Feds can’t ask Google for every phone in a 100-meter radius, court says

Federal courts in the Chicago area have three times rejected government applications for warrants to force Google to produce a list of smartphones near two particular commercial establishments during one of three 45-minute intervals. The most recent ruling was handed down last week and was recently made public.

The decisions are significant because Google has reported massive growth in law enforcement use of such "geofence" searches. Google says there was a 1,500-percent increase between 2017 and 2018 and a further 600-percent jump from 2018 to 2019. That's a hundredfold increase in two years. Google received 180 geofence search requests a week during 2019, according to CNet.

Google is a popular target for this kind of request because almost everyone uses Google products in one way or another. Google's Android controls a majority of the smartphone market, and even most users who run iPhones use apps like Google Maps and Gmail. Moreover, Google frequently has GPS data that places a user's phone to within a few meters—much more accurate than the tower location data law enforcement can get from wireless providers.

And these dragnet searches can capture a lot of data. In one case last year, Google was required to hand over information about almost 1,500 users to federal investigators working on a Wisconsin arson case.

If the Chicago ruling is upheld on appeal, it could place new limits on broad government data requests. That would force governments to be more discriminating when they ask Google or other technology and wireless companies for data about their customers' locations.

The case of the stolen drugs

Officials in the Greater Chicago area were investigating a case in which stolen pharmaceuticals were sold on the black market. Investigators believed that the culprit stole the pharmaceuticals from one location—perhaps a drug store or medical clinic—then traveled to a second location—perhaps a FedEx or UPS store—to ship them to customers.

To help them identify the suspect, investigators asked Google for data about every smartphone that was near these two locations during particular 45-minute windows of time—one window at the first location and two other windows on different days at the second location.

Initially, the government asked for all cell phones that had been within 100 meters of each establishment. When that application was rejected as too broad, the government narrowed its request to compact polygons right around the buildings. In its third request, the government agreed not to ask for names or other identifying information, instead getting the data in anonymized form with a unique identifier for each device.

The courts rejected all three requests, concluding that none of them complied with the Fourth Amendment's requirement that warrants particularly describe "the persons or things to be seized." The first location was in a busy commercial corridor, so the 100-meter radius of the first proposed search could have easily included dozens or even hundreds of smartphones owned by innocent bystanders.

Even after the government narrowed its search to the footprint of a single building and its parking lot, the courts pointed out that the search included a multistory building with apartments on the upper floors. So a significant number of innocent people in those apartments—as well as pedestrians and motorists who pass by the store—are likely to be included in Google's data dump.

“All persons” warrants are unconstitutional

In last week's ruling rejecting the government's third request, Magistrate Judge Gabriel Fuentes noted that the courts have long rejected "all person" warrants that allow searches of everyone in a particular location. For example, if the police get a warrant to search a bar, that doesn't give them the right to search patrons who might happen to be at the bar at the time the search is performed.

Fuentes concluded that, to justify this kind of a geofence search, the government needs to show that everyone in the geofenced area is likely to be involved in a crime—not merely that one or a few people are.

But this remains an open area of law. The rulings in the Chicago case were made by magistrate judges whose rulings can be overturned by regular trial court judges. It's not clear if a trial court judge still needs to sign off on the ruling. And if the ruling is upheld at the trial court level, the government may be able to appeal the rejection to a trial judge—and then to appellate courts.

But if the rulings stand, they could throw other common law enforcement practices into doubt. For example, police sometimes ask cell phone providers to perform a "tower dump" to identify everyone using a particular cell phone tower at the time a crime occurred. A cell phone tower can reach significantly farther than 100 meters, so in principle it can reach more people. On the other hand, tower-based location data is less precise than GPS data, so courts might view this as a less serious intrusion into privacy. We can expect the exact contours of location privacy to be litigated for years to come.