Every time you power up your phone, or use it, you're giving away secrets about what you are doing and where you are.
Should that information remain secret, or have you voluntarily given the information away, along with your right to privacy?
The United States Supreme Court recently made a significant privacy ruling that impacts the majority of Americans.
Because of other things happening in the news, the breakdown of this case was under reported.
The case, Carpenter v. U.S., helped answer this question: How much privacy can you expect when using your cellphone or another mobile device which has the ability to track you? What are your Fourth Amendment privacy rights when it comes to each personal device?
Dr. Christopher Pierson—a globally recognized cybersecurity expert, Ponemon Fellow, and former Chief Privacy Officer and General Counsel—explained to SecureWorld what was at stake, where things stand after this significant ruling, and what it means for all of us.
5 top things about the 2018 Surpreme Court ruling on device privacy
Pierson is Founder & CEO of Binary Sun Cyber Risk Advisors. Here are his thoughts after Carpenter v. U.S.
- For decades, the case law in the U.S has held that persons who voluntarily share information with a third party have no expectation of privacy in that underlying information. So, when a person dials a phone number they are voluntarily giving the phone company and numerous intermediaries their own phone number, the number being called, and time and date information relating to that call. As a result, the Supreme Court held that this information was voluntarily provided to others and the callers have no expectation of privacy in the "metadata" about who called whom, when, and for how long. All that was required by the government was a showing of "reasonable grounds" for a court order to access the records—something that is quite a low bar in terms of privacy and search protections.
- What the Supreme Court in Carpenter held is that generally the government (i.e. law enforcement) must get a warrant before obtaining cellphone transactional records (tower location information). This means the government must show under a "probable cause" threshold of inquiry and proof that a warrant is needed to access the cell site location information (CSLI). Thus, the end result is that the government will have to procure more information and data to support such a warrant in the future, and as a result persons will have a greater degree of privacy in their location despite carrying devices that are constantly beaconing to cell towers.
- It is important to note that the Supreme Court is narrowing defining this case and also noted that a number of exigent circumstances exceptions (e.g. kidnapping, etc.) still are available for the government to request this information without a warrant.
- This case highlights a growing number of cases that the court has heard these past five years that have highlighted the privacy rights of individuals despite the fact everyone is carrying multiple computers and beaconing devices with them in every aspect of their daily lives in private and more importantly in public.
- Although this case is very specific to cell site location information, we can see that the Court is moving the pendulum back towards individual privacy despite technological advances.
You can see the Supreme Court's June 2018 ruling here.
This is an interesting trend and one that Dr. Pierson says he'll continue to track.
He will also deliver a keynote presentation, "Future of Cybersecurity: A Hydra of Risks & Opportunities," at the SecureWorld Dallas cybersecurity conference, October 10-11, 2018.
He'll discuss the intersection of cyber with privacy, law, and business, and how to prepare for the emerging cybersecurity risks your business is likely to face.