United States v. Aaron Graham

Affirmed by published opinion. Judge MOTZ wrote the majority opinion, in which Chief Judge TRAXLER and Judges WILKINSON, NIEMEYER, KING, GREGORY, SHEDD, DUNCAN, AGEE, KEENAN, DIAZ and HARRIS joined. Judge WILKINSON wrote a separate concurring opinion. Judge WYNN wrote a dissenting opinion in which Judges FLOYD and THACKER joined.

ON REHEARING EN BANC

DIANA GRIBBON MOTZ, Circuit Judge:

In United States v. Graham, 796 F.3d 332 (4th Cir. 2015), a panel of this court affirmed the convictions of Defendants Aaron Graham and Eric Jordan arising from their participation in a series of armed robberies. The panel opinion sets out the facts of this case in great detail. Id. at 339-43. The only facts now relevant concern the portion of the Government’s investigation during which it obtained historical cell-site location information (CSLI) from Defendants’ cell phone provider. This historical CSLI indicated which cell tower — usually the one closest to the cell phone — transmitted a signal when the Defendants used their cell phones to make and receive calls and texts. The Government used the historical CSLI at Defendants’ trial to place them in the vicinity of the armed robberies when the robberies had occurred.

A majority of the panel held that, although the Government acted in good faith in doing so, it had violated Defendants’ Fourth Amendment rights when it obtained the CSLI without a warrant. The majority directed that henceforth the Government must secure a warrant supported by probable cause before obtaining these records from cell phone providers. The Government moved for rehearing en banc, which we granted, vacating the panel opinion. See United States v. Graham, 624 Fed.Appx. 75 (4th Cir. 2015); 4th Cir. R. 35(c). We now hold that the Government’s acquisition of historical CSLI from Defendants’ cell phone provider did not violate the Fourth Amendment.1

*425Supreme Court precedent mandates this conclusion. For the Court has long held that an individual enjoys no Fourth Amendment protection “in information he voluntarily turns over to [a] third partly].” Smith v. Maryland, 442 U.S. 735, 743-44, 99 S.Ct. 2577, 61 L.Ed.2d 220 (1979). This rule — the third-party doctrine — applies even when “the information is revealed” to a third party, as it assertedly was here, “on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.” United States v. Miller, 425 U.S. 435, 443, 96 S.Ct. 1619, 48 L.Ed.2d 71 (1976). All of our sister circuits to have considered the question have held, as we do today, that the government does not violate the Fourth Amendment when it obtains historical CSLI from a service provider without a warrant. In addition to disregarding precedent, Defendants’ contrary arguments misunderstand the nature of CSLI, improperly attempt to redefine the third-party doctrine, and blur the critical distinction between content and non-content information.

The Supreme Court may in the future limit, or even eliminate, the third-party doctrine. Congress may act to require a warrant for CSLI. But without a change in controlling law, we cannot conclude that the Government violated the Fourth Amendment in this case.

I.

The Fourth Amendment ensures that “[t]he right of the people to be secure in their persons, houses, papers, and effects,- against unreasonable searches and seizures, shall not be violated.” U.S. Const, amend. IV. Broadly, “a Fourth Amendment search occurs when the government violates a subjective expectation of privacy that society recognizes as reasonable.” Kyllo v. United States, 533 U.S. 27, 33, 121 S.Ct. 2038, 150 L.Ed.2d 94 (2001). The issue that confronts us here is whether the Government’s acquisition of the historical CSLI records constituted a Fourth Amendment search.

In assessing whether such a search has occurred, “it is important to begin by specifying precisely the nature of the state activity that is challenged.” Smith, 442 U.S. at 741, 99 S.Ct. 2577 (emphasis added). Here, that “activity” is the Government’s acquisition from a phone company, Sprint/Nextel, of historical CSLI’ records — i.e., the records of the phone company that identify which cell towers it used to route Defendants’ calls and messages. The Government did not surreptitiously view, listen to, record, or in any other way engage in direct surveillance of Defendants to obtain this information. Rather, as the Sprint/Nextel custodian of the CSLI records testified at trial, CSLI is created and maintained in the normal course of Sprint/Nextel’s business. Defendants themselves acknowledge that service providers, like Sprint/Nextel, maintain CSLI records “[b]y technical and practical *426necessity.” Defendants’ Br. at 13.2

Moreover, to obtain the CSLI from Sprint/Nextel, the Government had to apply to a federal court for an order directing the company to disclose the records. The Stored Communications Act (SCA or the Act) provides that, to gain access to even these non-content records, the Government must demonstrate either probable cause for a warrant or “specific and articu-lable facts showing that there are reasonable grounds to believe that ... the records ... are relevant and material to an ongoing criminal investigation” for a court order. 18 U.S.C. § 2703(c), (d) (2012). The Government followed the second route and Defendants do not contend that in doing so it failed to meet the requirements of the Act. What Defendants do contend is that in permitting the Government to obtain the Sprint/Nextel records in this way, the Act violates the Fourth Amendment. According to Defendants, the statute permits the Government to unconstitutionally collect their private information.

This argument ignores the nature of the governmental activity here, which critically distinguishes this case from those in which the government did unconstitutionally collect private information. In United States v. Karo, 468 U.S. 705, 714-15, 104 S.Ct. 3296, 82 L.Ed.2d 530 (1984), for instance, the Drug Enforcement Agency placed a beeper within a can of ether and received tracking information from the beeper while the can was inside a private residence. Similarly, in Kyllo, 533 U.S. at 34-35, 121 S.Ct. 2038, the Department of the Interior used a thermal imager to gather “information regarding the interior of the home.” And in United States v. Jones, — U.S. -, 132. S.Ct. 945, 948-49, 954, 181 L.Ed.2d 911 (2012), the FBI and local law enforcement secretly installed a GPS tracking device on a suspect’s vehicle and monitored the vehicle’s movements for four weeks.3

On the basis of these cases, Defendants contend that the government always invades an individual’s reasonable expectation of privacy when it employs technological devices to track an individual’s moves. Perhaps so. But that question is not before us. No government tracking is at issue here. Rather, the question before us is whether the government invades an individual’s reasonable expectation of privacy when it obtains, from a third party, the third party’s records, which permit the government to deduce location information. Karo, Kyllo, and Jones, all of which involve direct government surveillance activity, tell us nothing about the answer to that question.4

*427Instead, the cases that establish the third-party doctrine provide the answer. Under the third-party doctrine, an individual can claim “no legitimate expectation of privacy” in information that he has voluntarily turned over to a third party. Smith, 442 U.S. at 743-44, 99 S.Ct. 2577. The Supreme Court has reasoned that, by “revealing his affairs to another,” an individual “takes the risk ... that the information will be conveyed by that person to the Government.” Miller, 425 U.S. at 443, 96 S.Ct. 1619. The Fourth Amendment does not protect information voluntarily disclosed to a third party because even a subjective expectation of privacy in such information is “not one that society is prepared to recognize as ‘reasonable.’ ” Smith, 442 U.S. at 743, 99 S.Ct. 2577 (internal quotation marks and citation omitted). The government therefore does not engage in a Fourth Amendment “search” when it acquires such information from- a third party.5

Applying the third-party doctrine to the facts of this case, we hold that Defendants did not have a reasonable expectation of privacy in the historical CSLI. The Supreme Court’s reasoning in Smith controls. There, the defendant challenged the government’s use of a pen register — a device that could record the outgoing phone numbers dialed from his home telephone. Id. at 737, 99 S.Ct. 2577. The Court held that the defendant could “claim no legitimate expectation of privacy” in the numbers he had dialed because he had “voluntarily conveyed” those numbers to the phone company by “ ‘exposing]’ that information to” the phone company’s “equipment in the ordinary course of business.” Id. at 744, -99 S.Ct. 2577. The defendant thereby “assumed the risk that the company would reveal to police the numbers he dialed.” Id.

Here, as in Smith, Defendants unquestionably “exposed” the information at issue to the phone company’s “equipment in the ordinary course of business.” Id. Each time Defendants made or received a call, or sent or received a text message — activities well within the “ordinary course” of cell phone ownership — Sprint/Nextel generated a record of the cell towers used. The CSLI that Sprint/Nextel recorded was necessary to route Defendants’ cell phone calls and texts, just as the dialed numbers recorded by the pen register in Smith were necessary to route the defendant’s landline calls. Having “exposed” the CSLI to Sprint/Nextel, Defendants here, like the defendant in Smith, “assumed the risk” *428that the phone company would disclose their information to the government. Id. at 744, 99 S.Ct. 2577. For these reasons, the Government’s acquisition of that information (historical CSLI) pursuant to § 2703(d) orders, rather than warrants, did not violate the Fourth Amendment.

This holding accords with that of every other federal appellate court that has considered the Fourth Amendment question before us. Not one has adopted the Defendants’ theory.

Three of our sister courts have expressly held, as we do today, that individuals do not have- a reasonable expectation of privacy in historical CSLI records that the government obtains from cell phone service providers through a § 2703(d) order. See United States v. Carpenter, 819 F.3d 880, 887-89 (6th Cir.2016) (holding that “for the same reasons that Smith had no expectation of privacy in the numerical information at issue [in Smith], the defendants have no such expectation in the [CSLI] locational information here”); United States v. Davis, 785 F.3d 498, 511-13 (11th Cir.) (en banc) (holding that defendant has no “objectively] reasonable expectation of privacy in MetroPCS’s business records showing the cell tower locations that wire-lessly connected his calls”), cert. denied, — U.S. -, 136 S.Ct. 479, 193 L.Ed.2d 349 (2015); In re Application of U.S. for Historical Cell Site Data, 724 F.3d 600, 615 (5th Cir. 2013) (In re Application (Fifth Circuit)) (holding that the government can use “[s]ection 2703(d) orders to obtain historical cell site information” without implicating the Fourth Amendment (emphasis omitted)). And although the fourth of our sister courts opined that “[a] cell phone customer has not ‘voluntarily’ shared his location information with a cellular provider in any meaningful way,” it held that “CSLI from cell phone calls is obtainable under a § 2703(d) order,” which “does not require the traditional probable cause determination” necessary for a warrant. In re Application of U.S. for an Order Directing a Provider of Elec. Commc’n Serv. to Disclose Records to Gov’t, 620 F.3d 304, 313, 317 (3d Cir. 2010) (In re Application (Third Circuit)).

Moreover, even in the absence of binding circuit precedent, the vast majority of federal district court judges have reached the same conclusion.6 Defendants are *429forced to rely on four inapposite state eases that either interpret broader state constitutional provisions instead of the Fourth Amendment, or do not consider historical CSLI records, or both.7 In sum, the Defendants’ preferred, holding lacks support from all relevant authority and would place us in conflict with the Supreme Court and every other federal appellate court to consider the question.

II.

Despite the lack of support for their position, Defendants insist that the third-party doctrine does not apply here. They argue that “[a] cell phone user does not even possess the CSLI to voluntarily convey,” and that even assuming users do convey such information, “revealing this information is compelled, not voluntary.”8 Defendants’ En Banc Br. at 10-11. These arguments misapprehend the nature of CSLI, improperly attempt to redefine the third-party doctrine, and rest on a long-rejected factual argument and the constitutional protection afforded a communication’s content.

A.

Defendants maintain that cell phone users do not convey CSLI to phone providers, voluntarily or otherwise. We reject ■ that contention. With respect to the nature of CSLI, there can be little question that cell phone users “convey” CSLI to their service providers. After all, if they do not, then who does?

Perhaps Defendants believe that because a service provider generates a record of CSLI, the provider just conveys CSLI to itself. But before the provider can create such a record, it must receive information indicating that a cell phone user is relying on a particular cell tower. The provider only receives that information when a cell phone user’s phone exchanges signals with the nearest available cell tower. A cell phone user therefore “conveys” the location of the cell towers his phone connects with to his provider whenever he uses the provider’s network.

*430There is similarly little question that cell phone users convey CSLI to their service providers “voluntarily.” See Davis, 785 F.3d at 512 n.12 (“Cell phone users voluntarily convey cell tower location information to telephone companies in the course of making and receiving calls on their cell phones.”). This is so, as the Fifth Circuit explained, even though a cell phone user “does not directly inform his service provider of the location of the nearest cell phone tower.” In re Application (Fifth Circuit), 724 F.3d at 614; see also Carpenter, 819 F.3d at 887-88.

Logic compels this conclusion. When an individual purchases a cell phone and chooses a service provider, he expects the provider will, at a minimum, route outgoing and incoming calls and text messages. As most cell phone users know all too well, proximity to a cell tower is necessary to complete these tasks. Anyone who has stepped outside to “get a signal,” or has warned a caller of a potential loss of service before entering an elevator, understands, on some level, that location matters. See In re Application (Fifth Circuit), 724 F.3d at 613 (“Cell phone users recognize that, if their phone cannot pick up a signal (or ‘has no bars’), they are out of the range of their service provider’s network of towers.”).

A cell phone user voluntarily enters an arrangement with his service provider in which he knows that he must maintain proximity to the provider’s cell towers in order for his phone to function. See Carpenter, 819 F.3d at 887-88 (“[A]ny cellphone user who has seen her phone’s signal strength fluctuate must know that, when she places or receives a call, her phone ‘exposes’ its location to the nearest cell tower and thus to the company that operates the tower.”). Whenever he expects his phone to work, he is permitting— indeed, requesting — his service provider to establish a connection between his phone and a nearby cell tower. A cell phone user thus voluntarily conveys the information necessary for his service provider to identify the CSLI for his calls and texts. And whether the service provider actually “elects to make a ... record” of this information “does not ... make any constitutional difference.” Smith, 442 U.S. at 745, 99 S.Ct. 2577.

To be sure, some cell phone users may not recognize, in the moment, that they are “conveying” CSLI to their service provider. See In re Application (Third Circuit), 620 F.3d at 317. But the Supreme Court’s use of the word “voluntarily” in Smith and Miller does not require contemporaneous recognition of every detail an individual conveys to a third party.9 Rath*431er, these cases make clear that the third-party doctrine does not apply when an individual involuntarily conveys information — as when the government conducts surreptitious surveillance or when a third party steals private information.

Thus, this would be a different case if SprinVNextel had misused its access to Defendants’ phones and secretly recorded, at the Government’s behest, information unnecessary to the provision of cell service. Defendants did not assume that risk when they made calls or sent messages. But like the defendant in Smith, 442 U.S. at 745, 99 S.Ct. 2577, Defendants here did “assume the risk” that the phone company would make a record of the information necessary to accomplish the very tasks they paid the phone company to perform. They cannot now protest that providing this essential information was involuntary.

B.

In their efforts to avoid the third-party doctrine, Defendants attempt to redefine it. They maintain that the third-party doctrine does not apply to historical CSLI because a cell phone user does not “actively ehoose[ ] to share” his location information. Defendants’ Br. at 30. Such a rule is nowhere to be found in either Miller or Smith. Moreover, this purported requirement cannot be squared with the myriad of federal cases that permit the government to acquire third-party records, even when individuals do not “actively choose to share” the information contained in those records.

For example, courts have attached no constitutional significance to the distinction between records of incoming versus outgoing phone calls. The technology the police used in Smith — a pen register — recorded only the numbers dialed by a suspect’s phone. It did not (and could not) record any information about incoming calls. To capture that information, police routinely use a “trap and trace” device. If Defendants were correct that the third-party doctrine applies just when an individual “actively chooses to share” information, then any effort to acquire records of incoming phone calls would constitute a search protected by the Fourth Amendment. After all, the phone customer never “actively chooses to share” with the phone company the numbers from incoming telephone calls. Only the user on the other end of the line, who actually dials the numbers, does so.

But federal courts have not required a warrant supported by probable cause to obtain such information. Rather, they routinely permit the government to install “trap and trace” devices without demonstrating probable cause. See, e.g., United States v. Reed, 575 F.3d 900, 914-17 (9th Cir. 2009); United States v. Hallmark, 911 F.2d 399, 402 (10th Cir. 1990).10 And recently we held that police “did not violate the Fourth Amendment” when obtaining a defendant’s “cellular phone records,” even *432though the records included “basic information regarding incoming and outgoing calls on that phone line.” United States v. Clenney, 631 F.3d 658, 666-67 (4th Cir. 2011) (emphasis added).11

Moreover, outside the «context of phone records, we have held that third-party information relating to the sending and routing of electronic communications does not receive Fourth Amendment protection. United States v. Bynum, 604 F.3d 161, 164 (4th Cir. 2010). In Bynum, we explained that it “would not be objectively reasonable” for a defendant to expect privacy in his phone and Internet subscriber records, including “his name, email address, telephone number, and physical address.” Id. Although we had no occasion in Bynum to consider whether an individual has a protected privacy interest in his Internet Protocol (IP) address, id. at 164 n.2, several of our sister circuits have concluded that no such interest exists. See United States v. Suing, 712 F.3d 1209, 1213 (8th Cir. 2013); United States v. Christie, 624 F.3d 558, 574 (3d Cir. 2010).

Similarly, the Ninth Circuit has held that “e-mail and Internet users have no expectation of privacy in ... the IP addresses of the websites they visit.” United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008). The Forrester court also held that there is no reasonable expectation of privacy in either the to/from addresses of a user’s emails or the “total amount of data transmitted to or from [a user’s] account.” Id. at 510-11. The court found the government’s acquisition of this information “constitutionally indistinguishable from the use of a pen register that the Court approved in Smith,” in part because “e-mail and Internet users, like the telephone users in Smith, rely on third-party equipment in order to engage in communication.” Id. at 510.

Of course, computer users do “actively choose to share” some of the information discussed in the above cases, like the “to” address in an email and the subscriber information conveyed when signing up for Internet service. But users do not “actively choose to share” other pieces of information, like an IP address or the amount of data transmitted to their account. Internet service providers automatically generate that information. See Christie, 624 F.3d at 563; cf. Forrester, 512 F.3d at 511. Thus, the redefinition of the third-party doctrine that Defendants advocate not only conflicts with Supreme Court doctrine and all the CSLI cases from our sister circuits, but is also at odds with other established circuit precedent.

C.

In another attempt to avoid the third-party doctrine, Defendants rely on a factual argument long rejected by the Supreme Court and a series of cases involving the content of communications to support their assertion that historical CSLI is protected by the Fourth Amendment.

First, Defendants emphasize that cell phone use is so ubiquitous in our society today that individuals must risk producing CSLI or “opt out of modern society.” Defendants’ En Banc Br. at 11. Defendants *433contend that such widespread use shields CSLI from the consequences of the third-party doctrine and renders any conveyance of CSLI “not voluntary,” for “[l]iving off the grid ... is not a prerequisite to enjoying the protection of the Fourth Amendment.” Id.

But the dissenting justices in Miller and Smith unsuccessfully advanced nearly identical concerns. Dissenting in Miller, Justice Brennan contended that “the disclosure by individuals or business firms of their financial affairs to a bank is not entirely volitional, since it is impossible to participate in the economic life of contemporary society without maintaining a bank account.” 425 U.S. at 451, 96 S.Ct. 1619 (Brennan, J., dissenting) (internal quotation marks and citation omitted). And dissenting in Smith, Justice Marshall warned that “unless a person is prepared to forgo use of what for many has become a personal or professional necessity,” i.e., a telephone, “he cannot help but accept the risk of surveillance.” 442 U.S. at 750, 99 S.Ct. 2577 (Marshall, J., dissenting). It was, in Justice Marshall’s view, “idle to speak of ‘assuming’ risks in contexts where, as a practical matter, individuals have no realistic alternative.” Id. The Supreme Court has thus twice rejected Defendants’ theory. Until the Court says otherwise, these holdings bind us.

Second, Defendants rely on cases that afford Fourth Amendment protection to the content of communications to suggest that CSLI warrants the same protection. See Ex parte Jackson, 96 U.S. 727, 733, 24 L.Ed. 877 (1877) (content of letters and packages); Katz v. United States, 389 U.S. 347, 353, 88 S.Ct. 507, 19 L.Ed.2d 576 (1967) (content of telephone calls); United States v. Warshak, 631 F.3d 266, 287-88 (6th Cir. 2010) (content of emails). What Defendants fail to recognize is that for each medium of communication these cases address, there is also a case expressly withholding Fourth Amendment protection from non-content information, i.e., information involving addresses and routing. See Jackson, 96 U.S. at 733 (no warrant needed to examine the outside of letters and packages); Smith, 442 U.S. at 743-44, 99 S.Ct. 2577 (no reasonable expectation of privacy in phone numbers dialed); Forrester, 512 F.3d at 510 (no reasonable expectation of privacy in the to/from addresses of emails); accord Jones, 132 S.Ct. at 957 (Sotomayor, J., concurring) (noting the Fourth Amendment does not currently protect “phone numbers” disclosed to phone companies and “e-mail addresses” disclosed to Internet service providers).

The Supreme Court has thus forged a clear distinction between the contents of communications and the non-content information that enables communications providers to transmit the content.12 CSLI, which identifies the equipment used to route calls and texts, undeniably belongs in the non-content category. As the Sixth Circuit recently recognized, CSLI is non-content information because “cell-site data— like mailing addresses, phone numbers, and IP addresses — are information that facilitate personal communications, rather than part of the content of those communications themselves.” Carpenter, 819 F.3d at 887-88.

Defendants disagree with this conclusion. They contend that CSLI should be treated “as content” because it “reeord[s] a *434person’s movements over a prolonged period,” implicating “serious ... privacy concerns.” Defendants’ Br. at 33. But all routing information “records” some form of potentially sensitive activity when aggregated over time. For example, a pen register records every call a person makes and allows the government to know precisely when he is at home and who he is calling and credit card records track a consumer’s purchases, including the location of the stores where he made them. Of course, CSLI is not identical to either of these other forms of routing information, just as cell phones are not identical to other modes of communication. It blinks at reality, however, to hold that CSLI, which contains no content, somehow constitutes a communication of content for Fourth Amendment purposes.

Defendants’ attempts to blur this clear distinction13 further illustrate the extent to which their proposed holding would be a constitutional outlier — untenable in the abstract and bizarre in practice. Case in point: Under Defendants’ theory, the Government could legally obtain, without a warrant, all data in the Sprint/Nextel records admitted into evidence here, except the CSLI. If that is so, then the line between a Fourth Amendment “search” and “not a search” would be the literal line that, moving left to right across the Sprint/Nextel spreadsheets, separates the seventh column from the eighth. The records to the left of that line list the source of a call, the number dialed, the date and time of the call, and the call’s duration — all of which the government can acquire without triggering Fourth Amendment protection. The records to the right of that line list the cell phone towers used at the start and end of each call — information Defendants’ contend is protected by the Fourth Amendment. Constitutional distinctions are made of sturdier stuff.

III.

Technology has enabled cell phone companies, like Sprint/Nextel, to collect a vast amount of information about their customers. The quantity of data at issue in this case — seven months’ worth of cell phone records, spanning nearly 30,000 calls and texts for each defendant — unquestionably implicates weighty privacy interests.

Outrage at the amount of information the Government obtained, rather than concern for any legal principle, seems to be at the heart of Defendants’ arguments. Thus they repeatedly emphasize the amount of CSLI obtained here and rely on authority suggesting that the government can obtain a limited amount of CSLI without a warrant. In response, the panel majority expressly held that the government can acquire some amount of CSLI “before its inspection rises to the level of a Fourth *435Amendment search.” Graham, 796 F.3d at 350 n.8. But, if as Defendants maintain, every bit of CSLI has the potential to “show when a particular individual is home,” and no CSLI is voluntarily conveyed, Defendants’ Br. at 19-20, then why would only large quantities of CSLI be protected by the Fourth Amendment?14

Defendants’ answer appears to rest on a misunderstanding of the analysis embraced in the two concurring opinions in Jones. There, the concurring justices recognized a line between “short-term monitoring of a person’s movements on public streets,” which would not infringe a reasonable expectation of privacy, and “longer term GPS monitoring,” which would. Jones, 132 S.Ct. at 964 (Alito, J., concurring in the judgment); see also id. at 955 (Sotomayor, J., concurring). But Jones involved government surveillance of an individual, not an individual’s voluntary disclosure of information to a third party. And determining when government surveillance infringes on an individual’s reasonable expectation of privacy requires a very different analysis.

In considering the legality of the government surveillance at issue in Jones, Justice Alito looked to what a hypothetical law enforcement officer, engaged in visual surveillance, could reasonably have learned about the defendant. He concluded that four weeks of GPS monitoring by the government constituted a Fourth Amendment “search” because “society’s expectation” had always been “that law enforcement agents and others would not — and indeed, in the main, simply could not — secretly monitor and catalogue” an individual’s movements in public for very long. Id. at 964 (Alito, J., concurring in the judgment) (emphasis added). In other words, direct surveillance by the government using technological means may, at some point, be limited by the government’s capacity to accomplish such surveillance by physical means.15

However, society has no analogous expectations about the capacity of third parties to maintain business records. Indeed, we expect that our banks, doctors, credit card companies, and countless other third parties will record and keep information about our relationships with them, and will do so for the entirety of those relationships — be it several weeks or many years. Third parties can even retain their records about us after our relationships with them end; it is their prerogative, and many business-related reasons exist for doing so. This is true even when, in the aggregate, these records reveal sensitive information similar to what could be revealed by direct surveillance. For this reason, Justice Ali-to’s concern in Jones is simply inapposite to the third-party doctrine and to the instant case.

Here, Defendants voluntarily disclosed all the CSLI at issue to Sprint/Nextel. And the very act of disclosure negated any reasonable expectation of privacy, regardless of how frequently that disclosure occurred or how long the third party *436maintained records of the disclosures. Defendants ignore these critical facts, attempting to apply the same constitutional requirements for location information acquired directly through GPS tracking by the government to historical CSLI disclosed to and maintained by a third party.

We recognize the appeal — if we were writing on a clean slate — in holding that individuals always have a reasonable expectation of privacy in large quantities of location information, even if they have shared that information with a phone company. But the third-party doctrine does not afford us that option. Intrinsic to the doctrine is an assumption that the quantity of information an individual shares with a third party does not affect whether that individual has a reasonable expectation of privacy.

Although third parties have access to much more information now than they did when the Supreme Court decided Smith, the Court was certainly then aware of the privacy implications of the third-party doctrine. Justice Stewart warned the Smith majority that “broadcast[ing] to the world a list of the local or long distance numbers” a person has called could “reveal the most intimate details of [that] person’s life.” Smith, 442 U.S. at 748, 99 S.Ct. 2577 (Stewart, J., dissenting). That is, in essence, the very concern that Defendants raise. But the Supreme Court was unmoved by the argument then, and it is not our place to credit it now. If individuals lack any legitimate expectation of privacy in information they share with a third party, then sharing more non-private information with that third party cannot change the calculus.

Of course, in the face of rapidly advancing technology, courts must “assure!] preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted.” Kyllo, 533 U.S. at 34, 121 S.Ct. 2038. The Supreme Court has long concluded that the third-party doctrine does this. Thus the Court has never held that routing information, like CSLI, shared with third parties to allow them to deliver a message or provide a service is protected under the Fourth Amendment. Perhaps this is implicit acknowledgment that the privacy-erosion argument has a flip-side: technological advances also do not give individuals a Fourth Amendment fight to conceal information that otherwise would not have been private.16

Moreover, application of the third-party doctrine does not render privacy an unavoidable casualty of technological progress' — Congress remains free to require greater privacy protection if it believes that desirable. The legislative branch is far better positioned to respond to changes in technology than are the courts. See Jones, 132 S.Ct. at 964 (Alito, J., concurring in the judgment) (“A legislative body is well situated to gauge changing public attitudes, to draw detailed lines, and to balance privacy and public safety in a comprehensive way.”); see also In re Application (Fifth Circuit), 724 F.3d at 615 (explaining that that the proper “re*437course” for those seeking increased privacy is often “in the market or the political process”).

The very statute at issue here, the Stored Communications Act (SCA), demonstrates that Congress can — and does— make these judgments. The SCA requires the government to meet a higher burden when acquiring “the contents of a wire or electronic communication” from “a provider of electronic communication service” than when obtaining “a record ... pertaining to a subscriber ... or customer” from the provider. 18 U.S.C. § 2703(a), (c) (emphasis added). It requires the executive to obtain judicial approval, as the Government did here, before acquiring even non-content information. Id. § 2703(c), (d). And the SCA is part of a broader statute, the Electronic Communications Privacy Act of 1986 (ECPA), which Congress enacted in the wake of Smith. See Pub. L. No. 99-508, 100 Stat. 1848. In the ECPA, Congress responded directly to the holding in Smith by requiring the government to obtain a court order (albeit not one supported by probable cause) before installing a pen register or “trap and trace” device. See 18 U.S.C. § 3121(a) (2012). Although Congress could undoubtedly do more, it has not been asleep at the switch.17

Ultimately, of course, the Supreme Court may decide to revisit the third-party doctrine. Justice Sotomayor has suggested that the doctrine is “ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.” Jones, 132 S.Ct. at 957 (Sotomayor, J., concurring). Indeed, although the Court formulated the third-party doctrine as an articulation of the reasonable-expectation-of-privacy inquiry, it increasingly feels like an exception. A per se rule that it is unreasonable to expect privacy in informa'tion voluntarily disclosed to third parties seems unmoored from current understandings of privacy. But Justice Sotomayor also made clear that tailoring the Fourth Amendment to “the digital age” would require the Supreme Court itself to “reconsider” the third-party doctrine. Id.

The landscape would be different “if our Fourth Amendment jurisprudence cease[d] to treat secrecy as a prerequisite for privacy.” Id. But unless and until the Supreme Court so holds, we are bound by the contours of the third-party doctrine as articulated by the Court. See, e.g., Agostini v. Felton, 521 U.S. 203, 237, 117 S.Ct. 1997, 138 L.Ed.2d 391 (1997) (reversing the Second Circuit but noting that it had correctly applied then-governing law, explaining that “if a precedent of this Court has direct application in a case, yet appears to rest on reasons rejected in some- other line of decisions, the Court of Appeals should follow the case which directly controls” (internal quotation marks, alteration, and citation omitted)). Applying the third-party doctrine, consistent with controlling prece*438dent, we can only conclude that the Fourth Amendment did not protect Sprint/Nex-tel’s records of Defendants’ CSLI. Accordingly, we hold that the Government legally acquired those records through § 2703(d) orders.

IV.

For the reasons set forth above, we affirm in all respects the judgment of the district court.

AFFIRMED

. We reinstate the affirmance of Defendants’ convictions and sentences and adopt the panel opinion with respect to all issues not addressed in this opinion. We note that, after en banc oral argument, Defendants moved to file supplemental briefing on a new claim, based on Johnson v. United States, - U.S. -, 135 S.Ct. 2551, 2554, 192 L.Ed.2d 569 (2015). Defendants argued, for the first time, that Johnson's holding rendering 18 U.S.C. *425§ 924(e) void for vagueness also renders void different language in § 924(c). We denied the motion as untimely. Even if we were to consider Defendants’ late claim, however, it would not survive plain error review. United States v. Carthorne, 726 F.3d 503, 516 (4th Cir. 2013) ("An error is plain 'if the settled law of the Supreme Court or this circuit establishes that an error has occurred.’ ”). This court has not yet addressed this claim, and our sister circuits have divided on the issue. Compare United States v. Vivas-Ceja, 808 F.3d 719, 723 (7th Cir. 2015) (applying Johnson to find language identical to § 924(c) void for vagueness), and Dimaya v. Lynch, 803 F.3d 1110, 1120 (9th Cir. 2015) (same), with United States v. Taylor, 814 F.3d 340, 375-79 (6th Cir. 2016) (declining to find § 924(c) void for vagueness after Johnson).

. As the Sixth Circuit explained, “[c]arriers necessarily track their customers' phones across different cell-site sectors to connect and maintain their customers' calls," and keep CSLI records "to find weak spots in their network and to determine whether roaming charges apply, among other purposes.” United States v. Carpenter, 819 F.3d 880, 887 (6th Cir.2016).

. Contrary to Defendants’ suggestion, and unlike the information in Karo and Jones, the CSLI obtained here does not enable the government to "place an individual" at home or at other private locations. The historical CSLI at issue here does not provide location information anywhere near that specific. Rather, the record evidence establishes that each of the cell sites at issue here covers an area with a radius of up to two miles, and each data point of CSLI corresponds to a roughly 120-degree sector of a cell site's coverage area. That means the CSLI could only determine the four-square-mile area within which a person used his cell phone. Although we do not think the applicability of the Fourth Amendment hinges on the precision of CSLI, it is premature to equate CSLI with the surveillance information obtained in Karo and Jones.

.Like these instances of government surveillance, when the government uses cell-site simulators (often called "stingrays”) to direct*427ly intercept CSLI instead of obtaining CSLI records from phone companies, the Department of Justice requires a warrant. See Dep't of Justice, Department of Justice Policy Guidance: Use of Cell-Site Simulators 3 (2015), available at https://www.justice.gov/opa/file/ 767321/download.

. Defendants argue that "[t]he government, not the cellular service providers, surveilled [them].” Defendants' En Banc Br. at 7. This is assertedly so because (1) the Communications Assistance For Law Enforcement Act, 47 U.S.C. § 1002 (2012) (CALEA), requires service providers to have the capacity to allow law enforcement to access CSLI, and (2) service providers use CSLI in the aggregate, while law enforcement analyzes individuals' CSLI to infer their location. Neither argument is sound. Miller involved a federal statute that similarly required a service provider (there, a bank) to create and maintain customer records, and the Supreme Court expressly held that the statute did not affect the applicability of the third-party doctrine. See Miller, 425 U.S. at 436, 440-44, 96 S.Ct. 1619. Moreover, the third-party doctrine does not require the government to use the third party's records in the same way the third party does. Third parties maintain records in the ordinary course of their own business. See Smith, 442 U.S. at 744, 99 S.Ct. 2577. That business is usually not crime-fighting. See, e.g., id. Thus, law enforcement will almost always use the accessed information for a different purpose and in a different way than the third party.

. See, e.g., United States v. Wheeler, No. 15-216, - F.Supp.3d -, -, 2016 WL 1048989, at *11-13 (E.D. Wis. Mar. 14, 2016) (Pepper, J.); United States v. Chavez, No. 3:14-185, 2016 WL 740246, at *2-4 (D. Conn. Feb. 24, 2016) (Meyer, J.); United States v. Epstein, No. 14-287, 2015 WL 1646838, at *4 (D.N.J. Apr. 14, 2015) (Wolfson, J.); United States v. Dorsey, No. 14-328, 2015 WL 847395, at *8 (C.D. Cal. Feb. 23, 2015) (Snyder, J.); United States v. Lang, No. 14-390, 78 F.Supp.3d 830, 834-37, 2015 WL 327338, at *3-4 (N.D. Ill. Jan. 23, 2015) (St. Eve, J.); United States v. Shah, No. 13-328, 2015 WL 72118, at *7-9 (E.D.N.C. Jan. 6, 2015) (Flanagan, J.); United States v. Martinez, No. 13-3560, 2014 WL 5480686, at *3-5 (S.D. Cal. Oct. 28, 2014) (Hayes, J.); United States v. Rogers, 71 F.Supp.3d 745, 748-50 (N.D. Ill. 2014)(Kocoras, J.); United States v. Giddins, 57 F.Supp.3d 481, 491-94 (D. Md. 2014) (Quarles, J.); United States v. Banks, 52 F.Supp.3d 1201, 1204-06 (D. Kan. 2014) (Crabtree, J.); United States v. Serrano, No. 13-58, 2014 WL 2696569, at *6-7 (S.D.N.Y. June 10, 2014) (Forrest, J.); United States v. Moreno-Nevarez, No. 13-0841, 2013 WL 5631017, at *1-2 (S.D. Cal. Oct. 2, 2013) (Benitez, J.); United States v. Rigmaiden, No. 08-814, 2013 WL 1932800, at *14 (D. Ariz. May 8, 2013) (Campbell, J.); United States v. Gordon, No. 09-153-02, 2012 WL 8499876, at *2 (D.D.C. Feb. 6, 2012) (Urbina, J.); United States v. Benford, No. 09-86, 2010 WL 1266507, at *2-3 (N.D. Ind. Mar. 26, 2010) (Moody, J.); In re Applications of U.S. for Orders Pursuant to Title 18, U.S. Code Section 2703(d), 509 F.Supp.2d 76, 79-82 (D. Mass. 2007) (Stearns, J.). But see In re Application for Tel. Info. Needed for a Criminal Investigation, 119 F.Supp.3d 1011, 1024 (N.D. Cal. 2015) (Koh, J.); In re Application *429of U.S. for an. Order Authorizing Release of Historical Cell-Site Info., 809 F.Supp.2d 113, 120-27 (E.D.N.Y. 2011) (Garaufis, J.).

. Three of the state cases interpret broader state constitutional protections than the Fourth Amendment. See Commonwealth v. Augustine, 4 N.E.3d 846, 858, 467 Mass. 230 (2014) (finding "no need to wade into the[] Fourth Amendment waters” when the court could rely on article 14 of the Massachusetts Declaration of Rights); State v. Earls, 214 N.J. 564, 70 A.3d 630, 641-42 (2013) (explaining that New Jersey has "departed” from Smith and Miller and does not recognize the third-party doctrine); People v. Weaver, 12 N.Y.3d 433, 882 N.Y.S.2d 357, 909 N.E.2d 1195, 1201-02 (2009) ("[W]e premise our ruling on our State Constitution alone.”). In addition to interpreting only the state constitution, the third case dealt with direct GPS surveillance by police, not CSLI records procured from a phone company. Weaver, 882 N.Y.S.2d 357, 909 N.E.2d at 1201-02. And the court in the fourth state case repeatedly pointed out that it was not considering “historical cell site location records” — like those at issue here — but "real time cell site location information,” which had been obtained not through a § 2703(d) order, but under an order that had authorized only a "pen register” and "trap and trace device.” Tracey v. State, 152 So.3d 504, 506-08, 515-16, 526 (Fla. 2014).

. Defendants also emphasize the "highly private” nature of location information. Defendants’ En Banc Br. at'13. But to the extent they do so to argue that the third-party doctrine does not apply to CSLI, they are mistaken. The third-party doctrine clearly covers information that is also considered "highly private,” like financial records, Miller, 425 U.S. at 441-43, 96 S.Ct. 1619, phone records, Smith, 442 U.S. at 743-745, 99 S.Ct. 2577, and secrets shared with confidants, United States v. White, 401 U.S. 745, 749, 91 S.Ct. 1122, 28 L.Ed.2d 453 (1971).

. If it were otherwise, courts would frequently need to parse business records for indicia of what an individual knew he conveyed to a third party. For example, when a person hands his credit card to the cashier at a grocery store, he may not pause to consider that he is also “conveying" to his credit card company the date and time of his purchase or the store's street address. But he would hardly be able to use that as an excuse to claim an expectation of privacy if those pieces of information appear in the credit card company's resulting records of the transaction. Cf. United States v. Phibbs, 999 F.2d 1053, 1077-78 (6th Cir. 1993) (Defendant “did not have both an actual and a justifiable privacy interest in ... his credit card statements.”).

Our dissenting colleagues similarly argue that the third-party doctrine requires specific “knowledge” on the part of the phone user about what information is being conveyed at the time. Because phone users usually do not "know[]” their own CSLI, the dissent argues, they cannot convey it. But the dissent cannot have it both ways: Accepting its premise as true for purposes of argument, we fail to see how a phone user could have a reasonable expectation of privacy in something he does not know. Indeed, the dissent rightly questions "whether anyone could credibly assert the infringement of a legitimate expectation of *431privacy" in “numbers dialed by someone else.” The same logic would also apply to CSLI, which is created “by someone else”— and of which phone users, according to the dissent, are not even "aware.”

. Our dissenting colleagues posit that perhaps records of incoming calls have just not been challenged in court. They have been. See, e.g., In re Application of F.B.I., No. BR 14-01, 2014 WL 5463097, at *4 (Foreign Intel. Surv. Ct. Mar. 20, 2014) (listing courts that “have relied on Smith in concluding that the Fourth Amendment does not apply to ... incoming calls”); Reed, 575 F.3d at 914 (noting that there is “no Fourth Amendment expectation of privacy” in "call origination” data); Sun Kin Chan v. State, 78 Md.App. 287, 300-01, 552 A.2d 1351 (Md. App. 1989) ("There is no constitutional distinction between the questions of 1) whom you call and 2) who calls you.”).

. Nor has this court ever suggested that other information typically contained in phone records — the date, time, and duration of each call, for example — merits constitutional protection. Yet a phone customer never "actively chooses to share” this information either. Rather, this information is passively generated and recorded by the phone company without overt intervention that might be detected by the target user. If individuals "voluntarily convey,” all of this information to their phone companies, we see no basis for drawing the line at the CSLI at issue here. We note that this case deals with only 2010- and 2011-era historical CSLI, generated by texts and phone calls made and received by a cell phone.

. In addition to being firmly grounded in the case law, the contenl/non-content distinction makes good doctrinal sense. The intended recipient of the content of communication is not the third party who transmits it, but the person called, written, emailed, or texted. The routing and addressing information, by contrast, is intended for the third parties who facilitate such transmissions.

. Related concerns about a general "erosion of privacy” with respect to cell phones rest on a similar misapprehension of this distinction. These concerns revolve around protecting the large quantity of information stored on modem cell phones and on remote servers like the "cloud.” See, e.g., Davis, 785 F.3d at 536 (Martin, L, dissenting). If all that information were indeed at risk of disclosure, we would share this concern. But documents stored on phones and remote servers are protected, as "content,” in the same way that the contents of text messages or documents and effects stored in a rented storage unit or office are protected. See, e.g., United States v. Johns, 851 F.2d 1131, 1136 (9th Cir. 1988) (finding that a person renting a storage unit has a reasonable expectation of privacy in its contents); United States v. Speights, 557 F.2d 362, 363 (3d Cir. 1977) (finding reasonable expectation of privacy in secured locker at place of employment). These are clear limiting principles. Our holding today, that the Government may acquire with a court order, but without a warrant, non-content routing information (including historical CSLI), does not disturb those principles.

. The lack of a bright line between permissible and impermissible amounts of CSLI also stands at odds with the Supreme Court’s "general preference to provide clear guidance to law enforcement through categorical rules.” Riley v. California, - U.S. -, 134 S.Ct. 2473, 2491, 189 L.Ed.2d 430 (2014).

. We note, though, that such a rule would be unprecedented in rendering unconstitutional — because of some later action — conduct that was undoubtedly constitutional at the time it was undertaken. See United States v. Sparks, 750 F.Supp.2d 384, 392 (D. Mass. 2010), aff'd, 711 F.3d 58 (1st Cir. 2013) (recognizing the aggregation theory as "unworkable” because "conduct that is initially constitutionally sound could later be deemed impermissible if it becomes part of the aggregate”).

. For example, the Smith Court noted that, because a phone user who "had placed his calls through an operator ... could claim no legitimate expectation of privacy” in routing information exposed to that operator, "a different constitutional result” did not follow simply "because the telephone company has decided to automate.” Smith, 442 U.S. at 744-45, 99 S.Ct. 2577. Similarly here, "a different constitutional result” does not follow because the telephone company has decided to make its phones mobile. Cf. United States v. Skinner, 690 F.3d 772, 778 (6th Cir. 2012) ("Law enforcement tactics must be allowed to advance with technological changes, in order to prevent criminals from circumventing the justice system.”).

. Indeed, Congress has been actively considering changes to the ECPA in recent years based on advances in technology. See Jared P. Cole & Richard M. Thompson II, Congressional Research Service, Stored Communications Act: Reform of the Electronic Communications Privacy Act (ECPA), 8-10 (2015) (describing various proposed congressional amendments to the ECPA); Scott A. Fraser, Making Sense of New Technologies and Old Law: A New Proposal for Historical Cell-Site Location Jurisprudence, 52 Santa Clara L. Rev. 572, 576 (2012) (describing congressional fact-finding hearings on possible changes to the SCA). And some state legislatures have recently enacted warrant requirements for state agencies acquiring historical CSLI. See, e.g,, Utah Code Ann. § 77-23c-102 (West 2015), amended by 2016 Utah Laws H.B. 369; N.H. Rev. Stat. Ann. § 644-A:2-A:3 (West 2015). Legislatures manifestly can and are responding to changes in the intersection of privacy and technology.