Magistrate Judge in Chicago Sets Stage for Challenging “Geofence” Warrant Constitutionality

Posted on September 14, 2020

According to a report in Wired, a magistrate judge based in Chicago has called the constitutionality of expansive location-based search warrants into question for the first time. In a July ruling that was only recently unsealed, judge M. David Weisman rejected an application for a so-called “geofence” warrant filed by law enforcement, and in doing so suggested that such warrants may violate the Fourth Amendment’s protection against unreasonable searches.

As the Wired article points out, law enforcement bodies around the country have served tech companies with geofence warrants more and more commonly in the past few years. Geofence warrants specify a range of GPS coordinates and a timeframe, and order the company that was served with the warrant to return a record of all users whose activity falls within those bounds. In practice, this means that (at least preliminarily) geofence warrants will sweep up every individual that a given internet-connected service reported as being within the specified area within the specified timeframe.

Authorities applying for geofence warrants often request a minimum of anonymized user records in initial queries, strike those whose activity would rule them out as suspects, and request more detailed, identifying data of the remaining realistic suspects. However, even after its final phase of filtering, this process does not reduce the number of users whose records are handed over to law enforcement to only a select few, but snags the data of numerous innocent parties. Weisman cited precisely this reasoning in rejecting the geofence warrant application in question, even after the US Attorney’s Office made multiple attempts to more strictly limit the number of excess query hits.

The number and variety of companies that could supply location records suitable for a geofence warrant is staggering. Mobile device operating system (OS) developers like Apple and Google are obvious choices, as these devices constantly log and transmit timestamped user location data in multiple formats. Telecom companies like AT&T and Verizon would also be enticing, as the protocol which allows for constant cellular network connectivity requires that devices regularly apprise the carriers of their locations. Even social networking and gig economy platforms could furnish the kind of records that would facilitate a geofence warrant, since these often request user location data access to tailor the user experience according to geographical surrounds. And, of course, any data brokers that purchase and aggregate this data would make for lucrative geofence warrant targets.

By virtue of how many potential location data sources exist, location data is readily available so as to make geofence warrants nearly always viable. The only way a user could hope to insulate themselves from getting caught up in warrants of this sort would be to forsake mobile device use entirely.

The Wired piece is keen to note the explosion in geofence warrant applications: from 2017 to 2018, Google reported a 1500% increase in geofence warrant applications. Wired also cites a New York Times piece stating that in 2019 Google received 180 geofence warrant requests per week.

Civil liberties defenders are understandably unsettled by the invasiveness and growing prevalence of geofence warrants. One worry is that most judges, who would be responsible for approving or denying these warrants, are not equipped with the technical command to understand how many innocent people could get swept as a consequence of even the most exacting orders. This danger is compounded by the fact that application privacy permissions are so tricky to navigate, and terms of service policies so notoriously arcane, that users are often unaware of which apps collect their location services, when, or why. Thus, users can easily expose their location data without intending to.

Encouragingly, some legislators, predominantly at the local government level, are acting to forestall the privacy threat that geofence warrants pose. Many of these privacy advocates argue that geofence warrants could easily be employed to identify everyone who participated in a protest. The prospect of monitoring public demonstrations, which would undoubtedly chill First Amendment speech, is not without precedent. The FBI’s COINTELPRO program did exactly that.

More recently police departments have used stingrays to snoop on the communications of protest organizers, most notably right here in Chicago. Holding up this case as an example, civil libertarians successfully pushed the passage of a law in Illinois which requires law enforcement to obtain a warrant to deploy stingrays, which has gone a long way in reducing the threat of stingrays as a means of disrupting or chilling First Amendment-protected activity. But, in itself, this is no guarantee that these devices will not be abused.

As with other emerging forms of surveillance, there are few legal restrictions or judicial precedents governing geofence warrants. However, this leaves the door open for courts to rule on the constitutionality of geofence warrants, and for governments at all levels to pass laws to restrict their use.

You can read the full story from Wired here.