UPDATE September 23, 2014: Days after this story went up on our website, a story came to light about a special machine that HPD has that can steal your phone data. ACLU experts have testified on a state level about the device. HPD doesn't have much to say about it.
Houston police officer James Taylor really wants you to know one thing about local cops: HPD is not the National Security Agency, "nor are we the federal government."
Taylor repeated the mantra several times in testimony before the Texas Senate's State Affairs Committee this week, insisting efforts to limit cops' access to cell-phone location data will - and, in fact, already has - fatally hamstrung the efforts of local police. Whether you believe that depends on how you read a dizzying, hatchet-job law that lawmakers updated last session and whether you think such "metadata" - call log information, location data, and other records - is inherently sensitive and deserving of strict safeguards against police snooping.
Electronic privacy advocates will tell you that warrantless metadata collection remains perfectly legal in Texas despite tough efforts last legislative session to ban the practice. A bill introduced by Rep. Bryan Hughes in 2013 - before the shocking leaks from Edward Snowden that revealed sweeping U.S. surveillance efforts - would have banned warrantless cell-phone metadata sweeps (the bill was actually so popular that over half the House signed on as co-sponsors). But as is common practice, Hughes' measure was attached to a Senate bill in the waning hours of the session. Amid backlash from law enforcement, privacy groups say, the Senate bill's author stripped out the language protecting cell-phone metadata (still, language requiring warrant protection for email records survived, and the bill was heralded as one of the strongest email-privacy bills in the nation).
So the state was left without a statute on the books explicitly protecting phone metadata. On top of that, the state's Fourth Court of Appeals last month upheld the case of a convicted San Antonio murderer who argued that police violated his Fourth Amendment rights when they acquired, without a warrant, cell phone records that put him near the scene of the crime. Ruling in Ford v. State last month, the appeals court held that such warrantless searches are not unconstitutional, and that Texas cops don't need to get a warrant to access cell-phone location information (it wasn't the first Texas court to rule this way, either).
The Ford ruling is further evidence, privacy advocates say, that warrant protections for cell phone data need to be clearly written into state law.
"We wish there was a requirement in the statute for geolocation or for cell-phone location information," said Rob Yokubaitis, an attorney and Co-CEO and Co-Founder of Austin-based tech companies Data Foundry and Golden Frog who has helped champion data privacy interests at the legislature. Yokubaitis says he and Data Foundry's other lawyers have read the statute up and down. "The protection's not there."
But local law enforcement reps insist warrant protections for metadata are there, if you know how to read the law. So now here's the strange, paradoxical debate lawmakers will likely face in the 2015 session: cops and prosecutors who argue both that warrant protections already exist and that the lawmakers shouldn't give in to privacy advocates and pass any warrant requirements.
At issue is a mystifying section of the criminal code that last year's reforms amended to require a warrant each time police approach a company seeking email records. Scott Henson, a member of the Texas Electronic Privacy Coalition and author of the widely read criminal justice blog Grits for Breakfast, testified at this week's committee hearing, saying the law "is one of the worst written statutes I've personally seen, and I used to work on Medicaid issues."
While Henson and other privacy advocates contend the law, as written, does not protect cell-phone metadata from warrantless searches, HPD's Taylor and Bill Exley, an assistant prosecutor with the Harris County DA's office, who both testified at the committee hearing this week, claim otherwise. And if Tuesday's hearing was any indication, law enforcement reps plan to scare the hell out of lawmakers in hopes of stalling any more reforms next session.
From video of the hearing, you can almost see the alarm creep into Committee Chair Craig Estes' face when Taylor gets into his testimony, claiming HPD's inability to solve a recent uptick in robberies targeting local IHOP and Denny's restaurants is based, in part, on metadata warrant requirements.
"There are over 120 cases that we've documented that involve four or more gunmen with AK-47s," Taylor said. "The inability for us to access data has led to us not being able to catch them. ... It results in us not being able to investigate cases, which results in people dying." HPD claimed in a statement yesterday that, out of an "abundance of caution," it hasn't accessed cellphone location data records without a signed warrant since Gov. Perry signed the law updating the statute last June.
Exley, an assistant prosecutor who works with local law enforcement to help solve so-called (his words) "blood and guts cases," told the committee that requiring cops to get a search warrant for cell-phone data means they have to gather enough facts to convince a judge the phone's owner is either a suspect in a crime or that the phone contains evidence of a crime. The problem with that, he says, is that warrants can stall investigations because "the way we use those records is to gather evidence that leads to probable cause."
Exley insists the statute lawmakers passed last year has already fulfilled privacy advocates' wishes, whether they realize it or not. "We have aggravated robberies, murders, and capital murders we cannot solve today that we could last year," Exley claimed in an email yesterday. "Trust me: we tried to read this thing every way possible to find a way out and come to a different conclusion. ... It is not a conclusion that we came to lightly. We are confident we are correct."
Exley says the recent appeals court ruling only applies to the 2009 version of the statute, not the version amended by the Lege last year. "Because they (privacy advocates) don't understand the law fully, they are holding up the Ford case saying it says we currently don't need warrants without comprehending that case deals with the law in 2009 not the 2013 law which we currently live under."
We're not sure then how to explain why, on the heels of that appeals court ruling last month, the state prosecutor's association wrote:
"Did the State violate the Fourth Amendment by acquiring from the phone company, without a warrant, the defendant's cell phone records that revealed information (tower-pings, outgoing and incoming communication, etc.) connecting him to a murder? No. Fourth Amendment protections are surrendered when a person exposes activities to a third party. That exposure makes the records merely business records of the phone company and not protected communications."
The TDCAA further went on to state the ruling "could turn out to be helpful to others" in figuring out how to interpret the law that Hexley says already requires a warrant for metadata.
If you like this story, consider signing up for our email newsletters.
SHOW ME HOW
You have successfully signed up for your selected newsletter(s) - please keep an eye on your mailbox, we're movin' in!
Henson commented on his blog, "until the judiciary agrees a warrant is required, it's hard to buy what police and prosecutors were selling at yesterday's State Affairs hearing."
Lawmakers also heard from Chris Soghoian, a data expert and technologist with the ACLU, who stressed that metadata - just like phone-call, text-message or email content - is inherently sensitive and deserving of strict privacy protections. "If you call a gun store to find out the hours, the fact that you're calling the gun shop, that's the sensitive part," he said. "If you're calling a suicide hotline, the fact that you called the hotline at 11pm on a Friday night, that's the sensitive part."
Since the Snowden revelations, Soghoian said, Colorado, Maine, Minnesota, Montana, Utah and Wisconsin have passed laws explicitly requiring warrants for police to acquire cell-phone data. A federal appeals court in Miami recently ruled that such data is warrant protected.
"The sky isn't falling in those states," Soghian said. "Police in Florida and Utah were still able to catch the bad guys."