Case Study: Carpenter v. United States — Cell Phone Location and the Fourth Amendment

"A cell phone faithfully follows its owner beyond public thoroughfares and into private residences, doctor's offices, political headquarters, and other potentially revealing locales." — Chief Justice John Roberts, Carpenter v. United States (2018)

Overview

In June 2018, the United States Supreme Court decided Carpenter v. United States, a case that reshaped the constitutional landscape of digital privacy. The question was deceptively simple: does the government need a warrant to access historical cell site location information (CSLI) — the records showing which cell towers a person's phone connected to over time? The Court's answer, in a 5-4 decision, was yes. But the reasoning behind that answer, and the debates it ignited, illuminate nearly every privacy theory explored in Chapter 7.

This case study examines the facts, the legal doctrines at stake, the Court's reasoning, and the privacy implications that extend far beyond cell phone location data.

Skills Applied: - Connecting constitutional privacy law to the privacy theories of Warren and Brandeis, Westin, and Nissenbaum - Analyzing the third-party doctrine and its limitations in the digital age - Evaluating how technological change forces legal frameworks to evolve - Applying the "nothing to hide" argument and its critiques to a real case

The Facts

The Crime and the Investigation

In 2011, police in Detroit arrested four men suspected of committing a series of armed robberies of Radio Shack and T-Mobile stores across Michigan and Ohio. One of the suspects confessed and gave the FBI the phone numbers of roughly fifteen accomplices, including Timothy Carpenter.

The FBI did not seek a warrant based on probable cause — the standard Fourth Amendment requirement for searches. Instead, prosecutors obtained a court order under the Stored Communications Act (SCA), which requires only "reasonable grounds to believe" that the records are "relevant and material to an ongoing criminal investigation." This is a significantly lower standard than probable cause.

Using this court order, the FBI obtained 127 days of cell site location information for Carpenter from his wireless carriers, MetroPCS and Sprint. The data comprised 12,898 location points — an average of 101 data points per day — documenting Carpenter's movements over approximately four months. The records showed which cell towers Carpenter's phone had connected to and when, effectively reconstructing a detailed timeline of his physical movements across two states.

At trial, the government used this data to place Carpenter near the locations of four robberies at the times they occurred. Carpenter was convicted and sentenced to more than 100 years in prison.

Carpenter challenged the conviction, arguing that the government's warrantless acquisition of his CSLI violated the Fourth Amendment, which protects against "unreasonable searches and seizures." The case traveled through the federal courts, with the Sixth Circuit Court of Appeals ruling against Carpenter, before the Supreme Court agreed to hear it.

Origins

The central legal doctrine at stake was the third-party doctrine, established in two earlier Supreme Court cases:

  • United States v. Miller (1976): The Court held that bank records shared with a financial institution are not protected by the Fourth Amendment because the customer has "voluntarily conveyed" the information to a third party and therefore has no "reasonable expectation of privacy" in it.

  • Smith v. Maryland (1979): The Court held that records of phone numbers dialed — captured by a device called a "pen register" installed at the phone company — are not constitutionally protected because the caller "voluntarily conveyed" those numbers to the phone company and "assumed the risk" that the company would share them.

The doctrine rests on a simple logic: when you share information with a third party (a bank, a phone company, a service provider), you give up your expectation of privacy in that information. The government can then access it without a warrant.

The Third-Party Doctrine in the Digital Age

For decades, the third-party doctrine was applied to a wide range of records held by businesses. But the doctrine was developed in an era when sharing information with third parties was a deliberate, limited act — writing a check, dialing a phone number. In the digital age, the nature of "sharing" has changed fundamentally:

  • Cell phones automatically connect to cell towers without any conscious act by the user.
  • Smartphones continuously share location data with wireless carriers, app developers, and platform companies.
  • Digital interactions generate metadata that is "shared" with service providers as a technical necessity, not a voluntary choice.
  • The volume and granularity of data collected by third parties in the 2010s was qualitatively different from the bank records and pen registers of the 1970s.

The question in Carpenter was whether the third-party doctrine should apply to 127 days of continuous location tracking — or whether the digital age required a different approach.

The Supreme Court's Decision

The Majority Opinion (Chief Justice Roberts)

In a 5-4 decision written by Chief Justice Roberts, the Court held that the government's acquisition of Carpenter's CSLI constituted a "search" under the Fourth Amendment and therefore required a warrant supported by probable cause.

Roberts's reasoning rested on several key points:

1. The "pervasive and revealing" nature of CSLI. Roberts emphasized that cell phone location records are qualitatively different from the bank records and phone numbers at issue in Miller and Smith. CSLI provides "an intimate window into a person's life, revealing not only his particular movements, but through them his familial, political, professional, religious, and sexual associations." The data is comprehensive (it covers every moment the phone is on), historical (it extends back years), and effortless to collect (it requires no physical surveillance).

2. The involuntary nature of the "sharing." Roberts rejected the argument that Carpenter had "voluntarily" shared his location data with his wireless carrier. Cell phones are "such a pervasive and insistent part of daily life that carrying one is indispensable to participation in modern society." The data is generated automatically, as a necessary byproduct of phone operation — not by any affirmative act of the user. In Roberts's words, "cell phone location information is not truly 'shared' as the term is normally understood."

3. A narrow holding with broad implications. Roberts was careful to describe the opinion as "narrow," applying only to historical CSLI and not overruling the third-party doctrine entirely. But the reasoning — particularly the emphasis on the volume, comprehensiveness, and automatically generated nature of digital data — signaled that the Court recognized a fundamental tension between pre-digital legal doctrines and the realities of the data age.

The Dissents

Four Justices dissented, each writing separately, reflecting deep disagreement about how the Fourth Amendment should adapt to digital technology:

  • Justice Kennedy argued that the third-party doctrine should apply straightforwardly: Carpenter's CSLI was a business record held by wireless carriers, and the Fourth Amendment has never required a warrant to obtain business records from third parties.

  • Justice Thomas argued from an originalist perspective that the Fourth Amendment protects only property interests — not expectations of privacy — and that Carpenter had no property interest in records owned by his wireless carriers.

  • Justice Alito argued that the Court's approach was unworkable and would create uncertainty about what other types of third-party records now require warrants.

  • Justice Gorsuch offered the most distinctive dissent, suggesting that the entire "reasonable expectation of privacy" framework (established in Katz v. United States, 1967) should be reconsidered in favor of a property-based approach — but one that might give individuals a property right in their own digital data.

Privacy Theory Analysis

Warren and Brandeis: The Right to Be Let Alone

The Carpenter case is, at its core, a Warren and Brandeis story transplanted to the twenty-first century. In 1890, Warren and Brandeis argued that new technology (cameras, newspapers) created new forms of intrusion that existing law could not address. In 2018, Chief Justice Roberts made an analogous argument: new technology (cell phones, CSLI) creates new forms of surveillance that existing doctrine (the third-party doctrine) cannot adequately govern.

Roberts's opinion echoes Warren and Brandeis's insight that law must evolve to meet technological change. The "right to be let alone" resonates in Roberts's concern about the government's ability to "travel back in time to retrace a person's whereabouts" — a form of intrusion that the Framers of the Constitution could not have imagined but that the Fourth Amendment's principles were designed to prevent.

Westin: Four States of Privacy

Westin's framework illuminates what CSLI tracking threatens:

  • Solitude: CSLI records document a person's location even in their most private moments — at home, at a place of worship, at a medical facility. The data invades solitude not through physical intrusion but through continuous, invisible technological monitoring.

  • Anonymity: Before cell phones, a person walking through a city was functionally anonymous — observed by passersby, perhaps captured on a few security cameras, but not systematically tracked. CSLI destroys this anonymity by linking every movement to a specific, identified individual.

  • Reserve: Location data reveals information that a person has chosen not to disclose. A visit to an oncologist's office, a political rally, or a divorce attorney reveals associations and circumstances that the individual may deliberately withhold from others. CSLI overrides this reserve without the individual's knowledge.

Roberts's opinion implicitly engages all three of these states when he describes CSLI as revealing "familial, political, professional, religious, and sexual associations."

Nissenbaum: Contextual Integrity

Nissenbaum's framework provides perhaps the most precise analysis of the Carpenter case. The relevant context is the telecommunications service provision context. The informational norm is:

  • Type: Connection data (which cell tower a phone connects to)
  • Subject: The phone user
  • Sender: The phone (automatically)
  • Recipient: The wireless carrier
  • Transmission principle: Technical necessity for providing cellular service

When the government obtains 127 days of this data to reconstruct a person's movements, every parameter except the type changes:

  • Recipient: The government (law enforcement), not the wireless carrier
  • Transmission principle: Criminal investigation, not service provision

This is a textbook contextual integrity violation: information that flowed within one context (telecommunications service) is repurposed in a fundamentally different context (criminal surveillance) under a different transmission principle and to a different recipient. The fact that the data was "shared" with a third party (the carrier) does not, under Nissenbaum's framework, authorize its flow to any other party for any other purpose.

The "Nothing to Hide" Connection

The third-party doctrine, in its original form, embodies a version of the "nothing to hide" argument: if you have shared information with a third party, you have nothing to hide — you have accepted the risk of disclosure. Chief Justice Roberts's opinion implicitly rejects this logic by recognizing that "sharing" data with a wireless carrier as a technical necessity of using a phone is fundamentally different from voluntarily disclosing information. The aggregation argument (Response 4 from Section 7.4.2) is particularly relevant: each individual cell tower connection is trivial, but 12,898 location points over 127 days create an "intimate window" into a person's life.

Implications and Unresolved Questions

What Carpenter Decided

  • Historical CSLI requires a warrant. The government cannot compel wireless carriers to disclose long-term location records without probable cause and judicial authorization.
  • The third-party doctrine has limits. Not all data voluntarily shared with a third party is automatically unprotected.
  • Digital data is different. The volume, comprehensiveness, and automatically generated nature of digital records distinguishes them from the business records at issue in Miller and Smith.

What Carpenter Left Open

The "narrow" holding left many questions unresolved, and these questions define the frontier of digital privacy law:

  1. How much CSLI triggers the warrant requirement? Roberts addressed 127 days of data. What about seven days? One day? A single location ping? The Court did not draw a bright line.

  2. Does the reasoning extend to other types of digital data? Email metadata, browsing history, smart home device logs, wearable health data, and financial transaction records are all held by third parties and generated automatically. Does Carpenter's reasoning apply to any or all of them?

  3. What about real-time location tracking? Carpenter concerned historical CSLI. Real-time tracking raises distinct but related constitutional questions that the Court explicitly declined to address.

  4. What about data purchased from data brokers? Law enforcement agencies have increasingly purchased location data directly from commercial data brokers, bypassing both the third-party doctrine and the Carpenter warrant requirement. Whether this practice is constitutional remains untested at the Supreme Court level.

  5. What about non-government access? Carpenter is a Fourth Amendment case — it applies only to government searches. It says nothing about private companies accessing, purchasing, or using location data. The privacy concerns identified by the Court exist regardless of who accesses the data, but the constitutional remedy addresses only one category of accessor.

Discussion Questions

  1. The "voluntary sharing" fiction. Chief Justice Roberts concluded that CSLI is not truly "shared" because cell phones generate location data automatically. But what about data that is voluntarily shared — social media posts, search queries, location check-ins? Should the third-party doctrine apply differently depending on how actively the user chose to share the information? Where would you draw the line?

  2. The aggregation question. Roberts emphasized the "comprehensive" and "pervasive" nature of 127 days of location data. Apply the aggregation argument (Section 7.4.2, Response 4): Is there a meaningful difference between accessing one day of CSLI and accessing four months? If so, what principles should govern where the line is drawn?

  3. Contextual integrity in law. Nissenbaum's contextual integrity framework provides a clear analytical structure for evaluating Carpenter. Should courts explicitly adopt contextual integrity as a legal test for digital privacy cases? What are the advantages and risks of doing so?

  4. The data broker loophole. If law enforcement can purchase the same location data from a commercial data broker without a warrant, has Carpenter meaningfully protected privacy? What additional legal or regulatory measures would be needed to close this gap?

Your Turn: Mini-Project

Option A: Apply Carpenter's Reasoning. Select a different type of digital data held by a third party (options include email metadata, smart speaker recordings, fitness tracker health data, or ride-sharing trip history). Write a 500-750 word analysis applying the Carpenter majority's reasoning to this data type. Would the Court's logic require a warrant for government access? Consider the data's comprehensiveness, whether it is "voluntarily" shared, and what it reveals about the individual.

Option B: The Dissent's Best Argument. Read one of the four dissenting opinions in Carpenter. In 500-750 words, present the strongest version of the dissent's argument. Then evaluate: Is the dissent correct that the majority's approach is unworkable, or does the majority's reasoning better reflect the realities of the data age?

Option C: Policy Proposal. Carpenter addresses only government access to CSLI. Draft a one-page policy proposal that extends location data protections to private-sector access — covering data brokers, app developers, and advertisers. Your proposal should address: (1) what location data is covered, (2) what consent or authorization is required, (3) how long location data may be retained, and (4) what enforcement mechanisms apply. Reference Carpenter, Nissenbaum's contextual integrity, and at least one of the five reasons privacy matters from Section 7.6.

References

  • Carpenter v. United States, 585 U.S. ___, 138 S. Ct. 2206 (2018).

  • United States v. Miller, 425 U.S. 435 (1976).

  • Smith v. Maryland, 442 U.S. 735 (1979).

  • Katz v. United States, 389 U.S. 347 (1967).

  • Kerr, Orin S. "The Fourth Amendment and the Global Internet." Stanford Law Review 67, no. 2 (2015): 285-329.

  • Nissenbaum, Helen. Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford: Stanford University Press, 2010.

  • Solove, Daniel J. Nothing to Hide: The False Tradeoff Between Privacy and Security. New Haven: Yale University Press, 2011.

  • Westin, Alan F. Privacy and Freedom. New York: Atheneum, 1967.

  • Thompson, Stuart A., and Charlie Warzel. "Twelve Million Phones, One Dataset, Zero Privacy." The New York Times, December 19, 2019.

  • Electronic Frontier Foundation. "Carpenter v. United States." EFF case page. Accessed 2025.