This article is part of EFF’s investigation of location data brokers and Fog Data Science. Be sure to check out our issue page on Location Data Brokers.
The data broker selling people’s location data to any local, state, and federal agency willing to buy it is putting our Fourth Amendment rights at risk.
EFF recently published its investigation into Fog Data Science, which claims in marketing materials sent to law enforcement that it has billions of location data points taken from millions of people’s cell phones that can be used to track people’s movements. As earlier posts have explained, EFF’s review of thousands of pages of public records show that Fog’s business of collecting personal location data is invasive and dangerous.
This post explains that the Fourth Amendment sharply limits how police use Fog. At a minimum, the Fourth Amendment prohibits police from using Fog’s device search feature without first obtaining a warrant from a judge. Additionally, the Fourth Amendment likely bars Fog’s dragnet searches—in which police request information about any mobile device in a geographic area— even when police get a warrant.
This post also summarizes public records illustrating when law enforcement across the country do and do not believe they need to obtain warrants before using Fog. It concludes by refuting arguments by Fog and some law enforcement officials that the U.S. Supreme Court’s landmark decision in Carpenter v. United States does not apply to Fog’s surveillance.
Our Constitutional Right to Location Privacy
The Fourth Amendment generally requires police to obtain a warrant from a court before they search a particular location or person. In 2018, the Supreme Court ruled in Carpenter that under the Fourth Amendment, police must get a warrant before obtaining historical location data derived from cell carriers — known as “cell site location information,” or CSLI. Historical CSLI, the court wrote, creates a “detailed chronicle of a person’s physical presence compiled every day, every moment over years.”
Fog’s “device search” feature provides a chronicle of a person’s life that is often even more detailed than the CSLI at issue in Carpenter. There, police requested CSLI about a specific individual. Carriers MetroPCS and Sprint provided the government with 12,898 data points spanning 127 days. In one case using Fog’s data, Missouri officials acquired 47,394 signals spanning 163 days for a single phone. As shown by records from Iowa and Broward County, Florida, Fog commonly helps customers perform device searches on known advertising IDs. And a person’s ad ID can be obtained from companies like Google and Apple without a warrant.
Fog’s “Reveal” feature can also be used to execute a dragnet search of large physical areas in what is the equivalent of a “geofence warrant.” Geofence warrants allow police to request information from Google about every device that was in a particular area at a particular time. Similarly, police can use a Fog Reveal “area search” to identify all devices within a geofence and time frame, then perform a “pattern-of-life analysis” on each device to try to identify its owner. Courts have invalidated geofence warrants on the ground that they are too broad to be constitutional.
In light of Carpenter, police should not be able to use either Fog Reveal’s “area search” or its “device search” without first obtaining a warrant. Further, even when police obtain warrants before using Fog to perform geofence searches, they should be held unconstitutional for all the same reasons that courts have held other geofence warrants unconstitutional. But the records EFF obtained show that police often do not get warrants before using Fog.
Legal process around the country
Law enforcement agencies around the country have widely varied understandings of whether and how the law restricts access to Fog’s data, including whether they must obtain a warrant before using Fog.
Some agencies do require warrants before accessing Fog’s data, at least under some circumstances. A memo from the Tennessee Bureau of Investigation explains that Fog allows TBI to “conduct database queries for digital devices in a geographical area,” which returns device IDs but not “subscriber information.” It continues, “Once a search warrant is obtained, pattern-of-life queries can be conducted on those advertisement IDs.” This indicates that TBI conducts area searches without a warrant but requires TBI agents to get a warrant before conducting device searches and pattern-of-life analysis. Emails from Mark Massop, Fog’s Senior Vice President for Sales and Analysis Services, explain that the Indiana State Police had a similar practice. In addition, a sample warrant containing language from Indiana was circulated to law enforcement officials after a training session hosted by the National White Collar Crime Center (NW3C). The training was likely one of several led by Massop and a NW3C Vice President, a former captain in the Indiana State Police who had used Fog’s service while he was on the force.
Some California agencies sought warrants at least some of the time that they used Fog. An October 2019 memo from Chino stated that the police would seek warrants to use Fog pursuant to the California Electronic Communications Privacy Act (CalECPA), “unless exigent circumstances exist.” Records from the Orange County Sheriff’s Department also reference using warrants to access Fog.
But it’s not clear whether Chino always adhered to this warrant policy. In November 2019, a Chino detective wrote that “My LT [presumably lieutenant] doesn’t want to write paper,” and that extracting the ad ID from a suspect’s device and performing a device search in Fog “might be the only way to do it without paper.” The records do not indicate whether exigent circumstances existed.
Many police believed Fog did not require “paperwork.” A Maryland State Police sergeant wrote, erroneously, that Fog “requires no paperwork since it’s data you get from a company and has no PII etc.” Likewise, in an email exchange between two California Highway Patrol officers, one told the other to “hit up Case Support for Fog Reveal which can be done without a warrant.”
In records from many agencies, the topic of legal process was first raised months after the agency began using Fog, or it just never came up. The Missouri State Highway Patrol first used Fog in January 2018, but the first records mentioning court orders came in August 2019 after Massop reached out to request that the agency set up a call. In hundreds of pages of emails EFF received from the Iowa Fusion Center and the Broward County Sheriff’s Office, warrants were never mentioned at all.
Fog’s misreading of Carpenter
A few months after the Supreme Court decided Carpenter, the California Highway Patrol expressed concerns that the decision would affect the legality of Fog’s service, and asked Fog for advice. Mark Massop responded:
We haven't done any work on Carpenter. We have had several clients view our solution through the lens of Carpenter, most recently was from a meeting I had with NJ State Police and the NJ AG's Office. The attorneys in the meeting felt that since we are providing non PII data, held by third parties, Carpenter doesn't apply. As you know, in the Carpenter case, the FBI had his cell number and requested specific records pertaining to him. With our data, we have no way of linking signals back to a specific device or owner.
In light of Carpenter, some of our clients have taken an additional step to when using our solution. For example, in Indiana, they will run an initial search. If they find devices of interest at the location of interest, they then serve a search warrant on themselves to go to the next level of tracking the device through a pattern of life analysis.
Shortly afterwards, Fog founder Robert Liscouski sent a follow-up email addressing the issue more concretely. (Liscouski’s use of “Gardner” here refers to Carpenter)
Our source data is “non-carrier” data—it does not originate from the cell tower but from the app on the phone (therefore from our legal assessment, Gardner does not apply). When it is received by the data aggregator and curated, it is stripped of any identifiable information to include the original ID which is then hashed and anonymized. We cannot identify an individual based on the hashed ID through the system.
In other words, Fog argues that Carpenter does not apply because, according to the company, its data is “stripped of any identifiable information” and its device IDs were “hashed and anonymized.” .
This is plainly incorrect. It is impossible to anonymize location data, because it reveals unique patterns of movement that are trivially easy to link to identifiable people. One widely cited study from 2013 found that researchers could uniquely characterize 50% of people using only two randomly chosen time and location data points. The Fog search by Broward County discussed above involved 47,394 signals.
The Greensboro (North Carolina) Police Department routinely used Fog without a warrant, according to whistleblower Davin Hall. Hall told EFF that he believed Greensboro had been using Fog without a warrant for as long as it had access to the service.
Greensboro first purchased a license in February 2020. In the ensuing months, Hall raised the issue of Fog’s legality multiple times. In September 2020, he emailed several senior members of department staff to say that recent court decisions about geofence warrants “raised a red flag” about the department’s use of Fog Reveal, “which does the same type of search but without a warrant.” The issue was added to the agenda for a staff meeting. Notes from the meeting summarize the department’s posture:
Recent court rulings indicate that requesting geotracking or utilizing programs like Fog Reveal violate 4th amendment rights (in and of itself). It is GPDs policy to only utilize these types of programs in conjunction with other probable cause, NOT by itself to gather probable cause. Thus, it shouldn’t be a problem for us.
These notes are concerning, because they do not clearly address whether GPD uses Fog for area searches (they should not), or whether GPD gets warrants before using Fog for device searches (they should).
After Hall left the police department, he again expressed his concerns, this time in an email to the Greensboro City Council and Mayor:
I am writing to strongly urge you to discontinue the use of a software called Fog Reveal, currently being used by Greensboro Police Department. This is a software that allows GPD to track individual phone data for anyone in the city, without a warrant.
I have been made aware that City Legal believes this software does not violate the 4th Amendment's restrictions on searches, because the information collected by the program does not constitute identifiable information — only an advertising number associated with the phone, and not the phone number or owner. However, if police could not use this number to identify the owner, it would be of no use to them. In fact, this information can be used to determine the identities of anyone captured in the initial search.
Federal judges have ruled that geofencing searches of identifiable information constitute an illegal search, even with a warrant (links below). Again, GPD is conducting similar types of searches without a warrant.
Please stop the use of this software, which directly affects anyone who lives, works in, or visits this city.
Records show that this email circulated widely among police department staff after it was received. Shortly after, a Greensboro Police Attorney circulated a memo summarizing Hall’s arguments and responding to them. The response compares Fog’s product to two recent rulings about Google geofence warrants and concludes that semantic differences between Fog’s data and what is shared by Google mean that “the cases were not analogous to the City’s use of the software.” The memo does not directly address Carpenter or whether the Fourth Amendment requires police to obtain a warrant to access Fog.
A representative from the City Manager’s office followed up with the City Council, summarizing the legal memo and asserting that “Mr. Hall’s understanding of how GPD utilizes this software is incorrect.” The city did not contradict Hall’s assertion that GPD was conducting geofence-like searches without a warrant. And none of the records EFF obtained from GPD state that that the department ever obtained a warrant prior to accessing Fog.
The U.S. Constitution is not the only guaranty of privacy rights for Americans. Some state laws, like the California Consumer Privacy Act, or CCPA, are also intended to govern privacy-invasive companies like Fog.
The CCPA gives Californians the right to know how their personal information is used by companies, to opt out of having their data sold, and to delete their data. It applies to any business that handles personal data from more than 50,000 California residents in a year. Given that Fog claims to track “over 250 million devices” in the U.S., and that several of its customers are California agencies, the company is subject to the CCPA. This means that Fog should respect the CCPA’s right to know, to delete, and to opt out.
California also requires “data brokers” — companies who sell personal information — to register with the state Attorney General. Vermont has a similar law. Neither state’s searchable registry includes Fog.
Given that the company appears to have tried to stay out of the public spotlight altogether, it would be exceedingly difficult for anyone to exercise their “right to know” with Fog in the first place. People can’t send requests to Fog when they never know that it exists and has their data. And even if people knew about Fog, it’s unclear how anyone would be able to request that Fog delete their data. Fog did share a CCPA policy with the Orange County Sheriff’s Department in response to “push back” about Fog’s data. But this policy was woefully short of what CCPA requires companies to disclose, and it was never shown to any of the people who were actually being tracked by Fog — just to the agencies that were buying its data.
* * *
Despite what police and Fog officials say, the Fourth Amendment applies to the service and requires police to get a warrant before using it. And in some cases, Fog’s area searches are unlikely to be legal even when law enforcement get warrants. The fact that police and Fog officials seem confused about the Constitution’s protections shows precisely why it is dangerous to allow private location data brokers to collect this personal information and sell it to law enforcement.
Read more about Fog Data Science:
- Press release: Data Broker Helps Police See Everywhere You’ve Been with the Click of a Mouse: EFF Investigation
- What is Fog Data Science? Why is the Surveillance Company so Dangerous?
- Fog Revealed: A Guided Tour of How Cops Can Browse Your Location Data
- Inside Fog Data Science, the Secretive Company Selling Mass Surveillance to Local Police
- How Law Enforcement Around the Country Buys Cell Phone Location Data Wholesale
- How Ad Tech Became Cop Spy Tech