Accessing Geolocation without a Search Warrant
Accessing Geolocation without a Search Warrant
There have been reports on the police using the global positioning tracker (GPS) of stolen vehicles or smartphones to catch suspects. Last December 2015, the Philippine National Police Highway Patrol Group (PNP-HPG) had a breakthrough in the “rent-sangla” scheme where 1,800 vehicles were stolen. The PNP-HPG was able to recover 606 vehicles by using the GPS installed in said vehicles.
Recently, last April 5, 2018, four riding-in-tandem robbery suspects were arrested by the Quezon City Police District (QCPD) after the group targeted several establishments in Quezon City and Caloocan City. They stole from its customers, and thereafter went into hiding in Marilao, Bulacan. The location services of the smartphone of one of the victims was turned on, thereby allowing him to provide information as to the whereabouts of the suspects which led to the latter’s arrest.
Service providers, such as Google, can help provide location data when it automatically collects and stores the same in a location history. Traditionally, location data would only be collected if the user enables such service. Google can triangulate the location of the cell towers to which the specific device is connected. While it does not record the messages sent or the recipients of the calls or the content of the conversation, it nevertheless provides a time-stamp as to when the text was delivered or when the call was made.
In the United States of America, several cases have been ruled upon by the Supreme Court regarding the extent of the use of technology in police investigations and personal privacy. In 2012, it ruled that a search warrant is needed when the police use a GPS tracking device to keep track of a person’s life.
However, in the Philippines, the legality of using location services to track suspects without a search warrant has not yet been challenged judicially. Republic Act No. 10175 otherwise known as the “Cybercrime Prevention Act of 2012” and the recently issued Supreme Court Rule on Cybercrime Warrants attempts to address concerns over the right to privacy and unreasonable searches and seizures.
Article III, Section 2 of the 1987 Constitution ensures that Filipino citizens are secure from unreasonable searches and seizures without a search warrant. Requisites for a valid search warrant are: “(1) existence of probable cause; (2) personal determination of probable cause by a judge; (3) personal determination after examination under oath or affirmation of the complainant and the witnesses he may produce; (4) complainant and witness testify on facts personally known to them; (5) particular description of the place to be searched and the person or things to be seized.”
However, the Rules of Court and jurisprudence have provided for exceptions for a search warrant. These are: (1) search incidental to lawful arrest; (2) seizure of evidence in plain view; (3) search of a moving vehicle; (4) consented search; (5) customs search; (6) stop-and-frisk; and (7) exigent and emergency circumstances.
Searches incidental to a lawful arrest could either be an arrest with a warrant or a warrantless arrest. The Rules of Court provide for the requisites of a valid arrest warrant, which are: (1) existence of probable cause; (2) the personal evaluation of a judge of the resolution of the prosecution and its supporting evidence; (3) complainant and witnesses testify on facts personally known to them; (4) particular description of the person to be arrested and of the crime.
Meanwhile, the Rules enumerate the three instances when a valid warrantless arrest is allowed when the person to be arrested is/has: (1) in flagrante delicto; (2) just committed the offense and the police officer or private person has probable cause to believe based on personal knowledge of facts or circumstances (otherwise known as hot pursuit arrest); (3) an escaped prisoner who is serving final judgment or is temporarily confined while the case is pending.
Before the search incidental to a lawful arrest may be effected, there must, at first, be a lawful arrest. If the search precedes the arrest, and the arrest is based on the evidence produced by the search, both search and arrest would be unlawful.
The right against unreasonable searches and seizures is intimately related with the right to privacy because both protect the “right of the people to be secure in their persons, houses, papers and effects.” However, as discussed in Ople v. Torres, there is no specific Constitutional provision that guarantees the right to privacy. It is a penumbral right formed from the shadows created by several constitutional provisions.
Article III, Section 3, paragraph 1 of the 1987 Constitution enumerates instances when the privacy of communications and correspondence may be intruded upon – only when there is a lawful court order or when public safety or order requires it. Additionally, when there is a reasonable expectation of privacy, the right to privacy cannot be violated.
The question is, does location data fall under the abovementioned rights? Is there a reasonable expectation of privacy from users when they use location services? Is there a reasonable expectation of privacy in stolen smartphones? Can location data be accessed by law enforcement agencies (LEA) without a search warrant?
Location data of users is protected under the right against unreasonable searches and seizures because “the time-stamped data provides an intimate window into a person’s life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations.”
Under R.A. No. 10175, location data falls under the definition of traffic data, which is defined as “any computer data other than the content of the communication including, but not limited to, the communication’s origin, destination, route, time, date, size, duration, or type of underlying service.”
In order to obtain such data, LEA must apply for the issuance of different arrest warrants or court orders, depending on their purpose. Service providers are mandated under the said law to preserve traffic data for a minimum of six (6) months from the date of the transaction before it can be deleted. The LEA can apply for a Warrant to Disclose Computer Data (WDCD) that would authorize the LEA to issue an order to disclose the traffic data or relevant data in the possession or control of a person or service provider.
If the LEA wants to collect traffic data in real-time (e.g. as it is happening in the real world), they can file for a Warrant to Intercept Computer Data (WICD), which would allow the LEA to listen, record, monitor, or surveil the content of the communications through electronic eavesdropping or tapping devices, in real time. Before the LEA can search, seize, and examine computer data, they must apply for a warrant. When a warrantless arrest is enforced, and a computer device or system was seized, the LEA must first apply for a Warrant to Examine Computer Data (WECD) before it can be searched.
However, the same may not be said of the location data of stolen smartphones held by thieves. There are no cases decided by the Philippine Supreme Court yet, but the California Court of Appeal had the chance to rule on such a situation in People v. Barnes. There is no reasonable expectation of privacy over stolen goods because the possessory interest of a thief may not be subordinate to the rights of the owner. Furthermore, the legal user consented to the tracking of the smartphone, which is permitted under Section 12 (a) of Republic Act No. 10173, otherwise known as the “Data Privacy Act of 2012”.
Philippine law enforcement is slowly adapting to the use of technology as a means to investigate criminals. However, it is the duty of the State to ensure that the fundamental rights of its citizens as guaranteed by the Constitution are still protected.
 Mapa, Damian. “Mapping the Philippine Data Privacy Act and GDPR: A White Paper from the EITSC”. European Innovation, Technology, and Science Center Foundation. Accessed August 11, 2018. https://eitsc.com/wp-content/uploads/2018/05/Mapping-the-DPA-and-GDPR.pdf.
Mallari, Mia. “Motor vehicle-theft cases bare crafty players, tech-reliant cops.” (February 15, 2016) Accessed September 23, 2018. https://businessmirror.com.ph/motor-vehicle-theft-cases-bare-crafty-players-tech-reliant-cops/.
 Enano, Jhesset. “Robbery group falls, thanks to stolen phone’s GPS.” (April 5, 2018) Accessed September 23, 2018. https://newsinfo.inquirer.net/980214/robbery-group-falls-thanks-to-stolen-phones-gps.
 Tupas, Emmanuel. “PNP recovers 606 stolen cars in rent-sangla scheme.” (July 8, 2018) Accessed September 23, 2018. https://www.philstar.com/headlines/2017/07/08/1717819/pnp-recovers-606-stolen-cars-rent-sangla-scheme.
 Id, footnote 1.
 Id, footnote 2.
 Raphael, Meghan. “Android’s location data can now help police track suspected criminals to the scene of the crime.” (June 3, 2016) Accessed on September 23, 2018. https://www.electronicproducts.com/Mobile/Apps/Android_s_location_data_can_now_help_police_track_suspected_criminals_to_the_scene_of_the_crime.aspx.
 Liao, Shannon. “Google admits it tracked user location data even when the setting was turned off.” (November 21, 2017) Accessed September 24, 2018. https://www.theverge.com/2017/11/21/16684818/google-location-tracking-cell-tower-data-android-os-firebase-privacy.
 National Public Radio. “Can Police Track You Through Your Cellphone Without A Warrant?” (November 28, 2017) Accessed on September 23, 2018. https://www.npr.org/2017/11/28/564713772/can-police-track-you-through-your-cellphone-without-a-warrant.
 “The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures of whatever nature and for any purpose shall be inviolable, and no search warrant or warrant of arrest shall issue except upon probable cause to be determined personally by the judge after examination under oath or affirmation of the complainant and the witnesses he may produce, and particularly describing the place to be searched and the persons or things to be seized.”
 Rules of Court, Rule 126, Section 13.
 People v. Aruta, G.R. No. 120915, April 3, 1998.
 Padilla v. CA and People, G.R. No. 121917, March 12, 1997.
 People v. Solayao, G.R. No. 119220, September 20, 1996.
 People v. De Gracia, G.R. No. 102009, July 6, 1994.
 Veridiano v. People, G.R. 200370, June 7, 2017.
 Rules of Court, Rule 112, Section 6.
 Rules of Court, Rule 113, Section 5.
 “the person to be arrested has committed, is actually committing or is attempting to commit and offense” in the presence of the peace officer or private person.
 Id, footnote 11.
 G.R. No. 170180, November 23, 2007.
 G.R. No. 127685, July 23, 1998.
 Carpenter v. United States, 585 U.S. ___ (2018).
 Republic Act No. 10175, Section 3(p).
 Republic Act No. 10175, Section 13, paragraph 1.
 Republic Act No. 10175, Section 14 in relation to Rule on Cybercrime Warrants” (2018), Section 4.1
 Republic Act No. 10175, Section 15 in relation to Rule on Cybercrime Warrants” (2018), Section 5.2
 Republic Act No. 10175, Section 15 in relation to Rule on Cybercrime Warrants” (2018), Section 6.9
 260 Cal. App. 2d
 “Section 12. Criteria for Lawful Processing of Personal Information. – The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists:
- The data subject has given his or her consent;
X x x.”