Lawfare Daily: Chatting on Chatrie with Adam Unikowsky, Michael Dreeben, and Richard Salgado

[Intro]

Michael R. Dreeben: In this case, the Court is working in a line of cases in which it has steadily readjusted the scope of the Fourth Amendment from physical world, analog world searches to take into account the novel potential of technology to intrude on privacy.

Kate Klonick: It's the Lawfare Podcast. I'm Kate Klonick, senior editor of Lawfare, with former Deputy Solicitor General Michael Dreeben, lecturer in law at Stanford Richard Salgado, and attorney Adam Unikowsky.

Adam Unikowsky: Google was really acting as an agent of the government when it was executing the search warrant. Like, it is true that Google pushed the button and not the government, but, you know, Google wasn't acting on its own. Google got a search warrant from the government, it was compelled by the government, and so Google's actions really are attributable to the government for Fourth Amendment purposes.

Kate Klonick: Today, we're talking about the geofencing Fourth Amendment case that was heard on Monday, April 27th in the Supreme Court, Chatrie versus the United States.

[Main Podcast]

Let's start with you, Adam. There's three of you here, so we're gonna kind of try to, like, see how that we can triangulate or recreate in some way the arguments that happened on Monday.

But you argued the case on Monday, Adam. It was a, about a two-hour argument. Walk us through the basic mechanics of kind of what had happened to your client to get us to this point, and for listeners kind of coming into Chatrie cold, can you set the stakes, kind of explain what a geofence warrant even is, what did the police do here, and what the Fourth Amendment problem you asked the Court to kind of recognize?

Adam Unikowsky: Sure. So I think a good place to start is explaining what Google location history is, and once you know what that is, you could explain how it was used for law enforcement purposes in this case. When you activate an Android phone or certain Google apps on an iPhone, such as Google Maps, you're prompted to enable a service known as location history, and the prompt says something like, “Creates a private map of where you go with your signed-in devices.”

And it delivers. If you activate location history, you click, “Yes, I'm in,” while you're activating the app or the phone, every couple of minutes, Google records exactly where you are, often with a great degree of precision as close as three meters, and with it... And it could also record the elevation within a particular building.

And until a couple of years ago, Google would store your location every couple of minutes in a centralized server known as the Sensorvault, and so as a result, for millions of people who had activated the service, Google had records of exactly where their device was, which is exactly where they were for anyone who carries their device around in their pockets at all times in the indefinite, you know, in the indefinite past until the time that, you know, dating back to when they first activated the service And so that had obvious law enforcement benefits, and that takes us to the crime that gave rise to the Chatrie case.

So a bank was robbed and the police had no suspects, but the police knew that the perpetrator of the robbery was holding a cell phone at the time of the robbery, and so the police obtained what is known as a geofence warrant. And the geofence warrant allows the police to go to Google and ask Google to determine the identities of everyone who was within the geofence, which is a kind of virtual fence around the scene of the crime near the time of the crime.

So in this particular case, the police drew a geofence that encompassed the bank as well as a nearby church and the church parking lot, starting 30 minutes before the crime and ending 30 minutes after the crime, and it asked Google to identify all the people or all the devices that were within the geofence during that period.

And so the way these warrants works, it's called a geofence warrant. At the first step of the warrant, Google returns the movements to the police of everyone it can find within the geofence, but initially it's anonymized. So in this case, Google identified 19 devices that were within the geofence and returned the movements of those people within the geofence in anonymized form for that one-hour stretch.

And then at the second step, the police examined that information and identified those individuals, still anonymous at that point, that it felt were, you know, likely to be, you know, associated with the crime or at least, you know, were particularly suspicious, and the police identified nine of those 19 people and asked for additional in- an additional hour's worth of their movements outside of the geofence.

And so the police returned that, so now we're talking about one hour before the robbery to one hour after the robbery, so a total of two hours of information for those people. And then based on that information, the police then asked Google to de-anonymize or identify three people, or three devices actually, and one of those people turned out to be Okello Chatrie, and he was convicted of the crime of bank robbery.

So he was indicted for the crime and then he filed a motion to suppress the evidence alleging that the police had violated the Fourth Amendment in executing the geofence warrant. And after the district court denied his motion to suppress, he pleaded guilty, reserving the right to appeal the denial of the motion to suppress.

After lengthy and extensive proceedings in the Fourth Circuit affirmed his conviction and he filed a petition for certiorari alleging that the Fourth Amendment was violated based on the admission of the evidence gleaned from the geofence warrant

Kate Klonick: Yeah. So I think that's a wonderful start to kind of where we are and how we ended up in the Supreme Court on Monday.

But I think, Richard, you actually have a lot of kind of meat to add to the bone here. You just—you've spent over a decade running the team at Google before you kind of were at Stanford and on your own for private practice, that received warrants like this one in this case. And you also joined the technologist's brief in this case, if I'm not mistaken, which is a really, I thought, pretty elucidating guide to how this stuff really works, how it is that private companies work through warrants like this and what they can actually particularize for the purposes of complying with the warrant.

Could you kind of just like help our listeners also understand the scale of what we're talking about when we're talking about the geofence warrants? Like, how many-- how often do companies receive geofence warrants? What does the response process look like within the company? And like, I... You know, there was a lot of talk in the oral argument about how Google developed a three-step procedure that ended up to be kind of the heart of this case, but of course, that's Google's procedure.

Kind of just talk to us a little bit about like how Google set up that procedure and kind of, I don't know, the role of kind of that being adopted as a necessary thing for all companies potentially.

Richard Salgado: Sure, be happy to, and thank you for the comments about the the technologist briefs. I was one of the lawyers who prepared it, but we had excellent support from the students at the Harvard Cyberlaw Clinic and some other counsel who worked on it.

So, you know, when companies, these hyperscalers get legal process, the vast majority of it is legal process that identifies a user that the government's interested in. They want the user's basic subscriber information. You know, it's coolguy1989@gmail.com, and they wanna know who that is, and so they'll get basic subscriber information.

Maybe they want the content of the email box, so they'll get a search warrant, which I think is pretty well understood to be required, or docs or spreadsheets, that kind of thing. And maybe they wanna, maybe they want to know what's in the user's location history account, the, these data points that Adam talked about being uploaded by users into the location history account.

That also is viewed as content just like everything else, and a warrant is required. These geofence warrants are different. They're a category of legal process that, that has been referred to as a reverse search, which is where you don't start with a user. You start with some information you want that can help you identify who the users are.

And we really have two flavors of those that we've seen. The one with the vast majority of them is the geofence situation. The other is reverse search, where the police wanna know what search queries were entered, maybe what AI prompts were entered by users, and then try to identify the users from that.

But the geofence was really the first one of these reverse search types of warrants that gained any sort of popularity, and boy, was it popular. We received our first geofence warrant in 2016 and it was something that was, that, that came after conversation. So we had been approached by law enforcement about this possibility and talked to them about what the data was, how it was stored, what it could mean, what it was useful, potentially useful for, providing some warnings that, you know, this data wasn't collected for the purpose of identifying somebody at a crime.

This is information that users uploaded into their service so that they could have a history of their coming and going. And after the course of that, we got a search warrant. From there, this is novel, so you try to look at it, figure out is it valid. One of the things that providers learn very quickly is, and from judges and the government alike, is that their objections on Fourth Amendment grounds are very much not welcome.

They are to comply with the warrant, and if there's a Fourth Amendment problem, that is for the person who holds the Fourth Amendment right to raise. It is not something that a provider is allowed to raise. So that kind of gets scratched off your list of least legal basis to object to these things.

But you can look at the data that's being requested, and as is the case with many of the geofence warrants, realize this is a lot of data. We're being asked to search across all of the users, poke into all the private accounts of these users, their location history data, and look for the evidence that the government's asking us to look for.

And the result of that can be a massive amount and often is a massive amount of data. So that led to the three-step process, which is like, this seems wrong to be turning over to the government. It may be a violation of Fourth Amendment rights, which isn't something we're allowed to have a- an objection on, but at least maybe there's some conversation with the agent about this and we can try to get this reduced, sort of common sense attempts to reduce the privacy damage that is being caused by this massive search across a huge swath of user data in their accounts.

And that's where the stepped process came from. It was our sitting down and trying to figure out what is a rational way of doing this. It wasn't really meant to be a solution to Fourth Amendment problems. It was a looking at this as a practical matter, all of this data, and how can we whittle it down so that the police get what they think they need and we're minimizing, if not eliminating, the privacy injury done to the users.

And that's where it came from. And, you know, the police didn't have to go along with that. They could have said, “No, just comply.” But ultimately, we really had very little pushback on that, and I don't think we ever had any pushback on getting a warrant. And thus was born this process that was used thousands and thousands of times.

Kate Klonick: Yeah, thank you for that. We could have a whole separate podcast at some point, you and I, Richard, about how all of that has changed within the private companies and how the take on kind of pushing back on government as private entities has altered in the last decade or last five years even.

But I'm gonna turn to Michael because I think you said you, you termed something, Richard, that I think is actually at the heart of the case, which is essentially about whether or not this was a search, what had happened, and then of course, you know, whether or not the, this had been a particularized enough warrant if it had been a search.

And so Michael, you have argued more Fourth Amendment cases at the Supreme Court than I think maybe anyone alive. You'd be the one to correct me on that if I'm wrong. And this case in particular sits in this long shadow of Carpenter versus the United States, which you argued for the government, and that was in 2018, I think the decision came down.

It was argued in 2017, and the Court found a Fourth Amendment search in the government's acquisition of cell site location information. It was a narrow holding. I mean, all of these are narrow holdings, frankly. And the government argues that Chatrie is meaningfully different, right? Because location history is opt-in on your phone, whereas in Carpenter, it was really kind of anyone walking around within the triangulation of cell towers that would have their data collected, and so the data here was kind of short-term.

So there's some interesting kind of con-conflation of issues there, terms of service, you know, whether or not you, like, what, like the standards and the ways that companies set up, like the design of their phones and what you opt in and opt out of, and then on top of all the Fourth Amendment stuff.

But the petitioner argues extending Carpenter's logic, so this was, you know, Adam, sorry we're talking about you while you're here, Adam—Extending Carpenter's logic that highly revealing location data deserves kind of protection regardless of who holds it, like applies with even more force to something like location history because it's even more precise.

It's even more personal to you. And so I'm just kind of curious, what do you think about how the justices are likely to read Carpenter's reach here? Is there kind of a principled stopping point in the doctrine as it stands and, you know, and should there be?

Michael R. Dreeben: Well, thank you, Kate. I think it's helpful to consider these issues against the backdrop of what the Court has been doing with the Fourth Amendment as the advances in technology have shrunk the realms of privacy and increased the ability of the police to get access to evidence.

In addressing these issues that are created by new technology, the Court is cognizant of several different things. One is protecting whatever the baseline of privacy or Fourth Amendment interests that it can identify as an original matter in the ideas of the founders. And the second thing is to keep in mind the importance of not unduly preventing law enforcement from acquiring information that can help it solve crimes.

So technological advances both give the rich trove of data that the government might get and also pose the problem of intruding on privacy. In this case, the Court is working in a line of cases in which it has steadily readjusted the scope of the Fourth Amendment from physical world, analog world searches to take into account the novel potential of technology to intrude on privacy.

Carpenter, the Court really made an inroad into a doctrine known as the third-party doctrine, which is if you give information to a third party, you no longer have an expectation of privacy in it, and as a correlatory, it's not really your property. So the two branches of Fourth Amendment search doctrine cover intrusions on privacy, which was a mid-20th century innovation when property concepts failed to do justice to protecting people's interests, and a more recent turn back to looking at property interests.

Carpenter was a privacy case in which the Court said, “Look, we know that cell site location information is stored by the cell site provider, used by it to give you cell phone service. Sure, it's a business record, but it is also deeply revealing, comprehensive, cheap to acquire, and I think most importantly, if the government could just get it without a warrant, it would diminish protections for privacy that would have existed in an analog era where it's very hard to search somebody's location in the past.”

So the Court breached the wall between the third-party doctrine, which says if you give financial information to a bank, you give your phone numbers to a company that's dialing the phones, you don't have any Fourth Amendment interest, and Carpenter said, “Well, you do with respect to cell site history.”

Chatrie comes along, and it falls short of Carpenter in several respects. As Adam described, the initial tranche of data is just an hour. It doesn't build a comprehensive portrait of somebody's life, which is what the Court focused on in Carpenter. It also isn't something that's indispensable to the use of a phone.

About a third of the people who have the option activate their location history. Many others don't. Now, of course, that third adds up to many millions of people, so it's not a trivial slice of the pie. But it's not indispensable to living in modern life, which was one of the considerations that the Court had taken into account.

So in this case, the Court is examining both is there enough privacy interest so that we really ought to extend the Fourth Amendment to protect this? Or alternatively, should we look at location history, as Adam argued, as my property stored in a virtual storage locker on Google servers, but it's really mine.

Yeah, they have access to it. They may direct some ads to me, but that's incidental to its main purpose, which is to store information that I've decided to put on the cloud, that I can delete, that I can alter, that Google in some meaningful sense doesn't have full control over, and maybe that's enough to bring it within the Fourth Amendment.

And that argument is designed to appeal primarily to Neil Gorsuch, who is very hostile to the somewhat subjective and amorphous privacy inquiry that has been much criticized over the years and would look for something more determinant, more anchored in Fourth Amendment—

Kate Klonick: In property law.

Michael R. Dreeben: —basic concepts.

So, so that, that is the kind of the first issue that the Court had to grapple with, and I thought going in that the Court was going to have some inclination to expand Carpenter to any point of location history, and Adam made these points very effectively, and so did Justice Sotomayor, who has really been on the leading edge of protecting location history.

The chief justice asked an incredibly revealing question: If this is not a search, then the Fourth Amendment doesn't apply. The government can get this information from Google without a warrant, without any showing of probable cause, without any particularization, and it could go to a church and say, “Who's going to that church?”

You know, maybe we think that the people there are, you know, proto-revolutionaries, or they're suspicious, or maybe they're illegal, you know, illegally in the country. And we could go to an abortion clinic. We could go to a doctor's office. We could go to a school. We could go to your home. We could go anywhere.

And those kinds of questions fall into the category that we used to think of as if the justices can imagine it happening to them, it's going to attract constitutional protection so that it doesn't get out of hand and become arbitrary. So that's the search question. The—If you move past the search question, as I expect the Court will do, you then get to, well, what about this warrant?

Warrants are the gold standard in Fourth Amendment law. They overcome, really all privacy interests, they don't overcome other constitutional interests, potentially such as the Fifth Amendment act of production. You don't have to incriminate yourself by turning something over, not based on the contents, but by your act of producing it to the government.

But a warrant pretty much overrides any Fourth Amendment interest. And to address that issue, the Court is going to grapple with a layer cake of arguments that petitioner presented and that the government, you know, sought to swat back. At the broadest petitioner argued that the geofence warrant that Adam described is really a general warrant, which is a highly disfavored category in Fourth Amendment law.

It was the impetus for Fourth Amendment protection in the first place. It basically allowed the king's agents to go anywhere, to search anyone, and to seize anything that they wanted to seize, and this is usually preceded by the adjective, the hated writs of assistance and general warrants that animated John Adams and, you know, James Otis, and that's what gave us the Fourth Amendment.

So you fall into the general warrant box, that's very bad. Now, how does Adam get there? Adam says, “Look, y-you can't get location in-information without searching through every single account in Sensorvault, maybe five hundred million of them.” There's no way that you're going to be able to identify who's in the geofence until you peer into those location history private storage lockers, and you see the person is there or not there, and that is incredibly broad.

You can come up with the easy analogies of why in the real world we'd never allow the government to do that. Say somebody was walking off the Queen Mary with a thousand other customers and the police smelled marijuana. Does not give you a right to get a warrant to search everybody there or search their staterooms. Another analogy that probably the justices could relate to.

So is Adam right? Is it a search of everybody out there? I think that no justice on the Court is going to say that, and for good reason. I don't actually think the good reason surfaced very clearly at the argument. To me, the good reason is it's not being seen by a human being.

It's being passed over by a algorithm that is looking for data, and if it doesn't find anything, it moves on. And in the real world, you could make an argument that, say you were dealing with safe deposit box at bank. That could be a search if the government actually opened every safe deposit box and looked in it, but in the digital world, it doesn't really feel like one to me, and I think intuitively it won't to the Court either.

So then you go on, if you reject the general warrant thesis, either historically or analytically, then you go on to whether this warrant was sufficiently particular as the Fourth Amendment requires, and whether it was adequately supported by probable cause, not overbroad. And here I think there's a little bit more to work with, and the Court may or may not decide that this warrant just wasn't compatible with Fourth Amendment standards at the second and the third steps.

As Adam talked about, the police there got to narrow down who's in the fence. They didn't go back to a judge, they didn't tell you why, they don't have to have probable cause, and they end up de-anonymizing data. And at least Justice Jackson very clearly articulated, “Why aren't the police going back? Why doesn't this step need to have judicial authorization in order to avoid arbitrary government action by the police?”

Kate Klonick: Okay, Adam, I'm gonna let you talk for a second instead of being talked about. But I do wanna just kind of, hit on a few things that Michael said and just kind of respond.

One is that I think you are so correct in every time I've listened to Fourth Amendment cases. I don't know, one could argue any time you listen to kind of cases in which the justices are grappling with something new or novel that they don't understand, which is make it real to me, which is just such a, I mean, a human impulse, but we think that by the time it reaches, like, the Supreme Court of the United States, it should be something about more than whether it is, like, an analogy that the justices themselves can grok, right?

And it's not. It's actually—It's very much still about the metaphor game, about what you're gonna give to them as the comparison to kind of touch, to say this is like the virtual locker. This is like a lockbox, as they said in the arguments, with glass doors. And so, like, I think that's just, like, a wonderful kind of very thoughtful conversation to, to kind of come out of this and how one argues in front of the Court so many times and kind of how you make, best make arguments to the justices.

But I wanted to go back to Adam. I think that one of your central arguments is, as Michael kind of just forecast, was that there was a, that this was a general warrant which is, you know, the warrant that is, like, the least defensible and that Google was effectively asked to rummage through hundreds of millions of accounts to find one suspect, whether that was done by an algorithm or people.

You know, your mileage may vary in how much that matters. The government counters that the warrant was particularized. It was 150-meter radius, right? It's a one-hour window. It's not like this dragnet of, like, a beeper on a car or a kind of cell, pinging a cell tower for 12 hours of data, right? It's a one-hour window, and it's supported by probable cause.

There was a robbery, and we know that something, a crime happened in this area. So I'm kind of—I want to give you a chance to kind of respond to, to kind of Michael here, which is like why is the government's framing wrong about that? Like, why is particularization not about, like, kind of a circumspect amount of space or even a small amount of time as the Court has kind of glommed onto when it's kind of made a lot of these decisions in the past.

It's the dragnet nature of a lot of these cases that it really kind of pushes back on, and here that's a huge part, trying to get them away from that distinction is a huge part, I think of this case

Adam Unikowsky: Sure. So maybe it would be helpful to, you know, explain the argument that we advanced in a little bit more detail.

I certainly don't disagree with the way Michael very eloquently described it and then described some of the arguments against it, but yeah, I'll just say a few more words about what motivated the argument and why we, you know, argued that, you know, at least the theory was well grounded in Fourth Amendment law.

So it is the case, as a factual matter that Google doesn't have a way of determining who was within the geofence unless it searches every single person's account, and that's because the sensor vault, the server that Google uses, indexes location history by account. So translating to English, what that means is that it's organized into different accounts, and so if you put in a single account identifier and appropriate credentials like a password, you can recover all the location history associated with that account, but no one else's.

And to determine everyone within the geofence, you have to look at every single person's account. So in terms of physical analogy, and one difficulty about these cases is trying to, you know, turn the digital world into physical analogies, it's quite challenging to do that sometimes and sometimes misleading.

But one way of looking at it is just to imagine the sense of all being like an absolutely massive filing cabinet, and every folder corresponds to one person's account. So, you know, if you wanna find out one individual person's movements, you just have to take out his folder. You don't have to look at anyone else's folders.

But if you want to know, say, every single document that was sent on January 1st, 2026 in the whole cabinet, you can't just look at one folder. You have to open every single folder and look at every single one to find every document that was sent on that date, and that's essentially what's happening when Google searches its servers.

So our argument basically was as follows. Number one, Google was really acting as an agent of the government when it was executing the search warrant. Like, it is true that Google pushed the button and not the government, but you know, Google wasn't acting on its own. Google had a search warrant from the government.

It was compelled by the government, and so Google's actions really are attributable to the government for Fourth Amendment purposes. That was the first premise. And the second premise, which is maybe a more controversial one that Michael adverted to, is that really every time the government or Google, you know, looks in every single account to see whether a person had been within the geofence, that really is a search under the Fourth Amendment.

And, you know, it—I understand there's a counterintuitive quality to that. I mean, it's just an algorithm. It's not even a human being, you know, zipping past every single account, just doing a quick check as to whether the data matched the data that Google was looking for. No human being ever laid eyes on it, it was just a computer, and if the, you know, if the software did not find the within geofence information, it would just go on to the next account and sort of no one would know.

That does seem a little bit less intrusive than, you know, the police coming to every single person's house with a battering ram and checking inside everyone's diaries. But nonetheless our argument that it was a search is well grounded in, of every account, is well grounded in both Fourth Amendment law and the English language.

I just, I think the ordinary English way to describe what happened here is that Google searched every account, and there was a moment of the oral argument where there was some discussion as whether, as to whether Google really had searched every account or queried every account. But I just I think an ordinary English speaker would say, “Yeah, Google searched every account to see whether there was within geofence data.”

And I know it was a computer that did it, but I think the word search is apt here. And to me, the relevant analogy that I find persuasive is suppose a police officer came to you and said, “Hey, I'd like to check your cellphone as to whether you were at that protest last week.” And let's just... The police officer said, “Look, I'm not gonna look in your phone myself. I'm just gonna use a piece of software just to check whether you were there, and I promise that if you weren't there, I won't look at anything else on your phone, I'll leave. I just want to look at your cellphone for that very specific purpose.”

I do think in the ordinary, in ordinary English, a lot of us would think that's a type of search. It's a very minimal search in some sense. You know, the government is only looking for a very discrete piece of information, it's not laying eyes on anything, software is doing the work, but it still feels like a search in ordinary English, and I think most people would say, you know, “Get a warrant.” And that's essentially what was happening here, except the data was in the cloud as opposed to on people's cellphones.

And the other point is, you know, there is case law from the Supreme Court holding that even a fairly minimal intrusion still qualifies as a search as long as it's sort of invaded, invading that protected area. And I feel awkward talking about this with Michael on a call, 'cause he's argued, like, every single seminal case on this issue in sort of the history of the Supreme Court.

But, you know, there's a case called Jones which holds that merely putting a GPS on the underside of a car, that, that is, that minimal trespass was enough to qualify as a search. There's a famous case called Kyllo involving the police holding up a thermovision to someone's house just to check if it was hot or cold, they were checking for marijuana, and that was a sufficient basis, you know, that was a fairly minimal intrusion.

All you're determining is the temperature, but the Court nonetheless held that because you're getting information about what's going on inside the house, that's a search. There's another famous case called Arizona versus Hicks that holds that merely lifting a turntable to see a serial number underneath is a search.

So, you know, there's a bunch of doctrine that says that even minimal intrusion is a search, and so we argued that checking someone's Google account as to whether they were within the geofence is a search under that line of authority. And I'll just say one more word about this. You know, I think there's two challenges of litigating this type of case, at least for me.

One is trying to turn, you know, digital technology into real world analogies that can sometimes be misleading, and the other is working with a broad terrain of doctrine when the justices are actually quite, you know, practical people. As an attorney, there's such an instinct to sort of weave your way between the different cases and pull the doctrine out and apply it to your fact pattern and, you know, the justices are, you know, pragmatic people, they're reasonable people and they wanna understand the real implications of, you know, whether something is a search or not, and I think those are, you know, challenges on really on both sides of the house in litigating Fourth Amendment cases in the digital world.

But what I've described to you is how we tried to turn traditional Fourth Amendment law and the facts of the case into an argument that this was a general warrant, and that general warrants violate the Fourth Amendment.

Michael R. Dreeben: Kate, can I just say a word in response to Adam here, because I think that the last thing that he said really kind of it frames up one of the key things that the Court is thinking about when it's trying to decide whether to extend doctrine, remold doctrine, apply an analogy.

Adam's analytical arguments from the cases are incredibly precise and accurate. The difficulty, at least for some members of the Court, is that the logical conclusion of saying that all of the sensor vault accounts are searched, all five hundred million of them, is you could never get a geofence warrant because you have no probable cause to get into those accounts.

If you equated them to a house, as in Kyllo, you need probable cause particularized to that house. If you're searching a person, the same. If you're searching their cell phone records, their email records, the same. So I'm gonna say that the—one of the biggest obstacles to accepting that argument as a practical matter is it means you could not solve crimes with using any kind of reverse search warrant.

I think we should talk a little bit about the stakes involved in reverse search warrants, 'cause this is not the only context in which they come up, and the Court will face even more difficult problems than this, I think, down the road. But knocking out the ability of the government to try to find out who committed this crime through a fairly discreet inquiry where you clearly have probable cause that the bank robbery occurred and that the person who committed it was on a cell phone, you don't have a guarantee that his location history will be in Google, but you've got a reasonable shot.

There are other providers that the government might have gone to try to round out the profile of what phones were in that area, and this led to the solution of a pretty serious robbery, and the same is true for murders, for rapes, for kidnappings, for a variety of other crimes. So if you're pitching an argument to the Court that requires a kind of analogical extension of real physical world precedents to a digital context that doesn't quite feel the same when the consequences are the government's unable to solve these crimes Even with a warrant, that's gonna make it a tough row to hoe.

And on the other side, the practical argument that Adam made incredibly successfully and eventually forced the government to basically say uncle, is that if all information that's stored with the cloud is placed there voluntarily, as you alluded to in, in your setup question, and therefore it means the third-party doctrine kicks in and you have no expectation of privacy, it's like hanging it out, you know, your window so anyone can see it.

That covers email, it covers Google Docs, it covers calendars, covers photos, and maybe much more, health records, attorney-client communications, and who knows what. And there's no way that the Court is going to buy that, and the government knows that. When I was doing these cases, I had internal arguments that we should say that email is not protected by an expectation of privacy because Google scans it to direct ads to you.

And I said, “Yeah, you know what? Email is the modern letter, and we are never going to get the Court to say that there's no expectation of privacy in it, so why try?” Adam incredibly successfully parlayed that argument into his pitch, and the government after trying to stave off giving an answer several times, finally got pinned down and had to admit it wasn't going that far.

Kate Klonick: Yeah, there were a number of points where the government had to kind of concede some of the realities of the situation, and that they weren't arguing for certain types of things to be included in the search terms. But you state this very well. I wanna get back to the stakes in a second.

I completely agree with you. We should talk about where the third-party doctrine's going, what the stakes of this are. But it would be a huge waste of having Richard here if we could not just like unpack everything that you guys just talked about how we think about what the technology is. Richard, you were, you wrote the technologist's brief in this part.

You wrote part of this brief. There seems to be, and I—You can tell me if you think that I'm wrong, but everything that Adam just said and Michael just said, these are consistent kind of appeals to a physical world that just does not really actually map on very clearly.

Although maybe it doesn't matter. Maybe reality is what we want it to be. Maybe email is just gonna be a digital letter even if it's actually not working like a digital letter. Maybe we're just always going to think of email like a digital letter 'cause that's what it feels like to us, and this is like, you know, that's gonna be the end of it.

But one of the things you, that I don't think got enough credit or didn't get enough discussion in oral argument and I thought was great, was the discussion the technologist's brief lays out about exactly how the cloud works, how it's not like file folders , how it's not like someone searching like your hard drive, how it's not like someone searching your location history.

Can you tell me—Can you just talk to us a little bit about like, you know, what you spelled out there for the Court?

Richard Salgado: Sure, absolutely. I mean, the idea was to let's look at reality here, and if you think you need a, an analogy, fine, we can look at analogy. But we've been working with computer networks for, you know, 50, 60 years now, and we all have our experience.

We know what our personal accounts are and whether they're storing email or photos or videos or docs or spreadsheets. You know, you can go on down the list of different data types that we store. We all have this concept of a private space that we use with providers where we store this information, and the concept of an account and that only we have access to it and maybe we can share elements from it or use it to communicate with one another.

That's not uncommon. I don't know that we need to look at safety deposit box. Probably pe- far more people have these accounts than have safety deposit boxes but maybe that's not the case with these jurists. So I think one of the things we were trying to point out in the brief was this is not—

You really don't even need to start straining yourself looking at safety deposit boxes and whether they're translucent and all of that line of inquiry that went on in the oral argument. When we've got decades of experience, we have generations of people who've lived with this, we know what it is.

So we really all have this experience and it may just not be necessary to I, I would think at this point, and it may be 'cause I'm living in a, in for three years in a bubble of tech but it certainly feels like a common part of our lives. And if you're—And, you know, going back to Fourth Amendment doctrine, if we accept the account as this thing that exists that we can all identify, you even find examples of account being in, being used in the law of trespass and in our surveillance statutes talk about accounts and searching accounts.

It's very not, it's not foreign to people, nor is it foreign to our law. Then you can use that, and you can say, “Okay, this feels like in these situ—in these geofence warrants, this particular application, geofence warrants to Google for location history information, the place to be searched,” which is you must specify according to the Fourth Amendment to get your warrant the place to be searched are the accounts that Google has structured.

The data structure for its services, including location history and Gmail and all the others, is around the account, and Google is being told to enter these accounts and search for the data and pull out whatever the government is telling it to pull out in the warrant. And that is how the companies, not just Google, but all these hyperscalers and so many more, and these from small to large, operate in their data structures and the code and the expectation and the policies, security policies, physical, all are there to protect these accounts and the data structures formed to make them.

And that's the experience we have. It really doesn't make sense to me to ignore that and say, “Well, we're just gonna treat this as though it's an Excel spreadsheet, like it's the mail merge file for your holiday cards,” when it's really this rather elaborate data structure spread across very sophisticated infrastructure.

The right abstraction, I think, is to treat the accounts as the place to be searched. And then it does lead to the question of, well, is it a search for the Fourth Amendment purposes when all that's happening is that code is being run across it? And that, that's fine to struggle with that.

I do worry that's a question that may lead the Court into a decision that's gonna be very much the Olmstead of our era, to say that these kind of searches, because it's done through software, aren't searches. We've seen the Second Circuit reject that in an admittedly slightly different context in the Hasbajrami case, which involved the Section 702 collection, where the, this data's collected for one purpose, but the government searches it for another purpose.

And the court in the Eastern District of New York holding that is a search for Fourth Amendment purposes, even though it's just software and it's data in the possession of the government lawfully, it's not even a third party being forced to do it, that's still a search. Now, the FISA court disagrees with that, and so there's plenty of debate to be had there.

But it's not a foreign concept at all. And certainly for the hyperscalers, they're gonna look at this, and you look at the location history accounts and you say, “Well, what's the difference between this account and the email and the docs and the photos?” This is where the users have stored data.

It happens to be location data, so we have a different rule for different types of data. And what happens if the location data's in the email account, in the email where you have said where you are? Or where, what if it's in a doc, which is nothing more than a list of the location of your phone, which you could certainly have automated.

So it leads down a very troublesome analytical path for the Court that's very easy to resolve if you just start with the place to be searched as the account.

Kate Klonick: Yeah, I think that's a, I think that's a correct kind of framing. And I just wanted to say, you know, just something that Michael said yesterday and that the Court addressed in arguments was essentially that there was this question of, well, if this is a voluntary measure of turning on this location history, so—

And it's not essential to daily life. And I—You know, when I was listening to that in the arguments, I said, “It's not essential to daily life now, but actually it might be legally required in the future because there are all of these age assurance laws that are coming out, all of these things that really might kind of to, in order to understand which state you're in and which laws the company, the private companies have to comply with, would really necessitate knowing exactly where you're, where you are in your location history and what they have to potentially give over to the government.”

So that might not be a voluntary thing in very short order because I think the geolocation is going to become increasingly a focus potentially of lawmaking. But that aside, I wanna kind of switch the stakes here and kind of the last kind of questions and open this up to everyone, but I'll start with kind of aiming this at Michael, which is that, you know, Orin Kerr, like, at Stanford, filed this influential amicus brief.

The justices, I think, referenced him either by name or the idea that he coined about virtual lockers about three times during arguments. And he had like put his brief in, siding with the government, and his proposal was that if a, even if a geofence search is a Fourth Amendment search, and he doesn't think it is, one warrant could authorize the whole search with constitutional concerns addressed through use restrictions downstream, right?

Limiting how the government can deploy information about people who turn out not to be suspects. Essentially, like we could also—essentially something like what Google instituted through its three-step program, but does, they did so voluntarily. And this could be something that could happen also with the government.

And I'm just—From your perspective, is a use restriction framework administrable? Like, do you see it about a broader shift towards thinking about Fourth Amendment protection at the back end of an investigation rather than at the front end? Is that a potential way that the Court might think about narrowing this decision?

Michael R. Dreeben: These are great questions, and they really have to be answered in a very context-specific way. Here, I think the context was fairly tangible of a robbery. You get 19 names from the geofence warrant, and then it has to be narrowed down. And I think to the—If one wants to defend this warrant and the information that's acquired, you have to defend the whole two hours that the government got at step two of the nine people that it selected from the original 19.

And at that point, you're really straining probable cause. I mean, it's one thing to say we wanna figure out who the bank robber was in the immediate vicinity of the bank immediately before or after the robbery. That is, I think, going to strike most jurists as a reasonable scope to identify the potential bank robber.

Once you start going outside of that and you're really looking at a much broader range of locations, you are acquiring a lot more information about people. You're not quite to the level of the Carpenter, seven days or more of location data, but even for those who think that a couple of minutes of location data is nothing, 'cause we don't really conceal our identities when we go out into the world and go to a bank, and we're probably on surveillance cameras anyway, the further you extend that, the more attenuated the probable cause argument gets.

And the government didn't go back, as I said, to the magistrate to get that narrowing, and it doesn't go back to the magistrate to de-anonymize the three people. That is, is assuming that anonymization actually matters. I think Adam has some pretty strong arguments that for Fourth Amendment purposes, it doesn't.

If you broke into a house and you had no idea who lived in the house and you didn't have any data on that, it would still be a search of the house for someone who did in fact live there. So anonymity, I think, is a rather weak argument for narrowing the search. And if you look at it in that context, y-you ask about use restrictions there I think the Court may well say, “We're gonna allow you to get this government. We're not going to analogize this to some search of five hundred million accounts. That means we're out.”

Why? If we did that, techniques like tower dumps are really called into question. A tower dump is getting all the cell phones that connected to a cell tower, and the government uses that a lot when it has no leads on a person who committed a, you know, tangible crime, and it solved a lot of very serious crimes.

So the Court is gonna be reluctant to go down that route, but it may be more willing to say, “We still want more checks against the government making its own decisions about how much further it wants to extend privacy intrusions on individual people.”

And if I could say one thing in response to the sort of broader argument that we spent a lot of time wrestling with, and that Richard very eloquently and with technological precision framed up as, you know, we're searching everybody's accounts, and he referred to 702.

702is, of course, the way the government gets information about foreign people speaking overseas who are associated with or believed to be associated with terrorism, and thus the acquisition of the information occurs in the United States. You don't get a traditional warrant, you get a certification by the attorney general that allows you to scoop up all of that stuff.

The real controversy has been, well, a lot of Americans might have been talking to those people. It goes into a big soup, a big database, and as Richard said, there has been an effort by the government to say, “Well, once it's in the database, it's ours. We acquired it lawfully. We can do anything we want with it,” and courts in the Second Circuit are pushing back.

I actually worry that extending the concept of a search to a digital algorithm passing over the data would cut against the argument that a warrant is needed to go into that database of 702 information to look for a specific individual. Why? The traditional view is that if information has been exposed to the government in a search, the expectation of privacy for that information is generally gone, and the government can go back into it because once the expectation of privacy has been overcome, there's no longer a basis for saying that it's a search.

Like, the government could read the same document six or seven times two through seven are not new searches. So if we conceptualized everything in the 702 database, which undoubtedly gets queried by AI or by computers, as a search of everything in there, I think it would actually undermine the argument that a targeted search for a U.S. person in that database requires some Fourth Amendment protection, as the district court said, a warrant.

So those are some practical implications of the kind of expansion of the concept of search in ways that may be analytically and technically accurate, but produce consequences that I think we need to take carefully into account before we apply the Fourth Amendment to this novel context.

Kate Klonick: Yeah, Adam I'm very curious to know whether you think that the third-party doctrine is—I mean, it wasn't as kind of central here as it was in Carpenter and other types of things.

What are you kind of seeing as the stakes here, and do you see, like, the Court as continuing kind of to narrow, you know, and very carefully limit the scope of the Fourth Amendment as they have been in these case-by-case bases, or do you think them, there's any chance that they might make a broader decision on the facts of this case?

Adam Unikowsky: Well, I'm not going to try to predict what the Court is going to do. Whenever I do that, I'm usually wrong and it's a little hard to be objective here, but you know, I can talk a little bit about some of the stakes in the case. You know, what made this an interesting case, in some ways a challenging case to litigate maybe on both sides, is that there's really a lot of different issues in the case.

There's whether there was a search, whether there was a warrant, and both of those issues had a fair number of sub-issues. And so, depending on how the Court rules on every one of those issues and sub-issues, you know, you might have a broader or a narrower ruling. But it is the case that in terms of what's at stake, you know, the government did take the position that data in the cloud, in general, at least in its brief, it took the position that data in the cloud in general is not protected by the Fourth Amendment because, you know, privacy policies by cloud providers typically say things like, you know, “We'll respond to search warrants, and we reserve the right to analyze your data for certain reasons.”

And the government argued that is a sufficient basis to establish that the user has abandoned any reasonable expectation of privacy. And that has a pretty—That has pretty broad implications, pretty troubling implications. From my perspective, you know, if you're using email, sending documents or photos, you shouldn't have to show that the emails or documents themselves are particularly private.

Like if I, you know, take a picture of a beautiful sunrise, you know, maybe lots of people were observing that sunrise, and so it's not a particularly private photograph, but I still think it's mine. I still don't necessarily want the government snooping on it. And the fact that I sent it into the cloud and that Google may retain some rights to, you know, analyze it for its own purposes, maybe even for advertising purposes, I'm not sure that's a sufficient basis to say that I've implicitly consented to the government looking at it. I've abandoned an expectation of privacy.

 So if the Court were to reach that conclusion, which I think it's unlikely given the government's concessions during the oral argument, that would have potentially broad implications. But, you know, I do think that, you know, that, that is the likely out—is not a likely outcome.

On the issue of the warrant, you know, there's a number of different issues that were raised, you know, but I would, you know, I'd be concerned about if the Court is to hold, and I'm not gonna speculate on what it's gonna hold or not gonna hold, but if it's gonna hold that geofence warrants are not inherently or categorically unconstitutional, and I would still be concerned with the ruling that, you know, every single person, you know, merely by virtue of their proximity to the crime necessarily there's probable cause to establish that you can look inside of their Google accounts for, you know, a very large amount of time to inspect all their movements.

You know, that, that's a little bit of a troubling argument from my perspective. In this particular case, for example, the geofence encompassed a bank and a church. In fact, most of the 19 people who were in the geofence were just sitting at church the whole time. To me, it's very hard to say that there's probable cause to, to determine that, you know, two hours of those people's movements, including outside the geofence, including perhaps when they went home from church, there's probable cause to search those movements merely because they were sort of near the scene of the crime.

You know, that to me would be inconsistent with how I ordinarily understand the concept of probable cause. And I would be troubled if the Court stretched the concept of probable cause in that way. So if it were the case, hypothetically, that the Court were to say that this was not a general warrant and that, you know, geofence warrants are sometimes permissible you know, one of the important issues the Court will face is how to think about probable cause in this context.

And I would hope, at least from my perspective, that the Court will sort of rigorously enforce the concept of probable cause and hold that you really need to think that, you know, the evidence that you're looking for really, there's probable cause to believe that really is, you know, gonna be relevant to a criminal investigation beyond mere speculation as to, you know, hey, you know, maybe it'll be useful and we don't know, and so, you know, just the mere hypothetical possibility's enough.

Kate Klonick: Really quickly, Richard, I just kind of want to ask you, you know, those are the implications for Fourth Amendment. What are the implications gonna be for private companies coming out of this? What are private companies looking for? You know, the framework that Google set up that, that was discussed in this case, the terms of services, things like the opt-in versus opt-out on location history and the defaults that are in place with that, I mean, are companies going

Like, do, what stakes do companies have for this? Do they have no stakes at all? Right now they do a lot of work kind of pushing back against the government and checking for warrants and things like that. Do they need to be doing that work? Are they gonna get out of the business of doing some of that work?

Richard Salgado: Well, I will say I think the geofence warrant itself as we are seeing in this case, those days are gone. That service is no longer available to the extent that the—it's on server side. Now the data's located on the individual devices, and so you can still get your timeline service, although the data is coming off of your phone and not with Google.

So I think this is over. There are some other companies who are getting geofence requests, but it—I don't think they were in quite the same context where the information is uploaded by the user to store in their personal account for later access. So there's other flavors of geofence that just aren't gonna present this place to be searched issue qui—or business record issue quite the same way as here.

So I think we might be done with these. It's a little hard to tell. Maybe I'm wrong in that, and maybe it pops up in, in a like context in some other situation. I do think it means that companies will take a look, as they have been, at trying to how do we as a company tell our users that when you send the data to us, this is the kinds of things that will happen, how it's processed, how it's handled, and the situations where it might be disclosed.

And when you're open and trying to be transparent and give your users an idea of what happens when they entrust their data with the provider, and you tell them, “You know, there's a chance the government might come and ask for this information and we might have to comply to it,” and then to have the government and others argue, “Well, that means that you've consented to turning over the data to the government,” which is nonsense, right?

It's just telling the user that there is a world of legal process that the companies are required to comply with. So I know there's a struggle, like how do you tell the users without that turning into a consent to disclose to the government kind of a situation. So there'll be continued struggle around that.

I do think there, you know, there are some other, like, red flags in at least the government's argument. I don't know how seriously to take them. There was one point where the government was talking about the moving the data to the phone and that Google doesn't have access, or so they say, to the data on the phone, but if that was different, then maybe the geofence technique would come back again.

That definitely caused the hair on the back of my neck to rise up, the idea that the government might think that it, through compelled assistance orders, could have Google or any provider access the personal devices of users to be able to get data. I don't know how serious to take that. That may not have been what he was trying to get at.

He may have been more just saying it's data not in the pos- possession of Google anymore. But that, that, that's the sort of thing that I think when you're a provider, you worry about, that you are going to become what Michael was saying, one of the king's agents through compelled assistance to engage in these surveillance activities through code so it doesn't seem to implement the—or implicate the Fourth Amendment because it's not a search through malware to, to be able to extract.

And now that's, this is getting a little crazy I hope but that is a little bit of a thing you hear when you're in a provider that's like, what does that mean? Like, where's the end of this? When does this end? What is the full scope of what the government is asking for? 'Cause it's not clear.

It's not clear why location history in a personal account is distinguishable from the things the government conceded, like Gmail and Docs and Calendar, when it's all the personal data of the user entrusted to the provider. I think those are the—it's a struggle to figure out, well, how is the Court, if the Court affirms or allows this, maybe with some guidance on describing with particularity the things to be seized, how is this gonna be used going forward?

And how are they gonna distinguish this case from email and Docs and so forth?

Kate Klonick: Yep, I think that's a great place to leave it. It's going to be a brave new world. It constantly is with all of this new technology and trying to overlay these very physical world doctrines onto these new situations that are just kind of not perfect fits.

But Adam, Michael, Richard, thank you so much for joining me for this chat on Chatrie and putting up with that pun. We will hopefully see you again soon on Lawfare.

Adam Unikowsky: Thank you.

Richard Salgado: Thank you.

Michael R. Dreeben: Thank you, Kate.

[Outro]

Kate Klonick: The Lawfare Podcast is produced by the Lawfare Institute. If you want to support the show and listen ad-free, you can become a Lawfare material supporter at lawfaremedia.org/support.

Supporters also get access to special events and other bonus content we don't share anywhere else. If you enjoyed the podcast, please rate and review us wherever you listen. It really does help. And be sure to check out our other shows, Scaling Laws, Rational Security, Allies, The Aftermath, and Escalation, our latest Lawfare Presents podcast series about the war in Ukraine. You can also find all of our written work at lawfaremedia.org.

The podcast is edited by Jen Patja with audio engineering by Cara Schillenn of Goat Rodeo. Our theme song is from ALIBI Music.

And as always, thanks for listening.