Limiting Reverse Searches in the Stored Communications Act

Law enforcement increasingly conducts “reverse searches”—requests that ask online providers to search their massive databases not for information about a known suspect, but to identify unknown individuals based on location, conduct, or search queries. The most prominent examples are geofence warrants, which seek to identify all device users near a particular location during a specified window, and reverse keyword warrants, which seek to identify everyone who searched for a particular term. These searches act as digital dragnets, sweeping through the private data of hundreds of millions of users to find a handful of potential suspects.

This report argues that reverse searches pose grave threats to privacy and civil liberties, likely violate the Fourth Amendment’s prohibitions on general warrants and overbroad searches, and are probably not authorized under the current Stored Communications Act. It proposes a new statutory framework—Section 2703A—that would ban reverse searches by default while narrowly permitting specific categories, beginning only with geofence warrants. Authorized reverse searches would require superwarrant-like protections borrowed from the federal Wiretap Act, including necessity and serious crime predication. The proposal also codifies and improves upon Google’s three-step process for handling geofence warrants, adding judicial oversight and capping the number of individuals whose identifying information may be disclosed.

This paper was published as part of a series marking the 40th anniversary of the Electronic Communications Privacy Act. View the paper series here.

You can read this paper here or below: