In this week’s newsletter: ‘Geofence warrants’ erroneously linked an individual to a crime, raising questions about similar cases
In January 2020, Zachary McCoy, a Florida resident, received an alarming email from Google. It informed him that local authorities were seeking his personal information, and he had just seven days to prevent Google from sharing it.
McCoy later discovered that the police were conducting an investigation into a burglary and had issued what is known as a ‘geofence warrant’ to Google. This court-ordered warrant demanded that Google locate and provide information about all devices present in the vicinity of the burglarized home during the alleged crime. Unfortunately, McCoy happened to be on one of his routine bike rides in the neighborhood at the time, and the data Google provided to the police placed him near the scene of the burglary.
As a result, McCoy found himself implicated in a crime he had no involvement in due to being in the wrong place at the wrong time.
This incident was not an isolated case. Across the United States, from Virginia to Florida, law enforcement agencies are increasingly utilizing investigative tools known as reverse search warrants. These include geofence location warrants and keyword search warrants, which are employed to generate a roster of potential suspects linked to specific criminal activities.
Geofence warrants, in particular, enable law enforcement to compel tech companies to identify all devices in proximity to a designated location and time. Keyword search warrants, on the other hand, are utilized to obtain information about individuals who have searched for specific keywords or phrases.
This practice has faced criticism from public defenders, privacy advocates, and numerous lawmakers who argue that it infringes upon Fourth Amendment protections against unreasonable searches. Unlike reverse search warrants, conventional warrants and subpoenas target specific individuals for whom law enforcement has established probable cause of involvement in a particular crime. Geofence warrants, in contrast, are broad in scope and are frequently employed to compile a list of potential suspects for further investigation.
A lack of transparency
Moreover, there’s a lack of transparency regarding this practice. Although major tech companies like Apple and Google routinely release transparency reports that disclose the number of user data requests they receive globally, historically, there has been limited information about how many of these requests pertain to geofence warrants.
In response to pressure from advocacy organizations such as the Surveillance Oversight Tech Project (Stop) and the Electronic Frontier Foundation (EFF), Google, for the first time in 2021, provided a breakdown of the number of geofence warrants it received. The company revealed that it had received nearly 21,000 geofence warrants between 2018 and 2020. However, it did not specify how many of these requests it complied with. Google did share that in the latter half of 2020, it responded to 82% of all government data requests in the United States with some level of information. Since then, the company has not released any updates regarding the number of geofence warrants it received and did not respond to requests for comment at the time of publication.
‘They’re putting their users at risk’
While companies like Google assert that they meticulously review each legal data request, there are limitations when they encounter valid subpoenas or warrants. Tech companies can only resist these requests to a certain extent if they have access to the requested data. As demonstrated in Apple’s transparency report, the primary method to safeguard user data from broad law enforcement requests is to refrain from collecting it initially, or at the very least, to encrypt or employ other protective measures to prevent it from being easily accessed.
However, tech firms such as Google heavily rely on the accumulation of user data to bolster their financial performance and are often unwilling to take the necessary steps to safeguard this data, even when there are feasible technical solutions available, according to Albert Fox Cahn, the director of Stop.
Google has encountered mounting demands from American consumers to enhance the safeguarding of location and health data, particularly following the Supreme Court’s decision to overturn federal abortion protections. In reaction, the company pledged to conceal location data when users visit “sensitive locations,” including reproductive care clinics. However, as initially disclosed by The Guardian in November 2022, searches for routes to Planned Parenthood facilities and guidance to abortion clinics via Google Maps continued to be logged in users’ Google activity timelines for several months thereafter.
Not an isolated case
While experts argue that Apple can still take additional steps to protect user data, such as implementing default encryption for personal information rather than requiring opt-ins, the transparency report may add to the growing pressure faced by competitors like Google to enhance protection against sweeping reverse search warrants. According to Crocker, “Google has experienced increased scrutiny due to geofence warrants, and I believe that scrutiny is here to stay.”
In the meantime, geofence warrants continue to disrupt the lives of individuals, particularly as public defenders and lawyers are still in the process of understanding these legal requests and how to challenge them.
Zachary McCoy, in this regard, is one of the fortunate few. Typically, individuals whose data is sought through subpoenas or warrants do not receive notice from the company about the potential handover of their information. These requests often come with gag orders that prevent the company from notifying the subject of the request. After receiving the email, McCoy sought legal counsel, leading to the submission of a motion to quash the subpoena, which ultimately led the local police to withdraw the warrant. However, many others are not as fortunate in similar situations.
