Clarifying the Law Can Help New Hampshire Protect Its Citizens’ Privacy

Chair Abbas, Vice Chair Welch, and members of the committee, thank you for the opportunity to submit testimony today. My name is Brent Skorup, and I am a senior research fellow at the Mercatus Center at George Mason University. My research focuses on telecommunications and technology law.

Technology and telecommunications companies today collect large amounts of private and personal data, including geolocation information, home address, medical information, and financial information. So it is welcome news that New Hampshire legislators are assessing the state of new technology, privacy, and constitutional principles. Today I offer the following for the committee’s consideration

1. Generally, this data collection is benign or necessary to provide important commercial services to users—such as sending an Uber driver to the right location, sending money via Venmo, or monitoring blood pressure or glucose levels via a Fitbit.
2. For communications common carriers, I hope the legislature will consider bringing clarity to the use of phone geolocation information and the use of warrantless purchases of consumer data by state law enforcement.

Bring Clarity to Collection of Phone Geolocation Information

Communications common carriers such as wireless providers collect information about the approximate location of customers for business and for operational purposes, such as having a mobile call routed to customers’ nearest cell towers. Given the popularity of 5G and Wi-Fi technologies, which have much denser installations than traditional cell towers, cellular providers necessarily collect fairly precise geolocation and proximity information about users’ phones. The Supreme Court in Carpenter v. United States held that law enforcement collection of this cellular phone location information from a wireless carrier amounts to a search. However, the decision was narrowed to the facts before it, and the decision did not expressly apply to law enforcement using real-time phone location information from common carriers or “tower dumps” of all users of a certain cell tower. New Hampshire may wish to expressly add phone geolocation data, including cell triangulation data and tower dumps, to the examples of protected data to provide more protections to residents and to bring clarity to state law.

Clarify Whether Warrantless Purchases of Consumer Information by Law Enforcement Is Permitted

According to recent news reports, some federal law enforcement agencies collect certain private or personal information by purchasing it from commercial data collection companies. I am not aware of reports of common carriers such as wireless operators selling such information to New Hampshire (or federal) law enforcement. However, consumer data is regularly bought and sold for, say, advertising purposes, and these recent news reports suggest that such data are increasingly a tool of law enforcement. To protect against this practice in the future, New Hampshire may consider requiring a search warrant or other safeguards before using or purchasing such data from common carriers. As written, the current draft does not protect against these acquisitions of private or personal information because this information is acquired via a judicially recognized exception to a warrant requirement—the third-party doctrine.

Thank you for the opportunity to submit testimony today about this important privacy legislation.