#OhioLegalGroup #OhioCriminalDefense #Ohio4thAmendment #ElectronicDevices

Technology issues remain the front line of the fight for Fourth Amendment protections. Courts look to traditional concepts of privacy in physical property and the expectation of privacy when determining whether, and to what extent, to protect new technologies.

For example, the Fourth Amendment protects the content of the modern-day letter, the e-mail. United States v. Warshak, 631 F.3d 266, 288 (6th Cir. 2010).

Individuals are increasingly storing their private information—correspondence, names and contact information of associates, e-mails, videos, health records, financial information, and photographs—online in applications and storage devices rented from companies. These offsite storage platforms are generically referred to as the cloud. Meanwhile, much of the foregoing private content may also, or alternatively, be stored directly on the user’s own device.

Accordingly, as we identify new technologies, data stored in the cloud, and other adaptations of the traditional “papers” identified in the Fourth Amendment, we must evaluate privacy by paralleling the new information to traditional protections and then identifying the expectation of privacy held by the individual and society in general.

Courts have, and should, recognize a greater need for protection of the electronic device, because of the high expectation of privacy in the device, locked behind a password or biometric security, which provides the gateway into a device containing banking information, passwords, private communications, thoughts, photographs, and location history.

While Fourth Amendment proponents identify those passwords as the digital equivalent of a locked door, opponents propose a concept called “virtual opacity,” likening the digital realm to having only a sheer curtain protecting such digital data.

1.00. Cell Phone Location History: The Landmark Ruling in Carpenter v. United States.

In Carpenter v. United States, 585 U.S. 296 (2018), the U.S. Supreme Court held that the government’s acquisition of historical cell-site location information (CSLI) from a wireless carrier constituted a search under the Fourth Amendment, requiring a warrant supported by probable cause. The Court reversed the Sixth Circuit, which had held that individuals had no reasonable expectation of privacy in their mobile phone location history.

The Court rejected a straightforward application of the third-party doctrine—which had previously held that a person has no legitimate expectation of privacy in information voluntarily turned over to third parties—recognizing a “world of difference” between the limited personal information addressed in earlier precedent and an exhaustive chronicle of location information passively and continuously collected by wireless carriers. Because cell phones are an indispensable part of modern life and log CSLI without any affirmative act by the user, the Court declined to treat such data as truly “voluntarily shared.”

Significantly, the Carpenter decision is narrow. The Court expressly declined to address real-time CSLI, “tower dumps,” conventional surveillance tools such as security cameras, other business records that may incidentally reveal location information, or collection techniques involving foreign affairs or national security. The third-party doctrine remains intact in most other contexts.

The decision in Carpenter has had widespread influence in the lower courts. Analysis of more than 800 subsequent decisions shows courts largely embracing its framework, though a meaningful minority have applied a strong version of the third-party doctrine arguably in tension with the ruling. Practitioners should continue to preserve objections in cases involving digital location data and monitor how courts apply Carpenter as technology evolves.

1.01. Ohio’s Application of Carpenter: State v. Diaw (2025).

The Ohio Supreme Court recently addressed the contours of Carpenter in State v. Diaw, 2025-Ohio-2323 (July 2, 2025). There, law enforcement obtained a single historical location data point that the defendant had voluntarily shared with a third-party online marketplace application. The Court held that the Fourth Amendment did not require a search warrant to obtain that data, because a person generally has no expectation of privacy in information voluntarily shared with a third party—and a single, voluntarily communicated data point did not implicate the comprehensive surveillance concerns that drove Carpenter.

The Diaw decision signals that Ohio courts will distinguish between the comprehensive, passive, and unavoidable collection of CSLI condemned in Carpenter and the discrete, voluntary sharing of location data with commercial platforms. Practitioners should anticipate continued case-by-case analysis along this spectrum.

2.00. Anticipate More Traditional Concepts Being Extended to Cover New Technology.

The Fourth Amendment protects all areas to which a person has a reasonable expectation of privacy. Katz v. United States, 389 U.S. 347 (1967). Further, electronic as well as physical intrusions into a private place may constitute a violation. Id.

Privacy exists where (1) the individual has exhibited an actual (subjective) expectation of privacy, and (2) society is prepared to recognize that this expectation is (objectively) reasonable. Smith v. Maryland, 442 U.S. 735 (1979).

As courts continue to consider the rental of digital real estate for the storage of information behind passwords, it is reasonable they will provide extension of the traditional privacy protections afforded to the rental of a hotel room for the storage of one’s papers. See Hoffa v. United States, 385 U.S. 293, 301 (1966) (Fourth Amendment applies to hotel rooms); United States v. Domenech, 623 F.3d 325, 330 (6th Cir. 2011) (privacy recognized even if hotel is reserved under an alias).

2.01. Cell Phones.

Police must obtain a search warrant prior to searching data stored in a cell phone seized incident to a lawful arrest, unless the search is necessary for an officer’s safety or due to exigent circumstances. State of Ohio v. Smith, 124 Ohio St.3d 163, 2009-Ohio-6426. The United States Supreme Court agrees. Riley v. California, 573 U.S. 373 (2014).

In Smith, the Ohio Supreme Court distinguished cell phones from the traditional concept of closed containers, recognizing a much higher expectation of privacy in the contents of a cell phone. Id. The next step will be to see whether the data on the phone is more easily accessed through a third party, because the information on the phone is also stored with the service provider. Consider looking for GPS location of a vehicle: if officers are unable to attach a device to a vehicle, or to search the phone’s content for location history, can the GPS information simply be obtained from a provider?

Following Carpenter, the holdings in this area appear to divide into two categories of information obtained from third-party vendors: (a) the transactional business records of the service provider with its customer, and (b) the customer’s private data for which the service provider is merely renting space to the customer. The former receives less protection; the latter is increasingly recognized as deserving Fourth Amendment safeguards.

2.02. GPS Vehicle Tracking Devices.

Police must obtain a search warrant prior to placing a GPS tracking device on a vehicle, because such monitoring constitutes a search. United States v. Jones, 565 U.S. 400 (2012). Admittedly, the Jones Court’s opinion appears to leave room for cases in which a device is attached for a shorter period of time, likely analogizing such brief tracking to merely following the vehicle.

On the private actor side, Ohio has now closed a significant gap in its statutory framework. Effective March 2025, Ohio Revised Code § 2903.216 prohibits the installation of an electronic tracking device on another person’s property without consent. A first offense is a first-degree misdemeanor; repeat offenses, or cases involving a protective order or a history of violence, elevate the charge to a fourth-degree felony. The statute includes exceptions for parents monitoring minor children, caregivers of older adults, and law enforcement. Practitioners whose clients face domestic violence, stalking, or harassment matters should be alert to this new tool.

2.03. E-Mails.

As stated above, the Fourth Amendment protects the content of the modern-day letter, the e-mail. United States v. Warshak, 631 F.3d 266, 288 (6th Cir. 2010). However, the internet analogue of the envelope markings—the metadata—has not yet been accorded the same protection. This remains an area to watch, particularly as metadata analysis has grown increasingly powerful and capable of revealing the substance of communications indirectly.

3.00. Client Advice.

Just as you would advise your clients to exercise their right to remain silent, you should advise your clients as to their right to protect their privacy.

3.01. Lock Your Devices.

Encourage clients to use a passcode for entry into their cell phone or other device. While such a lock is not automatically determinative of a privacy expectation, if your client employs such protection it will bolster and assist in making analogous arguments regarding the expectation of privacy behind a locked door. Further, this will assist in protecting against claims of voluntary abandonment where the device is not seized from the person but is found after being lost, mislaid, or abandoned. See State of Ohio v. Moten, 2012-Ohio-6046 (search warrant unnecessary notwithstanding Smith’s holding, because the phone was abandoned rather than seized).

3.02. Maintain Local Storage.

Where the option is available, encourage your clients to maintain storage on a locked device. If that device can be kept unattached to the internet, so much the better to maintain privacy from governmental intrusion.

3.03. Turn Off Location Sharing.

Encourage your clients to turn off their location sharing. Many cell phones prompt users to enable location sharing—sometimes under the guise of enhanced 911 service—while default settings may provide a foothold for the government to argue there was no subjective expectation of privacy. As State v. Diaw illustrates, voluntarily sharing location data with a third-party application, even a single data point, may surrender Fourth Amendment protection in that data.

3.04. Read User Agreements.

While it is unlikely that clients will begin reading all user agreements for their cloud storage providers, we may have to encourage them to do so sooner than expected. Some technology companies provide in their standard user agreements that they take ownership of, or broad license rights in, data stored on their platforms. Under the developing case law discussed above, use of such platforms may undermine a client’s claim to a subjective expectation of privacy. Counseling clients to avoid or scrutinize such agreements has become a practical necessity, not merely a theoretical concern.