitted Google's location privacy settings were "confusing" and potentially misleading. The suit, brought by Arizona Attorney General Mark Brnovich, alleges that Google violated the Arizona Consumer Fraud Act by collecting and storing location data on mobile devices—even after users believed they had turned off location tracking. A newly-unsealed version of Arizona's complaint reveals that Google employees knew the interface was "[d]efinitely confusing from a user point of view[.]" One employee wrote that Google's interface "feels like it is designed to make things possible, yet difficult enough that people won't figure it out." In July, twenty-seven members of EPIC's advisory board signed a letter urging the court to reject Google's efforts to delay a decision on unsealing the documents. In 2018, EPIC told to the Federal Trade Commission that Google's surreptitious tracking of user location data violated the FTC's 2011 Google consent order. The 2011 settlement with Google followed a detailed complaint brought by EPIC and a coalition of consumer organizations. (Sep. 1, 2020)
- D.C. Circuit Reverses District Court Ruling on Unsealing Electronic Surveillance Records + (Jul. 13, 2020)
- EPIC Obtains Records about Utah's Contact Tracing App; State Hasn't Conducted Privacy Audit of App + (May. 29, 2020)
- Senator Markey Says Contact Tracing Plans Must Protect Privacy + (Apr. 22, 2020)
- DOJ Responds to EPIC FOIA on Location Data + (Apr. 3, 2020)
- European Commission Seeks Anonymized Location Data, Citing Coronavirus + (Mar. 27, 2020)
- EPIC Seeks Records About Lawfulness of Use of Location Data for Public Health Surveillance + (Mar. 24, 2020)
- EPIC Seeks Records About White House Plan to Use Cellphone Data for Coronavirus Tracking + (Mar. 24, 2020)
- Government Considers Location Data to Track Coronavirus + (Mar. 19, 2020)
- FCC Proposes Fines for Wireless Location Data Violations + (Feb. 28, 2020)
- FCC Announces Enforcement Action on Location Privacy + (Jan. 31, 2020)
- Facebook Admits to Location Tracking, Ignoring Privacy Settings + (Dec. 17, 2019)
- EPIC Pursues Release of Location Tracking Orders + (Dec. 17, 2019)
- Following EPIC Suit, AccuWeather Changes Location Tracking Practices + (Nov. 12, 2019)
- EPIC Challenges Justice Department's Refusal to Search for Location Tracking Orders + (Aug. 26, 2019)
- International Privacy Experts Adopt Recommendations for AI, Location Tracking + (May. 7, 2019)
- Senate to Consider Nomination of William Barr for Attorney General + (Jan. 14, 2019)
- Congress Asks Google, Apple About Smartphone Data Collection + (Jul. 10, 2018)
- EPIC Urges Supreme Court to Steer Clear of Warrantless Vehicle Searches + (Nov. 20, 2017)
- Supreme Court to Hear Two Fourth Amendment Cases + (Sep. 28, 2017)
- DC Court: Warrantless Tracking with "Stingray" Violates Fourth Amendment + (Sep. 22, 2017)
- EPIC Urges Supreme Court to Apply Constitution to Cell Phone Data + (Aug. 14, 2017)
- Supreme Court to Hear Case on Privacy of Cell Phone Location Data + (Jun. 5, 2017)
- House Committee to Examine Cell Phone Surveillance + (Oct. 21, 2015)
- Appeals Court Upholds Fourth Amendment Protection of Location Data + (Aug. 6, 2015)
- Federal Court Finds Fourth Amendment Protects Cell Phone Location Data + (Aug. 4, 2015)
- In the States: NH Adopts Location Privacy Law + (Jul. 28, 2015)
- EPIC Launches State Policy Project + (May. 5, 2015)
- FTC Reaches Settlement with Customer Tracking Technology Firm Over Privacy Violations + (Apr. 24, 2015)
More top news
In Freedom of Information Act lawsuit EPIC v. DOJ, EPIC is seeking the public release of information detailing the Department of Justice's collection of cell site location information through S 2703(d) court orders.
Today, cell phones are as necessary as they are ubiquitous to Americans. Almost 95% of Americans own a cell phone. But, cell phones also generate precise location records that can track an individual's movements over time. As the Supreme Court recently explained in Carpenter v. United States, modern cell phones "tap into the wireless network several times a minute whenever their signal is on" and these connections generate "a time-stamped record known as cell-site location information (CSLI)." Telecommunication companies routinely collect and store this CSLI data. Prior to the Supreme Court's decision in Carpenter, law enforcement has routinely sought access to this data, without a warrant, through S 2703(d) court orders under the Stored Communications Act.
Section 2703(d) Orders Under the Stored Communications Act
Enacted in 1986, the Electronic Communications Privacy Act (ECPA) protects a wide range of electronic communications in transit and at rest. ECPA expanded and revised federal wiretapping and electronic eavesdropping provisions, including the Wiretap Act, and created the Stored Communications Act.
The Stored Communications Act requires law enforcement to obtain a court order or subpoena to access certain subscriber records. Section 2703(d) of the Act authorizes the government to compel a provider of electronic communication services to disclose certain subscriber records through a court order. Section 2703(d) orders can be granted based on a showing of "reasonable grounds to believe" that the records sought are "relevant and material" to an ongoing criminal investigation. This standard is lower than the "probable cause" standard of a warrant, which is required under the Fourth Amendment.
When law enforcement obtained CSLI through 2703(d) orders, they typically use CSLI records in investigations to pinpoint the location of individuals and create a map of their movements over time. For example, in United States v. Graham, the government compiled as much as 221 days' worth of CSLI, around 29,000 location data points generated per defendant, without a warrant. In Carpenter, the government obtained over five months of CSLI and used this data to create maps showing that the plaintiff's cell phone had been near four of the charged robberies.
Major telecommunication companies--such as Sprint, AT&T, Verizon, and T-Mobile-- have released transparency reports that include aggregate statistics about government requests for customers data. These reports, however, are neither comprehensive nor detailed enough to evaluate the full scope of law enforcement access to location data. The overall number of S 2703(d) orders cannot be assessed solely from these transparency reports because smaller telecommunications carriers do not publish transparency reporting.
CSLI and the Fourth Amendment After Carpenter
The Supreme Court in Carpenter v. United States considered the constitutionality of the Government's use of section 2703(d) orders to obtain CSLI. The Court ultimately held that cell phone location records are protected by the Fourth Amendment and that the "police must get a warrant when collecting CSLI to assist in the mine-run criminal investigation." The Court, however, left open the question of what legal process is required in emergencies or other unique situations.
The legal regime for law enforcement access to CSLI implicates privacy interests of nearly all U.S. persons. CSLI can reveal the most intimate details of everyday life: a trip to a place of worship, attendance at a political protest, or a visit to a medical specialist. Cell site location records obtained by the government are even more comprehensive than GPS records and this precision only increases with advancements in technology.
EPIC is interested in the DOJ's use of S 2703(d) orders for law enforcement investigations because the agency has never produced any comprehensive reports concerning the use of cell site data. Unlike the use of Wiretap Act authorities, which is subject to detailed reporting requirements, law enforcement use of cell site data is not subject to any comparable public accounting. EPIC submitted two Freedom of Information Act requests seeking the release of reports on the collect and use of cell site location information. As stated in EPIC's complaint, EPIC "seeks to determine the use, effectiveness, cost, and necessity in the collection and use of cell site location information so that the public, lawmakers, and the courts may have a better understanding of the use of this investigative technique."
- EPIC's 2017 CSLI FOIA Request (June 14, 2017)
- EPIC's 2016 CSLI FOIA Request (June 21, 2017)
- EPIC's 2019 CSLI FOIA Request (July 2, 2019)
- Eastern District of Pennsylvania Production (September 24, 2021)
U.S. District Court for the District of Columbia (No. 18-1814)
- EPIC Complaint (August 1, 2018)
- DOJ Answer (September 19, 2018)
- Joint Status Report (October 19, 2018)
- Joint Status Report (November 6, 2018)
- Joint Status Report (November 20, 2018)
- DOJ Motion to Stay Proceedings in Light of Lapse of Appropriations (January 3, 2019)
- Joint Status Report (February 7, 2019)
- Joint Status Report (March 15, 2019)
- Joint Status Report (April 26, 2019)
- Joint Status Report (June 13, 2019)
- Joint Status Report (July 25, 2019)
- EPIC Motion to Amend (August 26, 2019)
- EPIC Amended Complaint (August 26, 2019)
- DOJ Motion for Summary Judgment (Nov. 14, 2019)
- McEnany Declaration (Nov. 14, 2019)
- Martin Declaration (Nov. 14, 2019)
- Perricone Declaration (Nov. 14, 2019)
- Leshner Declaration (Nov. 14, 2019)
- Wilson Declaration (Nov. 14, 2019)
- Kornmeier Declaration (Nov. 14, 2019)
- EPIC Cross Motion for Summary Judgment (Dec. 17, 2019)
The following table reflects search results from five U.S. Attorney's Offices. EPIC's FOIA requests sought the first page of 2703(d) applications, orders, and warrants for the production of cell-site location information during 2016, 2017, 2018, and 2019. Each U.S. Attorney's Office deployed different search mechanisms ranging from keyword searches in their CaseView management system, to keyword system searches, to searching sealed filing records, to tasking criminal Assistant U.S. Attorney's to search their individual case files for the years requested. While some responsive records were withheld in full, the number of pages of responsive records reflect the total number of 2703(d) applications, orders, or warrants that the U.S. Attorney's Office sought from 2016-2019.