By: Stephen Edelblut

 

Recent developments from both Google and the Fifth Circuit continue to limit law enforcement’s ability to use geofencing technology—warrants that allow law enforcement to request location data for all devices within a defined area and time frame—to identify suspects.  Geofence warrants represent a new and increasingly utilized tool in law enforcement investigations.  These warrants allow authorities to request location data for all devices within a specified geographic area during a specific time window, allowing them to narrow down suspects through a process of elimination.  Typically, these requests are almost always directed at Google, although they can be sent to any third-party holding user location data.

Google collects location data from hundreds of millions of users across its platform.  This data is gathered from services like Location History, Web and App Activity (“WAA”), and Google Location Accuracy (“GLA”).  Location History draws from a wide range of sources—GPS, Bluetooth beacons, cellular towers, and Wi-Fi networks—allowing Google to estimate a device’s location with remarkable precision, sometimes within three meters.

The data collected by Google is stored in a repository known as “Sensorvault,” associating every data point with a user’s Google account.  Even when a user is not actively using their device, location data may still be transmitted to the Sensorvault.  Once a user opts into Location History, Google begins storing this data by default, even if the user later deletes the app associated with the tracking.  The system is linked to the user’s Google account, not to specific apps.

Android phones, which make up roughly 70% of the global smartphone market, automatically incorporate Google apps capable of location tracking.  While Apple devices, accounting for about 16% of the global market, do not automatically come with Google tracking app’s predownloaded, popular Google applications downloaded on an Apple device still send location information to Google.

When law enforcement requests data through a geofence warrant, the process involves three steps.  First, law enforcement defines the geographic region (the geofence) and time frame corresponding to the suspected criminal activity.  Second, Google provides anonymized location data for all devices within that area and time window.  Finally, investigators narrow down relevant devices and compel Google to provide identifying information for the user accounts linked to those devices.  Since the first geofence request in 2016, this method has gained popularity, with Google reporting a 1,500% increase in geofence requests between 2017 and 2018, and a further 500% rise from 2018 to 2019.  In 2019 alone, Google received about 9,000 such requests.

The scope of geofencing warrants’ use covers a varying degree of criminal activity.  For instance, geofencing warrants have been used to investigate petty crimes as simple as stolen vehicles or property damage.  On the other end of the spectrum, for example, the FBI used geofence warrants to investigate the January 6, 2021, insurrection, obtaining a list of 5,723 devices from Google, which was eventually narrowed down to 1,535 individuals for prosecution.

Despite the growing popularity of geofence warrants, concerns about privacy have intensified among users and courts alike.  In response, Google has taken steps to curtail its involvement in geofence requests.  In 2023, Google announced it would modify its mapping tool to store users’ location history directly on their devices, rather than in Sensorvault, inhibiting law enforcement from accessing users’ location data from Google even with warrants.  This change is set to take effect on December 1, 2024.  It is likely that these changes will have a substantial effect on the use of geofencing warrants.  However, it is also likely that law enforcement will shift to other third parties, leaving the privacy of users uncertain.

In July, the Fourth Circuit allowed the use of geofencing warrants under certain conditions.  The case involved a bank robbery where law enforcement sought to identify the suspect by obtaining location data for every device present in the area during the hour surrounding the crime.  Google produced data for nineteen devices, which law enforcement used to narrow their focus and identify the suspect.

However, the court found that the geofence warrant lacked probable cause to collect location data for everyone in the area at the time of the robbery.  The court ruled that “warrants, like this one, that authorize the search of every person within a particular area must establish probable cause to search every one of those persons.”  Despite this, the court held that geofence warrants could be valid if sufficiently particularized and supported by probable cause for the specific individuals targeted.

Just last August, the Fifth Circuit in United States v. Smith criticized the Fourth Circuit’s stance, ruling that geofence warrants violate Fourth Amendment protections.  The court emphasized the unique privacy concerns raised by such warrants, pointing out that location tracking “can easily follow an individual into areas normally considered some of the most private and intimate, particularly residences.”

The court further argued that users do not provide informed consent to such invasive tracking merely by opting in to Google’s services.  Consent provided under such circumstances is often uninformed and cannot justify a reasonable expectation of privacy.  As the court reiterated, “a user simply cannot forfeit the protections of the Fourth Amendment for years of precise location information by selecting ‘YES, I’M IN’ at midnight while setting up Google Assistant.”

Recent announcements from both Google and the Fifth Circuit demonstrate significant hesitation about law enforcement’s authority to utilize geofencing technology.  While geofence warrants have become a valuable investigative tool, their use continues to raise serious concerns about user consent to data collection and the constitutional protections under the Fourth Amendment.  As data collection becomes increasingly pervasive, the effectiveness of geofencing will likely grow, but so will the potential intrusion on personal privacy.  Consequently, the Supreme Court may need to address the Circuit split early on to clarify the role of law enforcement in the age of data collection.

 

Student Bio: Stephen Edelblut is a second-year law student at Suffolk University Law School.  He is a staff writer for the Journal of High Technology Law.

Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.