Published by The Lawfare Institute
in Cooperation With
Last year, a New York Times feature detailed law enforcement’s use of a new investigative technique called a geofence warrant. Unlike traditional warrants that identify a particular suspect in advance of a search, geofence warrants essentially allow the government to work backward. These warrants compel a technology company (so far, only Google) to disclose anonymized location records for any devices in a certain area during a specified time period. After that, for certain accounts, the government may obtain additional location data and subscriber information. Particularly in light of the Supreme Court’s watershed decision in Carpenter, geofence warrants present a host of novel Fourth Amendment issues.
A criminal defendant accused of armed bank robbery is currently mounting the first known federal Fourth Amendment challenge against a geofence warrant in a federal district court in Richmond, Virginia. This post unpacks briefings from the defense, the government and Google (through an amicus brief) on the motion to suppress in that case, U.S. v. Chatrie. The stakes of the litigation are high. As Google reported in its brief, “Year over year, Google has observed a 1,500% increase in the number of geofence requests it received in 2018 compared to 2017; and [as of December 2019], the rate  increased from over 500% from 2018 to 2019.”
The Virginia Geofence Warrant
Around 5 p.m. on May 20, 2019, a man with a gun robbed a bank near Richmond, Virginia, escaping with $195,000. Surveillance footage showed that the perpetrator held a cell phone to his ear before he entered the bank. About a month after the robbery, state law enforcement officials obtained a geofence warrant from a state magistrate judge. The warrant authorized a three-step process in which law enforcement could, without seeking further judicial approval, compel Google to produce increasingly detailed data on certain suspects.
In the first step, the government requested that Google provide it with anonymized location records for any “Google account that is associated with a device” that was within 150 meters of the bank during a one-hour window that included the time of the robbery as well as 30 minutes before and 30 minutes after it occurred. As Google noted in its brief, this required Google to search across every existing Google account and then run a computation to determine which records matched the time and space parameters in the warrant. When there is “a strong GPS signal available,” Google explained, “a device’s location can be estimated within approximately twenty meters.”
About two weeks after the warrant was approved, Google disclosed to the government the anonymized location records of 19 accounts that had been within 150 meters of the bank during the specified time interval. According to the government, one account stood out: The location data placed that account inside the bank at the time of the robbery and allegedly corroborated a witness’s observation of a suspect’s whereabouts before the crime and surveillance footage of the robber’s flight from the bank.
At the second step, the government requested another round of anonymized location data for nine of the 19 accounts. This time, the government sought data from 30 minutes before and 30 minutes after the original hour-long interval provided in the first step. The government alleges that the account it had identified as suspicious at step one traveled to a residence after the robbery. Using the address of the residence, the government was able to obtain records that linked an individual’s name to that residence. The government also used that name to search other databases for more information on the suspect.
Finally, at the third step, law enforcement requested that Google reveal the subscriber information for the account discussed above and two additional accounts. After Google produced the data for the account focused on at steps one and two, the government discovered that the name linked to the residence was consistent with the email address and user name on the Google account. The presumed holder of the account was ultimately indicted by a federal grand jury on Sept. 17, 2019, and has pleaded not guilty.
Was There a Fourth Amendment Search?
The parties dispute whether the data obtained from Google constituted a Fourth Amendment search. In other words, while the government contended that it could have obtained the Google data without having sought a warrant, defense counsel argued that the government’s actions implicated Fourth Amendment protections.
For both parties, this analysis turned on the question of how to apply Carpenter. In Carpenter, the Supreme Court ruled that access to at least seven days of a person’s cell-site records (the information collected as a cell phone identifies its location to nearby cell towers) was a Fourth Amendment search because it violated a person’s “legitimate expectation of privacy in the record of his physical movements.” Crucially, the Carpenter court found that the third-party doctrine, under which individuals forfeit their reasonable expectation of privacy when they disclose information to a third party, did not apply to cell phone records. As Chief Justice John Roberts wrote for the majority,
There is a world of difference between the limited types of personal information addressed in [cases involving phone numbers dialed on a landline and bank deposit slips] and the exhaustive chronicle of location information casually collected by wireless carriers today. The Government thus is not asking for a straightforward application of the third-party doctrine, but instead a significant extension of it to a distinct category of information.
The defendant presented two principal arguments for why the third-party doctrine could not defeat his expectation of privacy in the location data that the government obtained from Google. First, counsel contended that, like the cell phone location records in Carpenter, “Google location records are qualitatively different from the business records to which the third-party doctrine traditionally applies.” Second, counsel argued that, unlike the cases where the Court applied the third-party doctrine, the defendant did not voluntarily share his location data with Google. Relying on the Carpenter court’s reasoning that cell phone location data was not voluntarily shared because carrying a cell phone is “indispensable to participation in modern society,” counsel argued that “it is not reasonable to expect ordinary phone users to avoid Google software.”
The government responded with the position that “the defendant had no reasonable expectation of privacy in any of the information disclosed by Google pursuant to the [geofence] warrant.” The government first argued that the Google data was less revealing than the cell-site information at issue in Carpenter. Emphasizing the fact that the two hours of location data obtained through the geofence warrant obtained covered “only 1/84th of the period that Carpenter held constituted a search,” the government asserted that the Google data did not “provide the sort of ‘all-encompassing record of the holder’s whereabouts’ and ‘intimate window into a person’s life’ that concerned the Court [in Carpenter].” Additionally, the government argued that even if the Google data is more precise than cell-site records, such a distinction was immaterial as the Carpenter court “grounded [its] holding in an assumption that cell-site information would approach the precision of GPS.” And the government contested the defendant’s characterization of the Google data as being involuntarily conveyed, noting that Google requires users to opt in to allow the company to obtain location information.
Did the Geofence Warrant Violate the Fourth Amendment?
The parties next disputed whether geofence warrants can be squared with the Fourth Amendment. It is well recognized that the Constitution forbids general warrants. The text of the Fourth Amendment makes clear that warrants must be based on probable cause and must state with specificity the property to be seized. Defense counsel argued both that all geofence warrants fail to satisfy the Fourth Amendment—and, in the alternative, that the specific warrant at issue in this case was invalid.
Defense counsel opened by asserting that geofence warrants are the “modern-day incarnation of the historically reviled general warrant.” Noting that the geofence warrant requires a sweeping search of Google accounts that do not even have an alleged connection to the crime, counsel described the warrants as “the digital equivalent of searching every home in the neighborhood of a reported burglary, or searching the bags of every person walking along Broadway because of a theft in Times Square.” Counsel also contended that geofence warrants categorically violate the Fourth Amendment’s probable cause and particularity requirements since, by their very design, they fail to identify a “single individual suspected of a criminal offense.”
Addressing the warrant at issue, counsel argued that the police had failed to show that they had probable cause to believe that the bank was robbed by a Google user. Counsel wrote that “[w]hile the warrant application does state that the robber could be seen using a cell phone, there is no evidence to show that it was an Android phone or that he or she used a Google service within the initial one-hour window identified in the warrant.” To drive home that point, counsel explained that “[i]f the robber had an iPhone and did not use Google services between 4:20 and 5:20 p.m., then Google would not have a record of the phone’s location during that time.”
Counsel also challenged the warrant on particularity grounds. Noting that the warrant did not specify which Google accounts to search, counsel argued that even the 150-meter radius was not sufficiently particular. Of special concern to defense counsel was the fact that the geofence included a large church adjacent to the bank that had no nexus with the crime, implicating potential First Amendment issues. And counsel drew attention to the fact that, at steps two and three, the magistrate judge had no oversight over which people were chosen for further search and that the warrant ultimately permitted investigators to track devices “anywhere outside the [initial 150 meter] geofence.”
The government argued not only that geofence warrants are consistent with the Constitution but also that they “should be encouraged, not condemned.” On probable cause, the government contended that the requirement had been met by the following factual stipulations state police had made in the warrant application: The robber was seen with a cell phone, data shows that a majority of cell phones are smartphones, and all Android smartphones and some non-Android smartphones collect Google location data when the account owner enables Google to do so. So “there was a substantial basis for the magistrate to find probable cause to believe that Google possessed evidence related to the robbery.” The government additionally argued that the warrant was supported by probable cause since there was sufficient reason to believe that the Google data would provide “information for evidentiary purposes other than identifying the robber directly,” such as “identify[ing] potential witnesses” and “assist[ing] investigators in forming a fuller geospatial understanding and timeline” of the robbery.
To show that the warrant was sufficiently particular, the government relied primarily on two cases upholding recent digital law enforcement investigations. The government first pointed to a recent federal district court decision that rejected a particularity challenge to a tower dump warrant that allowed the government to identify cell phone users within geographic and temporal constraints related to a series of robberies. In the government’s view, that case showed that warrants that allowed law enforcement to identify the locations of “hundreds if not thousands” of devices in a certain area and during a certain time frame were sufficiently particular. The government also relied on lower courts’ unanimous agreement that the Network Investigative Technique (NIT) search warrant used in the Playpen child pornography investigation—which Lawfare has covered extensively—satisfied the Fourth Amendment. That warrant authorized the FBI to search the computers of everyone who logged onto a child pornography site for 30 days while, as the government explained, “allow[ing] the FBI to choose to obtain less than the maximum amount of information the warrant authorized.” Along similar lines, the government argued that, with respect to the geofence warrant, “the fact that investigators here could have and did narrow the information obtained from Google is immaterial, as the GeoFence warrant was based on probable cause and appropriately authorized seizure of location and identity information of anyone at the site of the robbery.”
Lastly, the government argued that “even if there were a particularity problem in the three-step process for the GeoFence warrant, the appropriate remedy would at most be to sever the second step of the warrant and to suppress second-step information.” Since the government claimed that “first-step information alone was sufficient for the investigators to recognize that the [defendant’s] account likely belonged to the robber,” such a remedy could have only limited consequences on the government’s investigation in this case.
The Google Amicus Brief
After the parties had briefed the motion to suppress, Google submitted an amicus brief in support of neither party “to provide contextual information to the Court about the data at issue.” The Google brief addressed certain claims made by both parties about the location data and argued that it was necessary for the government to obtain a warrant under both the Stored Communications Act (SCA) and the Fourth Amendment.
The brief first supplemented claims made by both the defense and the government about the nature of the Google data. Google argued that the data it provided to law enforcement clearly fell outside the category of business records typically covered by the third-party doctrine. In language favorable to the defense, it described the data as “essentially a history or journal that Google users can choose to create, edit, and store to record their movements and travels.” Without directly confronting the government’s arguments, Google accordingly suggested that, given the nature of the Google data, the government’s analogies of the geofence warrant to cell-site location information and tower dumps were off target.
However, directly rebutting defense counsel, Google stressed that users had to opt in to take advantage of the “Location History” services. Google wrote bluntly: “[The] Defendant thus errs in asserting that ‘[i]ndividuals do not voluntarily share their location information with Google,’ ... and that acquisition of user location records by Google is ‘automatic and inescapable.’” In subsequent briefing, defense counsel has argued that, in practice, users do not opt in to Google’s location tracking in a meaningful way.
Next, while neither party addressed the legal process required under the SCA, Google discussed the statute at some length, suggesting that “the Court’s resolution of the important questions presented here should reflect the entire legal landscape.” In short, Google concluded that its data “is subject to the SCA’s warrant requirement because that information qualifies as [quoting the statute] ‘contents’ of ‘electronic communications.’”
Finally, and most significantly, Google argued that “[u]nder the traditional Katz analysis, Google’s users have a reasonable expectation of privacy in their [‘Location History’] information.” In the context of the Carpenter court’s holding, Google discussed the extent of information that “Location History” data reveals. Google even asserted that “[t]he privacy interests implicated by Google [‘Location History’] information are thus even greater than in Carpenter.”
Google then discussed why the third-party doctrine did not defeat the defendant’s reasonable expectation of privacy. In addition to emphasizing the deeply revealing nature of the data, Google argued that “as in Carpenter, the fact that users voluntarily choose to save and share [‘Location History’] information with Google does not on its own implicate the third-party doctrine to the extent that doctrine is still viable.” Drawing a comparison with the way the Carpenter court discussed cell phones as “indispensable” to modern life, Google suggested that “[f]or many users, the same is true of the location-based services [cell phones provide].” These benefits, Google noted, “includ[e]the ability to track one’s own movements and enrich one’s electronic footprint with that information.” Additionally, Google pressed that the third-party doctrine, which is aimed at business records, ought not to apply to its location data because the Google data “is created and stored at the discretion of the user for the user’s own purposes and remains in the user’s control.”
Google declined to address whether the Virginia warrant satisfied the requirements of probable cause and particularity.
The ultimate resolution of the Fourth Amendment questions in this litigation are enormously consequential for at least two reasons. First, given the rising prevalence of geofence warrants, the extent of their constitutional regulation could have major implications for future law enforcement investigations. And second, as courts are beginning to grapple with the challenge of applying Carpenter in contexts outside of a warrant for a single person’s cell phone location data, this case will serve as a crucial data point informing the scope of Fourth Amendment protections in the digital era.
The parties are currently litigating a range of pretrial motions. As of Feb. 24, no date has been set for a hearing on the motion to suppress.