Fourth Amendment Rights in Numbers Dialed Stored Inside a Cell Phone:
I recently came across an interesting Fourth Amendment case in which a district court judge ruled that a defendant has no privacy rights in the list of phone numbers stored inside his cell phone: United States v. Fierros-Alavarez, 547 F. Supp.2d 1206 (D. Kan. 2008). This conclusion is wrong, I think, and why it's wrong raises an interesting aspect of Fourth Amendment law.

  The facts of the case are simple. The defendant was arrested and taken into custody, and a cell phone was taken from him at the time. The next day, the officers began to suspect that the cell phone stored records of criminal activity. Specifically, the officers believed that the defendant was a participant in a narcotics conspiracy, and that there would be records of calls to other members of the conspiracy inside the phone. Acting without a warrant, an officer searched three parts of the phone:
He looked at its "phone book" directory that stores names and telephone numbers, and he recorded the five names found there. He checked the recent calls directory that retains the telephone numbers of missed, received or dialed calls, and he wrote down the telephone numbers for the twenty recent calls. He checked the picture and video file but found nothing.
  The evidence was later used against the defendant to prove the case against him, and he moved to suppress the evidence on the ground that the officer violated his Fourth Amendment rights in looking through the phone. To resolve that issue, the court first addressed the threshold issue of whether the officer's retrieving the phone numbers violated the defendant's reasonable expectation of privacy.

  That threshold question forced the court to choose between two different lines of cases. On one hand, there are the cases concluding that a defendant normally has a reasonable expectation of privacy in the contents of data stored in his phones, pagers, and computers. On the other hand, there is Smith v. Maryland, 442 U.S. 735 (1979), in which the Supreme Court held that it does not violate a defendant's reasonable expectation of privacy to install a "pen register," a device for recording the numbers dialed from a particular phone line, at the office of the phone company.

  The basic question for the district court in Fierros-Alavarez was whether the Fourth Amendment rule for retrieving numbers dialed for a phone should follow the precedent for the device or the precedent for the data. The court concluded that the case was governed by Smith, and that therefore retrieving the data was not a search:
The government argues the holding in Smith and the later applications of Smith logically extend to the issue presented by the facts of this case so as to preclude an expectation of privacy in the recent call directory as well as the phonebook directory. The defendant's only rejoinder is that a phone book directory may disclose more information than that revealed in a pen register. The defendant, however, has not shown that the phone book directory in his cellular telephone discloses more than the "addressing information"-the telephone number and the subscriber's name-on the same numbers appearing in the recent calls directory. On the record as it stands, the court must conclude that the defendant has not carried his burden of proving a reasonable expectation of privacy in the addressing information retrieved from the recent calls directory and in the names and numbers taken from the phonebook directory. Thus, the court denies the defendant's motion for lack of standing.
  Wrong conclusion, I think. The general rule for Fourth Amendment searches is that privacy rights are determined ex ante by the place in which the search occurs, not ex post by whether the evidence turns out to be private. If a person has a storage device like a phone, computer, or package, Fourth Amendment rights are determined by whether the person has rights in the storage device, not whether the particular information discovered was sufficiently "private" to deserve Fourth Amendment protection.

  The leading case here is probably Arizona v. Hicks, 480 U.S. 321 (1987). In Hicks, an officer entered an apartment under exigent circumstances to try to find and stop a person who was firing gunshots from inside the apartment. Once inside, the officer saw very expensive stereo equipment in what was otherwise a squalid apartment. Suspecting that the equipment was stolen, the officer picked up the equipment to see the serial numbers so he could run the numbers for hits with known stolen property. In an opinion by Justice Scalia, the Court held that moving the equipment to reveal the serial numbers was a search:
It matters not that the search uncovered nothing of any great personal value to respondent - serial numbers rather than (what might conceivably have been hidden behind or under the equipment) letters or photographs. A search is a search, even if it happens to disclose nothing but the bottom of a turntable.
  That rule makes a lot of sense, I think. The police shouldn't be allowed to go through your private stuff so long as they only look for and take information that is in some sense "non-private." If you write a diary entry and describe going for a walk in the park, the police shouldn't be allowed to break into your home, rifle through your stuff, read your diary, and then take the entry about walking in the park all on the theory that the fact that your walk in the park was "public."

  The same goes for the numbers dialed stored in the cell phone in Fierros-Alavarez. Sure, if the police had installed a pen register in the phone and collected the information at the phone company, then collecting the number dialed wouldn't have triggered the Fourth Amendment. But the police didn't do that. And the police can't go hunting through private things like cell phones on the theory that they're only looking for information that they could have collected constitutionally if they had only thought of it at the time. Numbers dialed that are stored in a cell phone are normally protected by the Fourth Amendment as much as anything else stored in a cell phone, and it was wrong to say that Smith required a different result.

  There's a broader point at issue here: Fourth Amendment rights are contextual. Data, whether in the form of numbers (like telephone numbers here) or text (in the case of a diary), does not have a preordained level of Fourth Amendment protection in the abstract. If you store your diary at home under your bed, you have Fourth Amendment rights in your diary because you have stored in it your home. If you go into the park and leave your diary out in the open, you lose Fourth Amendment rights in what you have left open because you have left it open. The Fourth Amendment rights derive from the steps that the government must go through to retrieve the information in context, not the essential nature of the data itself.

  Finally, I should point out that there are some interesting possible exceptions to this general rule in cases involving digital contraband. This case doesn't involve contraband, though, so I'll just flag that possibility for now; see Richard Salgado's essay for more.
As with all technology cases, I think the appropriate analysis is to compare it to non-technological analogues. If he'd been carrying an address book in his pocket, and the police were aware of it from frisking him, would it be allowed for them to take it and look through it?

If so, then this is alright too; if not, no.
12.23.2008 9:19am
It seems like it does (or should at least) work like evidentiary privileges... it's not the information itself that's privileged, it's the communication, or the source. If I tell my attorney something that's also written in a business record somewhere, an opponent can't get the information from my attorney, but they can (assuming the rules are met) from the business record.

The same should work here. The police can't get the information from the phone itself, but they could subpoena the records or plant a pen register to get the same information (or get a warrant for the phone).

That reminds me of a related question... what is it about prepaid phones (pay-as-you-go) that when you subpeona their records, you only get account information, not call records?
12.23.2008 9:30am
If the phone was a Blackberry, iPhone, or similar, and contains other information not related to telephone calls, how is searching it any different than searching the hard drive of a laptop?

Cell phones are nothing more than hand-held computers that create, store, and present information.
12.23.2008 9:45am
PatHMV (mail) (www):
The pen register captures information in the process of being sent to a third party, the phone company. That's why pen registers are ok. Here, as JB points out, there is a direct physical analogue, the proverbial little black book. Can police open a sealed envelope which the suspect happens to be carrying at the time of his arrest? Could they open the little black address book? I would assume that those questions have been answered before, either in the negative or, if in the positive, as part of the "search incident to arrest" exception.
12.23.2008 9:46am
Prof Kerr,

What are your thoughts on how an inevitable discovery / independent source argument would play out in a situation like this? Of course it doesn't matter for the foundational question of whether or not its an illegal search, but as a practical matter it seems like it voids a large chunk of the sort of protection you're talking about.
12.23.2008 10:02am
damon (mail):
Had they looked through the cell phone at the time they arrested him, I opine this would have been justifiable as a Search Incident to Arrest.

Waiting until the next day means getting a warrant or consent.

And, yes, JB, they could have looked through his address book had they done so at the time of the arrest, or substantially contemporaneous to it. (Not the next day.)
12.23.2008 10:13am
Pyrrhus (mail) (www):
I'm a little uncomfortable with the clash between the Smith precedent and OK's suggested standard for phones themselves.

To make an analogy between electronic and non-electronic media, is this like saying that the police can't go through your mail box, but they can go through your mail at the post office?

Is that a fair analogy?
12.23.2008 10:34am
Anderson (mail):
Had they looked through the cell phone at the time they arrested him, I opine this would have been justifiable as a Search Incident to Arrest.

No crim-pro guru I, but I thought that searches incident to arrest were confined to ascertaining the absence of weapons, drugs, etc. ... reviewing the data contents of a cell phone seems outside those parameters.

I think Prof. Kerr's post sounds eminently correct, but I too am curious about the address-book question.

Also -- cell phones can be password-protected. Does it make any difference that the suspect (presumably) didn't enable this feature?
12.23.2008 10:41am

1) Search incident to arrest of a person does not have that limitation, see United States v. Robinson (1973)

2) I'm not aware of any cases in which the government argued that a later search of an address book was allowed by Smith. So whether or not you say the same rule should apply, the analogy doesn't get you very far: As far as I know, there are no cases that directly addressed the issue in the traditional setting.

3) Password protection shouldn't normally matter, as I see it, much like locks on containers don't normally matter. The key question is whether the container is closed or open, not whether it was locked or unlocked. (Interestingly, there is a lot of scholarly commentary that suggests that locks are important to establishing Fourth Amendment protection, but the cases themselves do not suggest this.)


No, that's not my argument. To draw a traditional analogy, the police can watch you walk down the public street, but they can't break into your house to get evidence inside that you earlier walked down the public street.


All the police needed to do was search the cell phone at or near the time of the arrest instead of waiting until the next day.
12.23.2008 10:56am
damon (mail):

It's an evolving area of law, and it's not quite settled. There are a few cases on point, and the trend seems to be toward accepting the SIA rationale, at least as far as last call dialed, text messages, incoming calls, and outgoing calls. See, e.g., U.S. v. Finley (5th Circuit, 2007).

Maybe the first iPhone case will change things.
12.23.2008 11:05am
Anderson (mail):
Thanks, Prof. Kerr and Damon!
12.23.2008 11:11am
one of many:
call log i can see being covered by Smith but not the address book.

(from memory) the reason Smith allowed the pen register was because by the very act of calling someone you are revealing basic information (the phone number you are dialing) to a 3rd party (the phone company).

but merely because information is in an address book does not mean it has ever been revealed to a 3rd party.

i have a few numbers in my own address book i have never revealed to a 3rd party (never had occasion to use the 3 emergency numbers for my mother for instance).
12.23.2008 11:22am
Interesting concept.

Does this mean police can search anything going on in a house as long as they can show after the fact that they COULD have detected it if they had conducted some sort of no-warrant-required surveillance?

Lot easier on the police if they don't actually have to get any search warrants or collect any evidence to justify them as long as they COULD have collected that evidence and gotten the warrants.
12.23.2008 12:00pm
Dan Hamilton:
Can't the police as the Cell Phone company for the records of the calls for the phone without a warrent?

I believe that they can. Then what is the difference. The judge determined that there was none so the search wasn't illegal. If there had been a difference then the judge would have most likely thrown that part of the data out.

You are correct in that the search was not legal. The cops should have gone to the phone company for the information. But then inevitable discovery puts the data back in. Yes the police made a mistake but not one great enough to throw the data out.
12.23.2008 12:02pm
For example, would police be justified in entering a person's house and picking papers off their desk as long as they can show after-the-fact that they are the sort of papers people shred and throw in the trash -- i.e. they COULD have bothered to spend a lot of time collecting the trash and reconstructing the shred documents if were required to undertake such a bother.
12.23.2008 12:04pm
David M. Nieporent (www):
call log i can see being covered by Smith but not the address book.

(from memory) the reason Smith allowed the pen register was because by the very act of calling someone you are revealing basic information (the phone number you are dialing) to a 3rd party (the phone company).

but merely because information is in an address book does not mean it has ever been revealed to a 3rd party.
As Orin points out, though, the mere fact that information has been revealed to a third party has nothing to do with whether one can acquire that information through an otherwise-illegal search. If I write a letter to my friend in which I confess to a crime, I have revealed information to a third party and the police can contact my friend to get the information or the letter, but that doesn't mean they can enter my house without a warrant to find a copy of the letter on the grounds that the contents of the letter aren't secret since I told my friend about them.
12.23.2008 12:30pm
one of many:
I'm just stating what Smith would cover, in that case the court ruled that when you dial a number you have given up your reasonable expectation of privacy about dialing that number. Per this court Smith is supposed to be the controlling case, so Smith extended this way would only cover the call log, numbers dialed, in which the expectation of privacy does not exist and not to the address book. Not even dealing with the issue of where and how the information is stored (which Orin goes into), but pointing out that Smith's reasoning only covers the call log and not the address book.
12.23.2008 1:13pm
one of many,

Yup, true.
12.23.2008 1:17pm
Daryl Herbert (www):
A cell phone is a computer with some attached hardware for communicating with the phone company.

The storage inside a cell phone is just data stored on a computer. If you carry a computer with you, you have a privacy interest in that computer and its contents.

That is why this judge is wrong.

The holding in Smith v. Maryland was based on the idea that the phone company could look at your phone records any time it wanted, and it had a legitimate business reason to do so, so people had no expectation of privacy. Even if the phone company could look into the numbers stored on your phone, it would have no business justification for doing so. Just because a company could violate your privacy for no good reason is not sufficient to defeat a reasonable expectation of privacy.

The records of phone calls stored on the phone itself are protected for the same reason: they are data stored on a computer that the defendant was carrying. As above, the phone company would have no legitimate reason to look at the call records saved on a person's phone. Further, Congress enacted special protections for phone records kept by the phone company. Police can't get to those records without going through procedure similar to getting a common law warrant.

If I make a handwritten list of phone calls, and put it in my wallet, and walk through the park, I have a privacy interest in that list, even though SCOTUS has said that I don't have a Constitutional privacy interest in the same information at phone company headquarters. This was an easy call and the judge botched it badly. If this judge doesn't like our Constitution he should move to a different country and be a judge there.
12.23.2008 1:41pm
Asher (mail):
So just to be clear, it's constitutional for the officer to look at the guy's call log, but not constitutional for him to hit the next button over and look at the address book?
12.23.2008 4:52pm
Anderson (mail):
What about the tactic of hitting "redial" on someone's landline phone, to see whose number was dialed last?

Is that distinguishable?
12.23.2008 5:48pm
Pyrrhus (mail) (www):
"Just because a company could violate your privacy for no good reason is not sufficient to defeat a reasonable expectation of privacy."

I think this is the same intuition that makes Smith bother me.

Nobody expects walking down a public street to be a matter of privacy.

But everyone would hope and most people would assume that their private communications with another person by phone or mail, for example, were in fact private. They would want them to be private in the contents of the communication, and likely imagine that the fact of communication was private as well.

As a practical matter, this is not necessarily the case. The post office can make a list and keep a record of your correspondence. I don't know as a matter of law whether they can, do, or do upon request of the police. But we could imagine a society where they might.

In a society where everyone generally prefers privacy in their personal dealings, laws often but not always provide for that privacy, companies often but not always promise to respect their privacy to the utmost of their ability, and specialization as a matter of fact requires them to deal with third parties in order to access a technology, why not assume that they expected some modicum of privacy? Why is the type of action (private communication between two individuals v. walking in public) completely irrelevant to expectations?
12.23.2008 6:08pm
one of many:

So just to be clear, it's constitutional for the officer to look at the guy's call log, but not constitutional for him to hit the next button over and look at the address book?
If we accept Smith as the controlling case, yes. It does seem to be a large stretch to make Smith the controlling case though, the circumstances are not at all similar, pen register at the phone company versus cell phone in police custody for a start.

Orin presents a solid argument that Smith is not the right case to control for cell phones, instead he presents Hicks as a case which presents a better rule. I'm not certain that Hicks is the best case to control, it ignores the whole Edwards line of search-incident-to-arrest rules which I would start with, but Hicks is also a good place to start.
12.23.2008 6:39pm

People can have lots of subjective expectations, but I would submit that the practical question is this: What kind of surveillance practices should be subject to a warrant requirement when the police are conducting investigations? The relevant "expectations" end up following from that.
12.23.2008 6:44pm
Pyrrhus (mail) (www):

"What kind of surveillance practices should be subject to a warrant requirement when the police are conducting investigations?"

Ah... I am not sure how this question resolves anything for me. One has to have some sort or expectations about what privacy interests deserve protection before one can decide what surveillance practices should be subject to a warrant requirement.

Certainly Smith should be read to reject the argument that information passing through third parties simply loses privacy protection - or else it would not bother to distinguish collecting phone numbers from recording the content of phone calls. The only difference between the former and the latter, as far as I can tell from the case, is the (subjective) expectations of privacy the court thinks each one will receive.

How "subjective" is the expectation of privacy in these instances? If the caller in Smith or Fierros-Alvarez knew that the police could procure sufficient evidence for arrest simply from indiscriminate mining of phone records, they would almost assuredly not have used the phone in an incriminating fashion. Or put another way, does the fact that they were using the phone indicate in itself that privacy was expected? If an expectation of privacy is nearly universal, does it make sense to dismiss it as simply one of an infinte set of possible subjective expectations?
12.23.2008 11:53pm

I don't understand what you think a reasonable expectation of privacy is; you seem to have an understanding of that term that is different from the Supreme Court's. See this article for more.
12.24.2008 12:51am
Mike Thomsen (mail) (www):
This sort of thinking could create a real legal conundrum if allowed to go unchecked. The packets that are sent out over the Internet by a device are technically sent over an unprotected medium, but to a private recipient. If the police knew in advance which routes from one major telecom network to another were likely routes for data, they could pay the second telecom to monitor the incoming traffic of the first, similar to how Echelon works (we spy on the Brits, the Brits spy on us and both governments swap data as needed).
12.24.2008 10:09am

Post as: [Register] [Log In]

Remember info?

If you have a comment about spelling, typos, or format errors, please e-mail the poster directly rather than posting a comment.

Comment Policy: We reserve the right to edit or delete comments, and in extreme cases to ban commenters, at our discretion. Comments must be relevant and civil (and, especially, free of name-calling). We think of comment threads like dinner parties at our homes. If you make the party unpleasant for us or for others, we'd rather you went elsewhere. We're happy to see a wide range of viewpoints, but we want all of them to be expressed as politely as possible.

We realize that such a comment policy can never be evenly enforced, because we can't possibly monitor every comment equally well. Hundreds of comments are posted every day here, and we don't read them all. Those we read, we read with different degrees of attention, and in different moods. We try to be fair, but we make no promises.

And remember, it's a big Internet. If you think we were mistaken in removing your post (or, in extreme cases, in removing you) -- or if you prefer a more free-for-all approach -- there are surely plenty of ways you can still get your views out.