The Implication of the Stored Communications Act on Digital Forensic Evidence and the Reasonable Expectation of Privacy

Of all of the recent technological developments that have expanded the surveillance capabilities of law enforcement agencies at the expense of individual privacy, perhaps the most powerful is cell phone location tracking[1].  Close to ninety percent of American adults own a cell phone[2].  Such pervasive cell-phone use has caused the way Americans conduct their affairs to evolve.  This ubiquity of cell phone use creates the opportunity for law enforcement to use them as convenient tools for tracking suspects and persons of interest.

In 2011, law enforcement agencies sent nine popular cellular-service providers over 1.3 million requests for customer cellular data[3].  In August of that year, 35 ACLU affiliates filed over 380 public records requests with state and local law enforcement agencies to ask about their policies, procedures and practices for tracking cell phones.  While virtually all of the roughly 250 police departments that responded to their request said they track cell phones, only a tiny minority reported consistently obtaining a warrant and demonstrating probable cause to do so[4].  In most cases, the means by which law enforcement are able to track cell phones is by court order.

Police are then able to obtain call records, text messaging records, data usage information, and historic cell site location information (CSLI).  This information can then be aggregated to develop, with some degree of certainty, the whereabouts of a suspect.  Although the court has previously reached the conclusion that people do not have a privacy interest in their call records[5], there is much debate over the privacy interest inherent in CSLI.

CSLI includes a record of a particular cell phones signal interaction between one or more cell towers (antennae).  When a cell phone is turned on, it sends out signals approximately every seven seconds.  The signals are captured by the cellular network and it includes identifying information about the phone, including location.  When a phone call is made, the cell phone attaches to the tower with the strongest signal which is not necessarily the nearest tower.  During the course of the phone call, cell phone may switch between multiple towers; sometimes even using them simultaneous.  Simultaneous use of multiple towers location can be determined within a geographical area by a process of ‘triangulation’[6].

The reliability of this information in providing an accurate approximation of a suspect’s location can and should be interrogated from one case to the next.  This paper does not discuss the reliability of CSLI, rather this paper will discuss problems related to admissibility; particularly whether or not the current procedure for obtaining this information violates the privacy protections of the United States Constitution.




This paper will discuss the impact of 18 U.S.C. § 2703, the Stored Communications Act (SCA), on the use of digital forensic evidence  in criminal proceedings.  The SCA is the codification of Title II of the Electronic Communications Privacy Act of 1986[7] (ECPA).  Title II addresses access to stored wire and electronic communications and transactional records. It’s purpose is to protect privacy interests in personal and proprietary information while protecting the government’s legitimate law enforcement needs[8].

Our discussion primarily relates to Section 2703 of the SCA which describes the conditions under which the government is able to compel a digital service provider, such as the internet or telecommunications companies, to disclose “customer or subscriber” content and non-content information for the various types of service.  These services include GPS, cell site location information (CSLI) such as historical cell-site data, cloud services, and social media content.

  • 2703 provides the authorization for a “government entity” to seek disclosure from an “electronic service provider” of “electronic communications” that are in “electronic storage”. §2703 differentiates between information that has been stored for more or less than 180 days. Information that has been stored for less than 180 days can only be obtained “pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction.”[9]

As for information that has been stored for more than 180 days, probable cause is not necessary and can be obtained through subpoena or court order “only if the governmental entity offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.”[10]  This is essentially a reasonable suspicion standard[11].  The requirements for the information necessary to obtain a court order are found in subsection ‘d’ of 18 U.S.C.A. § 2703.  Hence, they are often referred to as ‘d-orders’.




On occasion, requests for d-orders have been challenged by the courts.  A notable and recent example is In re Application of the United States for Historical Cell Site Data where the court was “called on to decide whether court orders authorized by the Stored Communications Act to compel cell phone service providers to produce the historical cell site information of their subscribers are per se unconstitutional[12].”  The 5th Circuit Court held to the contrary, whereas the lower district court and the magistrate had concluded that the request for a d-order could be denied based on an interpretation of the SCA that gives the judge discretion to deny the request and on their belief that § 2703 is unconstitutional regarding the absence of a probable cause standard.

The issues raised by parties involved boil down to a Katz[13] analysis; whether or not the defendant had a “reasonable expectation of privacy”.  The Circuit Court allowed the amici participation of the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF).


The Government and the ACLU focus their analysis of the constitutionality of the SCA as applied to historical cell site data on distinct questions. The ACLU focuses on what information cell site data reveals — location information — and proceeds to analyze the § 2703(d) orders under the Supreme Court’s precedents on tracking devices. In contrast, the Government focuses on who is gathering the data — private cell service providers, not government officers — and analyzes the provision under the Court’s business records cases.[14]


The issue raised by the ACLU is that that historical CSLI allows the government to compile an intrusive view into their target’s whereabouts and that those whereabouts may be such that a reasonable expectation of privacy exists.  This is distinguished from the reasoning in United States v. Jones[15]. In Jones, the Supreme Court reasoned that a tracking device did not violate the 4th Amendment so long as the vehicle being tracked was observable by the naked eye; in other words, there is no expectation of privacy on a public street, and therefore observation of a target on a public street does not offend their reasonable expectation of privacy.  Furthermore, they reasoned that the tracking device simply enhanced their ability to follow a target.

The government’s view in this case implicates the third party doctrine.  Specifically that by using a cell phone, whether for calling, texting, or using the internet, we knowingly expose our usage to the service provider and thereby eliminate any reasonable expectation of privacy regarding that information.  Despite the 5th Circuit Court siding with the government, these issues have been raised in other Circuits and the results have not been uniform.

Recently, in United States v. Davis[16], 754 F.3d 1205 (11th Cir. June 11, 2014), the 11th U.S. Circuit Court of Appeals held that police also must obtain a warrant for cell site information from wireless phone companies.  In 2011, the 3rd Circuit rejected the conclusion that probable cause was required for all historical cell site location information, but concluded that the statute leaves magistrates discretion to require probable cause when circumstances deem it necessary[17].

The 5th Circuit reached a different result in 2013. It agreed with the 3rd Circuit that the issuance of § 2703(d) orders for historical cell site information is not per se unconstitutional, but concluded that such information is a business record; the third party doctrine applies, and magistrates have no discretion to decline to issue a Section 2703(d) order when the appropriate showing has been made[18].

Finally of note is a 6th Circuit Decision, United States v. Warshak.  In that 2010 case, the court ruled that law enforcement must have a warrant, not just a d-order, to compel a telecommunications provider to disclose the contents of a customer’s email.  To the extent that the Stored Communications Act provides otherwise, the 6th Circuit held that the statute is unconstitutional.

In addition to these disparate decisions on the federal level, state courts have also grappled with whether or 2703 (d) violates the constitution and whether or not judicial discretion regarding compliance can be implied.  However, for the most part, lower courts have accepted the government’s use of a D Order to compel historical cell site information[19].  A resolution to these discrepancies may be forthcoming in US v. Davis.  The decision in Davis was a panel decision and a government petition for an en banc decision was granted.  The prior decision was therefore vacated[20].  Since then, four cases have declined to follow the rationale of the prior holding:

  1. Although the Tenth Circuit has not decided whether 2703(d)‘s “reasonable grounds” standard is constitutional, the Court concludes that the Tenth Circuit would not adopt the reasoning in Davis. The Eleventh Circuit’s recent order vacating the decision to rehear the case en banc shows that the soundness of Davis’s holding is subject to question within even that circuit. Instead, to determine the constitutionality of § 2703‘s “reasonable ground standard,” the Court follows the Fifth Circuit’s analysis…[21]
  2. In light of U.S. Supreme Court precedent, and the application of the business records/third-party doctrine by the Fourth Circuit, the Court finds that Giddins’s Fourth Amendment rights were not violated when the government obtained his cell site location data pursuant to a court order under § 2703(d)[22].
  3. [Davis], deemed electronic location evidence as personal effects that an individual has a reasonable privacy interest in. However, it is important to note that the Davis decision has been withdrawn… Thus the Davis opinion does not presently support or even offer persuasive authority for the Defendants’ arguments[23].
  4. In support of this argument[24], Ford directs the court to authority for the proposition that an individual placing or receiving a call on a cell phone has not voluntarily exposed their location information. See United States v. Davis… The Fifth Circuit, responding to the same argument raised by the ACLU in S. for Historical Cell Site Data, rejected Ford’s position outright. We agree with the Fifth Circuit’s conclusion[25].

Justice Sotomayor recognized the narrow view necessary for the Court to reach their decision in Jones[26], however, her concurring indicates her opinion that the Court may need to expand its notions of privacy in the wake of the technological developments since the SCA was enacted in 1986.  Her opinion in this regard is worth quoting at some length:

I would take these attributes of GPS monitoring into account when considering the existence of a reasonable societal expectation of privacy in the sum of one’s public movements. I would ask whether people reasonably expect that their movements will be recorded and aggregated in a manner that enables the Government to ascertain, more or less at will, their political and religious beliefs, sexual habits, and so on… I would also consider the appropriateness of entrusting to the Executive, in the absence of any oversight from a coordinate branch, a tool so amenable to misuse, especially in light of the Fourth Amendment’s goal to curb arbitrary exercises of police power and to prevent “a too permeating police surveillance,” … More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties… This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks… But whatever the societal expectations, they can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy. I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.[27]

The Court may well have an opportunity to consider these issues in the near future.  No matter what the outcome of the en banc hearing in Davis, the decision will most likely get appealed up to the Supreme Court.




In recent years, prominent judges have, in written opinions, described and voiced concern over the harms associated with modern location tracking technologies. In doing so, they have suggested that Congress, not the judiciary, might be in the best position to provide appropriate incentives and remedies[28].  This is easier said then done.  In recent years, there have been four bills introduced that have attempted to reform geolocation privacy standards.

The bill most notable regarding this discussion is the Geolocation Privacy and Surveillance Act of 2013[29]The GPS Act seeks to establish a legal framework that gives government agencies, commercial entities, and private citizens clear guidelines for when and how geolocation information can be accessed and used.  The bill would create a process whereby government agencies can get a probable cause warrant to obtain geolocation information in the same way that they currently get warrants for wiretaps or other types of electronic surveillance.  In addition, the GPS Act would prohibit businesses from disclosing geographical tracking data about its customers to others without the customers’ permission[30].  Unfortunately, the bill has not been reintroduced.

The more recently introduced bill, the Location Privacy Protection Act of 2014 would prohibit companies from collecting or disclosing geolocation information from an electronic communications device without the user’s consent to private parties[31].  It does not discuss any barriers to law enforcement acquiring this information.  This issue is central to the GPS Act.  Rep. Chaffetz testified at a subcommittee hearing that he introduced the GPS Act because “the government and law enforcement should not be able to track somebody indefinitely without their knowledge or consent or without obtaining a probable cause warrant from a judge.[32]




Cell phone use will most likely continue to proliferate.  Along with that there will be new gadgets and electronics that gather location data (and biometric date, for that matter) and the need for reform with regard to government access to this data will only multiply.  Eventually this issue will reach the Supreme Court and I predict that the Court will err on the side of a more expansive notion of the 4th Amendment to complement the more expansive capabilities of the government to intrude.  A final question that will need to be answered in the event that this prediction comes to pass, is whether or not the decision would be retroactive with regard to “harmful error” and require new trials.

Regarding the GPS Act, the House version only acquired 20 co-sponsors and the Senate version had only 1.  This lack of support probably contributed to the bill not being reintroduced.  If those figures are indicative of the Congressional interest in protecting the privacy interest of Americans in their CSLI (and other data), not much protection can be expected.





[3] Id.


[4] (Accessed December 24, 2014)


[5] “there is no constitutionally protected reasonable expectation of privacy in the numbers dialed into a telephone system” Smith v. Maryland, 442 U.S. 735, 738, 99 S. Ct. 2577, 2579, 61 L. Ed. 2d 220 (1979)


[6] COMMENT: Can You Find Me Now? The Federal Government’s Attempt to Track Criminal Suspects Using Their Cell Phones, 43 Ariz. St. L.J. 591, 596-597.


[7] Author’s note:  ECPA was itself the codification of the wiretap provision of the Omnibus Crime Control and Safe Streets Act of 1968 (OCCSSA).  The OCCSSA was enacted as a government response to the urban rebellions that had been occurring spontaneously across the country as a response to police brutality.  Additionally, the FBI and other police agencies were already using wiretaps and against individuals and groups that were considered subversive, such as Martin Luther King Jr.  The wiretap provision created a legal framework for them to do what they had already been doing.


[8] ¶ 14,140 Electronic Communications Privacy Act Of 1986, 2009 WL 3960253. Guide to Computer Law.


[9] 18 U.S.C.A. § 2703 (West)


[10] Id.


[11] In re U.S. for an Order Pursuant to 18 U.S.C. Section 2703(D), 707 F.3d 283, 287 (4th Cir. 2013)


[12] In re Application of the United States for Historical Cell Site Data, 724 F.3d 600, 602, 2013 U.S. App. LEXIS 15510, 1-2, 58 Comm. Reg. (P & F) 1292, 2013 WL 3914484 (5th Cir. Tex. 2013)


[13] My understanding of the rule that has emerged from prior decisions is that there is a twofold requirement, first that a person have exhibited an actual (subjective) expectation of privacy and, second, that the expectation be one that society is prepared to recognize as ‘reasonable.’  Katz v. United States, 389 U.S. 347, 361, 88 S. Ct. 507, 516, 19 L. Ed. 2d 576 (1967).


[14] Id. at 608


[15] In [United States v. Jones, 132 S. Ct. 945, (U.S. 2012)], the Supreme Court found that that the government had conducted a search within the meaning of the Fourth Amendment when its investigators installed a GPS device on a suspect’s car and tracked his location monitoring for a twenty-eight day period. 132 S.Ct. at 949. The majority opinion did not find a general expectation of privacy in location data, but instead relied on the fact that government agents had committed a trespass against the suspect’s effects when they placed a GPS device on his car (the “trespass theory”). Id. at 952. Justice Alito, joined by four other justices, wrote a concurrence that relied exclusively on a privacy theory. Id. at 958 (Alito, J., concurring) (analyzing the issue “by asking whether respondent’s reasonable expectations of privacy were violated by the long-term monitoring of the movements of the vehicle he drove”). Justice Sotomayor, who concurred separately, discussed the possibility of applying a more generalized “privacy theory” to electronic location data but ultimately relied on the trespass theory “because the government’s physical intrusion on [the defendant’s] jeep supplies a narrower basis for decision.” Id. at 957 (Sotomayor, J., concurring).  United States v. Banks, No. 13-CR-40060-DDC, 2014 WL 4594197, at *2 (D. Kan. Sept. 15, 2014).


[16] Decision overturned; discussed infra.


[17] By Marcus A. Christian, Recent Decisions Restrict Law Enforcement Access to Cellphone Information: Are More on the Way?, 28 Westlaw Journal White-Collar Crime 2 (2014)


[18] Id.


[19] Stephanie K. Pell & Christopher Soghoian, Can You See Me Now?: Toward Reasonable Standards for Law Enforcement Access to Location Data That Congress Could Enact, 27 Berkeley Tech. L.J. 117, 143 (2012)


[20] United States v. Davis, 573 Fed. Appx. 925, 2014 U.S. App. LEXIS 17111, 2014 WL 4358411 (11th Cir. Fla. 2014).


[21] United States v. Banks, No. 13-CR-40060-DDC, 2014 WL 4594197, at *3 (D. Kan. Sept. 15, 2014).


[22] United States v. Giddins, No. CRIM. WDQ-14-0116, 2014 WL 4955472, at *10 (D. Md. Sept. 30, 2014)


[23] United States v. Rogers, No. 13 CR 952, 2014 WL 5152543, at *3 (N.D. Ill. Oct. 9, 2014)


[24] In the dissenting opinion, Judge Chapa wrote: I agree with the Third and Eleventh Circuits and conclude that “a cell phone customer has not ‘voluntarily’ shared his location information with a cellular provider in any meaningful way.”  I would therefore hold that Ford did not voluntarily surrender his reasonable expectation of privacy in his physical location and movements simply by using his cell phone. Because the State did not secure a warrant before obtaining the historical cell site data from Ford’s cell phone provider, Ford’s Fourth Amendment rights were violated, and the trial court should have granted his motion to suppress.


[25] Ford v. State, 444 S.W.3d 171, 189-90 (Tex. App. 2014), petition for discretionary review filed (Oct. 15, 2014)


[26]“the Government’s physical intrusion on Jones’ Jeep supplies a narrower basis for decision.”  United States v. Jones, 132 S. Ct. 945, 957 (U.S. 2012).

[27] Id.


[28] Stephanie K. Pell & Christopher Soghoian, Can You See Me Now?: Toward Reasonable Standards for Law Enforcement Access to Location Data That Congress Could Enact, 27 Berkeley Tech. L.J. 117, 164 (2012)


[29] On March 21, 2013, Senators Ron Wyden (D-OR), Mark Kirk (R-IL), and Congressman Jason Chaffetz (R-UT) reintroduced the legislation for the 113th Congress.


[30] (Accessed December 24, 2014)


[31] Id.


[32] Article: Stopping Police In Their Tracks: Protecting Cellular Location Information Privacy In The Twenty-First Century, 12 Duke L. & Tech. Rev. 200, 215


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s