Last Thursday, the Eastern District of Virginia in United States v. Chatrie, No. 19-cr-00130, 2022 WL 628905, denied a motion to suppress evidence obtained from Google pursuant to a geofence search warrant.  Geofence warrants are a relatively new investigative tool that target private companies' databases of location data, compelling these companies to produce the location data of every user that was in a particular area over a particular span of time.  The court invalidated the warrant for lack of particularized probable cause, but declined to suppress the evidence obtained from Google—which linked the defendant to the scene of a 2019 bank robbery—because the officers sought the warrant in good faith.

The 63-page opinion made extensive findings of fact regarding the geofence warrant at issue and Google's three-step warrant execution process.  For example, the court detailed how Google's Location History database, the Sensorvault, collects and stores location information from a variety of sources, including GPS, Bluetooth, cellular tower, IP address, and Wi-Fi.  Google users are prompted to opt-in to Location History when setting up a Google account or when setting up an application with Location History-powered features.  The kind of notice provided to the user at the point of opting in differs depending on which pathway the user took to enable the service.  While the record showed that the defendant had enabled Location History on his device, no one could determine how he enabled Location History or what information he was given when he did so.

The court also explained Google's three-step process for responding to geofence requests, which Google developed in collaboration with the Department of Justice's Computer Crime and Intellectual Property Section and other law enforcement agencies.  The protocol is as follows:

First, when Google receives a geofence warrant, it produces to law enforcement a de-identified list of all Google users whose Location History data registers an estimated location within the geographic boundaries of the geofence during the specified time frame.  In other words, Google produces the Location History data of the users whose "stored latitude/longitude coordinates fall within the radius described in the warrant."  Op. at 19.

Second, the Government reviews the de-identified data to determine devices of interest, and if it needs additional location information to determine whether a device "is actually relevant to the investigation," the Government can compel Google to provide additional location coordinates beyond the time and geographic scope of the original request.  Id. at 20-21.  In order for the Government to receive additional data outside the original scope, Google generally requires that the warrant explicitly expand that timeframe in its text.  In addition, Google typically requires that the Government narrow the number of users from the initial set so that it cannot "simply seek geographically unrestricted data for all users within the geofence."  Id. at 21.  Google does not have "firm policy as to precisely when a Step 2 request is sufficiently narrow," but it generally accepts a request asking for a smaller number of devices than the full produced set.  Id.

Third, the Government can compel Google to provide account-identifying information (including the name and email address associated with the account) for users that law enforcement determines are relevant to the investigation.  Here, Google also prefers that law enforcement request this data on fewer users than the previous step, but it will approve a request that is not narrowed from the second step.

The warrant in Chatrie sought data for an area with a 150-meter radius (encompassing roughly 17.5 acres) for a one hour period on the day of the bank robbery.  The execution of the warrant implicated the data of many Google users, including the defendant.

In its analysis, the court declined to "wade into the murky waters" of whether the defendant had a reasonable expectation of privacy in the data sought by the warrant (and, by extension, whether the Government's request was a "search") because the court was independently denying the motion to suppress on good faith grounds.  Id. at 35-36.

However, the court described its "deep concern . . . that current Fourth Amendment doctrine may be materially lagging behind technological innovations."  Id. at 36.  In particular, the court noted its concerns with the "expansive, detailed, and retrospective nature of Google location data" and the inability of individuals caught in a geofence to assert privacy rights unless subsequently charged with a crime, in which case they could seek suppression of the evidence.  Id. at 36-37.  With respect to the third party doctrine, the court explained that it "simply cannot determine whether Chatrie 'voluntarily' agreed to disclose his Location History based on this murky, indeterminate record," and expressed broad "skepticism about the application of the third-party doctrine to geofence technology."  Id. at 52.

For the purposes of the rest of its Fourth Amendment analysis, the court assumed without deciding that the Government's collection of Sensorvault data was a search.  The court then held that the Government did not establish probable cause to search every person within the geofenced area, explaining that the Fourth Circuit has "clearly articulated that warrants, like this one, that authorize the search of every person within a particular area must establish probable cause to search every one of those persons."  Id. at 38-39.  The court also cited to Ybarra v. Illinois, 444 U.S. 85 (1979), for the proposition that mere proximity to others suspected of criminal activity does not create probable cause to search that person.

The court then held that the second and third steps of the multistep warrant execution cannot "cure" or "buttress" the warrant's defects as to probable cause; rather, these steps "provided law enforcement and Google with unbridled discretion to decide which accounts will be subject to further intrusions" and thus "fail independently under the Fourth Amendment's particularity prong."  Op. at 39.  In so holding, the court contrasted the warrant at issue in Chatrie with the one in In re Search of Information That Is Stored at the Premises Controlled by Google LLC, No. 21-sc-3217, 2021 WL 6196136 (D.D.C. Dec. 30, 2021).  The court noted that the Chatrie warrant authorized iterative productions of data without further judicial involvement after the initial warrant was approved.  By contrast, the warrant in the D.C. case forced the Government to identify to the court devices it believed belonged to the perpetrator, and then the court could order, at its discretion, Google to disclose personal identifying information to the Government.

Turning last to the good faith exception to the Fourth Amendment exclusionary remedy, the court ultimately denied suppression because, faced with a novel investigative technique, the court could not deem the warrant facially deficient "where the legality of an investigative technique is unclear."  Op. at 56.  The court explained that "in light of the complexities of this case, [the officer's] prior acquisition of three similar warrants, and his consultation with Government attorneys before obtaining those warrants, the Court cannot say that [the officer's] reliance on the instant warrant was objectively unreasonable."  Id. at 57.

The court closed the opinion by noting that despite its finding of good faith, "the Court nonetheless strongly cautions that this exception may not carry the day in the future," explaining that it "will not simply rubber stamp geofence warrants."  Id. at 62.  There is no indication yet whether this decision will be appealed.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.