263 A.3d 247
Pa.2021Background
- Moravian College provided a campus-wide Wi‑Fi network (≈1,300 access points); student accounts use usernames/passwords and may be set to connect automatically as the user moves around campus; each connection logs access point, user, and time.
- Moravian’s student handbook included a “Computing Resources” policy stating users should have no expectation of privacy and consenting to inspection/disclosure of network data; students electronically acknowledged the handbook to matriculate.
- Campus IT examined Wi‑Fi logs after a dormitory robbery and identified devices connected to access points near the victim; that data led police to Dunkins, who was charged, moved to suppress the Wi‑Fi records, was convicted, and appealed.
- The Pennsylvania Supreme Court granted review to address whether Carpenter v. United States governs historical Wi‑Fi access-point records and whether Dunkins’ signed handbook acknowledgment waived any privacy right.
- Justice Wecht (concurring/dissenting) would distinguish Carpenter and hold that, under these facts, a student who voluntarily opts into continuous automatic connection lacks a reasonable expectation of privacy in the Wi‑Fi records; he also criticizes the Majority’s brief treatment of waiver as relying solely on a signature.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Does Carpenter’s holding (expectation of privacy in historical CSLI) extend to campus Wi‑Fi access‑point logs? | Dunkins: Yes — Wi‑Fi logs can be at least as detailed as CSLI and can track inside buildings, so Carpenter’s protection should apply. | Commonwealth/Moravian: No — campus Wi‑Fi is geographically limited, connection is voluntary/avoidable, and the police sought records via a location‑based request akin to a tower‑dump. | Majority avoided deciding Carpenter’s applicability and resolved on waiver/abandonment; Justice Wecht would distinguish Carpenter and hold no reasonable expectation of privacy because students can control/opt out of Wi‑Fi logging. |
| Is the handbook/Computing Resources waiver enforceable to bar Dunkins’ Fourth Amendment challenge? | Dunkins: No — the waiver is compulsory (adhesion), not a knowing, intelligent, voluntary waiver of constitutional rights. | Commonwealth: Yes — Dunkins signed and assented to a clear policy disclaiming privacy; that consent foreclosed his claim. | Majority: waiver/abandonment by signature sufficed; Wecht: signature alone is insufficient and waiver requires totality analysis, though he deems waiver immaterial given voluntariness ruling. |
| Does the method of data collection (location dump/tower dump) make Carpenter inapplicable? | Dunkins: (not heavily litigated) — argued similarity in privacy concerns. | Commonwealth: Carpenter expressly declined to address tower dumps; police used a location‑based request akin to a tower dump, so Carpenter is not controlling. | Superior Court and Majority treated the request as akin to a tower dump and thus viewed Carpenter as not dispositive; Wecht did not decide the tower‑dump question because he found no expectation of privacy under voluntariness. |
| Should the Wi‑Fi records be suppressed as obtained without a warrant? | Dunkins: Yes — without warrant, admission violates Fourth Amendment if Carpenter applies or waiver is invalid. | Commonwealth: No — either no expectation of privacy or Dunkins abandoned/waived rights by assent and auto‑connect choice. | Suppression denied; convictions affirmed. |
Key Cases Cited
- Carpenter v. United States, 138 S. Ct. 2206 (2018) (historical cell‑site location information can implicate a reasonable expectation of privacy and ordinarily requires a warrant)
- United States v. Jones, 565 U.S. 400 (2012) (long‑term GPS monitoring implicated a reasonable expectation of privacy)
- Smith v. Maryland, 442 U.S. 735 (1979) (third‑party doctrine: dialed numbers disclosed to telephone company)
- United States v. Miller, 425 U.S. 435 (1976) (third‑party doctrine applied to bank records)
- Riley v. California, 573 U.S. 373 (2014) (cell phones are central to modern life and implicate significant privacy interests)
- Medlock v. Trustees of Indiana Univ., 738 F.3d 867 (7th Cir. 2013) (upheld student handbook consent to dorm‑room inspections in administrative context)
- United States v. Adkinson, 916 F.3d 605 (7th Cir. 2019) (user‑agreement consent can permit a carrier’s disclosure/tower‑dump to law enforcement)
- Commonwealth v. Sodomsky, 939 A.2d 363 (Pa. Super. 2007) (voluntary disclosure to third parties can defeat an expectation of privacy)