Jane Bambauer, a leading information law scholar (both on the First Amendment and the Fourth Amendment side), wrote up these thoughts on the recent geofencing case, on which Orin had also written; I’m delighted to be able to pass them along:
Google’s response team found that 19 devices fit the parameters of the geofence request. This was stage one. After some back-and-forth about what’s supposed to happen next (he initially requested an additional hour’s worth of geolocation data and identifiers for all 19 phones), the detective pared down his request to just 9 devices and received an extra hour’s worth of location data about those nine. This marked stage 2. Finally, that extra geolocation data allowed the detective to single out the one phone that very likely belonged to the robber, and so in stage 3, Google returned the name and subscriber identifying information for Chatrie.
Judge Lauck found that (a) the demand for, and return of, deidentified data in stage 1 constituted a search under the Fourth Amendment; and (b) the warrant that was used was not sufficiently particularized to suspicion related to the bank robbery. Latent in the opinion is the presumption that if (a) is true, then a warrant and full probable cause is necessary. I think the opinion is flawed across all of these claims.
Is the demand for, and return of, geofenced data a search under the Fourth Amendment?
In order to answer whether disclosure of geofenced data violates a reasonable expectation of privacy under Katz and Carpenter, Judge Lauck’s opinion focuses on the question of whether smart phone users have voluntarily consented to having their location data tracked when they opt into Google’s location services. But I don’t think this is a critical component of the Third Party Doctrine, and it’s certainly not a sine qua non. Even when Smith was decided, while the Court reasoned that people have some understanding and expectations that their calls would be logged for billing purposes, and assumed the risk that it would wind up in the hands of police, nobody at the time or since would seriously believe that Americans consent in a meaningful sense. The court knew few would avoid using telephones. Miller, the first in the line of cases that developed the Third Party Doctrine, makes the limited relevance of consent even more obvious. Miller involved subpoenas for bank records. Banks are legally obligated to collect and maintain transaction records, and are then similarly obligated to hand them over (in identified form) during the course of a police investigation if the police present a subpoena. Even if banks and their clients wanted to avoid collecting data of this sort, they wouldn’t be able to.
Thus, the relationship that the Third Party Doctrine has to the “reasonable expectations of privacy” test is not very analogous to the consent warrant exception or even the misplaced trust doctrine. It is much more analogous to the Public View doctrine. We “voluntarily” use telephones and banks the way we “voluntarily” venture outside of our homes—not very. Nevertheless, police investigations need some way to get going. Some portion of peoples’ whereabouts and goings on needs to be accessible to the police without heighted suspicion requirements. The Third Party Doctrine is part of messy-but-necessary process of dividing zones of privacy from the areas where police have a freer hand.
Carpenter renovated the dividing line, but not enough to reach the facts of Chatrie. The majority opinions in both Carpenter and Jones explicitly emphasized the narrowness of their holdings. The Court is publicly struggling to draw new lines that help handle privacy intrusions in light of new technologies without completely frustrating early stage police investigations.
How does all this relate to geofence warrants? Judge Lauck explained that if the investigation in Carpenter went narrow but “deep” (it involved collecting 7 days worth of geolocation data about the defendant), the geofence process goes “broad” but shallow.
I am not sure I agree with the conclusion that collecting 19 individuals’ deidentified data is “broad,” but the conceptual framework is useful. We can imagine other geofence warrants, in more dense areas or larger radiuses, that might capture many more individuals. At some point, breadth might matter. But under these facts, with nineteen subjects, the important factor is the geofenced data retrieval’s shallowness. The Chatrie opinion asserts that broad-and-shallow is as bad as narrow-and-deep, but this is not true. Or at least, it runs against the way much of Fourth Amendment law is structured: allowing superficial information-gathering without process, and then demanding more and more particularized suspicion as the intrusiveness (deepness) of the searches progress. For example, to harp on the Plain View doctrine again, police are allowed to conduct broad-but-shallow surveillance all the time. That’s what they do when they stand on a street corner, poke around on the public Internet, or execute a stake-out.
Thus, while there are real issues related to constraining the first step of a geofence warrant process, the fact that a geofence warrant might initially capture information about a couple dozen people who were moving around in public does not seem to me to justify the dismantling of the Third Party Doctrine.
One note: at times, the opinion suggested that geofence technology might permit police to observe a person’s movements within their homes. If true, this could very well constitute a search even if the data is in deidentified form. As fond as I am of the “Plain View” analogy, even I would conclude that detecting motion within a home is much more consonant with Kyllo’s “through-the-wall” search than some sort of analogy to observing a person through a window or something like that. But the court’s concern about tracking people inside homes (in this case or others) is in direct contradiction to the court’s conclusion that the current location-tracking technology is very noisy, and may draw in individuals who are actually a football field away from the location of the crime. It is possible that noise and precision can both be present at the same time depending on what source of geolocation is being used by Google, but in any case courts will have clarity soon enough about whether the location-tracking is sensitive enough to track location inside the home (which would be great, because that means geofencing can be done with greater precision and smaller radii) or whether it’s in fact so noisy that police couldn’t have confidence about whether any particular device is actually in the building its data makes it look like it’s in, which would have the virtue at least of avoiding a Kyllo problem.
Thus, it is not at all clear to me that geofence warrants that collect much less extensive data than the long-term surveillance at issue in Carpenter and Jones would be considered a search at all.
If a subpoena for geofenced data is a search, do police need full Probable Cause and a Warrant?
Even if geofenced data requests are a Fourth Amendment search (either in all cases or in cases where the geofence returns too much location data), there may be good reasons to consider this particular style of search reasonable, despite its lack of particularization. Specifically, I would have expected for the government to argue that an investigation of this sort, if a search at all, would fit well within the Administrative Search doctrine under cases like Sitz and Lidster.
In Illinois v. Lidster, the Supreme Court decided that a temporary checkpoint that was set up at the scene of a hit & run accident “about a week” after the accident occurred was permitted to stop and question drivers in order to try to get information related to the crime without any particularized suspicion or warrant procedure. Even though the checkpoint intruded on the Fourth Amendment rights of each person who was stopped, the intrusion was small enough, and the purpose well-tethered to the facts of a particular crime (rather than general crime-fighting) to justify the procedure. Moreover, one reason courts have justified checkpoints in cases like Lidster and Sitz is because they constrain discretion. Police have little control over who winds up coming through the checkpoint, and are thus unlikely to abuse the procedure in order to target or harass a particular suspect.
The virtues of geofenced investigations
This brings me to my biggest gripe: the opinion is written without any regard for the difference between discretionary suspect-driven fishing expeditions and crime-driven (or event-driven) investigations. If we want clearance rates for serious crimes to improve (which we all should), and if we also want police departments to use more objective bases for their suspicion (which we all should), then criminal justice and civil liberties organizations should embrace tools that encourage police officers to follow the circumstances of a crime to find a suspect rather than following the details of a suspect to find a crime.
The facts of the Chatrie case help illustrate what I mean. Before the detective used the geofence warrant, he first investigated two other leads. A person who saw news reporting about the bank robbery called the police and said her ex-boyfriend committed the crime, but the tip was false. A bank employee reported somebody who owned the same kind of car that was used as the getaway vehicle, but that tip, too, was a dead end. It is not clear from the opinion what sorts of encounters and information-gathering the police used to rule out these two persons of interest, but I suspect the anxiety and privacy burden absorbed by those two was greater, by almost any measure, than the burden to the 18 individuals whose approximate movements in public during one hour were disclosed in deidentified form. Indeed, I would go further and suggest that the geofence warrant process may often be an appropriate method of first resort, rather than last resort, if it is likely to lead more quickly to the identification of the right suspect. In any case, those who are instinctively against the use of geofence warrants should ask themselves, as an exercise and gut check, what they would prefer to happen in this very case.
When is a geofence process unreasonable?
Despite my enthusiasm for crime-driven investigation tools like geofence warrants (I’ve defended the use of facial recognition to identify perpetrators from crime footage for similar reasons), there are real issues that should be resolved to set constraints on their use.
First, even if I disagree with the court about whether 19 is or is not a large number of people to be briefly observed, I concede there is some threshold beyond which too many devices would be included. It makes sense to require police to craft the geofence so that it is likely to produce a small number of devices in part for the sake of the privacy of innocent individuals, and in part because the efficacy of the tool is likely to be low, anyway. Relatedly, it may make sense to have a norm (if not a formal rule) that requires police to use as many limiting criteria as they can to avoid overinclusion. For example, if police are investigating two related crimes, a geofence warrant should request that Google or Apple identify devices that appear in both. And if a suspect was known to have arrived from, and departed to, the east of the crime scene, a geofence should avoid any unnecessary capture of devices that appear to the west of the crime scene.
I also think there could be value to having a warrant-like process at some point during a geofenced data investigation. The Chatrie opinion suggests it would approve a geofence warrant process in which a magistrate or court got to make a probable cause determination before geofence data of the likely suspect is de-anonymized (at least, if this review occurs before the government receives any additional data that falls outside the time or location bounds of the geofence.) This part of the opinion seems like a sensible path for a legislature or for a court to interpret and extend the administrative search doctrine to cover this new technology so that the police can investigate without too much friction up to the point when they want to identify a suspect and (presumably) conduct a deeper investigation of that person. Technological tools that permit broad-but-shallow digital investigations could also be limited to certain types of relatively serious crimes in order to reduce the hassle and resentment that comes from this highly automated form of policing.
But burdening a geofenced data investigation with a full warrant and probable cause requirement would be a mistake. When it comes to the early part of police investigations, the status-quo is not good.