Access to The Champion archive is one of many exclusive member benefits. It’s normally restricted to just NACDL members. However, this content, and others like it, is available to everyone in order to educate the public on why criminal justice reform is a necessity.
NACDL’s Fourth Amendment Center was established to build a robust legal infrastructure to safeguard privacy rights, with a special mission to provide direct legal assistance to criminal defense lawyers handling cases involving the government’s use of new surveillance technologies. One recent call for assistance has thrust the Fourth Amendment Center into litigation that may shape the contours of the government’s use of one of the most expansive surveillance tools ever devised: the geofence warrant. A geofence warrant seeks cellphone location data held by Google to identify every individual who was in a particular location within a defined window of time.
The case, which is pending in the U.S. District Court for the Eastern District of Virginia, is United States v. Chatrie.{1} 1 Although Norman L. Reimer is the executive director of NACDL and publisher of The Champion, he is not actively involved in the litigation of the Chatrie case. Content for this article is based on public filings. Mr. Chatrie is accused of robbing a bank, the Call Federal Credit Union in Midlothian, Virginia, on May 20, 2019. Midlothian is a suburb of Richmond. The case against Mr. Chatrie hinges on evidence that was a direct result of the geofence warrant. The government issued this generalized warrant to Google, directing that Google produce information on all devices that were located within 150 meters of the bank for a one-hour period, followed by additional information about a subset for two hours. In contrast to a traditional warrant, this warrant did not identify Mr. Chatrie as a suspect or in any other way, nor did it identify the 19 individuals whose Google location data initially placed them in the requested area during the relevant time frame. Instead, the warrant compelled the disclosure of data held in the “Sensorvault,” which contains intensely private data of cellphone users whose devices use Google’s software, such as Android phones, or interact with various Google services, such as Google Maps, Gmail, Search, and YouTube.
Significantly, the data in Google’s Sensorvault is considerably more precise than the cell site location information that was at issue in United States v. Carpenter.{2} 2 See United State v. Carpenter, 138 S. Ct. 2206 (2018), holding that individuals have a reasonable expectation of privacy in their cell service location information and that the government’s procurement of this data constitutes a search for Fourth Amendment purposes. Google can pinpoint a person’s location within 20 meters. The 150 meter radius prescribed in the warrant (which is the equivalent of 17.5 acres), encompassed within it not only the bank, but also a large church that has over 3,600 followers on its Facebook page, and close by were multiple apartment complexes, including a senior residential facility, a restaurant, a hotel, and a storage facility.{3} 3 One issue raised in the case is whether, and to what extent, Google may erroneously place individuals who were outside the radius within it. Plainly this is an intrusion, which as in Carpenter and an earlier case, United States v Jones,{4} 4 See United States v. Jones, 565 U.S. 400 (2012), holding that the attachment of a GPS monitoring device to a car constitutes a search. enabled law enforcement to reconstruct historical movements that create a comprehensive mosaic of a person’s most personal information, including whom they visit and where they eat, sleep, and pray.
One cannot conceive of any circumstance in which a court would authorize law enforcement to conduct a general search of every premise within 150 meters of any crime. Indeed, the process of identifying devices within the circle entails searching across all Google accounts (1.3 billion). This is the digital equivalent of a dragnet. As one might expect, the defense has challenged the warrant on multiple grounds. But the principal contention is that this is a general warrant that fails to comport with the probable cause and particularity requirements of the Fourth Amendment.{5} 5 The motions and briefs related to the Chatrie case are available on the NACDL Fourth Amendment Center website. Mr. Chatrie is represented by Laura Koenig of the Office of the Federal Defender in Richmond, and, for purposes of this litigation, by Michael W. Price, NACDL’s Fourth Amendment Center Senior Litigation Counsel. Essentially, the geofence warrant ensnares and compromises the privacy of any individuals who happen to use their devices within a space and time that may be of interest to law enforcement without any particularized reason to focus on the individuals whose data the government obtains. Mr. Chatrie’s defense team likens the geofence to the British King’s general warrants that fueled the American Revolution and gave rise to the Fourth Amendment. Without particularization of the person or place to be searched, it vests virtually unfettered discretion in law enforcement to penetrate personal privacy in ways that would have appalled the nation’s Founders.
But as every experienced defense lawyer knows, litigation is not straightforward and critical factors are often mired in detail. In this case, the government employed a three-step process that purportedly sought “anonymized” data in the first two steps of the process. The government then claims to have narrowed down the list, by means that are entirely opaque, and then required production of complete identifying data, including the name and subscriber information, the person’s date of birth, the account type and number, the devices and email addresses associated with the account, and a host of other identifying information including the Google Voice phone numbers associated with the account. In this case, the three-step process began with 19 individuals, but ultimately resulted in the complete identification of the accused and two individuals who presumably were entirely innocent victims of this penetrating search.
This raises a host of questions that will be resolved as the litigation unfolds. First, is the data that is initially provided by Google truly anonymous? By what criteria does the government “narrow down” the list to establish probable cause as to the individuals who are then identified? Should the government be required to obtain a separate warrant articulating particularity and probable cause as a precondition to the disclosure of identity, assuming this was truly anonymous in the first steps of the process?
Beyond that, another critically important aspect to the case is the lynchpin of the government’s argument that the search is valid. Does the user voluntarily consent to providing location history to Google, a third party, and thereby relinquish any expectation of privacy in the location data? Further, the government argues that a user of a Google-supported device or service affirmatively opts to provide location history and retains the ability to opt out. Do those options similarly extinguish an expectation of privacy?
Not surprisingly, given the glaring spotlight on data service providers and the inherent tension between their duty to their customers and their responsiveness to the government, Google has not remained on the sidelines. As the litigation has unfolded, Google has submitted an amicus brief in support of neither party. Its brief illuminates many of the issues while raising many others. First and foremost, Google analogizes location history to the creation of a journal of a user’s whereabouts that does so with a degree of precision that is far greater than the cell site location information at issue in Carpenter. On the other hand, Google asserts that the user must take several affirmative steps to activate location history and can review, edit, or delete location history in a way that cellphone users cannot with respect to cell site information.
But just how deliberate a process is involved in activating location history? And to what extent would disabling that feature render the device functionally useless? Beyond that, the Google brief does not describe the precise data that was initially provided to the government nor the extent to which it was truly anonymized. Nor did Google provide any insight as to the protocols it used in responding to the government’s warrant. In this regard, it is noteworthy that the warrant did not seek data limited to location history,{6} 6 As explained in the defense response to the Google brief, Google collects user data through several mechanisms. Location history is one mode, but there is also Web & App Activity and Google Location Services. The warrant required that Google produce data on “each type of Google account that is associated with a device inside the geographical area.” But Google only produced location history. but for some reason Google limited its production to that category. How did that come about? Was there some understanding and cooperative arrangement between Google and the government such that Google was effectively working with or as an agent for the government? Additionally, in describing the data points used to identify users in response to the warrant, the Google brief references “probabilistic estimates,” “a margin of error,” and an indication that Google did not simply rely upon “a set of coordinates” (to define the location searched), but also “a value … that reflects Google’s confidence in the reported coordinates.” All this suggests that the actual search may have been even broader than the 150 meter radius prescribed in the warrant.
As of the date this column is written, the defense is seeking additional discovery and plans to introduce expert evidence as to why additional discovery is essential to resolve the key questions discussed above. Presumably, after considering those issues, the court will be in a better position to address the overall validity of the search.
This case takes surveillance into precisely the uncharted territory that gave rise to the creation of NACDL’s Fourth Amendment Center. With each technological advance, the value to law enforcement increases, but so does the potential infringement on liberty. One can certainly understand the legitimate interest of law enforcement, and the public, in solving serious crimes. This case involves a robbery in which fortunately no one was injured, but one can certainly appreciate the desire to identify potential suspects in the aftermath of a brutal crime. But at what price to liberty, privacy, and freedom of expression? The history of this country suggests that the Founders of this nation came down on the side of freedom. Will their successors uphold that tradition, or will liberty be the victim of the digital revolution? Stay tuned.
About the Author
Norman L. Reimer is NACDL’s Executive Director and Publisher of The Champion.
Norman L. Reimer
NACDL
Washington, DC
202-465-7623
nreimer@nacdl.org
www.nacdl.org
@NACDLExecDir