The Fifth Circuit Shuts Down Geofence Warrants—And Maybe A Lot More

Once in a while there is a court ruling on the Fourth Amendment that just makes my jaw drop.  The Fifth Circuit had such a ruling last Friday, United States v. Jamarr Smith. The case creates a split with the Fourth Circuit on one important issue, and it creates another split with the Colorado Supreme Court on an even more important issue.

The new case is about the Fourth Amendment limits of geofence warrants, which are warrants to access location information for users who have opted into having Internet providers retain location history.  The Fifth Circuit makes two important holdings. First, accessing any amount of geofence records is a search under an expansive reading of Carpenter v. United States. That's the issue that creates the split with the Fourth Circuit in United States v. Chatrie.  As I noted just a few weeks ago, Chatrie held that accessing such records is not a search in the first place, at least if the records sought are relatively limited in scale. The Fifth Circuit expressly disagrees.

Second, and much more dramatically, the Fifth Circuit rules that because the database of geofence records is so large, and because the whole database must be scanned through to find matches, the Fourth Amendment does not allow courts to issue warrants to collect those records. In legal terms, it is impossible to have a warrant particular enough to authorize the surveillance.  The government can't gather these kinds of online records at all, in other words, even with a warrant based on probable cause.  This holding conflicts with a recent ruling of the Colorado Supreme Court, People v. Seymour, and more broadly raises questions of whether any digital warrants for online contents are constitutional.

There's obviously a lot going on in this new decision.  Because I have blogged about the search issue several times before, including just last month, I want to focus this post instead on the second ruling—that geofence warrants are not permitted, even with probable cause.  I think this ruling is wrong, and that it's very important for it to be overturned.  This post explains why.

I. The Legal Context

First, some context.  When the government obtains a geofence warrant, the provider is ordered to provide data matching the geofence.  The warrant will call for the provider to hand over records made in a particular window of time and that recorded locations in a particular physical area.  The provider has a database consisting of location records of the accounts that opted into the service, and the provider—here, Google—searches through the database looking for a match with the records sought in the warrant.  Google calls this "Step 1" of its geofence warrant process.  If Google finds matches, it then goes through further steps that ultimately gives the government records that are responsive to the warrant.

Warrants have to be particular, and particularity requires two things.  First, the place to be searched must be particular.  For example, the government can't get a warrant to search an entire city block, or to search the entirety of an apartment building with lots of independent units. The place that is searched through has to be smaller than that, like a single business or (more often) a single house.   Second, particularity requires a particular description of the thing to be seized. The government can only take the evidence or contraband that is evidence of the crime.

Most discussions of particularity are about the particularity of the things to be seized.  Prior discussions of particularity for geofence warrants have focused on that. The issue has been, how broad can the warrant can be in terms of how much time and space the warrant can cover?  A geofence warrant orders the provider to hand over records that were of users in a particular area for a particular span of time.  A warrant might cover, say, within a mile of where the crime occurred, for, say, the 30 minutes before the crime occurred and up to 30 minutes after it.  But that kind of particularity is about how broad the records can be that the government gets.

The issue in Smith is about the first kind of particularity—the place to be searched.

II.  The Warrant Ruling

Smith rules that the database that Google has created, through which Google looks for matches with the data described in the warrant, is just too big to search.  Google combines all of its location records from all of its users worldwide into a single database, covering an estimated 592 million people, that it calls Sensorvault.  When Google queries that Sensorvault database, the Fifth Circuit holds, it is scanning through a "place" too big for the Fourth Amendment to allow.

Here's the entirety of the court's above-the-line analysis on this issue, with italics in the main text in the original:

When law enforcement submits a geofence warrant to Google, Step 1 forces the company to search through its entire database to provide a new dataset that is derived from its entire Sensorvault. In other words, law enforcement cannot obtain its requested location data unless Google searches through the entirety of its Sensorvault—all 592 million individual accounts— for all of their locations at a given point in time. Moreover, this search is occurring while law enforcement officials have no idea who they are looking for, or whether the search will even turn up a result. Indeed, the quintessential problem with these warrants is that they never include a specific user to be identified, only a temporal and geographic location where any given user may turn up post-search. That is constitutionally insufficient.

Geofence warrants present the exact sort of "general, exploratory rummaging" that the Fourth Amendment was designed to prevent. Coolidge v. New Hampshire, 403 U.S. 443, 467 (1971); see also Riley, 573 U.S. at 403; Geofence Warrants and the Fourth Amendment, [Kerr note: A student note cited 10 times in the opinion] supra at 2519. In fact, Google Maps creator Brian McClendon has called these warrants "fishing expedition[s]," and explained that Google employees originally assumed law enforcement would only seek Location History data on specific people—a reality that did not come true. Jennifer Valentino-DeVries, Tracking Phones, Google Is a Dragnet for the Police, N.Y. Times (Apr. 13, 2019), https://perma.cc/NCF3-H5DP. "Awareness that the government may be watching chills associational and expressive freedoms." Jones, 565 U.S. at 416 (Sotomayor, J., concurring.). And, when these core rights are at issue, the warrant requirement must "be accorded the most scrupulous exactitude." See Stanford, 379 U.S. at 485.

Here, the Government contends that geofence warrants are not general warrants because they are "limited to specified information directly tied to a particular [crime] at a particular place and time." This argument misses the mark. While the results of a geofence warrant may be narrowly tailored, the search itself is not. A general warrant cannot be saved simply by arguing that, after the search has been performed, the information received was narrowly tailored to the crime being investigated. These geofence warrants fail at Step 1—they allow law enforcement to rummage through troves of location data from hundreds of millions of Google users without any description of the particular suspect or suspects to be found.

In sum, geofence warrants are "[e]mblematic of general warrants" and are "highly suspect per se." Geofence Warrants and the Fourth Amendment, supra at 2520; Amster & Diehl, Against Geofences, [Kerr note: A student note cited 13 times in the opinion] supra at 433– 34; Chad Marlow & Jennifer Stisa Granick, Celebrating an Important Victory in the Ongoing Fight Against Reverse Warrants, ACLU (Jan. 29, 2024), https://perma.cc/SC2R-S7PJ ("The constitutionality of reverse warrants is highly suspect because, like general warrants that are prohibited by the Fourth Amendment, they permit searches of vast quantities of private, personal information without identifying any particular criminal suspects or demonstrating probable cause to believe evidence will be located in the corporate databases they search."); Chatrie (App.), 107 F.4th at 353 (Wynn, J., dissenting) ("[A] [geofence] warrant is uncomfortably akin to the sort of 'reviled' general warrants used by English authorities that the Framers intended the Fourth Amendment to forbid.").

This court "cannot forgive the requirements of the Fourth Amendment in the name of law enforcement." Berger v. New York, 388 U.S. 41, 62 (1967). Accordingly, we hold that geofence warrants are general warrants categorically prohibited by the Fourth Amendment.

The court does go on to say the good-faith exception applies here and so there is no suppression, but that particular ruling is tiny potatoes.  It's the warrant ruling that is the serious biggie here.

III. My Take On Why The Warrant Ruling Is Wrong

I think the Fifth Circuit's warrant ruling is wrong— and not just wrong, but basically bananas.  Here are three reasons why, together with an explanation of why the stakes of the case are so high.

First, the ruling conflicts with the Supreme Court's precedents on warrant particularity.  The Fifth Circuit's decision relies heavily on two law student notes. It quotes an ACLU press release. It also quotes a Wall Street Journal article.  But it doesn't even mention the Supreme Court's relevant caselaw on warrant particularity. And that authority, it seems to me, conflicts with the Fifth Circuit's ruling.

An especially relevant case is United States v. Karo, which considered the Fourth Amendment implications of installing and monitoring a location tracker in physical space.  The Supreme Court had previously ruled that no search occurred when the tracker recorded beeper locations while the beeper was out on public roads. Karo ruled that a search did occur when the tracker was brought inside a home and registered locations inside.

The relevant part of Karo is the Court's reply to an argument the government made about warrant particularity. No warrant was needed to use a tracker, the United States argued, because it wasn't possible to draft a particular warrant.  After all, the whole point of using the beeper is to find the location of the item that the suspect has, and thus to locate the suspect.  If you don't know where the beeper is, then you can't specifically describe the place to be searched. And if you can't specifically describe a place to be searched, you can't get a warrant. Thus, the surveillance should be allowed without a warrant, the government reasoned.

The Supreme Court responded by rejecting the premise and explaining how to draft a warrant in such cases to match the Fourth Amendment particularity standard:

It will still be possible to describe the object into which the beeper is to be placed, the circumstances that led agents to wish to install the beeper, and the length of time for which beeper surveillance is requested. In our view, this information will suffice to permit issuance of a warrant authorizing beeper installation and surveillance.

It seems to me that this controls Smith, too.  The warrant problem in Karo was a lot like the problem in geofence warrant cases.  The "place to be searched" is basically everywhere.  The search would occur wherever the beeper happened to go.  But instead of saying that no warrant could be obtained, the Supreme Court in Karo articulated a way to draft warrants to allow the surveillance.  The place to be searched was the object into which the beeper is to be placed, with the particularity being provided by the length of time for which beeper surveillance is requested.

I personally don't think geofencing is a search in the first place, as I have argued before.  But if we are to say that geofencing is a search, it seems to me that the approach from Karo should govern here.  Following Karo, the particularity should be provided by a description of the database into which the query is made, combined with the length of time (and amount of geographic space) the warrant covers.  We can argue about how long a period is permissible, and how big a geographic space is permissible.  But the idea that there is a cap on the size of the database seems hard to square with Karo.

Unfortunately the Fifth Circuit doesn't discuss Karo, so we don't know what the panel's response to it might be.

Second, the warrant ruling seems hard to square with Carpenter v. United States.  The notion that warrants cannot be obtained to search through particularly large databases also strikes me as hard to square with the Supreme Court's ruling in Carpenter, the case on which the Fifth Circuit's own search ruling is based.

Carpenter made two important rulings.  First, the Court ruled that access to at least long-term cell-site location information (CSLI) is a search.  Carpenter then took on a second issue: Does the government need a warrant to compel CSLI, or can it be compelled with just a subpoena?  The Court ruled that a warrant was required:

Having found that the acquisition of Carpenter's CSLI was a search, we also conclude that the Government must generally obtain a warrant supported by probable cause before acquiring such records. Although the ultimate measure of the constitutionality of a governmental search is 'reasonableness,' our cases establish that warrantless searches are typically unreasonable where a search is undertaken by law enforcement officials to discover evidence of criminal wrongdoing. . . .

This is certainly not to say that all orders compelling the production of documents will require a showing of probable cause. The Government will be able to use subpoenas to acquire records in the overwhelming majority of investigations. We hold only that a warrant is required in the rare case where the suspect has a legitimate privacy interest in records held by a third party.

Carpenter obviously contemplates warrants for non-content user account records. That was the whole premise of the Carpenter's warrant ruling.  The Supreme Court, faced with a decision about what level of protection the Fourth Amendment requires, picked the warrant rule over the subpoena rule.

The Fifth Circuit's ruling in Smith seems hard to square with that.  The nature of the Carpenter ruling is that queries for Carpenter-protected records will generally be through massive databases. Under the Fifth Circuit's decision, however, the Supreme Court's warrant holding in Carpenter was basically meaningless.  Most searches for Carpenter-protected data will be through massive databases.  If the governing law is that a warrant is sufficient (the Supreme Court rule) except when the database queried is massive (the Fifth Circuit's rule), in practice that amounts to a rejection of the Supreme Court's holding in Carpenter.

Third, whether the suspect is known is constitutionally irrelevant.  The Fifth Circuit's opinion is very concerned with the fact that the suspect in a geofence warrant case is unknown.  That is, the whole point of the warrant is to identify the suspect.  The Fifth Circuit treats this as especially troubling.  But I don't get why.

Just a matter of doctrine, it's obviously irrelevant that the government doesn't know who the suspect is yet.  Think about a case like Zurcher v. Stanford Daily., where the Supreme Court upheld a warrant to search a newspaper office to look for photos that the paper's photographers might have taken, all to help identify campus protesters.  The fact that the police didn't know who the suspects were was irrelevant.

And it's hard to imagine a contrary rule.  I mean, most warrants for Internet investigations are to identify a suspect.  The government will trace someone's online conduct, and they'll then try to gather information to identify who was behind the account activity.  Maybe someone sent an online threat from an anonymous account, and the government will get a warrant to search the online account to figure out who sent the threat.  Maybe someone downloaded child sexual abuse material (CSAM) using a particular account, and the government will get a warrant to search the account to know who downloaded it.

The primary point of the warrant in these cases is to find the unknown person who committed the illegal act.  If there is some legal reason that not knowing who the suspect is and getting warrants to find out makes these routine warrants suspect, I cannot fathom what that legal reason might be. The Fifth Circuit does not mention any.

Fourth, the stakes of this case are immense, going way beyond geofence warrants, encompassing most law enforcement and national security surveillance involving the Internet.  I started this long post by saying that the warrant ruling was more important than the search ruling. That's not to say the search ruling isn't important!  But if the search ruling has case-of-the-week importance, the warrant ruling has case-of-the-year importance.

Why is that?  It has nothing to do with geofence warrants.  Instead, it has to do with all the other digital warrants.

By it very nature, gathering digital evidence often means looking for matches through large amounts of data.  There's a query looking for responsive files, and the "hit" on responsive files is the evidence collected.  The question is, what is "searched"?

I remember first thinking about this question in the late 1990s, back when I was at DOJ, in the context of Internet pen registers. If there's a stream of Internet traffic going by, and you have the program scan for a match of non-content records (say, a packet header of a packet sent from a particular IP address), the government is inherently scanning through all of the traffic going by.  I mean, they don't want that other stuff.  They only want the extremely tiny proportion of data that is actually responsive to the court order.  But as I pointed out in this 2003 article, it's the nature of the technology that they have to scan through the haystack to find the needle.

The fundamental question was, if you have a filter scanning through data for a match, is the scope of the search defined by what dataset was scanned through, or is the scope of the search defined by the filter setting?   The stakes are high.  If a filter is scanning through a pipe of Internet traffic streaming by, looking for a packet header, that was either not a Fourth Amendment search at all (as the filter was set to only collect packet header data) or a massive search so broad that any warrant purporting to authorize it was an unlawful general warrant (as all of the data of thousands or in some cases millions of people was scanned).

The conclusion I came to is that the filter setting had to be the key.  Otherwise, the fortuity of the technology rendered essentially all data collection illegal.  It was an instinct that today I would think of as equilibrium-adjustment. As I thought of it then, it just didn't make sense that the technological coincidences of how the Internet was designed and how data is stored would have the effect of dramatically transforming Fourth Amendment protections.

There ended up being not a lot of caselaw on this particular question, as defense counsel did not try to argue the point.  The key case that comes to mind is the Colorado Supreme Court's ruling last year in People v. Seymour, where the Court rejected the claim in the context of a reverse keyword search warrant.  The warrant required Google to look through its entire database of stored queries to see who had made a particular query, and the defense argued that this was a general warrant because it had to scan through the whole database to find the responsive hit. Seymour disagreed:

Seymour asserts that a reverse-keyword warrant of the sort at issue here is necessarily overbroad because the "place to be searched" is Google's entire database, including every user account. True enough, at least in a broad, technological sense. But when analyzing the legality of a warrant, the "ultimate touchstone" is reasonableness. Brigham City v. Stuart, 547 U.S. 398, 403 (2006); see also People v. Davis, 2019 CO 24, ¶ 15, 438 P.3d 266, 269. Here, the scope of the place to be searched strikes us as reasonable when we consider the filter provided by the search parameters set forth in the warrant. Yes, those parameters establish what the government ultimately seized, but, as we discuss further below, they also serve to dramatically reduce the intrusiveness of the search.

The reason I raise all of this is that the Fifth Circuit's ruling, although announced in a case that happens to be about geofence warrants, is about a lot more than that.  It's about CSLI.  It's about pen registers. It's about keyword searches.  It's about pretty much all database queries.  They all have this common feature that the Fifth Circuit found objectionable.  Just create a data source big enough—how big, we don't know, but big—and then it can't be searched, even with a warrant.

The Supreme Court has reserved the "no warrant" rule for extreme facts.  The only example the Supreme Court has identified is a warrant to force a person to endure invasive surgery for evidence that could kill them and isn't important evidentiary purposes, anyway, an exception to the general warrant rule carved out by Justice Brennan in 1985 in Winston v. Lee.  Extending that to big database queries, well, that's a pretty big change.

I'll end with a prediction. In a few days there will be a news story about some national security surveillance program that either stopped, or paused, or at least was the subject of a lot of emergency meetings.  You won't be able to tell from the news story what the program was, or what was the cause of concern. But the untold explanation will be a roomful of very worried national security lawyers trying to figure out what the heck to make of the Fifth Circuit's ruling in United States v. Smith.