The U.S. Supreme Court has recognized that under U.S. law, once you have paid for a hotel room, your room is your home and your castle. You are entitled to the same protection against unwanted intrusions in a hotel room as you would be in the same room if you owned it outright as a condo.

As is often the case, however, the law is one thing and business norms are another. The difference is made clear in a fascinating and widely-misreported legal case involving a gambler arrested earlier this year in Las Vegas.

Paul Phua is a Malaysian businessman well known as a high-roller at casinos in Macau and in Las Vegas, where he has played in million-dollar-ante (U.S. dollars) televised poker games.

(Like nearby Hong Kong, Macau is an enclave that was formerly a foreign colony and is a now a “Special Administrative Region” of China.  Macau uses its special status to provide a haven for legal casino gambling, which is generally illegal elsewhere in China. Most Chinese citizens can’t get visas to travel to the U.S. or other countries, but can more easily get permission to travel to Macau from the rest of China. As a result, Macau has become the world’s largest legal casino gambling center: Significantly more money is bet and lost to casinos in Macau than in Las Vegas.)

Paul Phua and his son Darren Phua were arrested in July of this year, during the soccer World Cup, in a residential villa (a 10,000-square-foot hotel suite) at the Caesar’s Palace casino-hotel complex in Las Vegas. Gambling, including betting on the World Cup, is of course legal in Las Vegas. That’s how Caesar’s Palace makes its money, that’s why the Phuas were there, and that’s why Ceasar’s had provided the Phuas with the use of its villas. The Phuas have been charged with US Federal crimes, however, for allegedly using the Internet connection from their hotel villa in Las Vegas to send messages to unlicensed sports betting businesses in Macau and elsewhere.

What made the headlines earlier this month, and led to an editorial in the New York Times, was a motion filed by the Phuas’ lawyers arguing that the searches of the Phuas’ villas were unconstitutional.

One of the lawyers on the brief for the Phuas is Tom Goldstein, founder of SCOTUSblog and, among many other cases on his resume, co-counsel for John Gilmore in his petition for certiorari to the Supreme Court in Gilmore v. Gonzales. The brief for the suppression of illegally obtained evidence against the Phuas is one of the best-written pieces of legal story-telling we’ve come across in a long time, even down to the legally irrelevant asides. (“Once they left the villas, the first comment of [agents] Lopez and Kung was to agree that the female butler was “pretty hot.” Ex. F., Trans. Disc 3, p. 39, lines 24-25. Turning back to the case, they…”)

The essence of the Phuas’ lawyers’ argument is that FBI agents and Nevada state law enforcement officers repeatedly cut off the Internet service to the Phuas’ villas, waited until the residents of the villas reported the outages, then came into the villas with hidden cameras and recorders but disguised as, and falsely claiming to be, repair technicians working for the hotel.

The police then used the information from these warrantless entries to apply for a search warrant for the Phuas’ villas as well as a another villa occupied by some alleged associates of the Phuas, claiming that the residents of the villas had “consented” to their coming inside.

The legal issue is whether you can be deemed to have “consented” to a search by the police if you let a person into your home who claims to be a repair technician, especially when the only reason you called for service is that the police had turned off your service.

This sounds like something out a comic-book story of surveillance in a tin-pot dictatorship, where the phone in your hotel room stops working (because the secret police have disconnected the line), and then the secret police show up at your door, pretending to be from the telephone company, and pretend to “fix” the phone while installing wiretapping devices.

There’s more to the malfeasance of the FBI and Nevada police in this case. They tried to hide from the judge the fact that they were the ones who had disconnected the DSL lines to the villas, prompting the residents’ service request to the hotel. They also claimed to the judge that the Phuas had been “free to leave” while they were being kept in handcuffs for more than five hours. Since the Phuas weren’t being detained, it wasn’t necessary to read them their rights or allow them to talk to their lawyer, who had shown up outside the villa and was turned away by police.

But what also interests us is the role of the hotel-casino management and staff.

The New York Times editorial, like much of the of the other news analysis, got this backwards:

During the 2014 World Cup, the agents suspected that an illegal gambling ring was operating out of several hotel rooms at Caesar’s Palace in Las Vegas, but they apparently did not have enough evidence to get a court-issued warrant. So they enlisted the hotel’s assistance in shutting off the Internet to those rooms, prompting the rooms’ occupants to call for help. Undercover agents disguised as repairmen appeared at the door, and the occupants let them in. While pretending to fix the service, the agents saw men watching soccer matches and looking at betting odds on their computers. There is nothing illegal about visiting sports-betting websites, but the agents relied primarily on that evidence to get their search warrant. What they failed to tell the judge was that they had turned off the Internet service themselves.

The voluminous court filings (those that are available without charge through RECAP are linked from this copy of the docket sheet) and other news reports about the underlying facts make clear that the actual chain of suspicion and illegal snooping went in the other direction:

Contrary to what the Times suggested, the police didn’t “enlist” the hotel in their investigation. Nor is it true, as the government implausibly claims in its response to the Phuas’ motion, that the hotel’s “contractor engaged in a private frolic outside of any … relationship with the agents.”  The initiative to invade guests’ rooms came not from the police (as the Times misreported) or the contractor (as the government now claims) but from the hotel.

The hotel initiated the investigation, enlisted the police to spy on its guests, gave the police full access to all the data it had already collected about these guests and all the surveillance tools it had already installed, and provided support without which the police wouldn’t have been able to trick the guests into letting in the cops disguised as Internet repairmen.

Reprehensible (and unconstitutional) as the cops’ actions were in this case, anyone who spends time in hotel rooms ought to be at least as outraged at the hotel’s role in spying on its guests.

What the casino hotel suspected its guests of, and what gave rise to those suspicions, isn’t clear. Certainly it wasn’t “suspicious” that the occupants of a high-roller suite were gambling, either in general or on the World Cup, on which Caesar’s was making book. That’s why the the Phuas were there, and why they had been given the use of the villas, the big-screen TVs in their “media rooms” to watch the games, the computers so that they could check the odds being offered, and the private “salon” for their personal gambling games. It would have been suspicious if they weren’t gambling, weren’t watching the games they were betting on, or weren’t following the odds as they were placing their bets.

If the hotel decided it didn’t want to be associated with whatever it thought the Phuas and the other residents of any of the villas were doing, it could simply have stopped providing them with free lodging and other services. Presumably, that would have induced them to decamp to some other more hospitable casino that valued their betting (and losing) more — or to get back on Mr. Phua’s private jet and go someplace else..

For more than a decade, advertising for the Las Vegas Convention and Visitors Authority has centered on the implied promise to protect the privacy of their guests’ activities while on their premises, “What happens in Vegas, stays in Vegas.” But these same casinos and hotels have actually been in the vanguard of the hospitality industry in guest surveillance, with the owners of Caesar’s in particular recognized as the industry leaders.

What sort of surveillance does Casears conduct on its guests? According to the Phuas’ lawyers:

Caesar’s sent the results of its investigation to the [Nevada Gaming Control] Board…. The Board began an investigation, together with the FBI. Caesar’s fully cooperated — for example, by providing extensive records about the villas’ residents. These included logs of every entry into and exit from the villas, as well as detailed logs regarding the residents’ whereabouts and their requests to Caesars’ staff. The agents had access to Caesars’ extensive network of cameras (which recorded every entry and exit), including tapes spanning most or all of the residents’ stay at the hotel.

All this information is routinely collected and retained about every guest, not just those who have come under any suspicion. And it is voluntarily and pro-actively passed on to police whenever Caesar’s feels like it, without the need for the police to ask Caesar’s for it, much less to ask a judge for a warrant.

Casinos and theme parks, both of which create all-encompassing environments designed and laid out to induce their guests to spend as much money as possible, have been leaders in tracking of their customers’ physical movements and activities. Theme park customers are tracked with RFID wristbands containing uniquely numbered radio beacons. Gamblers are tracked with “loyalty cards”: for slot-machine players and individually numbered RFID gambling chips for table games that can be linked to the specific player to whom they are issued, and tracked through each bet or transaction in which they are used until they are cashed in.

The CEO of Caesar’s, Gary Loveman, has a Ph.D.from MIT and taught at Harvard Business School before he was was hired away by Caesar’s to manage its “loyalty” programs. A popular speaker at travel industry insider events, he’s revered by his peers as the pioneering travel industry guru of Big Data collection, analysis, and usage for customer tracking, profiling, personalization, and optimized allocation of hotel rooms and other resources and services to generate maximum revenue. [Update: For more on Loveman and Ceasar’s use of personal data about gamblers, see Adam Tanner’s book, What Stays in Vegas, which we learned of only long after this blog post was published.]

“Casinos have hotels to give gamblers a place to rest and recover, so that they can gamble more,” Loveman is fond of saying. He’s described publicly, and in detail, how Caesar’s allocates rooms and other perks — especially the most luxurious facilities and expensive services such as the villas the Phuas and their friends were occupying — to those guests who the casino knows from past experience are most likely to spend (i.e lose) the most money at the casino. It would make no sense to rent such a villa to someone unknown, even if they are willing to pay rack rates that start at US$25,000 per villa per night, when the same villa could be comped to a high-roller who can be counted on to lose more than that in the casino.

The Phuas and their friends weren’t paying (other than indirectly through their gambling losses at the casino) for their lodging, for their meals in any of the casino’s restaurants or from room service, for the round-the-clock private butler service provided for each villa, or for anything else they asked for. If they wanted $600 worth of Vietnamese food one day, as the butlers’ log shows, they got it delivered, free. If they didn’t like the laptop computer the hotel provided, the hotel would buy them another one of their choice, to use for free during their stay.

At the time of their arrest, the Phuas and their family and friends had been staying at Ceasar’s for almost a month during the World Cup. They were occupying at least three villas which, at rack rate, would have cost paying guests more than US$2 million for a stay of that duration. Presumably, Caesar’s invited them and comped them because it had confidence they would lose more than that much money in Caesar’s casino during their stay. They weren’t uninvited guests imposing their unsavory ways on a reluctant host, but VIPs lured to Caesar’s with more than US$2 million worth of complimentary services as well the promise of the advertisements that, “What happens in Vegas, stays in Vegas.”

These are the circumstances in which Caesars’ in-house “investigators” claimed to be shocked — shocked! — to find out that there was gambling going on in the Phuas’ villas, called in the law, and put themselves and their staff contractors at the beck and call of the police to trick their way inside the villas.

The lowest paid of the casino hotel’s employees, the butlers assigned to the guest villas, tried to block the doors to keep the cops-disguised-as-Internet-repairmen out of some areas of the villas. The butlers told the police “repairmen” that the guests had said they didn’t want uninvited visitors interrupting them while they were busy watching the World Cup games.

The presumably better-paid consultant brought in to fix and “un-fix” the DSL lines and coach the cops on how to impersonate technicians cooperated in the deception, although with occasional notes of reluctance — for his own safety, and not on any ethical grounds.

At the top, the hotel’s management appears to have given the scheme its unequivocal support.

If Caesar’s was really suspicious that the Phuas were doing something illegal, or even simply that they were “cheating” by taking comped services while placing their bets elsewhere, Caesar’s could simply have started charging them rent, or kicked them out.

If the police came knocking on their own initiative, Caesar’s could have stood up for their customers and guests. That’s what owners of mom-and-pop motels in Los Angeles, with far fewer resources than Caesar’s, did when the city passed a law requiring them to make their guest registers open books for police to look at at any time. They challenged that law, successfully, and their objections are now about to be reviewed by the Supreme Court in its current term.

Caesar’s could have asked to see a warrant — as should any hotelier — when the police asked for entry to a guest room or suite.

In the absence of a warrant, the proper answer when the police asked for Caesars’ records of guests activities should have been, “What happens in Vegas, stays in Vegas.”

Too bad Caesar’s Palace missed the chance to prove that Las Vegas means what it says in its ads.