Amy Howe, writing at the ever-excellent SCOTUSblog:
The Supreme Court on Monday ruled that when law enforcement
officials used a “geofence warrant” — a warrant that instructed
Google to provide location data for cellphone users who were near
a particular place during a specific time period — to obtain
evidence used to convict a Virginia man of a 2019 bank robbery,
they conducted a “search” for purposes of the Fourth Amendment. By
a vote of 6-3, the justices sent Okello Chatrie’s case back to the
lower court for it to consider whether, as the Fourth Amendment
requires, the search was “reasonable.”Writing for the majority, Justice Elena Kagan emphasized that
“[a]n individual has a reasonable expectation of privacy in
records about his cell phone’s location, and police intrude on
that constitutionally protected interest when they demand the
information — even though for only a limited time, and from a
third-party tech company.” […]The issue at the center of Chatrie v. United States arose
after a man armed with a gun entered a federal credit union
outside Richmond, Virginia, and gave the teller a note demanding
money. He made off with nearly $200,000, but law enforcement
officials did not have any leads until they served Google with a
geofence warrant, which directed the tech company to provide
location data for cellphone users who were near the bank at the
time of the robbery.
I agree, wholeheartedly, with the decision. Howe’s coverage, being at SCOTUSblog, is unsurprisingly concerned with the legal aspects. But I’m also fascinated by the technical aspects. It’s remarkable — and regrettable — that Google had this geofence information in the first place. The data was part of a grossly invasive and ill-conceived feature Google called “Location History”, and was used to power a feature called “Timeline” in Google Maps. The data was stored unencrypted by Google in the cloud, tied to your Google account, thus making it available to these geofence warrants.
Back in December 2023 Google announced that it was changing the way it stored this data, defaulting instead to on-device storage and using end-to-end encryption (that Google itself cannot decrypt) for location data it holds online. This change had long been advocated by the EFF, which celebrated Google’s policy change. (Notably, Chatrie robbed that credit union in 2019.)
Most people have an unshakeable belief in the widely-held misconception that “everything” we do — everywhere we go, even everything we say — in the presence of our phones is tracked and recorded, and traceable back to us individually. It’s not at all ridiculous that this belief is so common, given that it is technically feasible. Our phones are precise GPS devices, they do have good microphones, and they are (almost) always connected to cellular and/or Wi-Fi networks. And the surveillance advertising industrial complex — primarily Meta and Google — is so uncannily good at serving ads based on our recent personal interests that the most obvious explanation for how they do it is “they listen to us and track us and record everything we do”. That’s not how they do it. But “they listen to us and track us and record everything we do” is an explanation that everyone can easily understand. If that were how Meta and Google served targeted ads to us, everyone could understand how the ads are so often so uncannily and creepily accurate. The way it actually works is complex and complicated, and thus in the realm of Arthur C. Clarke’s maxim that “any sufficiently advanced technology is indistinguishable from magic”. Incorrect explanations that people understand resonate and take hold and become entrenched beliefs; correct explanations that people don’t understand are dismissed and are not believed. (Exhibit A: evolution.) This is why it is such a precious gift to be able to explain complex technical and scientific subject matter in ways that many people can understand.1
And lo, now here’s a Supreme Court case showing that when the police asked for a list of people whose phones were near a particular bank at a particular time on a particular day, Google had that information and handed it over. Chatrie v. United States is not a particularly celebrated case, but this will only contribute to the entrenching of superstitious incorrect conspiracy theories about the data that “they” — big tech companies — collect about us.
But Google no longer collects this information in a way that is susceptible to geofence warrants, and, more importantly, Apple never did. From my own December 2023 post on Google’s decision to change how it collects this data to ensure privacy:
The reason these overly broad geofence warrants “almost always”
were specific to Google is that Apple never collected location
data that could be collected in the aggregate like this. From
Apple’s most recent government transparency report
(PDF), covering the first half of 2022:Apple may also receive requests from government agencies seeking
customer data related to specific latitude and longitudes
coordinates (geofence) for a specified time period. Apple does
not have any data to provide in response to geofence requests.I checked with a source at Apple, and they believe they have never
collected or stored geolocation data in a manner that can be
linked to groups of individuals in a certain area or areas.
So the whole question of geofence-warrant fishing expeditions may have been obviated two years ago by Google for Android users, and was never an issue for iPhone users. Unless, perhaps, they used the Google Maps app on their iPhones and granted it the “always on” location access that it asks for. I suspect, but do not know, that iPhone users who granted “always on” location access to Google Maps (or any other Google iOS app that asked for it? — all of their iOS apps seem to ask for location permissions, but I don’t know how many other than Google Maps ask for always-on access) were just as susceptible to these geofence warrants as Android users.
This decision should still serve as good precedent for location data held by other companies, and I hope the decision serves as good precedent for any personally identifying searchable digital information susceptible to fishing-expedition warrants in general.
But the bottom line is: Apple has never held data tracking your location, and while Google did, they no longer do.
-
It’s good for the expert, too, to prove that they can explain complex subject matter at the level of a freshman lecture — which is the only to prove that they truly understand it themselves. ↩︎
