The Washington PostDemocracy Dies in Darkness

Letting police access Google location data can help solve crimes

Acquiring anonymous data about which devices were in a bank at the time of a robbery should not be unconstitutional.

This aerial drone photo shows the Call Federal Credit Union building in Midlothian, Va., on June 16, 2020. Police charged a man with robbery of the bank a year earlier after accessing phone-location data kept by Google. (Steve Helber/AP)
8 min

At 4:52 p.m. on May 20, 2019, a man walked into Call Federal Credit Union in Midlothian, Va., made threats against the bank teller’s family, showed a gun and walked away with $195,000. After traditional investigative leads went dry, the detective working the case made use of an increasingly popular kind of warrant — a “geofence warrant” — to figure out who the criminal was. Camera footage had shown the suspect holding an Android phone up to his face, so after getting approval from a magistrate, the detective demanded that Google help find Android devices that were used in a one-hour window around the time of the crime, within a 300-meter-diameter circle that encompassed the bank.

Google’s computers trawled its voluminous database of location records and turned up 19 devices that were in the relevant area. Google’s response team provided deidentified data about where those devices traveled during the one-hour window — letting police see which movements were consistent with those of the robber. Eventually, after requesting an extra hour’s worth of location data for nine of the phones, the detective asked Google to identify three phone users. One of the three, Okello Chatrie, was subsequently arrested.

This is the kind of high-tech, data-driven police investigation that would have been impossible a generation ago. But was the sifting of cellphone location databases constitutionally permissible? A U.S. District Court judge this month said it was not — that it violated the Fourth Amendment protection against unreasonable searches. There was, she said, no probable cause to suspect the 19 people in and around the bank of having committed the crime, and therefore no justification for obtaining their location information. (Despite this finding, the judge did not suppress the evidence, concluding the detective had acted in good faith in procuring the warrant — making the decision more relevant to privacy law than to the fate of Chatrie.)

The case joins a sometimes-confused body of opinions on privacy and electronic tracking. Clearly, some judges are uncomfortable with giving police any access, absent a finding of probable cause, to the gobs of data that are collected on law-abiding Americans. But while some civil-liberties advocates hailed the decision, it may reflect a too-cramped view of how to balance a right to privacy against the effective maintenance of public security. In truth, geofence warrants present an opportunity for sound policing that is consistent with constitutional principles.

The government can’t seize your digital data. Except by buying it.

When courts apply the Fourth Amendment to a brand new technology, they use the “reasonable expectations of privacy” test developed by the U.S. Supreme Court in Katz v. United States (1967). In that case, the justices said that police who tapped a public phone booth violated their target’s privacy rights; the suspect, the justices said, had reason to think the call was private. A later case, Smith v. Maryland (1978), fine-tuned what an appropriate “expectation of privacy” might be: it did not extend to the phone numbers you dial from your home, for example, because people voluntarily reveal those to phone companies as a byproduct of their business relationships and transactions.

In the geofence warrant case, the judge decided smartphone users have a reasonable expectation of privacy regarding geolocation records held by Google in part because they had not given effective, voluntary consent to having their location tracked. “A user cannot simply forfeit the protections of the Fourth Amendment for years of precise location info by selecting ‘YES, I’M IN’ at midnight while setting up Google Assistant,” the judge wrote. And the information collected is far more personal than the list of telephone numbers dialed, even though it’s also the byproduct of a business transaction. Location history data allows minute-to-minute monitoring of a person’s movements over years, and the Supreme Court has already ruled in Carpenter v. United States (2017) that police cannot access 127 days’ worth of location data without a warrant and probable cause.

There are two mistakes here. First, the judge overemphasized the importance of consent. Even though voluntary consent is a factor in determining which privacy expectations are “reasonable,” it is not a necessary condition. There’s clearly no consent involved when phone companies track the numbers people have dialed or banks keep records of deposits and withdrawals, but police can access these without a warrant. Police of course can also observe and follow people in public even though people have not affirmatively consented to being watched in public. And police can freely consult security-camera footage, inside and outside of buildings.

Then there’s the question of the intimacy of locational data. To the judge in this case, geofencing raised concerns similar to those in Carpenter because even though the location data covered a much shorter period of time, the geofence wrapped in more people. But the geofencing data will strike many observers as much more limited than the 127-day tracking in Carpenter. The deidentified data revealed in this case is arguably more similar to the sort of tracking police can do when they observe people walking around on the street.

Most Fourth Amendment cases — including those involving new technology — are best understood as striking a grand bargain: The police need to be able to gather a little information without a warrant and probable cause to start building legitimate suspicion. They can engage in “shallow” investigations on a lot of people, and it’s only when the investigation goes deep into the personal spaces and details of an individual that a warrant becomes necessary.

Using this framing, it’s easier to make the case that the geofencing investigation was not a Fourth Amendment intrusion. Police routinely observe a little bit of information (including location and short-term movements) about many individuals, and these observations often do not even count as “searches” under constitutional law.

Unhappy about privacy laws? One teen showed how to force change.

Even when a search clearly does intrude on Fourth Amendment rights, the Supreme Court has allowed certain broad-but-thin investigations that lack probable cause when they are systematic and limited in scope. For example, the Supreme Court has decided that a temporary checkpoint can be set up to stop and question drivers to find drunk drivers or, more relevantly here, to get information related to a specific crime. In one such case, police had set up a checkpoint at the scene of a hit-and-run accident a week after the accident occurred in an attempt to find witnesses or other information related to the crime. Even though the checkpoint resulted in the “seizure” of each person who was stopped, the Supreme Court decided that the intrusion was small enough, and the purpose well-enough tethered to the facts of a particular crime, to justify the practice. Moreover, because checkpoints are uniform in application, they constrain police discretion and make it unlikely that police will abuse the procedure to target or harass a particular suspect.

Geofencing warrants are similarly systematic and tied to the facts of a crime. Courts analyzing them should take the opportunity to recognize the difference, in constitutional terms, between discretionary, suspect-driven fishing expeditions of data held by private companies and crime-driven investigations like this one. In the former, police identify suspicious people and attempt to connect them to crimes; in the latter, police follow the circumstances of a crime to find a suspect. If we want police to use more objective, less biased tools, geofenced data has much to offer.

After all, most traditional investigation practices are less efficacious and more privacy-violating that the geofence warrant process. In Chatrie’s case, before the detective approached Google for data, he first investigated a phone tip from a woman who claimed that an ex-boyfriend committed the crime; he also chased down a tip from a bank employee about somebody who owned a blue Buick Lacrosse that may have been used in the robbery. Both of these tips were dead ends. It is not clear what sorts of encounters and information-gathering the police used to rule out these two potential suspects, but the anxiety and privacy burden absorbed by them was almost certainly greater than the burden to the 18 individuals whose approximate movements in public during a one hour time span were disclosed in deidentified form.

To be clear, there are real issues that courts will need to resolve to set legal constraints on the use of geofence warrants. Legislators or courts may want to ensure that geofence warrants are temporally and geographically tailored. Perhaps they should be used only in the investigations of the most serious crimes. And as the location tracking technology gets better, geofences should be constructed to avoid revealing movements that occur inside homes. These would be sensible limitations. But a requirement of probable cause for every person within a geofence would effectively eliminate this investigative tool. Those who are instinctively against the use of geofence warrants should ask themselves, as a gut check, what they would prefer to have happened in this very case. Yes, 21st-century policing is a continuing experiment. But not every aspect of 20th-century-policing deserves to be entrenched.