Third party rights and the Carpenter cell-site case

In Carpenter v. United States, the Supreme Court will decide whether a warrant is required for the government to obtain historical cell-site records from a customer's account. This post asks a question for those who think the answer should be "yes": How do you deal with the Fourth Amendment rights of the cellphone providers? I'm not sure what the answer should be, but I think it's an important question to help understand the issues and stakes in Carpenter.

This is a complex issue, so I'm going to break it down into three steps. I'll start with an overview of the third-party doctrine. I'll then turn to third-party rights under current law. I'll next consider different ways the third-party rights might work if the Supreme Court holds that a warrant is required.

I. Overview of the Third-Party Doctrine

Lower courts have held, consistently with U.S. Supreme Court precedent, that historical cell-site records are not protected under the Fourth Amendment. They have mostly based this holding on the third-party doctrine, the rule that you don't maintain Fourth Amendment rights in information that you voluntarily disclose to a third party.

As I explained in this article, the third-party doctrine was originally intended to be the subjective expectation of privacy test in Justice Harlan's Katz concurrence. The idea was that you can only have privacy in what you try to hide from others: You need to manifest your subjective expectation of privacy to have Fourth Amendment rights, shielding it from observation, so that you can't have such rights in what you knowingly disclose to others. As my article explains, this rule has been around for a very long time, but it accidentally moved over time from the subjective expectation test into the objective expectation of privacy test in the 1970s and 1980s.

The third-party doctrine has had very wide application. If a criminal confesses to his friend about his crimes, the government can get the information from the friend without implicating the criminal's Fourth Amendment rights. If a person commits an offense in front of an eyewitness, the government can get the information from the eyewitness without implicating the criminal's Fourth Amendment rights. If a person goes to the bank and deposits a check, the government can get the information from the bank without implicating his Fourth Amendment rights. And if a person dials a number to place a phone call, the government can get the numbers dialed from the phone company without implicating his Fourth Amendment rights.

II. What About the Constitutional Rights of the Third Party?

A key implication of the third-party doctrine is that the government only has to deal with the constitutional rights of the person or business that received and now possesses the information. Upon the information's receipt, the thinking goes, the sender of the information no longer has Fourth Amendment rights in it. Only the rights of the recipient/holder of the information matter.

That raises the question of to what extent the constitutional rights of the holder of the information can limit law enforcement. The answer is: some, although not much. First, the Supreme Court has held that there are no Fourth Amendment limits to the government compelling a person to testify about what they know and what they saw. That raises Fifth Amendment issues if the person who would testify may be thought to be involved in criminal activity, but the compelled testimony is not a search or seizure under the Fourth Amendment. See United States v. Dionisio, 410 U.S. 1 (1973).

Second, if the government compels a person or company to hand over stored records as opposed to live testimony, the Fourth Amendment applies to the records but the constitutional limit is only unreasonable burdensomeness. There is no warrant or probable cause requirement. See, e.g., Hale v. Henkel, 201 U.S. 43 (1906); In re Horowitz, 482 F.2d 72 (2d Cir. 1973) (Friendly, J.). To be sure, the Fourth Amendment still applies fully to direct entry. The government ordinarily needs a warrant to break into a business and seize records just like it needs a warrant to break into a home. But it's a different situation when the government is compelling assistance rather than searching directly.

These same Fourth Amendment rules apply when the government is seeking information that a business happens to hold about its customers. Whether the target of the investigation is the business or its customers doesn't matter under the Fourth Amendment. This means that if the government is seeking a company's assistance to disclose records about the business's customers, the information is protected under the Fourth Amendment in the abstract because the business has its own Fourth Amendment rights. At the same time, the third-party business generally can be required to keep and disclose the records under a fairly low burden. See, e.g., California Bankers Association v. Shultz, 416 U.S. 21 (1974); Couch v. United States, 409 U.S. 322 (1973); Donaldson v. United States, 400 U. S. 517 (1971). And because the information or records ordinarily could not incriminate the third party in criminal activity, the third party business cannot assert a Fifth Amendment privilege against production. See Fisher v. United States, 425 U.S. 391 (1976).

The idea that a business has only modest Fourth Amendment rights to fight compelled disclosure of customer records isn't new. It has been around a long time. For example, in First National Bank v. United States, 267 U.S. 576 (1925), the IRS wanted to see if a couple had underreported their income on their federal income tax forms. The IRS issued a summons to the couple's bank requiring the bank to produce their books showing the couple's banking account records. The idea was that the bank statements would reveal whether the couple had falsely reported their income. The bank refused to comply under the Fourth Amendment on the ground that producing the records was an unreasonable search or seizure and that the bank wanted to keep its customer's account records private.

The district court rejected the bank's claim. "This is not a question of a search and seizure of a party's books and papers," the court wrote, "but of whether a witness who has information as to a party's dealings may be required to testify to those facts, and produce book entries as to such entries in connection with and supporting such testimony." It would be "monstrous," the court rather dramatically added, for the government not to be able to determine the proper taxes that a person owed simply "because the bank desires to protect the dealings of its customers from unauthorized investigation." The Supreme Court then affirmed the district court in a one-sentence per curiam opinion "upon the authority" of the court's precedents about subpoenas for business records (including Hale v. Henkel, cited above).

III. Applying the Traditional Approach to Historical Cell-Site Records

Applying this traditional body of law to historical cell-site records is pretty straightforward, I think. The cellphone company generates and stores business records of what cell towers were used to connect a customer's calls. Those records are like the bank's records in First National Bank. The cellphone provider is ordered to be a "witness who has information as to a party's dealings [and] may be required to testify to those facts, and produce book entries as to such entries in connection with and supporting such testimony."

Granted, Congress requires an intermediate facts court order under the Stored Communications Act for the government to compel those records. A mere subpoena, which would be sufficient under the Fourth Amendment, isn't enough under the statute. But if the lesser process of a subpoena is sufficient to satisfy the rights of the company, presumably the greater process of an intermediate facts court order is as well (although that hasn't been challenged), And under the third-party doctrine, access to the account records wouldn't implicate any Fourth Amendment rights of the user.

If you'll pardon a brief digression, it's not even clear you need the third-party doctrine to say that the records don't implicate the user's Fourth Amendment rights. The third-party doctrine is traditionally about the disclosure of private information that a suspect has revealed. The idea is that the suspect has private information, chose to reveal that information (often in confidence) to someone, and then the government sought that private information from that person. The cell-site business records in Carpenter are arguably one step removed from that. They are business records of how a private company decided to direct calls to and from the user. The records are about what a private company did for a user, not necessarily what a user chose to disclose in confidence to the company.

But at the very least, the third-party doctrine seems to fit the Carpenter case under traditional caselaw principles. So the old answer would be no Fourth Amendment rights for the customer, although statutory rights provided by Congress, and only modest Fourth Amendment rights for the cellphone provider.

IV. If the Third-Party Doctrine is Rejected, How Should Courts Deal With Third-Party Rights?

That's the old law, at least. Now let's consider how the Fourth Amendment would work if the Supreme Court rejects that traditional approach. Let's assume the Supreme Court agrees with the defendant on both issues in Carpenter: First it holds that users have Fourth Amendment rights in cell-site records, and second it holds that the records are protected by a warrant protection.

Now we get to my question: Assuming the Supreme Court makes these two holdings, how would this work with respect to the provider's rights? The government does not seek cell-site records by breaking into the provider's business and rummaging around its offices and computers. That would ordinarily require a warrant even under the traditional law of the third-party doctrine. The records are already protected under the Fourth Amendment as held by the company, after all, and ordinarily the government would need a warrant to break into the company headquarters and seize them because of the company's Fourth Amendment rights.

The tricky problem, I think, is what to do with the provider's rights once the user also has rights in the records. Assume, for now, that the company does not want to comply with the government's legal process. If the records were about the provider, a subpoena would be enough for the government to force the company to disclose them.

Here's what I'm stuck on: How do you reconcile the conflict between that rule and a warrant requirement if the Fourth Amendment rights belong to the user? Is the idea that a company served with a subpoena for business records has to figure out if the subpoena implicates only its own Fourth Amendment rights (in which case the subpoena complies with the Fourth Amendment so long as it is not overbroad) or if it also implicates a user's Fourth Amendment rights (in which case the subpoena is insufficient and a warrant is required?). If the government issues a subpoena for business records and it turns out that a customer also had rights in the data, would we say that compelled compliance with the subpoena violated the rights of the user but not the company?

Alternatively, if it doesn't make sense for every subpoena and sub-warrant court order to require a standing analysis before knowing if compliance is legal, which rule do you apply to both situations if a single rule has to be chosen? Do you say that both situations require a warrant, such that all subpoenas issued to businesses now require probable cause and warrant particularity (effectively eliminating the use of business record subpoenas for investigations)? Or do you say that neither situation requires a warrant, such that the user has Fourth Amendment rights in cell-site records but that a valid subpoena is enough to overcome the Fourth Amendment rights just as it it would for ordinary business records?

Next assume that the cellphone company wants to cooperate. If both the user and the company have Fourth Amendment rights in the records, then I imagine the common authority doctrine would apply. Under the common authority doctrine, if there is "mutual use of the property by persons generally having joint access or control for most purposes," they both can consent to a search. See United States v. Matlock, 415 U.S. 164 (1974). Cellphone customers may not have joint access and control over cell site records: They don't know what the records say and have no ordinary means of accessing them. But if they nonetheless have Fourth Amendment rights in the records, I would think that at least the company has common authority over the records allowing them to legally consent to law enforcement access to the records.

If that's right, though, how does it work if the phone company is willing to help the government? Imagine Carpenter holds that users have Fourth Amendment rights in cell-site records, and that a warrant is ordinarily required. Can a provider tell the government that as long as the government has a 2703(d) court order, as required by the statute, that it will voluntarily consent to hand over the records under the common authority doctrine? If so, whether there is really a warrant requirement would depend on what the company wants to do: Because both the user and the company have common authority over the company's business record, the company could consent and eliminate the right.

You could try to avoid this by saying that the cellphone providers lack common authority over their own business records. But that seems like a hard result to justify. The companies created and used the records and keep them. It seems hard to say that they lack access to or control over the records that they created and keep for their own use.

Granted, caselaw would suggest that companies lack common authority to consent to a government search of the contents of communications, such as emails. In physical space, the landlord of an apartment or the hotel employee at the hotel lacks common authority to consent. See Chapman v. United States, 365 U.S. 610 (1961) (landlord); Stoner v. California, 376 U.S. 483 (1964) (hotel employee). By analogy, I would think that an email provider couldn't ordinarily consent to a search of the contents of a user's emails, at least barring some unusual terms of service. But with cell-site records, I would think that the phone companies have at least common authority (if not exclusive authority) over the records of how their network connected calls.

V. Let Me Know Your Thoughts

For the seven readers that have made it this far, let me know your thoughts! There may be good answers to these questions. But it seems like largely uncharted territory, and I'm not sure yet what those good answers are.