Last month, we wrote about a surprisingly frank report from the Office of the Director of National Intelligence admitting the government’s increasing role in utilizing Commercially Available Information about United States citizens for investigative purposes. Despite the Supreme Court’s ruling in Carpenter v. United States, which held that a warrant is required before the government can seize location history from cell-site records, the report candidly reveals that the bulk collection of Americans’ private data continues unabated. Now, the Commonwealth of Massachusetts is taking steps to ban the purchase and sale of location data altogether. It’s a blunt solution to a complex issue, and a bellwether for where this debate might be headed.
“Location data” refers to information about the geographic locations of mobile devices like smartphones or tablets. When collected, this data can be used for relatively benign purposes like marketing – but also to identify the movements of individuals and discern their identities (a 2013 study found that only four spatio-temporal data points are required to identify someone in most circumstances).
A host of companies collect this information, package it, and sell it to private actors like advertisers – and, increasingly, law enforcement agencies. The government can learn a lot about you based on your movements – and they know it. For example, the FBI has its own team dedicated to analyzing cell tower data.
A growing number of states are now taking action to protect the digital privacy of their residents. Laws passed in California and Virginia require the affirmative consent of consumers before geolocation data can be used for specified purposes. The European Union has gone further, prohibiting the use of sensitive data by default unless a company can demonstrate that its use falls under a specifically enumerated exemption.
In the United States, Massachusetts’ Location Shield Act (H.357|S.148) is by far the most comprehensive effort yet to protect our data from unwarranted (or warrantless) snooping. The bill’s drafters couch it within a social policy framework; it’s described as “An Act protecting reproductive health access, LGBTQ lives, religious liberty, and freedom of movement by banning the sale of cell phone location information.”
Such concerns are not unfounded. As the ACLU writes, “In the aftermath of the Supreme Court’s Dobbs decision…journalists found that data brokers have continued to buy, repackage and sell the location information of people visiting sensitive locations including abortion clinics. This puts people who seek or provide care in our state at risk of prosecution and harassment, creating a vulnerability in our state’s post-Roe protections.”
Beyond addressing those concerns, however, the bill does a lot to broadly reinforce our Fourth Amendment rights against unreasonable searches and seizures, implementing a warrant requirement for any law enforcement access to location data. Such restrictions would clear away some of the murk surrounding this issue in the wake of the Carpenter case, which required a warrant when accessing location data from phone companies, but which holds limited relevance when such data are readily available for commercial purchase. (Obviously, the same legal reasoning should apply.)
Americans are waking up to the dangers of the $16 billion data brokerage industry. In Massachusetts, 92% of survey respondents said the government should enshrine stronger protections for consumer data – all the way back in 2017. Whether this bill makes it over the finish line or not, it’s a clear sign that Americans want comprehensive data privacy reform.
And Massachusetts’ solution is one we’ll readily share.