In a recent order, a Virginia state court rejected an application for a geofence search warrant for insufficient probable cause and particularity. Geofence warrants—also known as “reverse location” searches—are an increasingly popular investigative tool that allow law enforcement to identify all devices in a particular location, later narrowing down the search to focus on particular suspects or witnesses. Despite the rapid uptick in their use, only a handful of publicly available court decisions have assessed the constitutionality of geofences. This Virginia order provides valuable guidance for law enforcement and providers on the limits of geofence warrants, particularity related to the scope of geofences and law enforcement discretion in investigating and unmasking phones of interest.
In this case, law enforcement applied for a geofence search warrant directed at Google to identify individuals involved in a shooting outside a motel. The application sought identifying information for cell phones located in three zones, one that encompassed the motel and two others that captured adjoining spaces. The geofence zones covered all the same time period of just under three hours. The application proposed a three-step process to obtain location history and user data from Google:
- Create the virtual geofence zones to get an anonymized list of cell phones in the zones at the appointed times;
- Review the anonymized list to eliminate cell phones law enforcement deems irrelevant, and, without further court involvement, require Google to disclose additional location data (outside the three zones specified in the warrant) for phones of interest during the specified time period; and
- Have Google identify the owners of selected cell phones law enforcement deems relevant.
Because law enforcement applied for a search warrant, the court assessed the geofence search warrant application under the Fourth Amendment. Ultimately, the court denied the application for lack of sufficient probable cause and particularity under the Fourth Amendment.
The court found that the application did not establish probable cause to search the location data of individuals whose only connection to the shooting was their presence in or around the motel during the specified three-hour period. In the court’s view, law enforcement needed to provide probable cause for each individual whose data was targeted, and it failed to do so here.
Turning to the particularity requirement, the court took issue with each of the proposed steps described in the application.
Step One (Creating the Geofence Zones)
The first step, the creation and initial search of location data within the geofence zones, was geographically and temporally overbroad. The court pointed to the fact that law enforcement knew the suspects were present only in a specific area, while the proposed geofence captured the entire motel and more. Similarly, although law enforcement knew the shooting occurred during a brief time period, the proposed geofence spanned roughly three hours. Further exacerbating the overbreadth issues, the court noted that the geofences targeted a motel, which the court deemed a “particularly sensitive area” where guests may have privacy interests that equal or even exceed those in their own homes.
Step 2 (Investigating Anonymized List for Phones of Interest)
The court found that step two violated the particularity requirement by allowing law enforcement to unilaterally determine which cell phones within the target area were relevant to their investigation, as well as to effectively enlarge the court-authorized search zone by requesting additional location data from devices of interest outside the zones identified in the warrant. The court equated the unilateral discretion sought under step two as a request for a “blank check, which the Court cannot sign.”
Step 3 (Unmasking of Phones of Interest)
The court also found that step three, which sought to authorize law enforcement to order Google to identify cell phone users that officers deemed relevant to their investigation, would have granted law enforcement untenable unilateral authority without judicial oversight. The court clarified that a court must approve or deny the unmasking and disclosure of personally identifiable information of users—and only after it makes a probable cause and particularity determination.
This Virginia order adds to a limited number of court opinions addressing the constitutionality of geofence warrants. These decisions suggest that to pass muster, a geofence warrant must (1) be limited in geographic and temporal scope to minimize the potential for capturing uninvolved, non-suspect and non-witness devices while maximizing the potential for capturing suspects’ and witnesses’ device data, and (2) curtail law enforcement officers’ discretion by limiting their ability to obtain additional device data, such as location information outside the geofence zone and device users’ identities, without further judicial oversight.
That said, courts have not yet answered fundamental questions about geofence warrants (at least not in decisions available to the public). These critical questions include whether use of a geofence constitutes a “search” under the Fourth Amendment and consequently whether law enforcement needs a search warrant to obtain this type of location information under Carpenter v. United States or otherwise. Google’s location data (refined by a combination of GPS and Bluetooth signals, Wi-Fi networks, and cell tower data) is significantly more precise than the historical cell-site location information (CSLI) in Carpenter. Geofence data also raises the same concerns regarding voluntariness as CSLI, and easily lends itself to dragnet surveillance practices; but, on the other hand, it only reveals users’ movements over a discrete period of time, and within particular areas—starkly contrasting with the “depth” and “breadth” of the seven days of CSLI data of a single individual at issue in Carpenter. Additionally, as the Virginia court order acknowledges, whether it is constitutional for law enforcement to direct a provider to search the entirety its records and create a new data set—which a geofence effectively requires providers to do—remains an open question.
Although each of the unsealed cases to date involves Google, other providers have begun to receive legal process asking them to produce geofence data, and we anticipate further litigation to resolve open questions in this important and rapidly-evolving area of law.