Last July, we reported on United States v. Davis, an Eleventh Circuit decision in favor of privacy rights. In that case, a three-judge panel held that cell phone users have a reasonable expectation of privacy in their cell phone location data. If the government wants to collect the data, it must first obtain a probable-cause warrant, as required by the Fourth Amendment.
The groundbreaking decision seemed a clear victory for privacy rights, but the victory proved to be ephemeral. Last year, the en banc court agreed to revisit the question and, weeks ago, declared that subscribers do not have a reasonable expectation of privacy in their cell tower location data. As a result, the government can collect such data from third-party service providers if it shows reasonable grounds to believe the information is relevant and material to an ongoing criminal investigation.
In February 2010, defendant Quartavius Davis was convicted on multiple counts for robbery and weapons offenses. Davis appealed on grounds that the trial court admitted cell tower location data that the prosecution had obtained from a cell phone service provider in violation of Davis’ constitutional rights. An Eleventh Circuit panel agreed with Davis. Speaking for the court, Judge Sentelle explained that Davis had a reasonable expectation of privacy in the aggregation of data points reflecting his movement in public and private places. The government’s collection of the data was a warrantless “search” in violation of the Fourth Amendment.
To reach that decision, the panel leaned heavily on a 2012 Supreme Court case called United States v. Jones. In Jones, the Court announced that the government must have a probable-cause warrant before it can place a GPS tracking device on a suspect’s car and monitor his travel on public streets. The Court so held based on a trespass (or physical intrusion) theory. Absent probable cause, the government could not commandeer the suspect’s bumper for purposes of tracking his movement, even if each isolated movement was observable in public. Several Justices went further, suggesting that the same result should obtain even without a trespass. They hinted that location data might be protected because individuals have a reasonable expectation of privacy in the sequence of their movements over time. It was this persuasive but nonbinding privacy theory that guided the Eleventh Circuit’s panel decision.
On rehearing, the en banc court rejected the panel’s approach. The court noted that Davis could prevail only if he showed that a Fourth Amendment “search” occurred and that the search was unreasonable. He could show neither. To demonstrate a search, Davis had to establish a subjective expectation and objective expectation of privacy in his cell tower location data. But this case involved the collection of non-content cell tower data from a third-party provider who collected the information for legitimate business purposes: the records were not Davis’ to withhold. According to the court, Davis had no subjective expectation of privacy in the data because cell phone subscribers know (i) that when making a call, they must transmit their signal to a cell tower within range, (ii) that in doing so, they are disclosing to the provider their general location within a cell tower’s range, and (iii) that the provider keeps records of cell-tower usage. But even if Davis could claim a subjective expectation of privacy, he could not show an objective expectation. In the court’s view, Supreme Court precedent made clear that customers do not have a reasonable expectation of privacy in non-content data voluntarily transmitted to third-party providers. Because there was no “search,” there could be no violation of Davis’ constitutional rights.
The en banc court explained further that Jones did nothing to undermine the third-party doctrine. For one, Jones involved a government trespass on private property. But the records in Davis were not obtained by means of a government trespass or even a search, so Jones did not control. Additionally, Jones involved location data that was first collected by the government in furtherance of a criminal investigation. By contrast, Davis involved location data that was first compiled by a service provider in the ordinary course of business. Simply put, “[t]he judicial system does not engage in monitoring or a search when it compels the production of preexisting documents from a witness.”
The IRS has unveiled a secure web application, the International Data Exchange Service (IDES), for cross-border data sharing. IDES will allow Foreign Financial Institutions (FFIs) and tax authorities from other countries to transmit financial data on U.S. taxpayers’ accounts, via an encrypted pathway, to the IRS.
The tool is part of the IRS’s effort to track U.S. taxpayer income globally. It is intended to assist FFIs and foreign tax authorities in their compliance with the U.S. Foreign Account Tax Compliance Act (FATCA). The act requires that financial institutions send to the IRS financial information of American account holders or face a hefty 30 percent withholding penalty on all transfers that pass through the U.S. With such steep fines, FFIs and their respective countries across the globe have agreed to comply with FATCA and submit account holder information, regardless of conflicts with their local laws. According to the IRS website, some 112 countries have signed intergovernmental agreements with the U.S., or otherwise reached agreements to comply, and more than 145,000 financial institutions have registered through the FATCA registration system.
IRS Commissioner John Koskinen called the portal “the start of a secure system of automated, standardized information exchanges.” According to the IRS, IDES will allow senders to encrypt data and it will also encrypt the data pathway. IDES reportedly works through most major web browsers.
It may sound efficient and it may even be secure; but IDES also serves as a reminder of the contradiction between FATCA and data privacy laws of many of the FATCA signatory countries. The conflict is part of why FATCA has earned the billing by many as an extra-ordinary extra-territorial law and an example of American overreach.
Countries like the United Kingdom, France, Italy, and Germany have data protection laws that restrict disclosure or transfer of individual’s personal information. To accommodate their own laws, these countries have entered agreements with the U.S. whereby FFIs report to their national tax authorities and the tax authorities then share data with the IRS. (The agreements highlight the questionable value to countries of their data protection laws—at least insofar of U.S. account holders are concerned—as they willingly sidestep their policies to avoid U.S. withholding penalties.)
Meanwhile, as FATCA-compliant countries prepare to push data overseas to the U.S., the E.U. is publishing factsheets directed to its citizens indicating that data protection standards will not be part of agreements to improve trade relations with the U.S. The E.U. is also working on more stringent data protection rules for member countries to strengthen online privacy rights. Are the E.U. member countries speaking out of both sides of their mouths? Or are they trying an impossible juggling act? Between the implementation of FATCA reporting and the growing concern of data privacy among FATCA signatory countries, these countries are bound either for intractable conflict or the continued subrogation of the rights of those citizens also designated U.S. taxpayers (an unfortunate result for dual citizens with minimal U.S. ties).
Regardless of ultimate upshot of this conflict, U.S. taxpayers—including those living abroad—should take heed that FATCA reporting is underway. You should consider how to disclose any unreported global income before your bank does it for you.
U.S. Court of Appeals Decision: Cell Location Data is Protected Under Individual’s Expectation of Privacy
The U.S. Court of Appeals for the Eleventh Circuit recently considered whether cell site location data is protected by the Fourth Amendment. On June 11, 2014, the court issued its decision in favor of privacy rights: the court held that cell site location information is within the cell phone subscriber’s reasonable expectation of privacy. If officers want the data, they must obtain the subscriber’s consent or a judicial warrant supported by probable cause.
The court’s decision in United States v. Davis pertained to Quartavius Davis, a federal defendant who was convicted in Florida on multiple counts of robbery, conspiracy, and possession of a firearm. For his crimes, Davis was sentenced to roughly 162 years in prison.
On appeal, Davis argued that his convictions and sentence should be reversed. Among other things, Davis argued that the trial court erred in denying his motion to suppress cell site location data, which the prosecution used to place Davis near the various crime scenes. Investigators were able to obtain the data without a probable-cause warrant. They did so under a provision of the Stored Communications Act, which states that a court may order production of non-content cell phone records based on reasonable grounds to believe the records are material to an ongoing criminal investigation. Davis objected that the evidence in his case should be suppressed because it was the product of a warrantless search conducted in violation of his constitutional rights.
The Eleventh Circuit agreed with Davis, holding that cell site location information is within the subscriber’s reasonable expectation of privacy. Speaking for the three-judge panel, Judge Sentelle discussed two distinct views of the interests subject to Fourth Amendment protection: property interests and privacy interests. The court determined that the privacy theory applied to Davis’ case. Because Davis had a reasonable expectation of privacy in his cell site location information, the government’s warrantless collection of that data violated Davis’ Fourth Amendment rights.
The Davis opinion is arguably the most protective of individual rights as compared to similar appellate decisions. In September 2010, the Third Circuit held that officers can obtain cell site data under the Stored Communications Act as long as they meet the reasonable-grounds standard. But the court also added that, in exceptional cases, a judge may impose a warrant requirement for data that can be used to track an individual’s movements in a private location, such as the home.
In July 2013, the Fifth Circuit issued a less-protective decision. In that case, the court held that individuals do not have a reasonable expectation of privacy in non-content cell site data. Therefore, the court must order the production of such information when the government meets its burden of proof under the Stored Communications Act.
The Supreme Court has yet to decide the issue. But past Fourth Amendment cases suggest that no fewer than five sitting Justices favor the privacy theory that Judge Sentelle relied on. They are likely to agree that cell phone subscribers have a reasonable expectation of privacy in their cell location data.
Federal Criminal Procedure