Adding to the growing number of courts that have struck down the procedures that Google and law enforcement have put in place for “geofence warrants,” a California trial court recently suppressed evidence obtained via such a warrant. The court found that the warrant was not sufficiently particularized in several respects and that the multi-step winnowing practice that is the hallmark of geofence warrants requires ongoing judicial supervision. However, unlike some other courts that have questioned whether geofence warrants ever comport with the Fourth Amendment, this court side-stepped some of the more thorny questions and provided a roadmap on how it believes law enforcement can cure the noted defects going forward.
The case is People v. Dawes and involved a residential burglary investigation in San Francisco. Using information from the victim and neighbors’ surveillance videos, law enforcement narrowed the time frame during which the burglary occurred and obtained a geofence warrant for Google data. The warrant authorized the following three-step process, which was formulated by negotiations between Google and CCIPS (the Department of Justice’s Computer Crimes and Intellectual Property Section):
- Based on other investigative techniques, law enforcement created a virtual geofence zone around the crime area and requested a deidentified list of cell phones in the zone at the relevant time;
- Law enforcement then reviewed the anonymized list to eliminate cell phones law enforcement deemed irrelevant (based on factors not described), and, without further court involvement, required Google to disclose additional location data (outside the zone specified in the warrant) for phones of interest, including outside the time period specified in the warrant; and
- Finally, law enforcement, again without court involvement, required Google to provide basic subscriber information identifying the owners of selected cell phones law enforcement deems relevant.
After receiving 9 deidentified devices in the first step, law enforcement identified 6 of the 9 as relevant in Step 2, asking for additional information. After receiving the additional information, law enforcement narrowed their demand for subscriber information in Step 3 to one device – the defendant’s.
In ruling on the defendant’s motion to suppress, the Court found that, regardless of whether the defendant had a reasonable expectation of privacy in his location data under the Fourth Amendment to the U.S. Constitution (on which it did not take a position), he did under California’s CalECPA, and thus a search warrant was necessary.
The Court then determined that, although the warrant in this case was supported by probable cause – in its view, the relevant inquiry was whether there was probable cause that the crime occurred and that Google stored data that may assist in identifying the suspects (as we point out here and here, query whether that’s the right inquiry) – it was not sufficiently particular in describing the “items to be seized” and the “place to be searched” because it did not provide “specific information as to Location History as a Google service and how Google collects and stores users’ geolocation data in its Sensorvault servers” and the geographic area identified surrounding the victim’s home was too broadly drawn.
Additionally, the Court held that the procedure whereby law enforcement sought additional information in Steps 2 and 3 without further judicial oversight and authorization violated the Fourth Amendment’s overbreadth and reasonableness requirements, “essentially permit[ting] exploratory rummaging of innocent people’s location information.” Thus, in this Court’s view, law enforcement must now seek a new warrant, not only to “unmask” the devices identified in Step 3 (as some other courts have held), but also to get the additional information to narrow the field at Step 2.
Finally, the Court held that, although law enforcement acted in good faith, and thus the Supreme Court’s decision in Leon may have saved the case from suppression against a Fourth Amendment violation, there is no such good faith exception to the exclusionary rule for a statutory violation of CalECPA. This could be a boon for criminal defendants in cases already in the pipeline.