In a recent decision by the Fifth Circuit Court of Appeals, the constitutionality of geofence warrants was put to the test, with significant implications for digital privacy. The case involved the convictions of Jamarr Smith, Thomas Iroko Ayodele, and Gilbert McThunel for robbery and conspiracy, where geofence warrants played a critical role. This ruling not only marks a departure from the Fourth Circuit’s stance taken this past July in United States v. Chatrie, but also raises important questions about privacy and law enforcement’s use of technology.
Geofence warrants are a relatively new tool that allows law enforcement to obtain location data from devices within a specified geographic area during a specific time frame. Unlike traditional warrants, which target specific individuals based on probable cause, geofence warrants collect data from all devices within the area, often without knowing in advance who the targets are. This broad and indiscriminate approach can sweep up location data from potentially innocent bystanders, leading to serious privacy concerns.
Google collects location data on tens of millions of people who either “voluntarily” or inadvertently opt in to this collection. When a crime is committed, and the police know where and when but not “who” they will serve a “geofence” warrant on entities like Google which are repositories of the location records of billions of people. The location data is fairly precise and fairly comprehensive – collecting data accurate to within .3 of a mile every 3-5 minutes on every user, and storing that data – well, forever. Indeed, if you have opted in (and you can opt in when you set Google up, or any of the hundreds of times you are asked if you want to share location data) you can go to Google location history, and find out where you were June 4, 2022 at 5 PM. But, of course, so can anyone else.
A geofence warrant will specify a place and time. So it might say, the Lincoln Avenue post office from 5-6 PM on a specific date. Google will then search the billions of records it has (they are not organized by location or time) and come up with a list of anonymized identifiers of phones that meet the location/time coordinates, and provide this to the investigators. The investigators will then look at these records to “weed out” non-suspects. Someone who was at the post office, but only for a few minutes. Someone who drove past the post office. The postal workers themselves who remained at the post office. If there were three robbers at the post office, the police might look for three identifiers that came in at the same time and left at the same time. This provides them with their suspects. Armed with another geofence warrant – sometimes – police can then compel Google to produce the subscriber data for the specific phones of interest. It’s like precrime, but the process can take months. So, it’s not anything like precrime.
180 Geofence Warrants Per Week
You would think that police would save this powerful investigative tool for the most serious crimes, and you would be wrong. Police have used geofence warrants for crimes like purse snatching and breaking car windows. You know, serious crimes. As the Fifth Circuit court points out, In 2019, Google was receiving about 180 geofence warrant requests per week from law enforcement around the country, amounting to about 9,000 geofence requests for that year. By 2020, that number went up to 11,500 geofence warrant requests and by 2021, geofence warrants comprised more than 25% of all warrant requests Google received in the United States. You know, get your phone to spy on you.
In this case, the police used a geofence warrant to obtain location data from Google’s vast Sensorvault database, which tracks the locations of millions of users who have opted into the company’s Location History service. For every single geofence warrant Google responds to, it must search each account in its entire Sensorvault—all 592 million—to find responsive user records. It cannot just look at individual accounts. As a result, the warrant compels a “search” of the records of 592 million accounts for billions of records to find responsive records. And Google gets served a geofence warrant not because there’s any reason to believe that the suspects had or used Google devices or apps, or that Google has any data relative to these specific suspects – but because, well, because they are Google and they have a ton of data.
The Fourth Amendment requires warrants to specify the place to be searched and the thing to be seized. In post-Revolutionary times, this meant to search “the residence of Master John Smythe, at 1 Cherry Street, New York, for Whiskey for which no taxes had been paid.” Or something like that. A place. A thing. With modern warrants, we look for ephemeral data, and seize computers, cloud data, or records of billions of people that have nothing to do with any crime. It’s not seizing a needle in a haystack – it’s seizing haystack after haystack after haystack to see if there are any needles present. Or more accurately, having third parties like Alphabet (Google), Meta (Facebook), Apple, Amazon or others seize and search these records, and provide them to the police. Innocent people get pulled into these electronic dragnets all the time – they happen to be mailing a letter, picking up a package, or walking their dog outside the post office, and voila! The cops are kicking down their doors.
In Carpenter v. United States, the Supreme Court held that the government had to have a search warrant to compel phone companies to produce cell site location data, and in United States v. Jones, the court similarly noted that a warrant was necessary to attach a GPS device to a suspect’s car. This was partially because of the sensitive nature of location data and what it can reveal about both the innocent and the guilty. Tracking location can tell you not only if someone robbed a bank on a particular day, but also if they are visiting an AA meeting or an AIDS clinic, whether they are a Catholic or Lutheran, who the members of their book club might be, and whether they like fly fishing. And it’s collected not only by Google but by thousands of apps that want to know where you are to send you “targeted” ads. Whether it is cell tower data, GPS data, or location data collected about WiFi hotspots, it’s a reasonable assumption that, if you have a device, someone knows where you are. And if someone knows where you are, the government can know it too.
The Fifth Circuit Court of Appeals was concerned that the process of searching for location data constituted a “general warrant” prohibited under the Fourth Amendment. The Court noted:
When law enforcement submits a geofence warrant to Google, law enforcement cannot obtain its requested location data unless Google searches through the entirety of its Sensorvault—all 592 million individual accounts— for all of their locations at a given point in time. Moreover, this search is occurring while law enforcement officials have no idea who they are looking for, or whether the search will even turn up a result. Indeed, the quintessential problem with these warrants is that they never include a specific user to be identified, only a temporal and geographic location where any given user may turn up post-search. That is constitutionally insufficient.
The court also questioned the particularity and probable cause of the geofence warrant, comparing it to a general warrant, which is constitutionally suspect because it allows for broad searches without specific targets. This lack of specificity raises the risk of law enforcement overreach, where data from numerous innocent individuals could be collected and analyzed. Finally, the Court criticized the process of “reverse warrants” – rather than finding a crime, and a suspect, and seeking evidence from the suspect about the crime, a “reverse warrant” seeks all evidence from innocent people about innocent conduct to find evidence of a crime. It is the opposite of a “narrowly tailored” warrant but rather is a general “exploratory rummaging” prohibited by the Fourth Amendment.
Despite finding the warrant unconstitutional, the court upheld the convictions under the good faith exception, which allows evidence obtained from a technically flawed warrant to be used in court if law enforcement believed it was valid at the time. This outcome underscores the complex balance between enabling effective law enforcement and protecting individual privacy rights.
Another example of courts struggling with the dual ability of new technologies to both serve public purposes (solve crime) and to massively invade privacy as it does so. The fact that two Courts of Appeal have come to contradictory positions on the legality of geofence warrants may mean that the Supreme Court will address the issue. Old wine. New bottles. Stay tuned.
