Wazers Beware: Can Police Access Your Data?

The average American spends roughly 42 hours per year sitting in traffic.[1] This staggering figure helps to explain the public’s enthusiastic response to Waze, a social media platform and mobile application designed to help drivers more effectively avoid traffic and reach their destination. What sets Waze apart from other navigation applications is the platform’s ability to effectively combine electronic meta-data with user-generated reports to determine the most efficient route for a driver to take. Users, referred to as “Wazers” on the application, are able to alert other users in real time when they come across a police speed trap or a car accident that may impact travel plans. Understandably, police departments across the country tend to harbor intense criticism of the application, and argue that the application might be “misused by those with criminal intent to endanger police officers and the community.”[2] As with most technological innovations, particularly those that utilize user information, the efficiency afforded by Waze’s technology presents some troubling issues. For example, if Waze is constantly collecting data about users’ location, movement speed, and other similar information, can law enforcement officials use this data to incriminate these individuals?

Given the breadth of data that Waze collects from its users, the issue of whether law enforcement officials may exploit this information has significant implications. Intuitively, it seems reasonable that law enforcement officials might be able to gain access to much of this information. Despite this instinct, the accessibility of users’ private data is severely limited by the protection afforded by the Fourth Amendment guarantee of security against unreasonable searches and seizures. In essence, law enforcement officials may not take something from an individual without probable cause, and there have been countless litigations defining the exact scope of what a “search” may or may not entail.[3] An important and particularly relevant development in Fourth Amendment jurisprudence is the “Third-Party Doctrine.” This doctrine first emerged in Katz v. United States, in which the Supreme Court linked held that “what a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection” because that person can claim no legitimate expectation of privacy.[4]

Thus, per the third-party doctrine, in revealing information to a third-party, an individual waives her expectation of privacy and, consequently, loses any Fourth Amendment protections. [5] This is demonstrated in Smith v. United States, in which the Supreme Court held that telephone users had no expectations of privacy for telephone numbers that they physically dialed on their home phone. The Court reasoned that the telephone users forfeited their expectations of privacy because they “typically know that they must convey numerical information to the phone company; that the phone company has facilities for recording this information; and that the phone company does in fact record this information for a variety of legitimate business purposes.”[6] Under Smith, as long as the individual was aware that the third-party could and was storing the information as part of a legitimate business practice, the information in question was no longer protected.

When an individual first downloads the Waze application, they are immediately prompted with a pop-up window requesting that the individual “[a]llow ‘Waze’ to access your location while you are using the app.” This is not an actual question, however, as the lower left corner of the very same screen states (in smaller, grey lettering) that “using Waze requires your location.” Upon consenting to this first inquiry, the user is then immediately directed to the “Waze End User License Agreement” (“EULA”), a list of terms that users must agree to before beginning to use the application. The EULA summarizes some of the key passages from the “Terms of Use” and the “Privacy Policy,” though it also requires the user to confirm that they have read and agreed to both. The EULA highlights that the user consents to Waze receiving “detailed location and route information” in order to “create a detailed history of all of the journeys [the user] made while using the Waze application.” The EULA also specifies that this information is used to “improve the quality of the Service” and “to improve the accuracy of its mapping and navigation data.” Of course, in order for a user to actually use Waze, they must consent to all terms of the EULA.

It seems likely that the third-party doctrine is controlling in making the determination as to whether or not the acquisition of Waze user data by law enforcement officials qualifies for Fourth Amendment protection. Just as in Smith, the users of Waze are typically aware that (a) significant amounts of data are provided to Waze while the application is in use; (b) that Waze is capable of recording this information; and (c) that Waze does in fact record this information for legitimate business purposes. First, it is worth noting that the Waze Terms of Use explicitly disclose that the company collects user information and outline the purposes for doing so.[7] Further, it is reasonable to conclude that users are aware of these three elements simply from interacting with the application: Waze is popular because it provides up-to-the-moment information, including GPS location and movement speed, which cannot be reproduced without a constant input of data from the user. Hence, it is probable that Waze user data would fall within the scope of the third-party doctrine and, consequently, that law enforcement officials would be able to obtain user data without probable cause.

However, there may be an argument that this case is different from Smith in that the extent of the information gathered and collected by Waze far exceeds that of dialing a telephone. The argument that the Waze user “typically knows” all possible utilities of their information is sufficiently more questionable in this situation. Studies have shown that between 0.05% and 0.22% of consumers access the terms and conditions, and those who do access it do not spend enough time on the material to sufficiently digest its content.[8] The complexity of innovation urges us to reconsider the expectations of technology users, and may influence the court’s direction on the matter going forward.

Finally, it is worth asking whether the third-party doctrine is appropriate given society’s increasing reliance on third-party technology providers. Justice Sotomayor recently suggested that the third-party doctrine is “ill suited to the digital age” because we live in an era “in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”[9] As a result, it is virtually impossible to use any technologies without revealing large amounts of information to third parties. In the coming year, the Supreme Court will again consider the scope of the third-party doctrine when it releases its decision in Carpenter v. United States. In Carpenter, the Court will determine whether law enforcement’s warrantless seizure of cell-site-location information, a type of GPS data, was a violation of Fourth Amendment protections. Many critics hope that this case will be the moment where the Supreme Court explicitly addresses the applicability of the decades-old third-party doctrine to the 21^st century, and the result may have dramatic effects down the road.[10]

As this analysis suggests, the current legal landscape seems to be exceptionally favorable for Waze: the company has the flexibility to cooperate, or even to proactively participate, in law enforcement efforts without incurring liability. Waze users may not share the same bright outlook: they must choose to either discontinue using the application or assume the risk that their data might be disclosed to the police. One thing seems to be clear: Wazers should be sure to think twice before embarking on their next journey.