chevron-down Created with Sketch Beta.

Criminal Justice Magazine

Summer 2024

Are Geofence Warrants Headed for Extinction?

Donna Lee Elm

Summary

  • Geofence or reverse-location search warrants don't identify an individual whose data is sought, but instead identify a place and a time where a crime occurred and sought information about who was there then.
  • The largest geofence warrant ever was dropped on the US capitol after the January 6, 2021, attack, covering four acres hugging the capitol building and immediate surroundings.
  • In response to privacy concerns, Google will cease storing location data in its Sensorvault, will  automatically encrypt backed-up data so no one can read it, and will change the default auto-delete on its apps’ location data to three months.
Are Geofence Warrants Headed for Extinction?
Laurence Dutton via Getty Images

Jump to:

Geofence arrants have become an investigation tool of choice after law enforcement discovered that Google had been maintaining its Sensorvault, a treasure trove collecting over a decade of highly precise location data of persons using Google applications. That is changing.

Overview of Geofence Warrants

Google’s location history data are prized by law enforcement because they can be highly precise. Instead of the indeterminant and broad scope of cell tower location data, Google’s data can potentially identify a device’s location to within a yard or two. Moreover, Google tracked devices’ location quite often (sometimes as frequently as every two minutes), so the data can show movement and direction again with far greater precision than cell tower data. Google had been receiving warrants for its location history information on specified individuals’ devices, but in 2016, law enforcement recognized a new way to use those data.

The FBI for the first time sought what has come to be known as Geofence or Reverse-Location search warrants. Instead of identifying an individual whose data is sought, these warrants identified a place and a time where a crime occurred and sought information about who was there then. The government required Google to turn over information revealing all devices that were present in a certain geographic area at a particular period in time. Google imposed some limits on this process, requiring law enforcement to reasonably narrow its geographic area (the geofence) as well as the time frame to be searched. Then it established a three-step process to winnow down the number of “hits” that were produced before giving out identifying information; it sought to limit the invasion of its users’ privacy. Courts authorizing these warrants happily embraced that practice. But as discussed in my earlier article, see Donna Lee Elm, Geofence Warrants: Challenging Digital Dragnets, 35 Crim. Just. 2 (Summer 2020), these warrants have been criticized as being inherently overbroad, ignore the “particularity” requirement of the Fourth Amendment’s warrants clause, and, in the majority of instances, fail to actually identify the suspect.

The Chatrie Litigation

Recently, there have been three major developments regarding these indiscriminate search warrants. First, the most thorough and well-documented litigation of their validity was finalized in the case of Okello Chatrie’s bank robbery. United States v. Chatrie, No. 3:19-cr-130, Doc. 220 (E.D.Va. Mar. 3, 2022). Google shared details of its system, filed amicus briefs, and supplied its experts to this case. The judge concluded that this warrant violated the Fourth Amendment’s warrant requirement of “particularity” (specifying what persons or things to be searched). Id. at 38–49. The judge was also skeptical that the third-party doctrine would apply. Id. at 52–54. Nevertheless, he expressed great regret in having to uphold the warrant due to the Leon exception, “good faith” reliance on a judge having issued the warrant.

Because warrants are required for these searches, all Geofence warrants evade constitutional negation under that analysis. The judge urged Congress and the court to change the law in light of technological developments, noting that the complexity of these issues could well be above a magistrate reviewing the warrant.

In Chatrie’s case, the judge issuing the warrant was a municipal magistrate who had a bachelor’s degree (no law school) from a little-known religious college. See id. at 58–62.

The January 6th Attack Litigation

Second, the largest Geofence Warrant ever used was dropped on the US capitol after the January 6, 2021, attack. Its geofence covered four acres hugging the capitol building and immediate surroundings, and its time frame was 2:00–6:30 p.m. that date.

The first step of the Geofence Warrant procedure produced 5,723 devices, including the suspect group and two control groups of persons present well before and after the event. That allowed the FBI to reduce the number. In the second step, the travel of each of those remaining devices was reviewed to remove persons whose movement was inconsistent with the attack. The FBI further prioritized devices that were in the area throughout the whole attack period, as well as devices whose location data had been deleted afterwards. That allowed the list to be winnowed down to 1,518 persons, and the FBI was able to create detailed maps of their movement throughout the geofence during the attack. Mark Harris, A Peek Inside the FBI’s Unprecedented January 6 Geofence Dragnet, Wired (Nov. 20, 2022). Deleting those who were not joining the insurgent crowd, the FBI arrived at 1,498 devices on which Google supplied identifying information.

Defendant David Rhine challenged that warrant’s overbreadth and lack of “particularity.” See United States v. Rhine, No. 1:21-cr-687, Doc. 79 (D.D.C. Jan. 24, 2023). The judge did not decide the government’s position that Rhine had no privacy interest, though it noted that Carpenter v. United States, 138 S. Ct. 2206 (2018), cast doubt on that argument. Nevertheless, it upheld the warrant’s breadth due to “the unique facts of the case” because it was reasonably restricted to the area where all but fleeing legislators and stalwart security personnel were engaged in the attack, and it was geographically limited to barely exceed the capitol building itself. Id. at 64–75. He also found no particularity violation because the court—rather than the FBI or Google—decided which devices to disclose. Id. at 75–77. Even if his conclusions were wrong, the judge concluded that the Leon “good faith” exception applied to preserve the January 6th Geofence Warrant. Id. at 77.

Interestingly, both the Chatrie and Rhine decisions referenced one another’s cases. Chatrie better explained why the January 6th warrant would not violate the Fourth Amendment’s particularity requirement: Unlike Chatrie’s bank robbery (encompassing a host of innocents and one perpetrator), the facts of the Capitol attack and its warrant’s design would mean that almost all individuals found within that geofence at the time were involved. Chatrie, No. 3:19-cr-130, Doc. 220, at 46 n.40, 49 n.42. It “is unusual in that the government could plausibly argue everyone within the geofence had committed or witnessed the crime.” Robert Weiner & Drew Harwell, Google Location Data Was Used to Find Jan. 6 Rioters. It’s Disappearing, Wash. Post, Jan. 8, 2024.

Last December, the Fourth Circuit heard argument on Chatrie’s appeal but has not issued its decision as of this writing. The D.C. Circuit has yet to have briefs filed in Rhine’s appeal.

Google’s Dispositive Intervention

The third important development is what Google did in response. Google had been inundated with Geofence Warrants after the first federal one arrived in 2016. For example, in 2020, it had been served with 11,500 Geofence Warrants, which are time-consuming and require its company lawyers’ involvement. Aside from the trouble and cost of this ever-increasing burden, the Sensorvault’s availability to search warrants had been subject to extensive media coverage during the Chatrie and January 6th prosecutions. Consumers valuing their privacy had taken note.

Geofence Warrants took on greater public concern after the Dobbs decision was handed down. Once states began criminalizing certain abortions, public fear began to mount that Geofence Warrants would be dropped on clinics providing those services. Public pressure therefore began to swell concerning these warrants. Indeed, last summer California introduced a bill to ban all Geofence Warrants in that state. Mike Maharrey, Second California Assembly Committee Passes Bill to Restrict Geofence Location Tracking, Tenth Amend. Ctr. Blog (Apr. 20, 2023). The bill was mired in legislation as law enforcement opposing it weighed in, but it showed that pro-choice advocates’ concern about this application of Geofence Warrants had political legs. Google, whose image had already been tarnished regarding its users’ legitimate privacy concerns, also must have recognized that its Sensorvault data could be sought for abortion prosecutions—and that would further offend some of its consumers.

On December 13, 2023, Google took matters into its own hands. It issued a statement that over the course of a year, it would make three critical changes to how it treats location history information. Its reason? “Your location information is personal. We’re committed to keeping it safe, private and in your control.” Google was responding to privacy concerns.

First, Google would cease storing location data in its Sensorvault, instead allowing users to store and manage their location data on their own devices. Second, if users decided to back up their data to the cloud, Google would “automatically encrypt your backed-up data so no one can read it, including Google.” Finally, Google would change the default auto-delete on its apps’ location data to three months, whereas Google currently stores the data for 18 months. Its official announcement of this change is at Marlo McGriff, Updates to Location History and New Controls Coming Soon to Maps, Google Glog (Dec. 12, 1012), https://tinyurl.com/y3reh8tr.

In reality, this means Google’s Sensorvault will be out of the Geofence Warrant business. Nevertheless, Google collects user’s location data in some other spots beside the “location history” that was stored in the Sensorvault. See Ryan Nakashima, Google Tracks Your Movements, Like It or Not, Assoc. Press (Aug. 13, 2018), https://tinyurl.com/54ya4yys. The Electronic Freedom Foundation therefore warned that “It remains to be seen whether law enforcement will find a way to access these other stores of location data on a mass basis in the future.” Jennifer Lynch, Is This the End of Geofence Warrants?, Elec. Freedom Found. (Dec. 13, 2023), https://tinyurl.com/4vfemca9.

Furthermore, Google is not the only company subject to Geofence Warrants. Apple and Android devices also track location data, but to a substantially smaller extent than Google apps do. Apple reported in 2022 that it had received 13 Geofence Warrants, and it had refused all since it does not store location data (which remains only on users’ devices). Zack Whitaker, Google Moves to End Geofence Warrants, a Surveillance Problem It Largely Created, TechCrunch (Dec. 16, 2023).

Location data will also still be available on individuals’ devices and in their cloud storage. Users, of course, can limit that storage now. But once Google’s transition to this new location history is complete later this year, law enforcement cannot go “fishing” for suspects through Google’s Sensorvault anymore. Thus, the proliferation of Geofence Warrants is reaching its natural extinction.

    Author