[whoopdedo]

It's not quite the same as legitimizing the sharing of information by a third-party. By saying it is a "risk" there is the implication that it is outside the contract the customer has with the telephone company. So I think it contradicts itself by first saying he should not have expected privacy then saying the loss of privacy is a risk. If there's no expectation of privacy then where is the risk? There is an expectation but there is also a risk and if the information is divulged (against the customer's wishes) then any further expectation of privacy disappears. This is what happened with those leaked celebrity photos; the initial hacking was illegal, but publishing the photos after the leak was not.

The salient issue the case demonstrates is that if the police read the numbers from his phone directly, that would be an illegal search. But because it was the telephone company that divulged the information, even if that was a breach of privacy, it does not invalidate the use of the information as evidence because although the police received the benefit from the information they were not the ones who breached the privacy. So there was no loss of privacy as far as the fourth amendment is concerned; that only applies to police and not the telephone company. If he has a problem with the them giving the information out he can sue. Except, of course, congress has also given telephone companies immunity.

And as more government work gets outsourced to private contractors there are more avenues by which law enforcement can do this privacy-two-step-tango and collect admissible evidence without warrants. Or, at least, using much easier to obtain warrants. Isn't that what one of the concerns with CISA is? That it lets private company collect information that may be used in court? Do these companies have to obey the fourth amendment?