News, Developments, and Insights

high-tech technology background with eyes on computer display


by Daniel J. Solove

Today, the U.S. Supreme Court handed down a decision on two cases involving the police searching cell phones incident to arrest. The Court held 9-0 in an opinion written by Chief Justice Roberts that the Fourth Amendment requires a warrant to search a cell phone even after a person is placed under arrest.

The two cases are Riley v. California and United States v. Wurie, and they are decided in the same opinion with the title Riley v. California. The Court must have chosen toname the case after Riley to make things hard for criminal procedure experts, as there is a famous Fourth Amendment case called Florida v. Riley, 488 U,S, 445 (1989), which will now create confusion whenever someone refers to the “Riley case.”

Fourth Amendment Warrants

As a general rule, the government must obtain a warrant before engaging in a search. A warrant is an authorization by an independent judge or magistrate that is given to law enforcement officials after they properly justify their reason for conducting the search. There must be probable cause to search — a reasonable belief that the search will turn up evidence of a crime. The warrant requirement is one of the key protections of privacy because it ensures that the police just can’t search on a whim or a hunch. They must have a justified basis to search, and that must be proven before an independent decisionmaker (the judge or magistrate).

The Search Incident to Arrest Exception

But there are dozens of exceptions where government officials don’t need a warrant to conduct a search. One of these exceptions is a search incident to arrest. This exception allows police officers to search property on or near a person who has been arrested. In Chimel v. California, 395 U.S. 752 (1969), the Supreme Court held that the police could search the area near an arrestee’s immediate control. The rationale was that waiting to get a warrant might put police officers in danger in the event arrestees had hidden dangerous items hidden on them or that arrestees would have time to destroy evidence. In United States v. Robinson, 414 U.S. 218 (1973), the Court held that there doesn’t need to be identifiable danger in any specific case in order to justify searches incident to arrest. Police can just engage in such a search as a categorical rule.

What About Searching Cell Phones Incident to Arrest?

In today’s Riley case, the Court examined whether the police are allowed to search data on a cell phone incident to arrest without first obtaining a warrant. The Court held that cell phone searches should be treated differently from typical searches incident to arrest because cell phones contain so much data and present a greater invasion of privacy than more limited searches for physical objects: “Cell phones, however, place vast quantities of personal information literally in the hands of individuals. A search of the information on a cell phone bears little resemblance to the type of brief physical search considered in Robinson.”

The Court reasoned: “Cell phones differ in both a quantitative and a qualitative sense from other objects that might be kept on an arrestee’s person. The term “cell phone” is itself misleading shorthand; many of these devices are in fact minicomputers that also happen to have the capacity to be used as a telephone. They could just as easily be called cameras, video players, rolodexes, calendars, tape recorders, libraries, diaries, albums, televisions, maps, or newspapers.”

Additionally, the Court stated:

The storage capacity of cell phones has several interrelated consequences for privacy. First, a cell phone collects in one place many distinct types of information—an address, a note, a prescription, a bank statement, a video—that reveal much more in combination than any isolated record. Second, a cell phone’s capacity allows even just one type of information to convey far more than previously possible. The sum of an individual’s private life can be reconstructed through a thousand photographs labeled with dates, locations, and descriptions; the same cannot be said of a photograph or two of loved ones tucked into a wallet.

My Thoughts about this Case: Implications for the Third Party Doctrine

I applaud the Supreme Court’s decision. Although the case involves searches incident to arrest and not other areas of the Fourth Amendment, the Court recognizes some key points about privacy and technology that might harbinger a change in some other Supreme Court doctrines. One of the worst doctrines in my view is the “third party doctrine,” which holds that if data is known to a third party, then there is no reasonable expectation of privacy in that data (and, as a result, no Fourth Amendment protection at all).

A main case was Smith v. Maryland, 442 U.S. 745 (1979), which held that the phone numbers a person dialed weren’t protected by the Fourth Amendment partly because the phone company had access to them and partly because phone numbers weren’t viewed to be as sensitive as phone calls. The third party doctrine has been extended by other courts to apply to other forms of data, including records maintained by companies of one’s Internet activity, one’s purchases, and more. For more background about the third party doctrine, see:

* Hanni Fakhoury, Smith v. Maryland Turns 35, But Its Health Is Declining (EFF blog)

In Riley, the Court recognizes the importance of the amount and sensitivity of the data in light of modern technology.

There are two key points that the Court seems to now be recognizing in the Fourth Amendment context. First is the aggregation effect. As I explained in my book, Understanding Privacy: “A piece of information here or there is not very telling. But when combined together, bits and pieces of data begin to form a portrait of a person. The whole becomes greater than the parts. This occurs because combining information creates synergies. When analyzed, aggregated information can reveal new facts about a person that she did not expect would be known about her when the original, isolated data was collected.”

Second, the Court recognizes that simplistic rules don’t always work in light of changing technology. With cell phones, technology now enables a lot of information to be stored in a small device in one’s pocket. The fact that the device is small and stored on a person shouldn’t trigger old rules designed for a world before cell phones. With the third party doctrine, the rule was made in the 1970s when only certain forms of data were maintained by third parties. Now, much of our activity involves information that is stored with third parties. The government can find out a lot about private activities in a person’s home without ever having to enter into their home. The police can find out the books I read from records; they can learn about the Internet sites I visit from my Internet service provider; they can learn about the TV I watch from my cable company; and so on.

The Court’s reasoning in Riley suggests that perhaps the Court is finally recognizing that old physical considerations — location, size, etc. — are no longer as relevant in light of modern technology. What matters is the data involved and how much it reveals about a person’s private life. If this is the larger principle the Court is recognizing today, then it strongly undermines some of the reasoning behind the third party doctrine.

I have written a lot about the third party doctrine, and if you’re interested in reading more, see:

* Why Metadata Matters: The NSA and the Future of Privacy (LinkedIn blog)

* Nothing to Hide: The False Tradeoff Between Privacy and Security (Yale University Press 2011)

* Digital Dossiers and the Dissipation of Fourth Amendment Privacy, 75 Southern California Law Review 1083 (2002)

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of training on privacy and security topics.  This post was originally posted on his blog at LinkedIn, where Solove is an “LinkedIn Influencer.” His blog has more than 600,000 followers.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
* Professor Solove’s LinkedIn Influencer blog
* Professor Solove’s Twitter Feed
* Professor Solove’s Newsletter

Please join one or more of Professor Solove’s LinkedIn Discussion Groups:
* Privacy and Data Security
* HIPAA Privacy & Security
* Education Privacy and Data Security