The “Internet of Things” generally describes how physical objects around us are increasingly becoming wired to the internet, providing unprecedented access to information on how we live our lives. While it is well established that the Internet of Things provides hackers both voluntary and involuntary access to our lives, law enforcement and courts are just beginning to grasp the severity of the situation.
In United States of America v. Graham, the 4th U.S. Circuit Court of Appeals held the government did not violate the Fourth Amendment “by obtaining historical cell-site location information from cell phone provider” without first obtaining a warrant. This issue arose when the defendants were convicted following the denial of the defendants’ motion to suppress evidence gathered from cell phone towers.
In Graham, the government’s investigation uncovered “historical cell-site location information (CSLI) from defendants’ cell phone provider” that allowed the government to determine the exact time the defendants were near a particular cell phone tower. In short, the government was able to use this information to place the defendants near cell phone towers that were near the armed robberies at the time the robberies took place.
The use of this information hinged on the Fourth Amendment that ensures “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.” The Fourth Amendment broadly protects against searches “where the government violates a subjective expectation of privacy that society recognizes as reasonable.”
Here, in determining if the government’s warrantless investigation of the site location information was proper, the 4th Circuit opined that the central question was whether the defendants had a reasonable expectation of privacy related to this data collected by cell phone towers. Affirming the convictions, the 4th Circuit held the government did not violate the Fourth Amendment.
The central question in this appeal was whether the defendants had knowledge that they were conveying their location to the cell phone towers that ultimately would be used against them. The 4th Circuit found the defendants had the requisite knowledge they were conveying this information to allow it to be used as evidence. In particular, the court held a “cell phone user voluntarily enters an arrangement with his service provider in which he knows that he must maintain proximity to the provider’s cell towers in order for his phone to function.”
In its opinion, concurring in part and dissenting in part with the majority’s decision, the dissenting judges questioned the majority’s holding that a person’s location conveyed to a cell tower is not protected by the Fourth Amendment. Further, in footnote 7 of the dissenting opinion, the dissenting judges took a close look at the various devices, in addition to cell phones, that automatically convey data and questions how these devises will be handled in the future:
…The rule that one must “know” what one can reasonably expect to keep private is new to me, and I believe to Fourth Amendment doctrine as well. It is also yet another aspect of this Court’s present decision with troubling future implications. I suppose we can also expect no privacy in data transmitted by networked devices such as the “Fitbit” bracelet, which “can track the steps you take in a day, calories burned, and minutes asleep;” the “Scanadu Scout,” which can “measure your temperature, heart rate, and hemoglobin levels;” or the “Mimo Baby Monitor ‘onesie’ shirt,” which can “monitor your baby’s sleep habits, temperature, and breathing patterns.”
In addition, in footnote 8 of the dissenting opinion, the dissenting judges also analyze this issue in light of new devices coming to the market generally referred to as the Internet of Things:
That is also surely the case now, and will only become increasingly relevant going forward. See, e.g., Neil M. Richards, The Dangers of Surveillance, 126 Harv. L. Rev. 1934, 1940 (2013) (“The incentives for the collection and distribution of private data are on the rise. The past fifteen years have seen the rise of an Internet in which personal computers and smartphones have been the dominant personal technologies. But the next fifteen will likely herald the ‘Internet of Things,’ in which networked controls, sensors, and data collectors will be increasingly built into our appliances, cars, electric power grid, and homes, enabling new conveniences but subjecting more and more previously unobservable activity to electronic measurement, observation, and control.”); Peppet, supra note 7, at 88–89. Today, the majority saddles us with a rule that does not distinguish between information an individual himself conveys and information that computerized devices automatically record, generate, and transmit. In other words, the majority’s expansive interpretation of Miller and Smith will, with time, gather momentum—with effects increasingly destructive of privacy.
Even though the Internet of Things is only addressed in a footnote of the dissenting opinion, the mere mention of this issue demonstrates that courts will need to address these issues presented by technology in the near future. Specifically, the dissent highlights the problems in using evidence gathered from devices that transmit data automatically. And, these issues are not limited to criminal proceedings. In the same manner that data stored by Facebook is being used in civil courts, we can expect data generated by the Internet of Things to be used as evidence in both criminal and civil matters.