CA7: Pen register to track IP address in cyberattack investigation governed by third-party doctrine and not Carpenter

The use of a pen register order to track IP address in cyberattack investigation governed by third-party doctrine and not Carpenter. United States v. Soybel, 19-1936 (7th Cir. Sept. 8, 2021):

This appeal presents a constitutional issue of first impression for our circuit: whether the use of a pen register to identify IP addresses visited by a criminal suspect is a Fourth Amendment “search” that requires a warrant. We hold that it is not. IP pen registers are analogous in all material respects to the telephone pen registers that the Supreme Court upheld against a Fourth Amendment challenge in Smith v. Maryland, 442 U.S. 735 (1979). The connection between Soybel’s IP address and external IP addresses was routed through a third party—here, an internet-service provider. Soybel has no expectation of privacy in the captured routing information, any more than the numbers he might dial from a landline telephone.

Soybel insists that this case is governed not by Smith but by Carpenter v. United States, 138 S. Ct. 2206 (2018). We disagree. Carpenter concerned historical cell-site location information (“CSLI”). The warrantless acquisition of that type of data implicates unique privacy interests that are absent here. Historical CSLI provides a detailed record of a person’s past movements, which is made possible so long as he carries a cell phone. In contrast, the IP pen register had no ability to track Soybel’s past movements. And Carpenter is also distinguishable based on the extent to which a person voluntarily conveys IP-address information to third parties. Accordingly, though our reasoning differs from the district judge’s, we hold that the suppression motion was properly denied.

This entry was posted in Reasonable expectation of privacy, Third Party Doctrine. Bookmark the permalink.

Comments are closed.