Geofencing Warrants Are a Threat to Privacy
A precedent set in the January 6 prosecutions could be dangerous to the public.
The House committee investigating the events of January 6, 2021, is nearly finished with its work, and a jury convicted a key figure in the attack on the Capitol of seditious conspiracy this week. Nearly 900 other criminal prosecutions of alleged rioters remain underway, and one case has shed troubling new light on how the FBI investigated these defendants.
The suspect's name is David Rhine, and what makes his case unique, per Wired and Emptywheel, is his lawyer is the first to present a potentially successful challenge to the geofencing warrant the FBI used to place some defendants inside the Capitol building during the attack.
A previous Wired report last year found 45 federal criminal cases citing the warrant, which required Google to provide the FBI with data on devices using its location services inside a set geographic area—in this case, in or very near the Capitol. Rhine's case has revealed just how expansive the FBI's request to Google really was.
Google initially listed 5,723 devices in response to the warrant, then whittled the tally to exclude likely Capitol staff and police as well as anyone who wasn't "entirely within the geofence, to about a 70 percent probability." The final list of identifying details handed over to the FBI had 1,535 names. It included people whose phones had been turned off or put in airplane mode, and "people who attempted to delete their location data following the attacks were singled out by the FBI for greater scrutiny.
In about 50 cases, Wired notes, "geofence data seems to have provided the initial identification of suspected rioters." Rhine is technically not among them—the FBI got a tip he'd been at the attack—but it was only through the geofencing warrant that agents were able to find surveillance footage showing him inside the building.
And that gets us to what's troubling here: The Fourth Amendment requires search warrants to specify "probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." A geofencing warrant arguably allows law enforcement to work backward, to say, We think a crime was committed around this place and this time. Let's sweep up location data for everyone who was there and investigate them all.
Legal experts differ on the constitutionality of this approach, but it sounds remarkably like a general warrant: "one that 'specifie[s] only an offense,' leaving 'to the discretion of executing officials the decision as to which persons should be arrested and which places should be searched.'" General warrants are exactly what the Fourth Amendment is intended to preclude.
It's easy to conjure scenarios where a geofence warrant would lead police straight to the guilty party with no collateral damage. If you are murdered alone in your house at the center of your 50 undeveloped acres at 2 a.m., and a geofencing warrant turns up one other person on the property at that time, then sure, there's a solid (albeit not absolute) chance that person is the killer.
Yet as the Capitol cases show, that's far from the only scenario in which a geofencing warrant might be employed, and once you consider a scenario with a larger group of people inside the fence, the risks begin to be obvious.
Beyond the constitutional objection, there's the abrogation of privacy for everyone who isn't guilty. A geofencing warrant gives the police a map of the movements of many innocent people's phones. That map is not certain to be accurate; it does not prove that the phone's owner was the one making those movements; and even with complete accuracy and certainty, there's no guarantee police will interpret the map correctly. In 2020, for example, geofence data including a Florida man's Runkeeper records got him wrongly accused of burglary. He avoided prosecution, but the ordeal cost him thousands of dollars.
Moreover, the innocence of the crime currently under investigation is no guarantee against some part of that movement catching an officer's eye: Well, he couldn't have done the murder because he wasn't close enough, but he did go to this other house for 10 minutes at 1 a.m., and weren't we thinking the guy who lives there is dealing?
It's also easy to envision geofencing warrants undergoing the usual surveillance mission creep. Unless a challenge like Rhine's succeeds, the "January 6 cases are going to be used to build a doctrine that will essentially enable police to find almost anyone with a cellphone or a smart device in ways that we, as a society, haven't quite grasped yet," American University law professor Andrew Ferguson told Wired. Left unchecked, law enforcement could decide geofence data would come in handy while looking for a journalist's whistleblowing source, or perhaps at political protests.
That happened in summer 2020 in Kenosha, Wisconsin, when the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) used at least a dozen geofencing warrants. The stated purpose was identifying people responsible for the estimated $50 million in damage from rioting and looting, but it's inconceivable that those warrants did not also sweep up the names of peaceful protesters, to say nothing of local residents and business owners uninvolved in the unrest. Maybe demonstrators will leave their phones at home for future protests, or maybe they'll decide not to go at all.
Law enforcement use of geofence data is relatively novel, but it has skyrocketed in recent years: "Between 2017 and 2018, the number of geofence warrants issued to Google increased by more than 1,500 percent; between 2018 and 2019, over another 500 percent." By last summer, Google said geofencing warrants comprise a quarter of all legal demands it receives.
That trend won't stop absent legal constraint, and the January 6 cases—which have had a way of scrambling ordinary political alignments on criminal justice issues—could set a crucial precedent on this question. Whether it's a good precedent, however, remains to be seen.