The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

All the Pieces Matter



Anyone who owns a mobile phone likely understands at this point that their device’s location can be tracked in real time in any number of different ways. Carriers, advertisers, Google, Apple, and other companies all have a highly accurate picture of where a device is at any given time. That’s part of the devil’s bargain we’ve all made in order to have space phones in our pockets.

Sure, you can track me as long as I can still order tacos with two swipes at 3 a.m.

But what many people may not be as aware of is that their carriers store information that can be used to reconstruct their movements long after the fact. Cell tower location data collected and stored by wireless carriers isn’t as granular or specific as GPS information, but it can provide a detailed map of where a user has been, when she was there, and what calls she made at those times. It’s the kind of data that got the Barksdale crew in so much trouble on The Wire. And right now, it’s available to law enforcement agencies without a warrant.

But that could change soon.

The U.S. Supreme Court this week announced that it will review a case that involves the use of cell tower location data to help convict a man of a string of armed robberies. The case, United States vs. Carpenter, concerns several robberies in Michigan and Ohio over the course of a number of weeks, and during the trial the prosecution relied on records of the defendant’s cell phone usage around the time of each crime. The government didn’t get a warrant to obtain those records from Timothy Carpenter’s wireless carrier, but instead used the Stored Communications Act, a law that allows the carrier to hand over the records without a warrant.

Carpenter eventually was convicted of the robberies, partially on the strength of records showing he had made calls from cell towers near each of the crimes around the time they were committed. Carpenter appealed and lost, but the Supreme Court now will look at the question of whether the location data generated by mobile phones is private enough to require that the police obtain a warrant in order to access it.

Many in the privacy community believe that to be the case.

“We use cell phones to stay in touch with friends and family on the go, rely on GPS mapping technologies to find our way about town, and wear Fitbits to try to improve our health. It’s impossible to use any of these technologies without sharing data with third parties, but choosing to rely on 21st-century technology shouldn’t mean we have to relinquish our constitutional rights,” Andrew Crocker and Jennifer Lynch of the EFF said in a post on the case.

“Although Graham and Carpenter involve only data generated when a phone makes or receives a call, future cases will also rely on location data generated every time our phones connect with cell towers to send and receive any kind of data. As more Americans have switched to smartphones, the amount of data transferred over wireless networks has increased significantly—2,400% between 2010 and 2015 alone. This has led to an increase in the number of cell towers—especially in cities—and will only ensure that CSLI becomes more and more precise.”

It’s important that law enforcement officials have the technical and legal tools they need in order to do their jobs, especially as the technology continues to change and advance at an insane pace. But it’s equally vital that those tools have limits and checks and balances to protect citizens from overreach and abuse. The Supreme Court’s decision to consider the use of stored location data that’s obtained without a warrant is a key signal that the court understands this quandary and is intent on addressing it.

Dennis Fisher

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)

Dennis Fisher

Dennis Fisher is editor-in-chief at Duo Security. He is an award-winning technology journalist who has specialized in covering information security and privacy for the last 15 years. Prior to joining Duo, he was one of the founding editors of On the Wire, Threatpost and previously covered security for TechTarget and eWeek.