Timothy B. Lee explains that your telephone metadata (i.e., all the information about your call other than the actual content of the conversations) can tell the government a lot more than whom you called, when, and for how long. Lee quotes from numerous examples given by Ed Felten, a professor of computer science at Princeton University who contributed to a brief for the ACLU, about what your metadata can reveal about you.
In some cases, a single call can reveal a lot.
Certain telephone numbers are used for a single purpose, such that any contact reveals basic and often sensitive information about the caller. Examples include support hotlines for victims of domestic violence and rape, including a specific hotline for rape victims in the armed services.
Similarly, numerous hotlines exist for people considering suicide, including specific services for first responders, veterans, and gay and lesbian teenagers. Hotlines exist for suffers of various forms of addiction, such as alcohol, drugs, and gambling.
In other cases, the pattern of calls can reveal what a single call cannot.
If a government employee suddenly begins contacting phone numbers associated with a number of news organizations and then the ACLU and then, perhaps, a criminal defense lawyer, that person’s identity as a prospective whistleblower could be surmised.
So by simply looking for patterns in your metadata, one can infer a lot of information about you, making the actual content sometimes superfluous. Lee concludes:
In short, the distinction between call metadata and call contents is not as clear in practice as it might seem in theory. Sucking up everyone’s phone records gives the government access to a lot of highly sensitive information, like whether you’ve had an affair, gotten an abortion, or provided secret information to a reporter. Felten’s examples give ammunition to those who believe the Supreme Court should revise its interpretation of the Fourth Amendment.
So what is the Supreme Court’s current view on the application of the Fourth Amendment when it comes to telephone metadata? Unfortunately, as is often the case with rapidly advancing technology, the courts tend to be behind the times. The foundational ruling on this issue harkens back to 1979 in Smith v. Maryland. In that case, a person convicted of robbery and then placing harassing and obscene phone calls to his victim appealed the decision saying that the police had obtained his phone calling history from the phone company without a warrant and then used that information to convict him. He lost his case.
In his opinion, justice Harry Blackmun said that when you call somebody, you are giving a third party, in this case the phone company, the number to call and hence you have voluntarily relinquished your privacy as to the number, although the contents of the call still require a warrant because for that there is still a “legitimate expectation of privacy”, since people do not expect the phone company to be listening in or recording it, though we know it has the capability to do so.
Petitioner in all probability entertained no actual expectation of privacy in the phone numbers he dialed, and even if he did, his expectation was not “legitimate.” First, it is doubtful that telephone users in general have any expectation of privacy regarding the numbers they dial, since they typically know that they must convey phone numbers to the telephone company and that the company has facilities for recording this information and does in fact record it for various legitimate business purposes. And petitioner did not demonstrate an expectation of privacy merely by using his home phone rather than some other phone, since his conduct, although perhaps calculated to keep the contents of his conversation private, was not calculated to preserve the privacy of the number he dialed. Second, even if petitioner did harbor some subjective expectation of privacy, this expectation was not one that society is prepared to recognize as “reasonable.” When petitioner voluntarily conveyed numerical information to the phone company and “exposed” that information to its equipment in the normal course of business, he assumed the risk that the company would reveal the information.
Blackmun cited as evidence that the phone company sends you a monthly bill where it lists all the numbers you called, so you know that they keep a record of your numbers. It is this precedent that the government is using to argue that the collection of metadata does not require a warrant.
But as Lee writes in another article:
Blackmun’s reasoning may have turned on the fact that automatic dialing was a relatively new development in 1979. Previously, telephone users had to tell a human operator which number they wished to reach, making it plausible to regard the phone company as an active participant in the phone-dialing process, but a mere passive conduit in transmitting the phone call itself.
Technological progress has rendered this distinction increasingly dubious. For example, cell phone companies now keep records about the locations of their customers’ phones. The government has argued that this “non-content” information should be available without a warrant. Yet such records amount to a detailed record of everywhere the phone’s owner has been in the past month; a much more intrusive form of surveillance than a list of the phone numbers a customer has dialed.
The third party doctrine also suggests that the users of cloud e-mail providers don’t even enjoy Fourth Amendment protections in the contents of their messages, since those have been voluntarily shared with third parties such as Google and Microsoft. One appeals court has ruled that a warrant is required, but so far most other courts have not followed that precedent.
Things are much different now from 1979. So what are the ‘legitimate expectations of privacy’ now since the metadata that is generated and stored is far more extensive and intrusive? On the one hand, it could be argued that people now have a “legitimate expectation of privacy” that is in fact more extensive than it was in 1979 and could extend to even the phone numbers and email addresses since everything is automated and the actual number of humans directly routinely viewing that information is smaller. On the other hand, some people have become wearily resigned to the fact that they are under constant surveillance, if not by the government then by commercial companies and their employers, and so may have lower expectations of privacy. So the issue may be ripe for re-evaluation.
However, given the much greater deference courts now give to the government’s authority, especially when the latter invokes the ‘war on terror’ excuse, I am not hopeful that they will come down on the side of greater privacy.