A California trial court has held a geofence warrant issued to the San Francisco Police Department violated the Fourth Amendment and California’s landmark electronic communications privacy law, CalECPA. The court suppressed evidence stemming from the warrant, becoming the first court in California to do so. EFF filed an amicus brief early on in the case, arguing geofence warrants are unconstitutional.
The case is People v. Dawes and involved a 2018 burglary in a residential neighborhood. Private surveillance cameras recorded the burglary, but the suspects were difficult to identify from the footage. Police didn’t have a suspect so they turned to a surveillance tool we’ve written quite a bit about—a geofence warrant.
Unlike traditional warrants for electronic records, a geofence warrant doesn’t start with a suspect or even an account; instead police request data on every device in a given geographic area during a designated time period, regardless of whether the device owner has any link at all to the crime under investigation. Google has said that for each warrant, it must search its entire database of users’ location history information. Geofence warrants are problematic because they allow police access to individuals' sensitive location data that can reveal private information about people's lives. Police have also used geofence warrants during public protests, threatening protesters' free speech rights.
Google has created a three-step process for responding to geofence warrants. First, it provides police with a list of de-identified device IDs for all devices in the area. In the second step, police may narrow the devices in which they’re interested and expand the geographic area or time period to see where those devices came from before or went to after the time of the crime. Finally, in the third step, police further narrow the devices in which they’re interested, and Google provides police those device IDs and full user account information. In general, police only seek one warrant to cover the entire process, which allows the police significant discretion in determining which devices to target for further information from Google.
The data Google provides to police in response to a geofence warrant is very precise. It allows Google to infer where a user has been, what they were doing at the time, and the path they took to get there. Google can even determine a user’s elevation and establish what floor of a building that user may have been on. As another court noted in reviewing a geofence warrant last summer, “Location History appears to be the most sweeping, granular, and comprehensive tool—to a significant degree—when it comes to collecting and storing location data.”
However, in that same case, expert witnesses testified that, despite this claimed precision, Google’s data may not be all that accurate. It may place a device inside the geofenced area that was, in fact, hundreds of feet away and vice versa. This creates the possibility of both false positives and false negatives—people could be implicated for the robbery when they were nowhere near the bank, or the actual perpetrator might not show up at all in the data Google provides to police."
In Dawes, the court rejected the SFPD’s geofence warrant. The court held the defendant had a reasonable expectation of privacy in his locational data under CalECPA (the California Electronic Communications Privacy Act, which governs warrant requirements for state law enforcement accessing electronic information) and that the warrant did not satisfy the probable cause and particularity requirements of the Fourth Amendment. Although the court found the time period requested by SFPD—2.5 hours—was reasonable given the evidence, it held the warrant was overbroad because the size of the designated geographic area—which covered the burgled home and the entire street traveled by the suspect—was too large. The court stated: “[t]his deficiency in the warrant is critical because the geofence intruded upon a residential neighborhood and included, within the geofence, innocent people's 13 homes who were not suspected to have any involvement in the burglary, either as a suspect, victim or witness."
The court also held the warrant violated the Fourth Amendment because it failed to require police to come back to the court for a new warrant at each step of the process, instead providing officers with unbridled discretion to determine who to target for further investigation. Ultimately, the court suppressed the evidence under CalECPA.
The Dawes ruling is similar to those of several other courts outside California that have issued public opinions weighing in on geofence warrants and finding most to be unconstitutional. Those courts held the warrants were overbroad because police can’t establish probable cause to believe all Google users in an area are somehow linked to the crime under investigation. These courts have also held the three-step process provides officers with too much discretion, in violation of the Fourth Amendment.
However, the Dawes court was very clear that its ruling was narrow. It did not hold that “a geofence search warrant can never pass Fourth Amendment muster, rather, this specific geofence search warrant was not sufficiently particular and was overly broad.” While this is disappointing—EFF believes all geofence warrants, by their very nature, are unconstitutional general warrants—the ruling does place important limits on future police use of these warrants. Not only will San Francisco police now be required to ensure the scope of their warrants is extremely narrow, officers must go back to the court for a new warrant at each step of the geofence process. This is at least a step in the right direction.