In 2018, 23-year-old Jorge Molina was arrested and jailed for six days on suspicion of killing another man. Police in Avondale, Arizona, about 20 miles from Phoenix, held Molina for questioning. According to a police report, officers told him they knew “one hundred percent, without a doubt” his phone was at the scene of the crime, based on data from Google. In fact, Molina wasn’t there. He’d simply lent an old phone to the man police later arrested. The phone was still signed in to his Google account.
The information about Molina’s phone came from a geofence warrant, a relatively new and increasingly popular investigative technique police use to track suspects’ locations. Traditionally, police identify a suspect, then issue a warrant to search the person’s home or belongings.
Geofence warrants work in reverse: Police start with a time and location, then request data from Google or another tech company about any devices in the area at the time. The companies then typically supply anonymous data on the devices in the area. Police use their own investigative tools to narrow down this list. Then they may ask for more specific information—often an email address or a name of the account holder—for a phone on the narrower list.
Critics say the process is an invasion of privacy, often subjecting many people to an unconstitutional search. Now, in a rare step, two judges have denied requests for geofence warrants and questioned whether they complied with Fourth Amendment protections for searches. Lawmakers and activists see the court opinions as steps toward a potential ban on the practice.
“This is as clear as day a fishing expedition that violates people's basic constitutional rights,” says New York state assemblymember Dan Quart. Earlier this year, Quart and state senator Zellnor Myrie introduced bills that would prevent authorities from using data gathered from geofence warrants. “It should never be used in a courtroom.”
Though relatively new, the practice is becoming increasingly common. Google reported a 1,500 percent increase in requests in 2018 compared with 2017. The New York Times reported the company received as many as 180 requests per week last year. Privacy experts tell WIRED that it isn't just Google. Apple, Uber, and Snapchat have all received similar requests.
“This is a tactic that really can be targeted at literally any company,” says Albert Fox Cahn, founder and executive director of the Surveillance Technology Oversight Project, a nonprofit civil liberties organization. The New York legislation would bar law enforcement from obtaining location data from tech companies or any of the nameless data brokers collecting the data from seemingly innocuous apps. The legislation would also prevent law enforcement from bypassing geofence warrants and buying location data directly, as the Secret Service did, a Vice report uncovered.
“This exact same data can be gathered by all sorts of commercial data brokers using the free apps on our phone,” Cahn says. “Police can potentially use them to get the exact same information as when they send a warrant to Google.”
Google itself has raised questions about the practice. Lawyers for Okello Chatrie, a suspect in a Virginia bank robbery, are questioning the legality of a geofence warrant that led to Chatrie’s arrest. Google declined to take a position on his case but, in an amicus brief, called a geofence request "an uniquely broad search of all Google users' timelines."
Quart, the New York state lawmaker, says geofence warrants are impermissibly broad and can gather data about bystanders. “I could easily see how a reverse search warrant could be used against protesters to violate people's First Amendment rights.”
“Police have no idea how many people's information is going to be captured,” Cahn says. “They don't know if it's one person or a thousand people. And the judges who are asked to approve these requests, they don't have enough information to actually make an informed decision.”
Federal magistrate judges echoed these criticisms in July in denying requests from the US Attorney’s Office in Chicago for geofence warrants to help investigate stolen pharmaceuticals. The office said it used a three-step protocol that protected user privacy. First, it limited the request to a specific time and location; then, it looked for corroborating information about the phones identified as being in the area. Only after that did it ask Google for specific information about a small number of device owners.
Magistrate judge David Weisman rejected this argument, writing that a geofence request in a densely populated city like Chicago “ensures an overbroad scope,” because so many people will be part of the request, even if limited to just a few city blocks. As bystanders will be caught up in any search, the requests could not be considered “narrowly tailored,” as required under the Fourth Amendment, he wrote.
When Judge Weisman rejected the application, the government submitted a revised request in which it offered to skip the third step, and not collect from Google the names or email addresses of any phone owners. Judge Gabriel Fuentes denied this request as well, saying the government still has too much discretion in determining which devices to filter in or out of its pool, even after limiting the scope of the warrant. The US Attorney’s Office did not respond to a request for comment.
Those rulings apply only to the particulars of the July request. But activists say the rejection could set an important precedent.
"These two opinions show just how strong the Fourth Amendment claims are,” says Nate Sobel, a fellow at the Electronic Frontier Foundation. “As the first written decisions assessing the constitutional claims, the two opinions set an important benchmark, and both litigants and judges will rely on them as geofence cases make their way up through the courts around the country."