But what, if anything, does Carpenter mean for civil ediscovery? Let’s look first at how the court reached its conclusion.
Carpenter v. U.S.
The defendant in the underlying criminal matter, Timothy Carpenter, was convicted of numerous armed robberies and sentenced to 116 years in prison. On appeal, Carpenter argued that the police had unlawfully obtained location information from his cell phone provider without a warrant. Carpenter alleged that his cell phone’s location data — placing his phone in the area of various robberies when they occurred — should be protected by the Fourth Amendment’s prohibition against warrantless searches and seizures.
Under the third-party doctrine, information that is voluntarily shared with third parties is not protected by the Fourth Amendment. Until now, the courts had treated cell phone records — records about calls placed or received, or about text messages — as information that phone users voluntarily shared with their phones’ service providers.
But here, the court, recognizing technology’s continuing evolution, took the first steps to protect its users. Writing for the majority, Roberts described cell phones as “a pervasive and insistent part of daily life.” Not only have cell phones become “indispensable to participation in modern society,” but they also serve myriad roles for their users: as phones, yes, but also as cameras, notepads, interactive real-time maps, and more. And supporting those uses, the various data collected by cell phones is “detailed, encyclopedic, and effortlessly compiled” without any “affirmative act” on the part of the user.
In short, the court recognized that everyone has a cell phone, yet no one has a clear way to opt out of sharing the comprehensive background data about daily life that those phones monitor. That data is not so much “shared” as it is involuntarily collected and catalogued.
Therefore, the court narrowly ruled that cell phone location information is protected by the Fourth Amendment; law enforcement cannot have “unrestricted access” to it without first obtaining a warrant.
Implications for Corporate Ediscovery
What does the court’s new recognition of digital privacy mean for corporate ediscovery? While Carpenter is a narrow holding by a bare majority, plainly limited to state action in criminal prosecutions, it sets the stage for a new expectation of privacy. Now that we have the technical ability to collect and parse incredibly detailed information about individuals without their knowledge, we are reminded that our ability doesn’t necessarily equate to a license to do so.
Eventual extensions of this ruling could affect organizations with a BYOD policy: if the organization doesn’t provide a mobile device but expects its employees to use their own, it may no longer be reasonable to expect that much of the data on that phone belongs to the company. Instead, an individual right to privacy in this essential device could trump the company’s interest in gathering discoverable data from it.
Alternatively, in internal investigations of trade secret theft, corporate espionage, or other misconduct, organizations should be mindful of how invasive their investigations may be. If you wouldn’t attach a GPS tracker to an employee or wire their office to collect video or voice recordings, you probably don’t want to use cell phone data to gather the same information. Whether and how the Supreme Court will extend the Carpenter ruling to civil cases remains to be seen, but it may denote the general direction in which the court — at least with its current membership — is headed.
In this new era of digital privacy, no one can say for certain where our rights will begin or end, but the debate is underway.