chevron-down Created with Sketch Beta.

Criminal Justice Magazine

Magazine Archives

Geofence Warrants: Challenging Digital Dragnets

Donna Lee Elm

Summary

  • Since Carpenter v. United States, law enforcement has routinely used a warrant to seek Google’s geofence data, however, the extent of privacy afforded to transmitted location data has yet to be fully tested.
  • Every new wave of technology generates a spate of Fourth Amendment litigation.
Geofence Warrants: Challenging Digital Dragnets
Anna Eremeeva via Getty Images

Jump to:

“Almost everything we do leaves little digital locational clues that are a warrant away from collection.” Andrew Ferguson, The Rise of Big Data Policing: Surveillance, Race, and the Future of Law Enforcement (2017).

Rise of Geofence Warrants

For over a decade, Google tracked and stored in its behemoth SensorVault extremely precise location data on all devices that use Google’s apps and operating systems. Law enforcement has recently discovered that treasure trove. They seek these data through “Geofence” or “Reverse Location” Warrants under the Stored Communications Act. This will be another issue for the Supreme Court, which has been wrestling with privacy in the age of pervasive/invasive technology.

The first FBI geofence warrant asking for Google’s SensorVault location data was dropped in March 2018. After nine unsolved armed robberies in Portland, Maine, the FBI succeeded in getting a warrant for what was, in essence, a “fishing expedition.” It did not have an identified suspect, asking where was he? Rather, it had an identified crime location and time, and asked who was there? Hence, the “reverse” location label. The warrant sought all cellular devices within a 30-minute time frame for all nine locations. The area covered in the warrant was a whopping 111 acres. The warrant demanded names, addresses, account activity, and historical location data for that time frame on all devices in those areas. The theory was that it would be highly unlikely that an innocent person would be at multiple such locations. Nonetheless, two of their locations were only 500 meters apart, so that coincidence could occur. Google refused. Rather than engage in privacy litigation, the FBI turned instead to more traditional investigation techniques and was able to identify the robber through a shoe print, DNA left on a shoe, and highway toll pass records for his truck. Thomas Brewster, To Catch a Robber, the FBI Attempted an Unprecedented Grab for Google Location Data, Forbes (Aug. 15, 2016).

Other agencies caught on. The first publicly reported case was in Raleigh. Witnesses overheard an argument ending in gunshots, then the perpetrator illuminated the ground with his cell phone as he fled. It remained unsolved. Eighteen months later, a cabbie was gunned down. Security surveillance footage caught the confrontation; it appeared to be the same man, walking away with a cell phone to his ear. It was unsolved by traditional means as well. The fact that the suspect used a cell phone at both scenes improved probable cause. Detectives identified an area around each scene and convinced a judge to issue a warrant ordering Google to turn over account identifiers for every cell phone that passed through that area during the relevant time frame.

Energized by that success, Raleigh police applied for similar warrants for a sizeable downtown arson scene and a sexual assault scene—but they had no evidence that those perpetrators had a phone. Another concern was those warrants’ breadth. They included private residences and university apartments—vastly increasing the number of innocent persons snared by this “digital dragnet” and clearly intruding on Fourth Amendment–protected homes. Moreover, only phones using Google apps would provide data to the SensorVault. Hence, capturing the perpetrators through those warrants was a chancy proposition. The homicide warrants also covered a 14-acre area. Finally, the efficacy of these four warrants showed its limited ability to identify suspects; of those four cases, only the second murder was solved by Google data. Tyler Dukes, To Find Suspects, Raleigh Police Quietly Turn to Google, WRAL.com (Mar. 15, 2018).

Location Data Technology

Google has been storing precision location data of users of its products for at least 11 years. Jennifer Lynch, Google’s Sensorvault Can Tell Police Where You’ve Been, Elec. Freedom Found. (Apr. 18, 2019) [hereinafter EFF]. Their location data are far more sensitive than cell tower data; Google can pinpoint locations within 20 meters and sometimes even square feet, while cell towers can only specify within a few thousand meters. Brewster, supra.

Google permeates cell technology. It is used on all Google devices, but persons with Apple iPhones may download some Google Apps, for instance, using Google Search or GoogleMaps, running YouTube videos, and getting automatic weather or traffic updates. Id. Moreover, Android phones were developed with Google operating systems, so nearly 90 percent of the cell phone market may have data in the SensorVault. GoogleMaps is the most-used navigation app on the market (67 percent), with the next most popular navigation app being Google’s Wayz. EFF, supra. Cell phones are, of course, not the only devices that send location data to Google; iPads, gps, wifi, and Bluetooth beacons using Google products contribute as well. Id. Google meticulously gathers and stores location data, monetizing it to tailor ads to a user’s location—a $20 billion market. Jennifer Valentino-DeVries, Tracking Phones, Google Is a Dragnet for Police, N.Y. Times (Apr. 13, 2019) [hereinafter NYT].

But Google does not cover all devices. Apple does not store location data. Id. Moreover, Google devices have settings that theoretically allow users to turn off the location tracking feature. However, even when location history is “off,” some Google apps continue to store location data. Completely deleting location information is possible but takes technical savvy and laborious effort. Ryan Nakashima, Google Tracks Your Movements, Like It or Not, AP (Aug. 13, 2018). Finally, asking for Google’s data does not assure that even a Google-using perpetrator will fall within it, as he may not have his cell phone on him, or it may not be recording location data at the time. Location data are not continuously recorded; they will be noted every few minutes, depending on Google’s settings. Hence, a perpetrator who is at the scene momentarily, between location recordings by his device, might well not be captured by the warrant at all. Id. Thus, there are a number of ways—some contend “a high probability”—that a geofence warrant may not include the perpetrator. EFF, supra.

Use of Geofence Warrants

Geofence warrants have been used not only in Portland and Raleigh, but also in Allentown and Milwaukee, Wisconsin; Miami, Florida; Phoenix, Arizona; Austin, Texas; and Virginia, New York, Minnesota, and Washington. NYT, supra. It is difficult to know where they are being sought because the warrants are usually secret per the Stored Communications Act. However, law enforcement has turned to Google for location data in exponentially increasing numbers. The explosion of warrants started about April 2019. Id. At that time, Google reported receiving an average of 180 requests for its data per week. EFF, supra. Accommodating this barrage takes the company up to six months to respond. NYT, supra.

Because of numerous overly broad demands, and to protect its customers’ privacy, Google developed a three-step process in responding to these warrants. As in the Portland case, it outright rejects demands that are grossly overbroad. Otherwise, given reasonably circumspect requests, it first responds only with anonymized cell information. Often, a single warrant can produce dozens or hundreds of devices. Id. Second, if needed, it turns over additional movement history within that group. Using that information, detectives can pare down their request to a handful of cell phones. Third, police demand identification information on those. Google requires a warrant for the first two steps, and usually needs another warrant for the third step; note that some jurisdictions require a warrant for the final identifying information as well. Deanna Paul, Alleged Bank Robber Accuses Police of Illegally Using Google Location Data to Catch Him, Wash. Post (Nov. 21, 2019). However, there have been cases where law enforcement simply sent a letter asking for additional refinements of information, including identifying users, and Google complied. NYT, supra.

An example of this process occurred in a Virginia bank robbery. The surveillance video showed the robber holding a cell phone before he entered the bank, increasing the probable cause for location data. Police served a geofence warrant to produce every cell phone in the vicinity of the bank within one hour of the crime. Google responded with 19 anonymized devices. Police were able to reduce the number at that point to nine devices by removing cell numbers of identified innocent persons who were present. Eyewitnesses reported that the robber had walked from a nearby church parking lot to the bank. Having that movement information, they asked for the expanded movement data on those nine phones. With that information, police were able to cull the list down to three possible suspects. They asked for the identifying information on those three. Despite not providing a separate warrant for that last step, Google handed that information over. Shortly thereafter, Okello Chatrie was arrested for this crime. Paul, supra.

Risk of Snagging the Innocent

There were problems with the breadth of that warrant beyond lack of the second warrant. Within its geofence was a major highway, Hampton Inn, Ruby Tuesdays, a storage facility, two apartment complexes, and the church. Yet homes are protected by the Fourth Amendment and churches by the First Amendment. Id. But some of these SensorVault warrants have been far more overbroad. The most extensive search occurred in Milwaukee, which had an unsolved series of arsons. Law enforcement secured a warrant for all four locations—an area covering about 7¼ acres. The time frames used totaled nine hours. As a result, the first production contained 1,494 anonymized users! Brewster, supra. Learning from this sort of overreaching, Google refused production when Allentown authorities asked for every device within a 400-meter radius of a bank robbery. Law enforcement narrowed the search to a 50-meter radius, and then Google complied, producing six users.

Obviously, that means that five (and perhaps six) innocent individuals were disclosed, increasing the risk that non-criminals will be named in an investigation. But not only innocent individuals have been investigated as a result of these SensorVault warrants; at least one was arrested. Warehouse worker Jorge Molina was arrested by Phoenix police for a fatal drive-by shooting. With only security footage of someone firing a gun from a white Honda Civic, police were unable to solve the crime. They sought a Google warrant to identify persons present at the scene at the time. Due to backup, it took Google six months to comply. Molina’s cell phone was identified at the shooting site, and that was confirmed by his car being a white Honda Civic. It seemed like an open-and-shut case for the prosecution, and he was jailed without release. Molina was shocked when charged with murder based only on Google data; “I just kept thinking, you’re innocent; you’re going to get out,” but he worried that it would take months or years to be exonerated. Given the lapse of time, it took a while before evidence was mustered by an alibi witness, Molina’s texts from his cell phone, and Uber receipts, which revealed that he was at a very different location at the time as well as the fact that he did not have his car. Eventually, Marcos Gacta (Molina’s mother’s ex), who at times borrowed Molina’s car, was arrested. It turned out that one could use another individual’s phone number to log into their app; on that fateful day, Molina did that with Gacta’s app, making the SensorVault record Molina’s cell location at the shooting scene when he was not there. Molina was released in a week but had lost his job, and his car was repossessed. NYT, supra.

The potentiality for innocent persons to be swept into this digital dragnet is constitutionally concerning. Nathan Wessler, the ACLU attorney who argued the cell tower case before the Supreme Court, recognized that “[a]t the end of the day, this tactic unavoidably risks getting information about totally innocent people.” Dukes, supra.

In theory, the geofence warrant attempts to take the idea of a physical crime scene and reimagine it for an internet-connected world. But that can lead to situations where innocent bystanders may have their personal information sucked up by police in wholesale ways that wouldn’t have happened before the ubiquity of internet-connected smartphones.

Mack DeGuerin, An Accused Bank Robber Claims the Police Broke the Law When They Used Google Location Data to Track him Down. Privacy Advocates Agree, Bus. Insider (Nov. 22, 2019).

Probable Cause

Probable cause for these warrants is sometimes painfully thin. Detectives often assert statistics about how many Americans have cell phones—but that does not mean that the perpetrator was carrying his phone at the time. The New York Times exposé reviewed warrants and found that police alleged as probable cause merely asserted that most people have cell phones, and Google captures the location on many of those. NYT, supra.

What strengthens such thin probable cause is evidence that the suspect had with him, and especially was using, a cell phone. This was an important factor for the Raleigh murders—which was absent in the Raleigh sexual assault and arson search warrants. Consequently, Google data for the latter two crimes did not lead to identifying the suspect. See Paul, supra. When police have other traditional investigatory evidence, they can cross-reference it to the SensorVault identified persons to better ensure they have the right suspect. Thus, knowing that the Phoenix drive-by shooter was in a white Honda Civic improved the probability that police could pick out the suspect from Google’s handful of disclosed users—of course, that did not account for other possibilities such as in Molina’s case. A Minnesota warrant for a home invasion had corroborating evidence from a confidential informant. NYT, supra. In an Austin bombing case, law enforcement based probable cause on their ability to integrate image data sent by email with the SensorVault data. See Affidavit, In re Search of Info. Regarding Accounts Associated with Certain Locations & Date Info., Maintained on Computer Servers Controlled by Google, Inc., No. 1:18mj169 (W.D. Tex. Mar. 14, 2018). Nonetheless, the Google data yielded no leads. Fortunately, Austin authorities also had surveillance videos and receipts from suspicious purchases, which led them to the perpetrator well before the SensorVault data arrived. NYT, supra. Corroborating evidence could help establish probable cause or even verify which user in the vicinity did the crime, but ultimately, only one in four geofence warrants produced an arrest. Stephen Silver, Police Are Casting a Wide Net into the Deep Pool of Google User Location Data to Solve Crimes, AppleInsider (Mar. 19, 2018). This 25 percent success rate should question the “probability” of the probable cause in Google warrant applications.

Proponents of these warrants note that courts have allowed similar “fishing expeditions” when authorizing wiretaps—innocent persons will be among the guilty in the phone calls that are intercepted. EFF, supra. Moreover, Prof. Orin Kerr pointed out that traditional investigation with surveillance videos takes in a number of innocent persons as well. Brewster, supra. Walking a drug-sniffing dog through a crowd likewise may result in it alerting to persons who are not carrying drugs. Hence, the possibility of identifying innocent people has been a chance undertaken in police investigations for years. But the intrusion into electronic communication and the privacy of one’s location may require more.

Legal Challenges Fourth Amendment Privacy Rights

The percentage of successful arrests aside, these warrants face numerous serious legal challenges. Privacy rights are paramount. In United States v. Jones, 565 U.S. 400 (2012), Justice Sotomayor first suggested that Fourth Amendment privacy rights may extend to one’s location, despite it being provided to third parties like Google. Id. at 415 (Sotomayor, J., concurring). Later, in Carpenter v. United States, 138 S. Ct. 2206 (2018), the Court adopted that position. Holding that historical cell tower location records were entitled to Fourth Amendment privacy, the Supreme Court thus required law enforcement to secure a warrant based upon probable cause to get those data. This ruling abrogated the “third-party doctrine” of United States v. Miller, 425 U.S. 435 (1976), at least as to cell service providers, which had previously allowed investigating authorities to simply ask them for users’ records. Since Carpenter, law enforcement has routinely used a warrant to seek Google’s geofence data, and in fact Google will not respond to requests absent a warrant.

Nevertheless, the extent of privacy afforded to transmitted location data has yet to be fully tested. The data sought in Carpenter named an individual user (thereby satisfying the particularity clause of the Fourth Amendment). Geofence warrants, akin to cell tower “data dumps” (downloading information as to all devices connecting to a given cell tower during a specified time frame), do not identify a particular user, and so are “fishing expeditions” violating the particularity clause. Hence, whether the protections of a mere search warrant suffice for these types of investigations could well be the next issue in the Carpenter line. In fact, Okello Chatrie (the Virginia individual arrested for bank robbery pursuant to geofence warrant data) is challenging the geofence warrant now on a number of fronts. See Motion to Suppress, United States v. Chatrie, No. 3:19cr130, Doc. 29 at 8–16 (E.D. Va. Oct. 29, 2019).

“General Warrants” and Particularity

Geofence warrants constitute the much-reviled “general warrants.” This country was founded on antagonism to “general warrants” used by Britain against our colonists. Riley v. California, 573 U.S. 373, 134 S. Ct. 2473, 2494 (2014). General warrants do not identify a particular person, place, or thing sought but allow authorities to investigate any persons, regardless of whether there is reason to believe they are involved in criminal activity. See United States v. Knotts, 460 U.S. 276, 284 (1983). General warrants thus offend the Fourth Amendment’s particularity clause, providing “. . . no Warrants shall issue, but upon . . . particularly describing the place to be searched, and the persons or things to be seized.” By their very nature, geofence warrants do not name a particular user or device they seek; rather, they require Google to search all of the potential 400 million Americans who contribute location data to the SensorVault. Courts have strongly resisted such intrusions. E.g., Riley, 134 S. Ct. at 2494; United States v. Glenn, 2009 WL 2390353, at *5 (S.D. Ga. July 29, 2009) (a general belief that some of the crowd might carry weapons did not justify a frisk of everyone present). Moreover, any argument that the particularization is provided by limiting the search to devices within a specific time frame and geographical area fails under a “mere presence” principle. The Supreme Court has held that presence by others engaged in criminal activity does not rise to probable cause to search an unsuspected individual who was there. Ybarra v. Illinois, 444 U.S. 85, 91 (1979) (citing United States v. Di Re, 332 U.S. 581, 583–87 (1948)) (mere presence in a suspected car does not allow officers to search that passenger).

The particularity clause was designed to leave nothing to the discretion of the searching officers. Stanford v. Texas, 379 U.S. 476, 485–86 (1965). Yet, the three-step process used with Google is based on officer discretion. After anonymized devices are disclosed in Step 1, police exercise discretion in rejecting a number of those, then ask for movement data on the remainder (considered potential suspects) in Step 2. When movement throughout the time period and space is reviewed, officers again exercise their discretion in selecting which devices they will get identifying information on in Step 3.

Overbreadth can go hand-in-hand with particularity. Warrants seeking too broad a field of potential evidence—some being tied to crime, and others not—suffer from overbreadth. United States v. Galpin, 720 F.3d 436 (2d Cir. 2013). Note that an overbroad warrant can satisfy particularity but violate overbreadth by seeking far too many specific items than are needed. See United States v. SDI Future Health, Inc., 568 F.3d 684 (9th Cir. 2009). Hence, despite probable cause to search an office where the suspect provided illegal tax advice, the warrant was overbroad when it asked for “all records . . . documents . . . computer hardware and software.” United States v. Bridges, 334 F.3d 1010 (9th Cir. 2003). In response to Chatrie’s Motion to Suppress (the Virginia bank robbery case), the government argued that the warrant was highly specific as to the data sought: its limited location and specified time frame. See Response to Motion to Suppress, United States v. Chatrie, No. 3:19cr130, Doc. 48 (E.D. Va. Dec. 9, 2019). Nonetheless, it remained highly overbroad, taking in many uninvolved and innocent individuals’ devices within its scope.

Deficient Probable Cause

Warrants can be challenged when they fail to be based on adequate probable cause. Given that geofence warrant data have solved only approximate 25 percent of the cases, they fall considerably short of the 50 percent-plus rate necessary for probability. This can be attributed to the perpetrator not having Google devices or apps, or if he had them, not having them with him, or if with him, not having them turned on, or if turned on, the crime occurring during periods between Google’s automatic location reporting settings. Moreover, as in Molina’s arrest, occasionally a perpetrator logs into another’s Google account. Other evidence for corroboration improves probable cause, but the warrants reviewed by the NYT reporter relied on mere allegations that most have cell phones, and Google captures much location data from them—which hardly reaches probability once the technology is understood.

Geofence warrants can also be misleading, essentially omitting facts that could be material to the issuing magistrate. Typically, detectives describe the area to be used (the geofence) by its GPS coordinates. In Chatrie’s case, they described it as “within 150 meters of 37° 26’ 18.3” N, 77° 35’ 16.4” W.” Motion to Suppress at 6, Chatrie. To fully apprise the magistrate of the implications of this search, law enforcement should provide her with a map reflecting the extent of the geofence. Furthermore, GPS coordinates alone may not alert the magistrate that the area covers, for instance, 14 acres (as in the Raleigh homicide case). Similarly, the warrants often fail to inform the magistrate that constitutionally protected zones (residences and churches, as in Chatrie’s case) will be swept within its scope. Certainly, a map of the geofence, and disclosure of constitutionally protected portions, should be given to allow the magistrate to be fully informed in her decision.

Law enforcement may assert the Leon exception, that they in good faith relied on a magistrate’s finding of probable cause in granting the warrant. See United States v. Leon, 468 U.S. 897 (1984). However, there are some circumstances where officers would have “no reasonable grounds for believing that the warrant was properly issued.” Id. at 922–23. The Court also held that facially deficient warrants (referring to lack of particularity) could not claim the Leon exception. Id. at 926. Notably, that is an objective standard, and the lack of particularity in geofence warrants is patent.

Appropriate Crimes for Geofence Warrants

Law enforcement normally has practiced restraint in choosing what cases deserve geofence warrants. For the most part, the crimes have been serious and violent—murders, drive-by shootings, home invasions, huge arsons, bombings, armed robberies, and the like. Those share a high concern for public safety that might justify geofence warrants. Nevertheless, nothing in the law requires police to limit geofence warrants to that type of offense. Indeed, Minnesota Public Radio reported that this highly intrusive and overbroad search was used to identify who stole a pickup truck and $650 of tires. EFF, supra. Abuses of the process, like that Minnesota aberration, provide a basis to challenge the warrant.

In addition, geofence warrants should be sought only as a last resort. When cases can be solved with traditional investigation techniques, there is no need to launch these expansive, privacy-invading warrants. For instance, in the Portland FBI’s failed attempt to get geofence data from Google, they were able to solve the crime, without the location data, from a shoe print, DNA, and highway toll booth records. Brewster, supra. Similarly, in the Austin bombings case, police promptly sought a geofence warrant, but within three days, they had developed evidence identifying the bomber from surveillance videos and suspicious purchases. NYT, supra. Moreover, the amount of time and effort needed to produce geofence data is considerable, and the backlog can take up to six months for results. Id. Thus, geofence warrants should be restricted to “cold” cases where traditional investigation work has failed or would fail to identify the perpetrator.

Analogy to Wiretaps

Because of the privacy intrusion on both criminal and innocent callers, Title III was enacted to strictly limit wiretaps. Josh A. Cohen, Is Title III Dead? The Future of Wiretap Challenges in the Wake of Rajaratnam, The Champion, Sept.–Oct. 2013, at 14. What sets Title III apart from other search powers is its requirement to establish necessity (id.): “a full and complete statement as to whether or not other investigative procedures have been tried and failed or why they appear to be unlikely to succeed if tried or to be too dangerous.” 18 U.S.C. § 2518(1)(c). Geofence warrants may be challenged by analogy to the wiretap statute, asking the court (and Congress) to impose the same protections on these Google searches. Title III’s heightened prerequisites are called for, given that innocent persons will be unintentionally ensnared, as happens in wiretaps.

Wiretap violations are litigated in Franks hearings in federal court. In Franks v. Delaware, the Supreme Court held that when a wiretap affidavit contained false statements that were needed to establish its probable cause, the defendant is entitled to a hearing seeking to suppress the wire’s evidence. 438 U.S. 154, 155–56 (1978). The Franks principle and procedure were extended to omissions of material facts as well. See, e.g., United States v. Martin, 615 F.3d 318, 328 (5th Cir. 1980); Stewart v. Donges, 915 F.2d 572 (10th Cir. 1990); United States v. Ippolito, 774 F.2d 1482 (9th Cir. 1985); United States v. Dennis, 625 F.2d 782 (8th Cir. 1980). A court could find that providing GPS coordinates, rather than a detailed map, and by omitting the fact that constitutionally protected areas fall within the geofence, constitutes an omission of a material fact. When that occurs, a Franks hearing should be justified.

Conclusion

It seems that every new wave of technology generates a spate of Fourth Amendment litigation. Geofence warrants are ripe for that challenge because their privacy intrusion is as significant as wire taps, but without the multiple limitations of Title III. Certainly, the geofence warrant practice to date has left much to be desired. Proponents have a viable public safety concern of solving otherwise “cold case” violent crimes, and of preventing further crimes when the perpetrator is a serial murderer, arsonist, rapist, or bomber. However, even if such a “general warrant” could be legitimate in those instances, before jumping into a probable cause affidavit (averring that most Americans possess cell phones and Google records location data), law enforcement should ensure that this is a serious violent offense, try more traditional investigation methods, show what corroborating evidence it has to refine its search, strictly limit the scope in both geography and time, attach a detailed map of the geofence, and specify what constitutionally protected areas fall within the geofence. But even in very dangerous crimes, the Fourth Amendment prohibits police from going door-to-door to search innocent households for the suspect, so the “general warrant” and the Particularity Clause ultimately may put an end to these warrants. Meanwhile, “[c]ase law still needs to catch up with technology” (Brewster, supra) and this is an area ripe for advocates to practice Fourth Amendment work.

An interesting use of the technology has emerged in this time of COVID-19. “Contact tracing” (tracking who may have been in contact with an infected individual) is an important tool to monitor and control spread of the virus. Google’s highly precise location technology can help identify when an individual came into contact with a COVID-positive person. Google and Apple promptly joined to offer smartphone platforms allowing users to know if they have come across a carrier (have been at the same location at the same time). Mark Gurman, Apple, Google Bring Covid-19 Contact-Tracing to 3 Billion People, Bloomberg (April 10, 2020). Users must opt into the system, but this type of definitive location and movement monitoring can be helpful to combat the virus through contact tracing. The tech giants are also releasing frameworks for public health to track COVID-19 exposures and are hoping to start launching by mid-May. For more information, see Mark Gurman, Apple, Google Bring Covid-19 Contact-Tracing to 3 Billion People, Bloomberg (April 10, 2020).

    Author