geofence warrants – Techdirt (original) (raw)
Fifth Circuit Flips The Script, Declares Geofence Warrants Unconstitutional
from the SCOTUS-has-entered-the-chat dept
Oh, Fifth Circuit, you crazy, crazy kid. I take back almost all the bad things I’ve said about you.
The cop-friendliest circuit in the nation has done the unimaginable: set up a circuit-on-circuit showdown that can only be resolved by a Supreme Court decision. Until that happens (don’t hold your breath), you and your Google location data are safer in the Fifth Circuit (Texas, Louisiana, Mississippi) than the Fourth Circuit (Virginia, Virginia’s AAA-affiliate, both Carolinas, and Washington DC’s largest suburb, Maryland).
We won’t know whether the timing of this decision is impeccable or fortuitous or whatever until further case law is developed. But we can say this: it was nipping at the heels. The Fourth Circuit released its decision on geofence warrants roughly a month ago. That decision went entirely the other way. While there were a few concerns expressed about a single warrant being capable of forcing Google to search its entire collection of location data (something that affects more than a half-billion people), the Fourth Circuit said the Fourth Amendment mattered less than the Third Party Doctrine.
The third-party doctrine therefore squarely governs this case. The government obtained only two hours’ worth of Chatrie’s location information, which could not reveal the privacies of his life. And Chatrie opted in to Location History on July 9, 2018. This means that he knowingly and voluntarily chose to allow Google to collect and store his location information. In so doing, he “t[ook] the risk, in revealing his affairs to [Google], that the information [would] be conveyed by [Google] to the Government.” He cannot now claim to have had a reasonable expectation of privacy in this information. The government therefore did not conduct a search when it obtained the data.
The Fourth Circuit’s decision basically says the government doesn’t even need a warrant to collect this data from Google. If people opt in to Google’s location data collection, it’s on them. And if the sharing is “voluntary,” the government can have it for as little as a subpoena, no matter how broad the original search performed on its behalf by Google.
The Fifth Circuit goes completely in the other direction, which will definitely come as a surprise to law enforcement. After all, this is the circuit that sides with the government more often than not when it comes to constitutional violations performed by law enforcement officers.
This decision [PDF] is astounding for that reason alone. But it’s an important one — a decision that says using a single warrant to force a third party to dig through data contributed by hundreds of millions of people makes a mockery of the Fourth Amendment and its prohibition of “general warrants.”
This case — like the one handled by the Fourth Circuit — involves a robbery. In this case, it was a Mississippi postal worker being robbed and assaulted in February 2018. Most of the investigation involved the investigative wing of the USPS. Postal inspectors failed to generate any leads for the next nine months. At that point, they decided Google should perform the investigative work for them.
After consulting with other law enforcement agencies which had already issued geofence warrants, the USPS wrote one of its own. Its warrant stated there was probable cause to believe Google housed the data it was seeking. A geofence was drawn around the scene of the crime — one that covered 98,192 square meters.
However, Google’s first search was even broader than the specifications delivered to it by postal inspectors. It covered an area of 378,278 square meters during the date and time noted in the warrant (a one-hour period on the day of the robbery) and required Google to search all of its 592 million Sensorvault accounts.
The first search resulted in three identifiers matching the time/date/location restrictions. Without writing a new warrant based on the search results, the investigators went back to Google and demanded further identifying info for the three numbers Google had given them. This set gave the inspectors the device IDs. Again without crafting a new warrant, the investigators told Google to cough up any account information linked to the devices. Using this information, the USPS now had two suspects to pursue. Three suspects, with the lead defendant being the person listed on the caption header of the decision (Jamarr Smith), were arrested, tried, and convicted.
Citing the Supreme Court’s Carpenter decision — one that erected a warrant requirement for cell site location info collected from cell service providers — the Fifth Circuit says the other observations made by the nation’s top court in that case apply here: it’s an oversimplification to assume any data-sharing with service providers is “voluntary.” Since it’s not always obvious what’s being collected by who (see also: third-party data brokers and the government agencies that love them), it’s insulting to the Fourth Amendment to assume the Third Party Doctrine applies. And it says this while quoting the district court which ruled in favor of the criminal suspect before the Fourth Circuit reversed the evidence suppression order.
[T]he fact that approximately 592 million people have “opted in” to comprehensive tracking of their locations itself calls into question the “voluntary” nature of this process. In short, “a user simply cannot forfeit the protections of the Fourth Amendment for years of precise location information by selecting ‘YES, I’M IN’ at midnight while setting up Google Assistant, even if some text offered warning along the way.” Chatrie (Dist.), 590 F. Supp. 3d at 936
But there’s something even more concerning about geofence warrants, even when warrants are used: the breadth of the search. That’s where this court parts ways with not only the Fourth Circuit, but most jurisprudence surrounding geofence warrants. Not only is the search extremely broad, but at the point the search is performed, law enforcement officers don’t even know who they’re looking for. (Emphasis in the original.)
When law enforcement submits a geofence warrant to Google, Step 1 forces the company to search through its entire database to provide a new dataset that is derived from its entire Sensorvault. In other words, law enforcement cannot obtain its requested location data unless Google searches through the entirety of its Sensorvault—all 592 million individual accounts— for all of their locations at a given point in time. Moreover, this search is occurring while law enforcement officials have no idea who they are looking for, or whether the search will even turn up a result. Indeed, the quintessential problem with these warrants is that they never include a specific user to be identified, only a temporal and geographic location where any given user may turn up post-search. That is constitutionally insufficient.
That, my Fifth Circuit-residing friends, is what we call a “general warrant.” And we kicked those to the curb shortly after we kicked out our former British overlords. We shouldn’t be returning to this pattern and practice just because technology and opportunity have fortuitously aligned to give law enforcement a new way to identify suspects without ever having to leave their desks. (Emphasis in the original.)
While the results of a geofence warrant may be narrowly tailored, the search itself is not. A general warrant cannot be saved simply by arguing that, after the search has been performed, the information received was narrowly tailored to the crime being investigated. These geofence warrants fail at Step 1—they allow law enforcement to rummage through troves of location data from hundreds of millions of Google users without any description of the particular suspect or suspects to be found.
Warrants are always supposed to be narrowly tailored to minimize intrusion and collateral damage to constitutional rights. A warrant that ignores that isn’t any more constitutional just because it’s a warrant.
This won’t do much for the three convicted men. The good faith exception applies. But this isn’t one of those cases where a court says a lot of good things about rights but decides the underlying constitutional questions are best saved for another day. Precedent is established here, which means that going forward, most, if not all, geofence warrants are worthless in the states the Fifth Circuit oversees.
We hold that geofence warrants are modern-day general warrants and are unconstitutional under the Fourth Amendment.
This is a huge decision. And, of course, plenty of people already have opinions of their own. We’ll start with Orin Kerr, who disagrees with the court’s view that warrants are unconstitutional when the target of the warrant is just “too big to search.” (Emphasis in the original.)
Second, and much more dramatically, the Fifth Circuit rules that because the database of geofence records is so large, and because the whole database must be scanned through to find matches, the Fourth Amendment does not allow courts to issue warrants to collect those records. In legal terms, it is impossible to have a warrant particular enough to authorize the surveillance. The government can’t gather these kinds of online records at all, in other words, even with a warrant based on probable cause.
Right. That’s the holding. It may not survive a Supreme Court challenge. Hell, it may not even survive an en banc review, which is one of those things the Fifth Circuit tends to engage in every time it accidentally upholds constitutional rights. This ruling may prove to be extremely short-lived. And yet, Kerr’s main concern appears to be the presumed negative impact it will have on bulk surveillance collections and other extremely broad searches enabled by advances in technology.
I’ll end with a prediction. In a few days there will be a news story about some national security surveillance program that either stopped, or paused, or at least was the subject of a lot of emergency meetings. You won’t be able to tell from the news story what the program was, or what was the cause of concern. But the untold explanation will be a roomful of very worried national security lawyers trying to figure out what the heck to make of the Fifth Circuit’s ruling in United States v. Smith.
Flow my tears, the NSA analyst (who only agreed to speak on background) said. I fail to see the downside! But that’s me and my antipathy towards law enforcement’s slew of shiny new “EASY” buttons.
Here’s the first counter-argument, presented by none other than Judge James Ho of the Fifth Circuit in his concurrence:
[I] fully recognize that our panel decision today will inevitably hamper legitimate law enforcement interests.
But hamstringing the government is the whole point of our Constitution.
So, there’s the first pointed answer that should be stapled to the forehead of the first “source” quoted by reporters as being worried about the ripple effects of a postal truck robbery in the deep South.
Then there’s this response from ACLU lawyers Jennfier Granick and Brett Kaufman in their response to Orin Kerr’s post, which Kerr graciously published at the Volokh Conspiracy (along with his response to their response):
We have a prediction, too. We may see an unnamed national security official cited in a news story, lamenting the possible interruption to some purportedly essential surveillance program because of Smith. No one will tell us what the program supposedly is, or how exactly some limitations on the ability of law enforcement to search huge databases of private information without individualized suspicion interferes with the nation’s security, but that is what the anonymous source will suggest.
Don’t believe it. National security lawyers excel at exploiting legal loopholes to justify secret programs and insulate them from judicial scrutiny. We find it extraordinarily hard to believe that they will read the Fifth Circuit’s opinion in an unnecessarily overbroad and self-defeating fashion to require the executive branch to shut down one of its ongoing national security surveillance programs. Instead, as they usually do, the lawyers will find a way to justify the program to themselves, even if only by saying that the Fourth Amendment applies differently to foreign intelligence surveillance than to criminal investigations.
The government will be fine. The NatSec apparatus will function as well as ever. If there’s bulk surveillance targeting Americans (like the residents of Texas, Mississippi, and Louisiana), that definitely shouldn’t be happening in the first place and this will only make what’s probably an illegal program more illegal.
If cops can’t figure out a better way to find suspects than Googling for them, that’s on them. They all like to talk big about their training and experience. Now, they’ll just have to start putting all that training and expertise to actual work, rather than just expecting everyone else to do it for them. On top of that, Google has already shifted location data storage back to phone owner’s devices, meaning it’s got a whole lot less data to search for when it gets hit with these questionable warrants. This decision won’t add much “hampering” of law enforcement to the status quo.
My prediction? This will change nothing. The government will swiftly appeal this decision and petition the court for an en banc review while waiting to see if this is the sort of thing the Supreme Court might actually want to tangle with. In the meantime, every geofence warrant issued prior to this decision in this circuit is still valid. And they’re still valid in the other 47 states, so I wouldn’t be surprised to see law enforcement agencies roping in out-of-state agencies to write some geofence warrants on their behalf while they work overtime trying to establish some sort of multi-state nexus.
To be this alarmed already is idiotic. And, in my personal view, this isn’t even cause for alarm. This is the court system doing what it’s supposed to do: stand up for the people when the government crosses the line.
Filed Under: 3rd party doctrine, 4th amendment, 5th circuit, geofence warrants, usps
Bulk Suspicion: Typo In Geofence Warrant Created Two-Mile Long Dragnet
from the so-long-and-thanks-for-all-the-data dept
We’ve expressed our displeasure with geofence warrants multiple times. I’ve often referred to them as “reverse” warrants, a term that implies how these warrants invert probable cause. Those in the business of protecting rights (ACLU, EFF) aren’t fans of that term, but it is useful shorthand. Rather than show a court probable cause exists to search a place for evidence of a crime because investigators have found suspects worth searching, investigators simply tell courts they have probable cause to believe Google (and it’s almost always Google) holds the cell site location data sought by law enforcement.
Geofence warrants aren’t new. They’ve been around for years. The pushback, however, is more recent. As criminal defendants have slowly been made aware this is how investigators are compiling lists of suspects, they’ve been challenging this evidence in court.
As for the courts, the issue is nowhere near settled. Some view massive demands for geolocation data to be nothing more than a reasonable extension of the Third Party Doctrine. Others have expressed concern that law enforcement, with a single warrant, can force Google to search the data of all of its users to find the limited (by time and place) information sought by investigators.
This is only the tip of the problematic iceberg. Most courts don’t vet these warrant requests closely, allowing investigators to create dragnets that force Google to cough up data on dozens or hundreds of innocent people while maintaining the pretense cops are smart enough to parse this data dump correctly.
Those requesting warrants are often hesitant to provide courts with overhead shots of the area being subjected to this dragnet, allowing courts to assume this is a good faith effort to narrow the data demand while working with nothing more than geographic coordinates that convey limited information about the area (and entities) covered by the request.
Then there’s the human error problem. Cops frequently screw up addresses when seeking warrants to search a single location. When cops screw up coordinates on a geofence warrant, this singular problem becomes a bulk collection problem — something highlighted in a recent post by the ACLU covering its examination of several geofence warrants. (h/t Zack Whittaker at TechCrunch)
Geofence warrants, like all other warrants, are not error-proof. During our investigation, we discovered one warrant that apparently contained an alarming error.
The error (perhaps the result of a typo) resulted in a warrant stretching nearly two miles across San Francisco and permitted law enforcement to capture information about people across the United Nations Building, Asian Art Museum, Civic Center Courthouse, State of California Building, Rosa Parks Senior Center, and Fire Station 5. Many private homes were also captured in the massive sweep.
Perhaps if the court had seen a visual representation of the proposed search, it might have decided to deny this request. Because this very definitely doesn’t look like something someone meant to do. And if they did mean to do this, there’s no way it’s permissible under the Fourth Amendment.
That’s a two-mile stretch of unrelated businesses, public buildings, and homes being subjected to a Google search just because someone fat-fingered the coordinates. And this surely can’t be the only time this sort of error has happened. It raises a host of questions, none of which have been answered to this point. How often does this sort of mistake happen? How often do courts grant these erroneous requests? And, most importantly, how often do law enforcement agencies avail themselves of data they mistakenly obtained via a typo?
Even non-erroneous requests tend to create massive dragnets. The ACLU’s report displays the results of a couple of other granted geofence warrants — ones that cover multi-family housing, public buildings, places of worship, and shopping centers. Every one of these is capable of giving cops permission to gather more data — if not actually arrest — people who did nothing more than exist in the areas covered by these geographic coordinates.
The Fourth Amendment demands specificity on top of probable cause. Even if it can be argued there’s probable cause to believe Google retains this data, each warrant forces Google to search its entire data repository for responsive records. That’s definitely not specific. Just because this is the only way Google can fulfill these requests shouldn’t be taken by courts to mean this search method is justified.
Then there are the areas sought. When they cover areas where dozens or hundreds of innocent people might be present, the potential for false positives (and false arrests) expands exponentially.
This method may increase law enforcement efficiency by allowing it to generate a list of leads without ever leaving the desk, but the Constitution isn’t there to ensure cops can operate with optimum efficiency. In fact, the Fourth Amendment can be read to state the opposite: rights are to be respected, even if they make it more difficult for investigators to do their job.
What’s on display here is the opposite: dragnets are cast and cops are the direct beneficiaries of unsettled law. The Fourth Amendment says people should be free from unreasonable searches, but geofence warrants — at least those deployed in the San Francisco area — are anything but reasonable. The ACLU’s examination of these warrants shows 82 apartment complexes, 84 businesses, 32 bars and restaurants, and 12 places of worship have been swept up in geofence dragnets.
So, where do we go from here? Well, there’s Senator Ron Wyden’s bill, which would create a warrant requirement for obtaining location data from third party data brokers, who collect this data from iOS and Android apps. At this point, geofence warrants served to Google would be unaffected because Google isn’t (under the terms of the proposed law) a data broker and, more importantly, Google is actually being served with warrants rather than selling access to data to government agencies.
But that may change now that Google has stated most location data will be stored locally on users’ devices, rather than by Google itself. If that’s the case, investigators may turn to third parties to obtain location data — something they can currently do without showing reasonable suspicion, much less probable cause.
For the time being, the most important work is being done by those challenging these warrants. Google has, at least, proven willing to challenge overly broad requests, resulting in rewritten warrants or rejections of data demands by magistrate judges. Our rights mostly rely on those accused of crimes, something that has almost always been the case in terms of the Fourth Amendment. That these challengers are often unsympathetic protagonists doesn’t mean they’re wrong. It just means they’re unlikely to receive mainstream support from legislators and the general public.
These warrants always create dragnets, even when they’re done correctly. The courts need to step up and tell cops it’s just not enough to claim Google houses location data. The Fourth Amendment requires more than cops with hunches telling courts they think they know where they can find a whole lot of data.
Filed Under: 4th amendment, geofence warrants, location data, probable cause, reverse warrants, third party doctrine
Don’t Want To Be Part Of A Geofence Warrant Line-Up? You Have Options.
from the semi-passive-resistance dept
Google is an internet powerhouse. It’s home to the most-used search engine in the world. It has its own operating system and its own line of cell phones. It also has its own cell phone service. It has ad services, a suite of web-based productivity apps that are (somewhat compatible) with a bunch of Microsoft software, an app store, and a considerable amount of consumer loyalty.
To keep all of this running by keeping all of this profitable (although it’s the ads that actually make the money), Google gathers a ton of data from its users, both implicitly and explicitly.
Google’s desire for data has generated its fair share of legal action and legal threats, ranging from users who think they’ve been wronged to the Department of Justice itself, which believes Google is violating anti-trust laws with its products and services.
That’s why Google has become the go-to source for data cops want to obtain. These requests tend to be the first move in criminal investigations with no readily apparent suspect. Cops send warrants to Google for information on anyone using certain search terms in any certain area — something often referred to as a “keyword” warrant.
Far more common are geofence warrants. A crime occurs and cops send a warrant to Google asking for information on any devices in the area of the crime. From that long list of partial identifiers, investigators hope to find a list of suspects worth pursuing.
The problems with geofence warrants are several. First, most courts aren’t really paying attention to the warrant affidavits, allowing cops to seek whatever information they desire under the theory there’s probable cause to believe Google holds the data requested.
Inattentive judges (or those being actively misled by cops) won’t ask for more details about the area covered by the geofence or the odds that such a request (especially when covering a heavily trafficked or heavily populated area) would necessitate Google searching (on the government’s behalf) all of its users’ data for these particular coordinates.
The government is in the business of obtaining data haystacks from Google and demanding it be trusted to sift through the data without rounding up the unusual suspects — innocent people who just happened to be in the area of criminal activity.
That’s simply not good enough in some cases, which has resulted in judicial pushback on these broad requests. These rebuttals from judges make it clear the government needs more than the broad assumption Google might house the data requested.
Popular with cops. Probably shouldn’t be popular with anyone else. While most people might understand they’ve agreed to share location data with Google, that’s not the same thing as agreeing to share it with the government. And, given Google’s history with location data gathering, there’s a good chance some users may have assumed they never gave Google consent to collect this data.
But you don’t have to be part of this virtual lineup. Tools and options are available for users of Google services, a list of people that likely includes a vast majority of internet users.
Shira Ovide’s article for the Washington Post first details everything that’s extremely questionable about law enforcement’s reliance on geofence warrants.
In a typical search warrant, police have a suspect in mind and ask for a judge’s approval to search their home, phone data and other potential evidence. Legal experts are generally fine with those targeted warrants to Google.
In the large-scale search term and location warrants, police know a crime occurred but don’t know who might have committed it.
They come up with what could be potential evidence — the location near a crime or a search term like “pipe bomb” — and ask a judge to order Google to provide information on people who match those criteria.
“That’s not the way criminal investigations are supposed to go,” said Jumana Musa, director of the Fourth Amendment Center of the National Association of Criminal Defense Lawyers.
That’s correct. Warrants are supposed to be particular (in the legal sense of the word) and supported by probable cause the search will turn up evidence of criminal activity. The warrants served to Google force the company to search the entirety of its data stores to provide data responsive to the warrant. And cops don’t actually believe it is involved in the crime being investigated. All they feel they have to show a court is that it’s probable Google houses the data it seeks. Whether or not the data can be linked to a suspect is conveniently ignored.
Legal rulings on these warrants are all over the place. Given the relative novelty of this technique, it’s unlikely individual federal circuits — much less the Supreme Court — will be delivering clarifying precedent any time soon.
Given that fact, it’s probably best to just remove yourself from this equation. The most tenacious will find a way to live life without Google products, services, operating systems, or hardware. For everyone else, Ovide details how people can opt out of most Google services to ensure they won’t be swept up the next time cops decide an criminal investigation requires nothing more than a few mouse clicks.
In the “Activity controls” settings of a personal Google account, you can turn on or off the option for Google to save records of everywhere you go with your phone or other mobile device.
[…]
You can also delete all or parts of your Location History data.
To minimize Google’s data on what you search, go to the Activity controls and click “turn off” in the Web & App Activity section. It helps to use Chrome and Google web search without logging into a Google account.
These steps should help keep you from being swept up by geofence warrants. “Should” is the operative term, though. Whatever you’ve decided to stop handing over to Google directly may, at points, be gathered indirectly via ad partners or sites/apps/services that heavily integrate Google infrastructure.
Even if it’s impossible to quit Google completely, a few small steps will lower your Google footprint, making it a bit more difficult to end up on a digital lineup provided by Google to investigators who have no idea who they’re looking for but know exactly where to go to get a bunch of data without being asked too many questions from their judicial oversight. The more you know, as they say. And the more you know, the less Google knows about you.
Filed Under: 4th amendments, geofence warrants
Companies: google
California Supreme Court Decides There’s No Reason To Generate Precedent On Geofence Warrants
from the just-so-much-dirt-on-the-judiciary's-shoulders-I-guess dept
The government’s preference for geofence (a.k.a. “reverse”) is well known. There have been enough cases and enough litigation in recent years to demonstrably show the government will go to data havens when searching for suspects rather than engage in in-person investigative work.
Why canvass a neighborhood for potential suspects when you can ask Google to do the work for you without leaving your desk? Sure, warrants are involved but they pervert the “probable cause” ideal. Rather than demonstrate Google (or any random data broker) is involved in a criminal act, all a geofence warrant requires of investigators is that they demonstrate Google et al are probably in possession of data that might be helpful in locating an actual criminal suspect.
Geofence warrants demand data on anyone who possessed a functioning cell phone in any area a crime was committed. Sure, some limits are generally placed on searches, but many cases involve plenty of people and the businesses they frequent that are not, in any way, connected to the suspected crime. Investigators may include time frames to limit the acquisition of garbage data, but it appears that’s the only thing pushing investigators towards time/place restrictions in geofence warrant requests.
In 2018, the Supreme Court declared warrants were needed to obtain weeks or months of cell site location info. Implicit in the decision was the court’s determination that geolocation data was no longer considered a mere “third party” record.
And it appears law enforcement has at least paid attention to part of that ruling. Geofence warrants — those capable of gathering info of anyone in the area of suspected criminal activity — are warrants. But they’re unlike any of the warrants that have come before them. Instead of searching property or things or persons suspected to be connected to criminal acts, the warrants grant investigators permission to indiscriminately search location data collected by third parties — something that forces data collectors to search millions of users’ geolocation points to give the government what it wants.
This issue remains unsettled, as the lawyers say. There is no controlling precedent that governs the use of these warrants, nor established baselines for searches that converts anyone in a certain area into a criminal suspect.
Geofence warrants aren’t a new development. And government agencies have found ways to obtain a lot of this same data without having to trouble the courts, tangentially related Supreme Court precedent, or major tech companies that might push back on their requests.
Courts have rarely considered the issue. These searches involve warrants, so courts are inclined to believe they’re less likely to violate rights than warrantless searches, even if the probable cause asserted (“Google has the data”) has nothing to do with the crime being investigated.
And here we have another pass by a court that had an opportunity to establish case law in a state that houses some of the largest tech companies on the planet. An evidentiary challenge involving a geofence warrant has reached a dead end in a California state appellate court, which has decided this isn’t an issue worthy of definitive discussion. (h/t FourthAmendment.com)
A murder case involving two defendants who were linked to the crime by geolocation data resulted in a suppression attempt that was denied by the trial court. The trial court said that even if rights were violated by the six(!!) geofence warrants, the good faith exception applies.
The appellate court doesn’t even bother to say one way or another before affirming the lower court’s decision. It just says “good faith ftw” and moves on. From the decision [PDF]:
The warrant in this case sufficiently described the place to be searched (Google’s database of users’ location history) and the items to be retrieved from that search (designated records for users found within the boundaries of certain coordinates at certain times). Indeed, Mesa and Meneses do not argue there was any ambiguity in the warrant that would lead law enforcement or Google personnel to search an incorrect database or to identify individuals not contemplated by the text of the warrant.
So, a good warrant then? Nope, says the same court.
However, the warrant here failed to meet the particularity requirement because it provided law enforcement with unbridled discretion regarding whether or how to narrow the initial list of users identified by Google. Once the step one search had been conducted, law enforcement officials were able to enlarge the geographic parameters of the search and request additional information on any of the potentially thousands of users identified without any objective criteria limiting their discretion. Again, at step three law enforcement could seek identifying information of any of the users found within the search parameters without restriction on how many users could be identified or any further showing that information concerning each individual user would be relevant to the case.
This failure to place any meaningful restriction on the discretion of law enforcement officers to determine which accounts would be subject to further scrutiny or deanonymization renders the warrant invalid.
So, reading the decision starting from the top, one might be (mis)led to believe the warrants and the evidence were tossed. But, no. Having an invalid warrant — one that was both not particular and overbroad — somehow doesn’t prevent cops from engaging in (an unconstitutional search). Why? Well, because of the dearth of case law that would inform them that such searches would be unconstitutional.
At the time law enforcement officers sought and executed the search warrant, geofence warrants were still a novel investigative tool. The warrant was only the third prepared by Haas, and she had not yet had much of the training on the practice that she would eventually receive. In early 2019 when this warrant was drafted and executed, there were no published cases anywhere in the country, let alone in California, analyzing the constitutionality of geofence warrants.
First off, as of “early 2019,” geofence warrants were not unheard of, much less “novel.” Second of all, the lack of precedent placing limits on geofence warrants is the fault of the courts, not the fault of the defendants.
And, despite pointing out the lack of precedent, the appeals court can’t be bothered to create any of its own. The good faith exception is applied and the court moves on without declaring future geofence warrants with similar particularity/overbreadth problems to be unconstitutional.
The dissent says this is wrong. The court can’t say a warrant is facially invalid but treat it as valid by only considering only the parts it likes about the good faith exception.
The consequences of this decision are potentially significant. Despite finding that the warrant violated the Fourth Amendment, the Court of Appeal declined to apply the exclusionary rule under the good faith exception of United States v. Leon (1984) 468 U.S. 897.
Even if the court didn’t want to upset the apple cart during a murder trial, it could have at least established baselines for geofence warrants. Instead, it examined the issues, declared them to be important, and then… changed nothing about them. This means cops are free to engage in the same behavior in the future, freed from any judicial assumption they might adhere to long-held law about particularity in warrant affidavits. And this late pass on the issue means the court can grant further passes on bad behavior by pointing to its own lack of activity, ensuring the issue remains unsettled even though it’s no longer possible for judges to credibly claim geofence warrants are “novel.” Inactivity gives the government wins it hasn’t actually earned. And giving a different branch of the government what it wants is not why courts exist.
Filed Under: 4th amendment, california, geofence, geofence warrants, warrants
Court Gives Its Blessing To FBI’s J6 Geofence Warrant, Denies Motion To Suppress
from the tons-of-data-in-a-pretty-tight-fence dept
Geofence warrants are just part of day-to-day cop business these days. Rather than moving forward with a list of suspects, law enforcement agencies just ask for data on everyone in a certain area at a certain time and move backwards to probable cause to investigate and arrest.
When a bunch of violent jackasses stormed the Capitol in hopes of disrupting a (no longer peaceful) transition of power, they immediately became targets of federal investigators. The Capitol raid gave investigators a haystack of targets, all generating another, larger haystack of location data. The best place to get this data in bulk is from Google, which really enjoys collecting location data.
Shortly after the insurrection attempt, the FBI issued lots of geofence warrants and began working its way back to a (long) list of suspects. How much data the FBI initially obtained wasn’t revealed until a J6 suspect challenged one of the FBI’s geofence warrants in court. It was a lot.
A filing in the case of one of the January 6 suspects, David Rhine, shows that Google initially identified 5,723 devices as being in or near the US Capitol during the riot. Only around 900 people have so far been charged with offenses relating to the siege.
[…]
For the final step, the government sought subscriber information, including phone numbers, Google accounts, and email addresses, for two groups of users. The first was for devices that appeared to have been entirely within the geofence, to about a 70 percent probability. The second was any devices for which the Location History was deleted between January 6 and January 13.
From this, in early May 2021, the FBI received identifying details for 1,535 users, as well as detailed maps showing how their phones moved through the Capitol and its grounds.
The suppression motion filed last month has been denied. The ruling [PDF] from the DC District Court does have a few problems with geofence warrants generally, but not this particular one. (h/t Michael Vario)
Drawing from a dearth of precedent (one federal court opinion and six magistrate judge examinations of warrant requests), the DC court moves toward creating some of its own.
First, it says the warrant was not “overbroad,” no matter how much data was sorted through by Google and given to the FBI.
Specifically, Defendant first argues that step one, in which Google provided the Government with an anonymized list of devices falling within the geofence’s geographic and temporal parameters, was overbroad because it required Google to query its entire Sensorvault without probable cause “to search untold millions of unknown accounts in a massive fishing expedition.” But, as the Government points out, the relevant question is not how Google runs searches on its data, but what the warrant authorizes the Government to search and _seize. Under Defendant’s theory, no doubt many search warrants and most third-party subpoenas for protected records would be unconstitutionally overbroad because they necessarily would require the third party to search some group of records larger than those specifically requested, whether they reside in a file cabinet or on a server_…
The court also says there’s no expectation of privacy in anonymized location data. Referencing the Supreme Court’s Carpenter decision, it says hoovering up massive amounts of data related to hundreds of devices isn’t the same thing as harvesting data targeting a particular device over the space of days or weeks. But even though it comes to this conclusion, it still says geofence warrants have the potential to do damage to Fourth Amendment rights.
Defendant has made no allegation that his or others’ identity was knowable based on the anonymized list produced at step one, and considering the geographic and temporal limitations on the geofence area, it likely would not be possible to deanonymize the list indirectly by cross-referencing more revealing location points—for example, the location where the device spent the night. Accordingly, on the facts of this case, the Court has no basis on which to find that Defendant’s Fourth Amendment rights were implicated at step one.
That said, the Court acknowledges that the scope of legally obtainable anonymous data made possible by geofencing technology could present potentially significant risks to privacy, even if those privacy interests cannot be expressed through Defendant’s challenge to step one of this particular warrant, on these particular facts, under current law.
Finally, it says the supposed overbreadth of the warrant was justified by the scope of the (mass) criminal event.
At the outset, because a warrant’s authorization may be “no broader than the probable cause on which it is based,” Hurwitz, 459 F.3d at 473 (citation omitted), it is necessary to define the scope of that probable cause. January 6 was a unique event in a _geographically unusual place such that the scope of probable cause was uncommonly large. Because the Capitol building was not open to the public on January 6 due to the counting of the votes of the Electoral College, the fact of having entered the building during the geofence timeframe itself constitutes evidence of a crime_…
Based on an unusual abundance of surveillance footage, news footage, and photographs and videos taken by the suspects themselves while inside the Capitol building, there is much more than a “fair probability” that the suspects were within the geofence area and were carrying and using smartphones while there, such that their devices’ LH would provide evidence of a crime.
Also, the geofence set up by the FBI was extremely unlikely to cast a dragnet full of innocent bystanders, given the Capitol building’s location.
[A]s relevant to the 37 deleted devices, the area around the Capitol is unusual for its lack of nearby commercial businesses or residences. Indeed, while Defendant does not make any specific allegations about any such nearby buildings, the Court’s best estimate is that the nearest is no less than about a quarter of a mile away, or approximately 400 meters. By Defendant’s own admission, the error radius is not known to exceed 387 meters, Def.’s Mot.Suppress at 8, and the error radius for Defendant’s location points in particular extends only as high as 264 meters…
_Furthermore, while public streets do appear to be somewhat closer to the geofence area, extensive road closures west of the Capitol, in anticipation of the rally on the ellipse on January 6, including on Pennsylvania Avenue, reduce the likelihood that any stray cars would have been picked up in the geofence error radius_…
To its credit, the FBI set up a very tight geofence.
And it could do it in this case because, as the court pointed out, pretty much everyone in the Capitol building that didn’t work there was, at the very least, trespassing on federal property.
And, even if it hadn’t found this particular warrant in this particular case to be constitutional, the court still would have given the government a pass on this one. The good faith exception would apply, especially since the defendant’s particularity arguments seem to focus more on the size Google’s data dump, rather than the warrant approved to obtain the location records from Google.
This denial can be appealed. And maybe it will be. But given the facts of the case here, it seems unlikely the DC Appeals Court will find any reason to overturn the lower court’s ruling. The facts favor the FBI here and the dearth of existing precedent will likely result in future applications of the good faith exception. That doesn’t mean these warrants aren’t worth challenging. It just means this geofence warrant was better crafted than most.
Filed Under: 4th amendment, fbi, geofence warrants, january 6th
Companies: google
Law Prof Suggests Geofence Warrants Are A Net Gain For The Public, Even If They Invert The Probable Cause Standard
from the area-law-prof-feels-cops-shouldn't-be-restrained-by-the-Constitution dept
On March 9th, we covered a Virginia court’s decision to reject a geofence/”reverse” warrant as unconstitutional. This was brought to our attention by FourthAmendment.com. Roughly a month later, it’s suddenly news.
The belated coverage — most of which is simply a reprint of an Associated Press report — is kind of terrible. So is the original reporting. Here’s ABC News’ regurgitation of the AP report:
The decision — believed to be the first of its kind — could make it more difficult for police to continue using an investigative technique that has exploded in popularity in recent years, privacy experts say.
The ruling came earlier this month in a closely watched Virginia case in which the robbery suspect argued that the use of a “geofence warrant” violated the Fourth Amendment.
First: this rejection is not the “first of its kind.” These warrants have been rejected by courts before. Here’s Techdirt’s coverage of two consecutive rejections of a geofence warrant published in June 2020. Here’s another rejection covered by Techdirt — this one arriving nearly a year ago, in June 2021.
So, not the first of its kind. And for a “closely watched,” it seems to have been ignored for most of the month before achieving some sort of critical mass via the AP’s reporting.
It has also caused people to form opinions. Some of those opinions are as awful as the delayed reporting preceding them. Case in point, this op-ed written for the Washington Post by University of Arizona law professor, Jane Bambauer.
According to the headline, this is the argument Bambauer is making:
Letting police access Google location data can help solve crimes
Well, sure. That’s an easy argument to win. All sorts of things would help police solve crime, like warrantless searches of houses or a national registry of all users of messaging services that includes accounts and passwords. Plenty of things would help solve crimes. But we have a Constitution that says rights can’t be ignored just because law enforcement wants to be more efficient.
Because this fact of American life is inescapable, there’s a head nod towards the Constitution in the subhead… but only to suggest the Constitution doesn’t apply to geofence warrants and their reversal of probable cause requirements.
Acquiring anonymous data about which devices were in a bank at the time of a robbery should not be unconstitutional.
Really? I mean, is that the argument that needs to be made: that tech company data collections should be an open book for law enforcement? The operative word is “reasonable.” “Reasonable” as in searches and “reasonable” as in expectations of privacy. People may agree to share location data with Google. That doesn’t mean they should “reasonably expect” law enforcement can obtain this data with so-called warrants that turn all devices in sometimes very unreasonable proximity of a criminal act into evidence of that criminal act. And it turns everyone into a suspect until proven otherwise by corroborating data that relies on a pretty unconstitutional process to generate leads.
The argument in the body of the Washington Post op-ed is about as conclusory as the headline, unfortunately.
Clearly, some judges are uncomfortable with giving police any access, absent a finding of probable cause, to the gobs of data that are collected on law-abiding Americans. But while some civil-liberties advocates hailed the decision, it may reflect a too-cramped view of how to balance a right to privacy against the effective maintenance of public security. In truth, geofence warrants present an opportunity for sound policing that is consistent with constitutional principles.
Cognitive dissonance is definitely one way to present an argument. It won’t be taken seriously by people who seriously consider things, but it will be useful to people who present arguments resting almost solely on appeals to authority, like so many law enforcement officials do.
But this is Bambauer’s wheelhouse. She hasn’t always been terrible about law enforcement/tech issues. She appears willing to seriously consider the implications of allowing law enforcement to exploit the gaps between the law and tech advances. But she also has provided plenty of arguments law enforcement officials will find attractive (and, hopefully, convincing) in published papers and articles.
Here’s her coming down on the side of those who see American’s carceral state as something more closely aligned with uncalibrated vengeance, rather than the system of justice and rehabilitation it pretends to be.
The other two of us — Jane Bambauer and Andrea Roth — independently arrived at the same methodology as a way to determine what sentence of imprisonment might be “proportionate” to the harm inflicted by the crime. Their motivation was to explore whether the substantive due process limits on punitive damages in tort law (which, under State Farm v. Campbell, generally cannot be over 10 times the amount of “compensatory” damages corresponding to the harm caused) might be extended to criminal sentences as well. Bambauer and Roth overcame the difficulty in estimating what part of a criminal sentence corresponds to the harm caused by the crime by using RHV. This method measured the harm-equivalent sentence by quantifying what length of prison sentence survey respondents would be willing to endure to avoid being victimized by various crimes.
Bambauer and Roth’s results suggest that sentences exceeding a 10:1 ratio to “harm” are routinely imposed and thus would be presumptively unconstitutional under Campbell.
Good stuff. But most of what Bambauer has advocated for in the past more closely aligns with this op-ed. If cops can exploit tech because the law is underdeveloped, the public would be better served even if their rights are sacrificed on the altar of cop efficiency.
One such sacrifice would be to the God of Facial Recognition. As Bambauer argues in this paper, any immediate “hassle” of innocent people due to imperfect tech would first be outweighed by contributions to public safety. This would allow police activity to scale properly (in Bambauer’s belief) while the public waits for courts and laws to catch up with the constitutional implications.
Because courts designate practices as individualized when they are costly (for example, gumshoe methods) or lucky (for example, tips), the requirement has confined law enforcement to practices that cannot scale. New investigation methods such as facial-recognition software and pattern-based data mining, by contrast, can scale up law-enforcement activities very quickly. Although these innovations have the potential to increase the accuracy of stops and searches, they may also increase the total number of innocent individuals searched because of the innovations’ speed and cost-effectiveness. By reforming individualization to minimize hassle, courts can enable law-enforcement innovations that are fairer and more accurate than traditional police investigations without increasing burdens on the innocent.
The same point is made again, possibly even less artfully, in Bambauer’s post for Lawfare.
[A]cknowledging the potential costs of police use of facial recognition, I make the case that such use is still warranted. My argument goes as follows: (1) to the extent criminal justice reformers have political capital to spend, it should be spent dramatically reducing criminal liability and sentences for all crimes while increasing the probability that criminal conduct will be detected; and (2) facial recognition is a valuable tool for increasing the probability of detection because it reduces the discretion that police officers have as compared to other forms of surveillance. Holding everything else constant, it is more efficient and more fair for police to run a photograph through facial recognition software to identify candidate suspects than to try to identify the suspect using witnesses or to solve the case without using the image.
This published paper is even more absurd. The first sentence is a non-starter and it closes with a completely bizarre assertion that is completely disconnected from reality.
This short essay makes the uneasy case for the narcotics dog. Those in favor of U.S. drug enforcement presumably need no convincing, but this Article intends to address the concerns of skeptics who worry about unjust drug enforcement, or who believe that criminalization is just plain bad policy. Dogs are just the first generation of a new set of law enforcement tools that can help us divorce criminal investigation from the bias and discretion that comes with traditional policing.
As long as drug dogs are used by cops, they cannot possibly be divorced from “bias and discretion.” The problem isn’t necessarily the dogs. It’s the police. They’re “bias and discretion” incarnate. Until you remove bias and discretionary enforcement from the business of policing, it doesn’t really matter what case you make for drug dogs. For their entire history, drug dogs have been nothing but animals trained to do tricks that allow cops to bypass constitutional protections.
Back to the matter at hand, Bambauer believes the Virginia court was wrong. And she has brought more incorrect assertions to back up her assertions.
[T]he judge overemphasized the importance of consent. Even though voluntary consent is a factor in determining which privacy expectations are “reasonable,” it is not a necessary condition. There’s clearly no consent involved when phone companies track the numbers people have dialed or banks keep records of deposits and withdrawals, but police can access these without a warrant. Police of course can also observe and follow people in public even though people have not affirmatively consented to being watched in public. And police can freely consult security-camera footage, inside and outside of buildings.
First, the courts are starting to pay more attention to what consent means in this context, as well as what’s reasonable following the Supreme Court’s decision in the Carpenter case. Some courts are starting to realize that consent to supply information to service providers is not a tacit agreement to share that info with the government. Cell site location info has already been found to be past the bounds of “reasonable,” at least in some situations. This op-ed ignores this fact and tries to equate other records still covered by the Third Party Doctrine to the mass collection of location info from hundreds of non-suspects via reverse warrants.
Then it goes on to assert something that simply isn’t true: police cannot “freely consult” security camera footage collected and owned by private companies or individuals. They can request it and seek consent. But no one is obligated to turn over this footage without being served a warrant or subpoena.
According to this op-ed, as long as the list of potential suspects was whittled down to an apparently acceptable number, no harm was done.
It is not clear what sorts of encounters and information-gathering the police used to rule out these two potential suspects, but the anxiety and privacy burden absorbed by them was almost certainly greater than the burden to the 18 individuals whose approximate movements in public during a one hour time span were disclosed in deidentified form.
Basically, this piece says the Fourth Amendment should not be applied to new tech because doing so might prevent law enforcement from investigating some crimes. But even taking that at face value would be incorrect. It won’t stop law enforcement from investigating crimes. It will simply stop law enforcement from using these methods during investigations. Investigations will still occur. It’s just that cops won’t be able to use Google to build their lists of suspects. All is not lost if courts find these warrants unconstitutional. Law enforcement investigators solved crimes before Google and smartphones. They’ll still be able to do this even without access to a third party’s data stores.
Filed Under: 4th amendment, drug dogs, geofence warrants, law enforcement, surveillance
Legislators Looking To Ban Geofence/Reverse Warrants In The State Of New York
from the illegalize-it dept
A report published by Google’s transparency team last August made it clear reverse warrants weren’t a law enforcement fad, but rather a trend. Google is the recipient of pretty much every so-called reverse (or geofence) warrant issued, thanks to its vast stores of location info. When cops have a crime but no likely suspect, they have the option of turning everyone with a cell phone in the area into a suspect and working their way backwards from this list of data to find the most likely suspects.
Google’s report showed an exponential escalation in geofence warrant deployments.
According to the data, Google received 982 geofence warrants in 2018, 8,396 in 2019 and 11,554 in 2020.
While regular search warrants generally show probable cause to search a suspect’s property for evidence of criminal activity, the only probability needed for geofence warrants is the likelihood the data investigators are seeking is held by Google. This reversal of the probable cause equation has resulted in an explosion of requests sent to Google, but since the process involves the very early steps in a criminal investigation, there have been very few direct challenges of reverse warrant-derived evidence during criminal trials.
With Google unable to make a call as to whether requests are overbroad and court oversight being mostly an exception, it may be up to lawmakers to curtail the use of warrants that ask private companies to perform proxy searches for criminal suspects. Fortunately, some lawmakers are doing exactly that, as Zack Whittaker reports for TechCrunch. (h/t Michael Vario)
A New York bill that would ban state law enforcement from obtaining residents’ private user data from tech giants through the use of controversial search warrants will get another chance, two years after it was first introduced.
The Reverse Location Search Prohibition Act was reintroduced to the New York Assembly and Senate last year by a group of Democratic lawmakers after the bill previously failed to pass. Last week, the bill was referred to committee, the first major hurdle before it can be considered for a floor vote.
The bill, if passed, would be the first state law in the U.S. to end the use of geofence warrants and keyword search warrants, which rely on asking technology companies to turn over data about users who were near the scene of a crime or searched for particular keywords at a specific point in time.
The bill [PDF] anticipates the loopholes law enforcement might try to use and closes them. It also makes it clear the courts have no say in this matter at all.
§ 695.10 Issuance of reverse location court orders and reverse keyword court orders. No court shall issue a reverse location court order or a reverse keyword court order.
As for state and local law enforcement agencies, their options are similarly nonexistent.
1. No government entity shall seek, from any court, a reverse location court order or a reverse keyword court order.
2. No government entity shall make a voluntary reverse location request or a voluntary and reverse keyword request.
3. No government entity shall seek, secure, obtain, borrow, purchase, use, or review any information or data obtained through a reverse location request or a reverse keyword request.
4. No government entity shall seek the assistance of any non-governmental entity, any agency of the federal government, or any agency of the government of another state or subdivision thereof in obtaining information or data from a reverse location court order, reverse keyword court order, reverse location request, or reverse keyword request if the government entity would be barred from directly seeking such information under this article.
So, that makes it pretty much impossible for law enforcement to route around the law. The courts are banned from issuing warrants. Investigators can’t ask other agencies to execute reverse warrants on their behalf. And, if law enforcement somehow manages to obtain this data by utilizing an unforeseen loophole in the law, it still won’t work. The ban provides for automatic suppression or exclusion of evidence derived from a geofence warrant.
In addition, the law provides a legal avenue to sue government entities if they do break the law. Citizens who’ve had their location info illegally obtained by law enforcement can sue the agency that performed the illegal search and recover $1,000 per violation and punitive damages.
It’s a pretty solid law. And that means someone in the state legislature is going to try to kill it or, at least, neuter it into uselessness. Hopefully the bill’s sponsors and supporters can guide it safely through the gauntlet of “tough on crime” legislators, overly powerful police unions, and overly powerful law enforcement agencies. Law enforcement has embraced this new way to obtain data generated by thousands of innocent people but has yet to prove it can be trusted with it. The best thing is to take the option away before it does any damage.
Filed Under: 4th amendment, general warrants, geofence, geofence warrants, new york, privacy, reverse warrants
Court Documents Show The FBI Used A Whole Lot Of Geofence Warrants To Track Down January 6th Insurrectionists
from the easier-to-do-when-most-people-are-in-an-area-illegally dept
The new hotness for law enforcement isn’t all that new. But it is still very hot, a better way to amass a list of suspects when you don’t have any particular suspect in mind. Aiding and abetting in the new bulk collection is Google, which has a collection of location info plenty of law enforcement agencies find useful.
There’s very little governing this collection or its access by government agencies. Most seem to be relying on the Third Party Doctrine to save their searches, which may use warrants but do not use probable cause beyond the probability that Google houses the location data they’re seeking.
Law enforcement agencies at both the local and federal levels have availed themselves of this data, using “geofences” to contain the location data sought by so-called “reverse warrants.” Once they have the data points, investigators try to determine who the most likely suspect(s) is. That becomes a bigger problem when the area contained in the geofence contains hundreds or thousands of people who did not commit the crime being investigated.
These warrants have been used to seek suspects in incidents ranging from arson to… um… protesting police violence. They’ve also been used to track down suspects alleged to have raided the US Capitol building on January 6, 2021 — the day some Trump supporters decided (with the support of several prominent Republicans, including the recently de-elected president) that they could change the outcome of a national election if they committed a bunch of federal crimes.
Plenty of those suspects outed themselves on social media. For everyone else, there’s reverse warrants, as reported by Wired. (h/t Michael Vario)
Court documents suggest the FBI has been using controversial geofence search warrants at a scale not publicly seen before, collecting account information and location data on hundreds of devices inside the US Capitol during a deadly invasion by a right-wing mob on January 6.
While Google receives over 10,000 geofence warrants for location data in the US a year, those covering the Capitol breach appear to have been particularly productive, apparently enabling the FBI to build a large, searchable database in its hunt for the rioters.
Well, the documents do more than “suggest.” The underlying warrants are likely still sealed, so some conjecture is involved. But other stuff has leaked out around the redactions and the sealing, showing the FBI was issuing warrants even while the attempted insurrection was still underway. The feds can move fast when needed, apparently. This is from a criminal complaint related to Mitchell Vukich — one Capitol raider who not only tweeted he was inside the Capitol while still apparently in the Capitol (“_I was one of the first 15 people in the #Capitol. Wild stuff. Be safe out there._“), but was caught on several security cameras as he made his way through the building and seemingly ran off with some government documents.
According to records obtained through a search warrant which was served on Google, on January 6, 2021, in and around the time of the incident, a mobile device associated with mitchellvukich66@gmail.com was present at and in the interior of the U.S. Capitol on January 6, 2021.
However you may feel about the Asshat Revolution of January 6th, this isn’t an ideal — or even an acceptable — way to conduct an investigation. Reverse warrants make everyone in the area a criminal suspect. Probable cause doesn’t exist. It does in terms of Google: there’s a highly probable chance the company has location data captured in areas under investigation. But law enforcement asks for all of it and works backwards to find suspects. Once it does that, it has probable cause to seek identifying information. But this method inverts the accepted (under the Fourth Amendment) formula for performing searches.
And, since the search warrant (as well as the results of the search) are still secret, we can only assume the FBI acted in good faith. It may not have.
“What might have happened is that the FBI got the anonymized data and just got straight back in touch with Google and said we suspect 90 percent of these people, so give us their IDs,” says Matthew Tokson, a law professor and Fourth Amendment expert at the University of Utah. “Or it may have been an atypical warrant where they said to Google: Give us not only the numbers but the account names, because we think we have probable cause on the bulk of them.”
And that’s the concern law enforcement can keep from being addressed by asking for (and receiving) permission to seal warrant affidavits and discussions of this investigative technique, even though the technique is known and understood and already widely discussed in the public arena.
Suspects who think they can beat these warrants actually can’t. A lot of that can be traced back to Google, which has never been completely honest about its location data harvesting. Some of that can be pinned on the suspects, who fail to understand that a factory reset only affects data stored on that device.
[C]ourt documents say that Jeffrey Register deleted photographs of his time in the Capitol and even claimed to have factory-reset his phone in the days after the breach to obscure his tracks. It was already too late; the FBI appears to have identified him from the Google geofence data in January…
That’s the kind of thing that happens when you’re cosplaying insurrection, OPSEC is an afterthought. For the people hunting you down, however, finding and acquiring reams of culpatory data is the thing they get paid to do. Getting high on your own supply of confirmation bias can have consequences, especially when it involves the impromptu violation of federal laws.
But at the end of all this is the skyrocketing use of reverse warrants to identify criminal suspects. That it has only resulted in a few false arrests is a miracle, not an endorsement of the investigative technique. While there has been occasional pushback against inverting the constitutional status quo, the large number of geofence warrants served to Google every year suggest law enforcement isn’t too worried about losing access to a powerful tool that takes full advantage of private companies’ apparently unslakable thirst for personal data.
Filed Under: 4th amendment, doj, fbi, geofence warrants, january 6th
Reverse Warrants Show Feds Sought Data On Thousands Of Police Brutality Protesters In Kenosha, Wisconsin
from the it's-ok!-the-NSA-said-this-was-cool-and-legal! dept
Is there anything law enforcement won’t use geofence warrants for? The answer appears to be “no.”
A recent Google transparency report shows exponential growth in the geofence (a.k.a. “reverse“) warrant market, one that Google has inadvertently cornered by collecting more GPS info than any of its competitors. These aren’t traditional warrants. Traditional warrants use probable cause to justify searches of places, people, and objects (like vehicles).
“Reverse” warrants are just that: a dragnet cast by cops to find a suspect in a pool of possibilities, most of whom are not criminals. Working backwards from a long list of GPS data points and cellphone information, investigators try to find the most likely suspect and then move forward again, this time using some actual probable cause. They’re not always correct. And they seem largely unconcerned that demanding location data on hundreds, if not thousands, of innocent people perverts the process.
A recent report by Russell Brandom for The Verge shows the trend towards bulk collection continues. And, as reported previously, it involves federal agents who want to convert state charges to federal charges (using imaginative readings of the phrase “interstate commerce” to do so) to generate as much pain as possible for people who participated in protests against police violence, whether lawfully or not.
Protests in Kenosha, Wisconsin following the shooting of a black man by police quickly turned violent. Not only were businesses burned and destroyed, a 17-year-old interloper named Kyle Rittenhouse convinced his mom to drive him to Kenosha from his home in Antioch, Illinois. Once there, the armed Rittenhouse engaged in his vigilante fantasies, shooting three protesters, killing two of them.
The ATF was more interested in the arson, though. And it thought the best way to generate investigative leads was to gather information on thousands of protesters, almost every one of which did not start any fires.
A series of six newly unsealed warrants (1 2 3 4 5 6), some previously reported by Forbes, show a persistent effort to use Google’s location services to identify Android users in the vicinity of arson incidents.
Issued in quick succession on September 3rd, the warrants came from a team of 50 arson investigators from the bureau of Alcohol, Tobacco and Firearms, deployed to Kenosha to prosecute property damage cases connected to the protests. Using the warrants, The agents targeted seven different geographical zones, asking to identify anyone located within that area during a span that could stretch as long as two hours. The result was a kind of location dragnet, spread over some of the busiest times and locations in the first days of the protest.
The government wants haystacks. It firmly believes it can find needles. And it thinks it can do that often enough and with enough certainty no innocent hay will be treated like a criminal needle. That’s insanely arrogant. The more data points you have, the more chances you have of picking the wrong one.
But maybe it really doesn’t matter in these cases. After all, the DOJ and its components have proven more than happy to inflict collateral damage on protesters unhappy with the current state of law enforcement. If this ends in a few bogus arrests, does it really matter?
It might matter to the courts. A few judges have blocked these warrants, calling them vague and unconstitutional. And courts might be receptive to the arguments of those wrongfully arrested as a result of the use of these “reverse” warrants. The only probable cause the government has when it issues a geofence warrant is that it’s likely Google houses the information it wants to collect. But it needs more than that. If all the government needed was the solid assumption a non-party/non-suspect possessed information it wanted, warrants could be completely unmoored from criminal investigations and used to grab any information the government has an interest in.
Those are legitimate concerns. Unfortunately, law enforcement doesn’t share these concerns.
[One] warrant looks at a suspected arson of the Kenosha Public Library, based on lighter fluid and rags that were discovered in a northeast window well alongside minimal fire damage. Without direct witnesses to the fire, police set a two-hour window and a geofence covering the middle third of the downtown’s largest public park space. It was a significant span of time on the busiest night of the protest in an area that provided a natural meeting place for anyone who had taken to the streets that night.
I guess the ATF sees no harm in potentially rounding up several innocent protesters and subjecting them to facetime with federal agents — federal agents who, by the way, can ring people up on charges simply for lying to them. The only thing standing between these warrants and some pretty ugly — but inevitable — outcomes is the courts. Google can anonymize information as much as possible, but follow-up demands are predicated solely on investigators’ beliefs that they’ve found criminal suspects. How accurate those hunches are won’t be discovered until they’re in possession of identifying info — info that can be traced back to the original dragnet supported by nothing more than the assumption grabbing all this data will allow investigators to continue their investigations.
Filed Under: 1st amendment, 4th amendment, atf, geofence warrants, kenosha, police, protests, reverse warrants, surveillance, wisconsin