Around 5 p.m. on May 20, 2019, a teller at the Call Federal Credit Union in Chesterfield, Virginia, got ready to help her next customer. He gave her a handwritten note: “I’ve been watching you for sometime now. I got your family as hostage and I know where you live,” it said, according to a court brief. “If you or your coworker alert the cops or anyone your family and you are going to be hurt… I need at least 1OOk.”
The teller told him she didn’t have access to that kind of money, at which point he pulled out a silver and black handgun. Waving it around, he herded the bank’s customers and employees behind the counter and into the back room. There he ordered everyone to their knees and forced the manager to open the safe. He fled with $195,000.
No one recognized the thief, although a witness at a church near the burglary reported having seen a man who looked suspicious in a blue Buick sedan, the court brief said. The police had little else to go on, except surveillance tape showing him entering the bank with a cell phone to his ear and passing by that church. Three and a half weeks later, still empty-handed, they asked a magistrate for a geofence warrant.
Unlike a traditional search order that identifies a particular suspect, geofence warrants require Google to trawl its massive library of location data, commonly known as the “Sensorvault,” to identify people who were in the area when a crime was committed. They are relatively new, and increasingly widespread: Between 2017 and 2018, Google saw a 1,500% surge in the number of requests it received, and from 2018 to 2019, the rate increased over 500%.
The Police Are Watching on Nextdoor
While posting content about individuals may seem innocuous, Nextdoor users should be aware that in all likelihood, the…
The resulting data helped police solve a murder case in Cobb County, Georgia, and to identify suspects in a home invasion in Eden Prairie, Minnesota, a fatal shooting in Raleigh, North Carolina, and a string of bombings in Austin, Texas.
But in the process of pinpointing anyone who may have been near the scene of a crime, geofence warrants have also pointed police toward people like Jorge Molina, a warehouse worker in Arizona who was arrested as a murder suspect after police obtained data showing his phone at the crime scene. Molina spent nearly a week in jail before being found innocent. Which is why, as the prevalence of geofence warrants has increased, so has the alarm of defense lawyers, privacy advocates, and civil rights groups, who point to a lack of federal oversight that has left Google to serve as gatekeeper of a legal process they believe, at its core, violates the Constitution.
In the Virginia bank robbery case, the geofence warrant returned the location histories of 19 people who had been within 500 feet of the bank around the time of the crime. It led to the arrest of a 24-year-old man named Okello Chatrie, whose lawyers are presenting the first serious legal challenge against the practice.
“Geofence warrants like the one in this case are incapable of satisfying the probable cause and particularity requirements, making them unconstitutional general warrants,” the lawyers argued in a motion to suppress evidence. The brief goes on to describe them as “the digital equivalent of searching bags of every person walking along Broadway because of a theft in Times Square.”
If the judge agrees to suppress the Google data from being used as evidence (the next hearing is July 2), the case could set a precedent in the eastern district of Virginia — a first step toward a potential federal ruling or law that spells out whether geofence warrants can or can’t be used in criminal cases, and if they can, exactly how. If nothing else, a win would send a message to other defendants incriminated by these searches, and offer a playbook to fight back.
If cops want to know where a certain suspect’s phone has been, they need a traditional warrant. If they want Google to conduct a geofence search, it’s not clear they must do the same. The first standard was established by a landmark Supreme Court case in 2018, Carpenter v. United States, which involved cell site location information (CSLI) generated by pings off towers and collected by carriers like Sprint and AT&T. That data is so private, the Justices reasoned, law enforcement must use a warrant to get it. But the high court emphasized that its decision applied only to a single person’s device; they left open the question of police access to location data for every phone in the area during a certain period. Although they were referring to so-called tower dumps based on CSLI, geofence searches for Google’s data would fall under the same category.
Even so Google — to its credit, say privacy advocates — has always insisted on a warrant. Specifically, it asks for a version it came up with to address the broad nature of these searches.
In the absence of a clear legal process for obtaining and responding to geofencing warrants, Google is almost entirely responsible for shaping practices around them. That’s because it is the recipient of almost all these requests. The type of data the company collects in order to target ads accurately is uniquely useful to law enforcement. In addition to other location data the company picks up, this kind is called “location history”; Google has been gathering it for more than a decade and stores it in a way that is both searchable and attached to users’ accounts.
“The important point here is to not conflate Google’s business practices with constitutional law.”
As a user, you might turn on your location history to do things like get live traffic updates, personalize maps, or find your phone. The minute you do, it starts picking up signals from cell sites, GPS, nearby Wi-Fi networks, and Bluetooth devices, mapping your movements much more precisely than other methods like CSLI. Location history “functions in effect as a daily journal,” Google explained in a court filing. “It can reveal when a user was at her home (or someone else’s), a doctor’s office, a place of worship, a political meeting, or other sensitive locations.”
Google’s data bank is also vast. In 2019, with more than 2.5 billion Androids in people’s hands and its apps all over iPhones, the tech giant said in another brief that roughly a third of its users — “numerous tens of millions” — had location history enabled. Last year, the company added new controls to auto-delete past data (Google told OneZero this decision had nothing to do with geofence warrants). It’s too soon to tell if that option will make a dent in Sensorvault, but it didn’t impact the bank robbery case.
On June 14, 2019, Chesterfield County police requested data on all the phones in a 150-meter radius from the bank between 4:20 and 5:20 p.m. the day of the heist. Google’s process for filing a geofence warrant was designed to narrow the scope of the data disclosed, the company’s director of law enforcement and information security, Richard Salgado, told OneZero. It usually has three steps. First, the company provides only anonymized data on the phones it finds in the specified area; in this case, there were 19. In the second step, police try to pare down the pool and can request more context on those devices of interest — Google has not publicly defined a limit or explained its math for determining the subset, nor do the warrants typically spell it out. The Chesterfield County police asked where nine of the original devices traveled during 30 minutes before and after the original time frame. Google doesn’t give police identifying information like the email and name attached to each account until the final step. Again the police working on the robbery case attempted to zero in (and again they weren’t bound by specified guidelines), choosing three phones.
Anonymized data can be telling, and police already had a suspect in mind by the time Google revealed identifying information about the accounts it had placed near the robbery. During that first step, the Virginia detectives saw one of the 19 phones had traveled between the church and the bank. In step two they followed that device to a residence where they got a name, Okello T. Chatrie. And from there they discovered he’d purchased a gun less than a month before the robbery and drove a blue Buick, which matched what the church witness had reported. Step three of the warrant delivered Okello’s email address. Further search warrants led them to $100,000 at a residence where he spent evenings; some of the bills were wrapped in bands signed by the bank teller. At a hearing January 21, prosecutor Kenneth Simon acknowledged, “We can’t deny that everything else flowed from the geofence warrant.”
All of that evidence should be tossed, contends Chatrie’s defense team. (Neither the U.S. attorney’s office or defense attorney Michael Price would comment with the case in litigation.)
Mark Rumold, a senior staff attorney with Electronic Frontier Foundation, a leading nonprofit defending digital privacy, agrees. Even though by the time police get identifying data, they may have probable cause, he says that’s not the point. “The key is that all the information they’re getting initially is information that’s protected by the Fourth Amendment. It’s that first step where people’s reasonable expectations are intruded on and that’s the whole problem with the warrant.”
Nathan Freed Wessler, a staff attorney with the ACLU Speech, Privacy, and Technology Project, who argued Carpenter, is also concerned about the vagueness of the process. “There’s nothing, as far as I can tell, to stop the government from looking at step one and say[ing] to Google, ‘Yeah, we can’t really narrow it down. We need the names and account details of everyone.’”
In fact, that did happen in the Chatrie case. Virginia police asked for personal data on all the 19 phones. Google said no, but that conversation, legal experts say, should happen in front of a judge or magistrate.
“The important point here is to not conflate Google’s business practices with constitutional law,” Albert Fox Cahn, a fellow at the Engelberg Center on Innovation Law & Policy at N.Y.U. School of Law and founder of STOP, Surveillance Technology Oversight Project. “Google is going above and beyond, but that isn’t a robust safeguard especially when there’s a growing array of data brokers, app developers and other sources of information who might hand over a great deal of information without that back and forth.” Cahn is particularly worried about geofence warrants being used for Covid-tracing data.
“The baseline concern,” says Wessler, “is that this is a dragnet search of sensitive location data of lots of people who will have absolutely nothing to do with the crime under investigation. There’s a serious question about whether these kinds of searches should ever be allowed. And if they are to be allowed, then we need to have a serious conversation about how to very strictly control and restrict them.”
We Mapped How the Coronavirus Is Driving New Surveillance Programs Around the World
At least 30 countries are ramping up surveillance to combat the coronavirus
Even those who think geofence warrants are legitimate and a useful investigative tool believe the process needs more oversight. “I want judges to be asking those questions about narrowing things down, investigative alternatives, what they’re going to do with the data once they find out it belongs to an innocent person,” says David Gray, the Jacob A. France Professor of Law at the University of Maryland, Francis King Carey, School of Law and author of The Fourth Amendment in an Age of Surveillance. “I want law enforcement to have to explain why they want a geofence warrant around a political rally, and the judge to look over her glasses and say, ‘Are you kidding?’“
The opposition to geofencing warrants is growing. The National Association of Criminal Lawyers’ Fourth Amendment Center, which is defending Chatrie, has begun litigating other similar cases, and Rumold says EFF may be filing an amicus brief to suppress geofence warrant evidence in a case in San Francisco. In April, STOP helped introduce a bill in New York that would ban geofence warrants in the state.
The next hearing for Okello Chatrie is scheduled for July 2. He is facing up to life in prison and has pleaded not guilty to forced accompaniment and brandishing a firearm during an armed robbery. Even if the judge rules to suppress the evidence obtained through the geofencing warrant, he could be convicted under an exclusion saying the officers reasonably thought they were acting under legal authority. Still it would send a warning to police that the warrants can be challenged and a signal to defendants like Chatrie their rights may have been violated. The case has already revealed a more detailed look at Google’s data and how warrants are carried out, Wessler says. And that’s important.
No matter how it is decided, United States v. Chatrie will likely spark other cases. If some succeed and are appealed, that would bump the issue up to the higher courts and maybe — especially if judges disagree — into a Supreme Court case that changes the law. A flurry of litigation might also convince lawmakers to pass federal legislation that either bans geofence warrants or spells out how they should be executed. The public can push technology companies too. “As people see how the police can transform their apps and devices into government tracking devices,” says Cahn, “maybe it will chill their willingness to use them.”
Whatever happens, ACLU’s Wessler would see a defense win in the Chatrie case as groundbreaking. “It would be a very significant statement about how to apply old protections in the fourth amendment to a totally new and uniquely disturbing context,” he says. “And it will send a signal to the government and to technology companies about where the guardrails are when the government wants to be dipping into lots of people’s sensitive data in an effort to locate or identify one suspect.”