WRAL has several stories up about geofencing warrants. One major article is here. It describes a search warrant obtained by the Raleigh Police Department in a murder case. The warrant ordered “Google [to] hand over the locations of every [mobile] device within the confines of [a defined geographic area] during a specified time period.” In a nutshell, the police were trying to figure out who was near the scene of the crime when the murder took place and asked Google to comb its data banks to find out. This post is intended to start a conversation about warrants of this kind.
How geofencing works. As it pertains to law enforcement, geofencing begins with officers defining an area of interest and a time period. The size of the area may vary. This Gizmodo story states that it ranges “from tiny spaces to larger areas covering multiple blocks,” while the warrant in WRAL’s recent story encompassed “nearly 50 acres.” The amount of time covered by such warrants is also not uniform. The warrant in WRAL’s story was for less than an hour, but Minnesota Public Radio reported here on a similar warrant that encompassed “every cellphone in [a] dense, urban area[] . . . over a 33-hour window.”
Officers then seek a warrant requiring Google to provide information about any devices in the specified location during the specified time. Google has a database called SensorVault that contains enormous amounts of user location information, which it collects in a variety of ways. WRAL explains that “[d]evices that run Google’s Android operating system – and even Apple products that users connect to Google through Gmail or Maps – collect locations by default.” Sometimes the location data is GPS-based and very accurate, as when a user has enabled location services to be able to use Google Maps most conveniently. For other users, the location information may be based on cell tower location or connection to a particular wifi network, and so may be less precise.
Google doesn’t collect this data to help law enforcement, of course. It uses the location information to sell advertising. Perhaps ironically, the business side of WRAL’s operation advertises geofencing as a way for advertisers to “target” people who frequent competing businesses. For example, “Leith Cars can fence all of the car dealerships and car repair shops in the Triangle to capture potential car shoppers on other car lots.” And “Carolina Ale House can fence Mellow Mushroom, Longhorn Steakhouse and TGI Fridays to capture their competitors’ frequent visitors.” When a Mellow Mushroom customer visits WRAL’s website, the site, with Google’s help, can serve up ads for Carolina Ale House.
But back to warrants. When a warrant is issued and served on Google, Google provides responsive data. According to WRAL, it does so using a “multi-step process.” Initially, Google doesn’t provide “actual device information” but only “anonymized ‘device IDs.’” Officers must then “narrow down and resubmit to Google for actual account information.” I don’t understand exactly what that means, but perhaps Google will provide account information for only a few devices that become of interest based on cross-referencing the geofencing dataset against other evidence. For example, in a case that involves a series of crimes, perhaps officers can ask Google to unmask devices that appear in multiple geofencing datasets as those devices are more likely to be associated with perpetrators.
The law of geofencing. As of this writing, there are zero cases on Westlaw, anywhere in the country, that include the terms “search warrant” and “geofenc!” in the same paragraph. Likewise, there is virtually no secondary source material about these warrants. Yet at least eight geofencing warrants have issued in Wake County alone, and nearly two dozen have been obtained in a single county in Minnesota. No one but Google seems to know how many have been issued nationally, and Google isn’t saying: its transparency report doesn’t break out this type of warrant separately. As usual with digital evidence, law enforcement officers are on the cutting edge while courts struggle to keep up.
Absent any legal authority, what follows is my preliminary thinking about geofencing warrants.
First, it isn’t clear that a search warrant is legally required to obtain geofencing information. The Supreme Court ruled in Carpenter v. United States, __ U.S. __, 138 S.Ct. 2206 (2018), that law enforcement conducts a search under the Fourth Amendment when it collects cell site location information about an individual, covering an extended period of time, from a service provider. The Court stated that a warrant is normally required to access such information. Although not all the information in SensorVault is cell site location information, it is all location data and I would expect extended tracking using SensorVault data to be viewed in much the same way as cell site location information. However, as I noted in my post on Carpenter, a footnote in the opinion reserves the question “whether there is a limited period for which the Government may obtain an individual’s historical CSLI free from Fourth Amendment scrutiny, and if so, how long that period might be.” Short-term tracking is less intrusive than the weeks-long tracking that was at issue in Carpenter. It is closer to what law enforcement officers might do using traditional surveillance techniques. Geofencing warrants, with their short time frames, squarely present the question whether a warrant is required to obtain short-term location data from a private company.
Even if Google could provide law enforcement with geofencing data without a warrant, though, it doesn’t. As a matter of company policy, it requires a search warrant. So the question about whether a warrant is necessary may take a backseat to the question of whether and when a judicial official should issue a geofencing warrant.
Search warrants require probable cause and particularity. Normally, law enforcement officers apply for a search warrant when they have good reason to believe that a particular person has committed a particular crime and that the warrant will uncover evidence thereof. Officers presumably could seek SensorVault data in such a case: officers could obtain an order that Google produce any data connecting a suspect’s device with a particular time and place. I can see no legal quibble with that. However, law enforcement appears to turn to SensorVault mainly when officers do not have an individual suspect. There may be probable cause that the pepetrator’s device will be recorded in SensorVault, but law enforcement doesn’t know who the perpetrator is at that point, and is asking Google to provide data on dozens or hundreds of individuals, most of whom are not guilty of anything.
In that way, geofencing warrants are similar to warrants for cell tower dumps, where law enforcement seeks information about all the cell phones that contacted a tower near a crime scene around the time the crime was committed. Unfortunately, the legal status of tower dumps is also unclear. Some contend that tower dumps “sweep so broadly that they amount to unconstitutional general warrants.” Michael Price et al., Building on Carpenter: Six New Fourth Amendment Challenges Every Defense Lawyer Should Consider, The Champion (Dec. 2018). Most pre-Carpenter cases disagreed, holding not only that tower dumps are permissible with a warrant, but also that they may be conducted without a warrant, because they seek only provider records in which subscribers have no reasonable expectation of privacy under the third-party doctrine. It isn’t clear whether that reasoning survives Carpenter – again, the Supreme Court expressly declined to consider tower dumps. But at least a couple of post-Carpenter cases have held that tower dumps are permissible under the Fourth Amendment with a warrant. See, e.g., United States v. James, 2018 WL 6566000 (D. Minn. Nov. 26, 2018) (holding that tower dump warrants were supported by probable cause where “there was a fair probability that data from the cellular towers in the area of the crimes would include cellular data related to the individual responsible for the robberies being investigated, and that by cross-referencing the data, that individual could be identified,” and ruling that warrants did not lack particularity as “the warrant applications seek information that is constrained—both geographically and temporally—to the robberies under investigation,” even though not limited to a single suspect). Perhaps courts will view geofencing warrants the same way – permissible with a warrant, at least for a short enough period of time and a small enough area.
Further reading and concluding thoughts. Additional WRAL stories are here and here. One of the search warrants that is the subject of WRAL’s reporting is here. A related New York Times story, behind its paywall, is here. A Slate story is here.
I mentioned at the outset that I hope that this post starts a conversation. I really would like to crowdsource insights about this topic. This is new subject matter to me and I may have basic facts wrong. Even if I have the facts mostly right, the technology raises significant legal questions that don’t have obvious answers. If you have any experience with this technology, with these warrants, or have thoughts about the proper resolution of these legal issues, please weigh in.
It is difficult to argue that where police officers investigating a serious crime seek information in solving that crime there should be significant roadblocks. However, the right to swing your arms freely ends where another person begins, and here there are the privacy concerns of all of those people who did not commit a crime. Of course, most people that are not defense attorneys care little for their privacy until they do something they do not want others to know about. See Facebook, Instagram, etc. As we go down the slippery slope, will police be able to use Google geo-data to write speeding tickets? And why is Google complicit in this? From a business standpoint, it must cost them a fortune.
Sounds to me like a general warrant which is specifically prohibited by the NC Constitution and the US Constitution. I don’t see how it can be distinguished from a general warrant when there is NO particularized suspicion at all.
It’s a broad sweep for information without probable cause. LE should keep the request broad i.e. a court order or subpoena. GEOFENCING/Location services subscriber ID being sought by LE is like a ‘technically superior compass’ to help point investigators in the right direction.
Is there a public safety threat? LE should make this 100% clear in their application. Obviously this does not apply to exigent and unfolding circumstances.
Does the subscriber to google’s location service have standing? In the fine print of Google’s USER AGREEMENT, no subscribers do not.
Subscribers can modify their devices to become more invisible to global positioning services like installing ghost apps, disabling e911 services and opting out.
Google is one provider, albeit one the largest, of many others LE would have to sift through in the proverbial ‘subscriber ID in the haystack’ to help freshen up a stale case.
I have little trouble concluding that geofencing does not offend the Fourth Amendment. U.S. v. Carpenter did not overrule the third party communication doctrine in toto, it merely held that when the government intrudes into an individual’s life over a substantial period of time, a search warrant supported by probable cause is required.
Geofencing is the opposite. It takes a broad slice of all activity communicated (voluntarily) with a service provider (Google) in a limited geographic and temporal window. It would seem to me no different than reviewing a video recording of an intersection near a crime scene to identify the vehicles that pass by, which might lead to observations of innocent persons too. But such a practice has never been held to violate the Fourth Amendment.
I am however extremely concerned with how North Carolina law will apply to geofencing. Our Constitution has a prohibition on general warrants (Art. I, Sec. 20), which has been held to be more expansive than the federal constitution’s protections enshrined in the Fourth Amendment. State v. Carpenter stands for the proposition that our Constitution is not fenced in by the confines of the Fourth Amendment (though more recent cases have held that our protections mirror those in the Fourth Amendment except for the good faith exception).
However, obtaining a search warrant to retrieve the personal data of dozens or even hundreds of individuals who may have been in some level of proximity to the crime scene (though how close is an open question, depending on several technical factors including GPS location services and other technical issues that I cannot begin to comprehend) near the time of the crime, seems much closer to a general warrant than one that describes with specificity the probable cause. There is no “crime scene exception” to either the Fourth Amendment or Art. I Sec. 20 of our Constitution, therefore the fact that a crime occurred cannot be probable cause to invade a reasonable expectation of privacy. Therefore, I fall back on the third-party communication doctrine. Data consumers do not have a reasonable expectation of privacy concerning their devices’ communications with a data service like Google.
So what then is the answer? I frankly do not know. If I were prosecuting a case, I would argue on behalf of the state that Google was free to provide the data without a warrant, therefore the prohibition on general warrants is inapplicable even if such a warrant would violate Art. I, Sec. 20, which I do not take as a given. But on the other hand, if Google refuses to provide the data without a warrant and the warrant itself is unconstitutional, it begs the question of how those two points of conflict should be squared.
If the question were presented to me as an academic exercise, I would conclude (assuming proper temporal and geographic limitations of the search) that there is no government invasion of a reasonable expectation of privacy (and given the short duration of time the data is concerned with, it certainly does not rise to a Fourth Amendment violation under the trespass theory) and therefore even if Google required the warrant to satisfy its own internal procedures, it was not constitutionally required therefore the evidence would no be subject to exclusion under Mapp v. Ohio or Chapter 15A.