Sunday, September 01, 2013

Arguments against warrants for cell-phone location data get weaker with time

Reflecting on the debate at the Texas Legislature this year over cell-phone location data, it strikes me that the main argument put forth by law enforcement opposing a warrant requirement - that cell-phone location data is too inexact to individualize users' historical location - was not just wrong but wrong in a particularly familiar sort of way. I recall making a quite similar case a decade ago in opposition to Texas' compilation of biometric data, including facial recognition data gleaned from driver license photos. At the time, biometrics weren't nearly as robust as they are today. A decade ago it was possible to criticize facial recognition schemes by law enforcement just by pointing to high false-positive rates; the technology just didn't work well enough to endure a rigorous cost-benefit analysis. Today, facial recognition systems are on the verge of becoming far more robust and civil libertarians must confront the full, real-world implications of such technologies, not just the idea of them.

This year, however, the shoe was on the other foot. In their embittered fight against legislation by Rep. Bryan Hughes and Sen. Juan "Chuy" Hinojosa, law enforcement hung its hat on the argument that "real time" location data should require a warrant but historical data should not. They based that suggestion on the idea that "real time" data is fairly exact while historical data - compiled from triangulating cell-tower pings - may only pin someone's location at any given point to, say, one of three faces on a cell tower, a range that covers many people besides the suspect.

Problem is, technology has already passed that argument by. The increasing ubiquity of GPS combined with growing use of femtocells, picocells and the general metastasization of antennae and cell-phone towers into the American landscape are making historical cell-phone location data more accurate by the day. (More towers/antennae = smaller area-per-tower, tighter triangulation, etc..) Watching Grits' Google News feed on electronic privacy topics, one increasingly sees ever-more stories like this NBC offering, "Your phone is blabbing your location to anyone who will listen." The precision and accuracy of such metadata soon will no longer be an issue and debating the question will seem increasingly anachronistic.

The real-time vs. historic argument was already dated well before it was made here in Texas.In the House committee hearing, a visual aid compiled from the phone records of a German politician pretty much blew the argument out of the water. By 2015 when the bill inevitably comes up again, the argument will be even weaker than it was this year. Similarly, to argue against facial recognition tech in 2015, one must confront its real-world implications. It's no longer adequate or accurate to just say, "It won't work." That's also true regarding historic cell-phone location data, particularly now that other red states are moving toward a warrant requirement.

In the legal realm, the "Third Party Doctrine" remains the government's trump card. But in the political realm, the idea that there's no privacy right protecting personal information shared with vendors won't long hold water. Even the vendors don't defend it. That's why we witnessed such displays of hair-splitting sophistry at the Lege this spring by police opponents of the Hughes/Hinojosa legislation. The arguments used to support the government's stance in the legal realm weren't politically sustainable when subjected to the disinfecting sunlight of the political process.

Law enforcement (mainly the Houston and Dallas PDs) staved off a warrant requirement for location data in the near term, though a warrant was required for cloud-based email and other stored communications. But their success came because of their clout with the political leadership, subjecting the bill to pointless delays and hurdles throughout the process. They weren't winning the arguments, just dictating the outcome. That can only work for so long.


Anonymous said...

Grits, might I presume that our d/l pics live in and are regularly searched as part of the state and national criminal data bases?

Part of the 'new normal, you're all suspects now' attitude of those who watch our every move and transaction?

Do the dps d/l 'eye test' machines record a retina scan?

Gritsforbreakfast said...

No retina scans by DPS, to my knowledge. The perhaps most concerning piece passed post-9/11 was that that DPS now gathers thumbprints on drivers that it shared with the feds through one of the new fusion centers almost immediately after they got authorization. to be run through federal databases nobody ever heard of when the bill was debated at the Texas Lege.

The facial recognition software at the FBI doesn't come fully online until next year. But the feds have been searching based on fingerprints for ages.