Season 2, Episode 52 of #CaseoftheWeek tackles Geofence warrants, and the matter we are analyzing is In the Matter of the Search of Info that is Stored at the Premises Controlled by Google LLC. CEO Kelly Twigger discusses what the meaning of Geofence is, how the location data from your cell phone can be used to track your location even when you opt out via privacy settings, and how the government can get that data. The decision is from December 30, 2021 and the matter was presided over by United States Magistrate Judge G. Michael Harvey.
Good morning and welcome to our #CaseoftheWeek for January 11, 2022. My name is Kelly Twigger. I am the CEO of eDiscovery Assistant and the principal at ESI Attorneys, and I’m so happy to be here with you today. Thanks so much for joining me.
Through our partnership with ACEDS each week, we choose a recent decision in eDiscovery that highlights some key issues for Litigators to pay attention to and those involved in the eDiscovery process. We talk about the practical implications of that decision for you, your clients, upcoming matters that you may have.
Today’s decision is an interesting one on Geofence warrants and while it’s in the criminal context, there are implications for sources of ESI in the civil context. You’re going to want to pay attention. Lots of great information today.
We are in the process of working with Doug Austin and eDiscovery Today to produce the 2021 Case Law Report, which will be available for download, probably in February. All right, let’s get into this week’s decision.
This week’s decision is from December 30, 2021, so very recent. It is from the District Court in the District of Columbia from United States Magistrate Judge Michael Harvey. This is one of 16 decisions that we have in our database from Judge Harvey, so he has ruled on a number of complex eDiscovery decisions really kind of picking up from where Judge Facciola left off after his retirement and all of the amazing eDiscovery decisions that he authored.
Issue tags for this case, which we add to every decision in the eDiscovery Assistant database include:
- Internet of Things,
- Scope of Warrant,
- Mobile device, and
All right, let’s talk about a little bit about the scope of what this case involves. On October 16th, 2021, the Magistrate Judge was presented with a warrant from the federal government that asked the following question commonly referred to as a geofence warrant, the government’s application asks the Court to direct the technology company Google to identify through a multistep process the cell phone users that crossed into a defined geographic area around where the criminal activity under investigation occurred. This is not a warrant for a specific mobile device. This is a warrant to be directed to Google to provide information about what users were in a particular location as defined on a satellite map during particular times based on what the government knows about the criminal activity that occurred. The question that we’re really facing with this decision is what was the underlying basis for the Court’s granting of this warrant back in October. This decision before us is a written decision from the Court doing the analysis of why it granted the geofence warrant in October, directing Google to provide information to the federal government.
Now the Court really does, and I would encourage you to read this decision, it’s a little bit longer and you can kind of skip through some of the analysis where the Court just literally lists all of the decisions on which it’s basing its case, but it talks about the fact that there’s very little case law on the legality of geofence warrants, and it seems like that was really the judge’s motivation for authoring this rich decision was to provide some basis for that.
The Court notes that there are only four decisions that the Court found where a geofence warrant was denied. And the Court really then goes into some statistics about the use of mobile phones and location information that’s very crucial and critical for you to be considering whether you’re in the criminal or the civil context.
According to a recent report, this is part of the Court’s opinion, Google received over 11,554 geofence warrants in 2020. That’s up from 982 in 2018, and as of August 2021, they comprised nearly a quarter of all of the warrants served on Google. Each of those warrants was authorized by a judge. According to the Court, it would appear that many more geofence warrants are being granted by courts than are being denied.
Now, this application was made on October 6th. On October 13th, 2021, the Court granted the geofence warrant application at issue from the federal government in this case. And again, this decision that we’re talking about today really explains the Court’s basis for that as to why it was granted and also adds to the limited federal case law discussing the legality of such warrants. Really, this is the judge’s opportunity to start to create a better body of case law around the legality of geofence warrants.
Now the Court goes into some background that really talks about why geofence warrants have become a thing. Soon after the advent of smartphones with the capability to track the location of their users, law enforcement sought warrants and other legal process to obtain GPS data, which is data that cell phones collect to track their users who are known to be engaging in criminal activity. With GPS data, you’re really looking at a specific device for a specific user. Those warrants were often referred to as GPS warrants and are at this point in the dialogue routine. They are frequently authorized to permit law enforcement to track a known or suspected drug dealer cellphone to assist in locating the dealers’ points of sale, drug stash houses, suppliers, or co-conspirators. This type of warrant that we’re talking about here is very different. It has been termed a “reverse location” warrant, and essentially the perpetrator of the crime is unknown to law enforcement, and the warrant identifies the geographic location where criminal activity happened and seeks to identify the cell phone users at that location where the crime occurred. This geofence is the boundary of the area where the criminal activity occurred as drawn by the government using geolocation coordinates on a satellite map, a visual of which is then attached to the warrant.
Understanding that, really what we’re talking about is the government knows that there’s criminal activity that has occurred in a specific location, and what it’s trying to determine is whether suspects that it has are in that location using this geofencing technology.
Now, the Court notes a few things about the geofence. The fence’s boundary is quite flexible. Any shape or size can be drawn using geographic coordinates, including rectangles, triangles, other regular shapes like the perimeter of a building or the length of a street. So, there’s really no limit on how a geofence can be constructed on a purpose of a map. It really needs to be based, as the Court goes on to discuss, on the particular circumstances that are being sought for this warrant.
The Court goes on to say that circles can be constructed by instructing, Google or other companies that store location information to collect data from a certain radius around a fixed point. We’ve all used our little tools to draw a point, and then we draw a circle around that point. The geofence is also bound by a time window, which is dictated by when the crime is believed to have occurred. For example, it could be right now Tuesday morning at 09:30 a.m. Mountain time until 11:00 a.m. MT. That may be your window. Time periods are also flexible. They can be as narrow or as broad as the facts of the criminal activity required and the law really permits.
Then the Court next goes into a discussion of how Google obtains geolocation information from cell phone, as well as being able to tie that geolocation information to the identity of users. This is really important because this is where you need to be thinking about the types of information that are available from a GPS or geolocation on cell phones that may be for witnesses that are involved in your cases, whether they are criminal or civil, you still got the same kind of implications. The ability to get to the information is different in a criminal context where you’ve got the Fourth Amendment and the government has an ability to search and seize information versus in a civil context where you do not have that ability.
How does Google go about getting this information? Quoting the Supreme Court in a seminal decision in Riley, the Court states that “cell phones are basically mini computers that also happen to have the capacity to be used as a telephone.” That’s very accurate, I think if you think about your cell phone and all the things that you do with it. It really is. It’s just a mini computer. Like all computers, cell phones, including phones with Google’s Android operating system, need to connect with a variety of other devices in order to be able to function. When using the map function, if you’re using Google Maps, Google operating system phones use an internal GPS to ascertain the phone’s exact location. When Google operating system phones connect to the Internet via WiFi or scan their environments for Bluetooth devices or use GPS, they send that information on the phone’s location to Google directly. Google uses that information to calculate the device’s estimated latitude and longitude and makes this information available for viewing by the phone’s user in a service called Location History. Now, what’s important to note here is that although that location history resides on the mobile device itself, that location information is also stored on Google servers. I don’t know if you knew that, and we’re going to find out that even if you turn your Privacy settings on to stop location tracking, location tracking is still being done by your device, and that information is still being transmitted to Google.
Now, phone users must opt into the location history service, and Google has said that as of 2019, about a third of Google users had done so. But even when those users opt out of location history or other location tracking, Google can still track and store that device’s location data. Google also collects location information from phones that do not use Google operating systems, for example, iPhones like I have, but nevertheless use Google’s applications such as Gmail, YouTube, Google Maps, and Google’s Internet browser Chrome. If you have an iPhone and you’re using any of Google’s applications, that location information is being transmitted back to Google, regardless of the fact that you’re not using Google’s operating system.
Now, statistically, Google’s Android operating system is used by nearly 74% of the world’s smartphone market and with a market share of approximately 46% in the United States, because iPhone users who represent 23% of the worldwide market and 54% of the domestic market also utilize Google applications on their devices, Google’s cache of location information is even greater than it’s already substantial market share suggests. Using those statistics, you’ve got 74% of the world’s population providing location information to Google, and specifically, you’ve got about 46% of those in the US. But again, we’re saying that Google is also tracking location information from iPhone users who are using Google application. You’ve got roughly 54% plus another 46%, that’s 99% basically of the market, or 100% of the market.
Now, the cellphone location information that Google collects is very accurate. Within 20 meters, according to Google. Google says that it aims to accurately capture the location of at least 68% of its users. When Google searches its servers for the devices within the defined location boundary, a device that is outside of the boundaries of the geofence may be listed as within the boundaries of the fence due to imprecision in calculating the device’s exact location. Conversely, a device that was within the geofence may not be recorded as being there. Google aim to correctly locate about two thirds or more of its users. If this geofence is created, if there’s a boundary created, say that boundary was created around my house, then the question is whether or not the devices that are actually located within that geofence around my house would be properly determined to be here by Google. What Google is saying is there’s a 20 meters plus or minus that they may get or may not get. Some phones may be in the geofence and some may be outside of it.
Now, Google then connects the location to a user by collecting a phone user’s information, when the user registers for a Google account. In the registration process, the user provides Google with their name, physical address, email address, and bank information in some instances, among other identifying information. That account registration process is critical because many of Google’s key applications and features are accessible only to users who have signed into their Google account. Others, including YouTube and Google Maps, are of limited functionality if the user is not signed into their Google account. When the location history is enabled, the location information that Google collects from a device is associated with the account being used on the device, and that account can be traced back to a particular user with the information that’s provided during the registration process. If you have a Gmail account and you’re using Google Maps on an iOS device, an iPhone using Apple’s iOS operating system, your information is still being tracked to Google.
In summary, the geofence warrant really works like this. Phones with Google operating systems and Google applications communicate location information to Google through use of common phone applications and other functions, including use of WiFi, Bluetooth, and GPS. That location information is then associated with the device and the device can be tracked to a particular account or account holder who has signed in on the device. The search warrant here is ultimately asking for information that can be used to identify the account holder associated with devices that Google has located within a certain geographic area and during a specific time window set by the government.
Let’s talk specifics about the warrant that’s at issue here and how that geofencing is constructed and whether the Court allows this warrant based on its analysis.
The location that is set up for this particular warrant is a triangle on a satellite map, with the government seeking roughly 185 minutes of geofence data for the geofenced area. It ranges between two to 27 minutes on eight days over a five-and-a-half-month period. The government can be relatively precise about the data that it requests because it has obtained CCTV footage from inside the center showing the criminal activity as it occurs and that footage shows suspects using their cell phones in some cases, more than one phone when they engaged in that activity. Those facts are really crucial because other times we have warrants where we have no video footage that shows the suspects using cell phones, or that even puts the suspects in that place.
Now, the government came to the Court and requested this geofence warrant with a protocol that the Court had issues with. The protocol essentially allowed the government to have Google provide the identities of the users that it found within the geofence location and those time periods without any oversight from the Court. The Court objected to that. I think from a consumer perspective from someone who has kids who use cell phones, I think that’s a good thing that this protocol was required to go through the Court so the Court could determine whether, in fact, specific individuals that were identified in the geofence locations information should have been provided to the government.
Instead of allowing the process that the government proposed. What the Court said is, you can have the devices identified in the geofence area during the time period is requested, and Google can then create an anonymized Identifier for a device with location timestamp and sources of data that were derived at that location, but you cannot have account Identifiers. So, the government can review the list of those anonymized Identifiers and then has to come to the Court to ask for specific Identifier information, including basic subscriber information like email address, which the Court then orders Google to produce. Essentially, what the Court says here is you don’t get to do this on your own and have everybody’s information in that geofence. You need to look at the anonymized Identifiers, link them up with what you already know about the criminal activity, and come to the Court with a reasonable basis for us to give you that information. The Court really does that evaluation to meet the Fourth Amendment Privacy protections. Then they go into an evaluation of the warrant under the Fourth Amendment. The Court really starts by saying that the government is required to provide both probable cause and sufficient specific particularity with requirements of what it is that they’re looking for on the warrant in order to be able to meet the Fourth Amendment requirements.
The Court goes into a long discussion about probable cause and particularity and specifically states that a warrant is not constitutionally over broad so long as the time, location, and overall scope of the search are consistent with probable cause set forth in the warrant application and as to particularity, the warrant must allow officers to seize only evidence of a particular crime.
Now, the one thing that’s consistent here with civil law is that the touchstone of the Fourth Amendment is still reasonableness and reasonableness is what we’re constantly talking about when we talk about eDiscovery in the civil context as well. Reasonableness here is determined by assessing the degree to which it intrudes upon the individual’s Privacy and, on the other, the degree to which it is needed to promote legitimate government interests.
Now, the Court found, and we know this already because the Court already granted the warrant back in October, but the Court found that the government made a showing that probable cause existed because it showed both that a federal crime had occurred and that there was a fair probability that the search of Google servers would provide the identities of the suspects inside the center based on the video footage that they had from the closed caption TV and that the suspects were using their phones during the windows in the footage and that was really key as to how the Court distinguished other cases which had denied geofence warrants. So, because the CCTV footage here showed the suspects in the location and using their phones, it was very easy for the Court to say we can give you this anonymizer identification to tie these people to individual accounts, because we have enough evidence to meet the reasonableness and probable cause requirements.
Now, the Court says something that I think is really interesting here and this is a quote they say that “the core inquiry here is probability, not certainty, and it is eminently reasonable to assume that criminals, like the rest of society possess and use cellphones to go about their daily business.” The reason that strikes me is that’s pretty broad, and that strikes me as being problematic from a scope perspective of when we’re starting to cross the line of Privacy, and in this particular instance, because of the evidence that exists here, I don’t take any issues with this warrant being issued, but I think that as parents, as consumers, as users of cell phone, we should all be very concerned about the level of Privacy of the information that we are creating and where that information lives and how it can be provided to be used against us at some point. That’s what you need to be thinking about in the context of litigation.
The Court goes on for a bit to talk about more specifics related to probable cause in particularity, and I’ve outlined some of that information, but I’m going to skip over it a little bit because I don’t want us to get lost in the Fourth Amendment analysis.
We talked that the Court essentially said with regard to probable cause, that there is a fair probability that the suspects were inside the geofence, they were using their cell phones inside the geofence, that those phones communicated location information to Google, and that Google can trace that information back to a particular device, account holder or subscriber, and that gives probable cause that the search will produce evidence useful to the government’s investigation of the criminal activity. Probable cause exists. With regard to particularity, the Court found that this was met as the warrant set forth eight distinct categories of information, “that constitutes evidence of violation of the crimes under investigation, and it created an appropriate window of time and location that is not overly broad but confined to the breadth of the probable cause that supports it.” That’s a really key quote that I think if you’re looking at getting GPS location data in the civil context that you’re also going to want to be able to state, you’re going to want to state that you’ve got a very specific particular date and time function that you’re looking at. Perhaps a witness testified they were not in a particular location, and now you want to seek their device data to determine whether they were in that location on that specific date. I think that language from the Court is something to really think about when you’re crafting a request for GPS data in the civil context.
Now, the Court then looks at the Privacy considerations of non-suspects that are caught in the geofence, and these are kind of the issues that I was raising to you from my perspective that I think are a problem. The Court says that against the backdrop of this warrant and given the often inherently intrusive task that is evidence gathering, it is neither novel nor surprising that reasonable searches intrude upon the Privacy interests of individuals who are not the target of the criminal investigation. But the Court goes on to say that “the Fourth Amendment was not enacted to squelch reasonable investigative techniques because of the likelihood or even certainty that the Privacy interests of third parties uninvolved in criminal activity would be implicated.”
Now, that’s where we kind of hit the line right. Where does the line blur between Privacy interests of individuals and not? The Court did find that, in contrast to other published cases on geofence warrants, that the request for location information here did not have the potential of sweeping up the location data of a substantial number of uninvolved persons. That instead the process of having the Court review the requested data, tying location to an actual user ameliorated any concern about Privacy rights of nonsuspects that had been captured in the geofence. That’s how the Court addresses the Privacy considerations.
All right, what are the takeaways from here? Well, we talked about them a little bit, but the idea that Google collects location data, even when location settings are turned off, is key information that you really need to know when you’re thinking about potentially placing a witness at a particular location at a time. There are multiple types of litigation where GPS data comes into play. Oftentimes we’ve got personal injury cases, automobile accidents, divorce proceedings where a witness testifies, they’re in one place, and they’re really not. Anytime the location of a device or a witness may be of value that data is available through the specific device from that witness only. The difference being here is that while you can’t get information from Google in a civil matter, you won’t get information from Google if you send them a subpoena in a civil matter, a forensic analysis of a mobile device can reveal the same geographic or location information that can be helpful in many types of civil cases. You’re going to want to do an analysis of that phone, but you’re also going to have to make a case for why you should be entitled to the GPS location information on that device.
This case really teaches us about geofencing capability and with all the data points and as technology develops, there are tools that will allow you to do a similar analysis in a civil context for devices that you have access to, whether that’s via subpoena or via court order or just because you agree to provide them in litigation. Again, it’s device driven, not database driven as it would be in a criminal context. You cannot go and get this location information from Google in a civil context.
Last takeaway is to really keep your eyes open for when the location of a particular user or a device may be useful. That’s another source of ESI that you need to be thinking about as you’re putting together your discovery plan early on in the case. We always say start with your jury instructions, start with what you want to stand in front of a jury of twelve people and tell them, and then backtrack from there. Where do you find the information with all of those facts that you want to present to the jury? Who has it? Where does it exist? Is it in a database? Is it on a mobile device? Is it an email and how are you going to get to that information effectively? That helps you create your discovery plan.
All right, that’s our #CaseoftheWeek for this week. Thanks so much for joining me. We’ll be back again next week with another decision from our eDiscovery Assistant database.
If you are an ACEDS member and interested in using eDiscovery Assistant, there is a discount available to current ACEDS members and a trial for folks who are taking the ACEDS exam. If you’re interested in either of those, you can drop us a line at ACEDS@eDiscoveryAssistant.com and one of our team will be in touch. If you’re interested in doing a free trial of our case law and Resource database and are not an ACEDS member, you can just jump to the upper right hand corner and can click on the Free Trial button to get started with a 14-day free trial.
Thanks so much. Stay safe and healthy out there and have a great week.
Watch Next Episode Live
Catch the Replay
You’ll be able to read episode summaries and watch the recorded show right here on the eDiscovery Assistant blog or access the recorded versions from the ACEDS social media channels.