Geofence Warrants: The Last Piece of the Location Privacy Puzzle

The need for location privacy legislation has been growing in importance since the Supreme Court issued a landmark ruling in Carpenter v. United States in 2018. That decision enshrined the right to privacy in public by requiring a warrant when the government seeks to track individuals by using their cell phone location data. But since then, loopholes have eaten away at this vital protection. And last week, prompted by the Project On Government Oversight (POGO) and a set of civil liberties allies, Google issued a shocking new transparency report that revealed how often law enforcement is using a dangerous location tracking tool to monitor large groups of individuals.

This news shows the urgency of enacting comprehensive legislation to rein in this type of invasive surveillance.

After Carpenter, law enforcement entities found a number of workarounds to circumvent the warrant rule. Many began purchasing cell phone location information from data brokers — a practice equivalent to giving a landlord a handful of cash to access someone’s apartment instead of getting a search warrant for it.

Many law enforcement agencies also use “stingrays,” devices that mimic cell towers and grab identifying data from all cell phones in an area. Generally deployed without any special safeguards, stingrays’ use is governed by the same rules that apply to tracking a single suspect’s cell phone. But because stingrays grab the location data of every phone in an area, they cause serious collateral damage to privacy, and can be abused to target events like protests. These unique risks make it critical to place additional safeguards on stingrays, similar to the “super warrant” for wiretaps that require first deploying less invasive methods and purging data that’s not relevant to an investigation.

And then there are geofence warrants: government demands for companies to provide historical location data on all cellphones in an area. Because they grab location data en masse from large groups of individuals not suspected of wrongdoing, geofence warrants raise many of the same risks as stingrays.

Newly revealed data shows how urgently reform is needed. Last week, Google responded to calls by a civil liberties coalition, including POGO, to issue a report of how often it receives geofence demands. The results were stunning.

Last year alone, the company received over 11,550 geofence warrants from federal, state, and local law enforcement. Each one of these orders could sweep in hundreds or thousands of people, or be used to monitor sensitive events such as protests, political rallies, or religious gatherings.

The good news is that Congress is working to address some of the gaps exploited by law enforcement in the wake of Carpenter. The Fourth Amendment Is Not For Sale Act would prohibit buying private data that generally requires a warrant to obtain, and the Cell-Site Simulator Warrant Act would establish “super warrant” requirements for stingrays.

However, there is currently no legislation that addresses the danger posed by geofence warrants. Like stingrays, law enforcement demands for geofence data risk sweeping in sensitive data about large groups of people not suspected of wrongdoing. Legislation built around a super warrant requirement could effectively mitigate the dangers that geofence warrants pose, and serve as an important companion to the two bills already under consideration.

POGO will continue to push for comprehensive limits to protect individuals from overbroad government surveillance. As the latest data from Google makes clear, law enforcement’s reliance on geofence warrants means a comprehensive approach is needed to plug the loopholes left in the Carpenter ruling.