Last Thursday, the Eastern District of Virginia in United States v. Chatrie, No. 19-cr-00130, 2022 WL 628905, denied a motion to suppress evidence obtained from Google pursuant to a geofence search warrant.  Geofence warrants are a relatively new investigative tool that target private companies’ databases of location data, compelling these companies to produce the location data of every user that was in a particular area over a particular span of time.  The court invalidated the warrant for lack of particularized probable cause, but declined to suppress the evidence obtained from Google—which linked the defendant to the scene of a 2019 bank robbery—because the officers sought the warrant in good faith.

The 63-page opinion made extensive findings of fact regarding the geofence warrant at issue and Google’s three-step warrant execution process.  For example, the court detailed how Google’s Location History database, the Sensorvault, collects and stores location information from a variety of sources, including GPS, Bluetooth, cellular tower, IP address, and Wi-Fi.  Google users are prompted to opt-in to Location History when setting up a Google account or when setting up an application with Location History-powered features.  The kind of notice provided to the user at the point of opting in differs depending on which pathway the user took to enable the service.  While the record showed that the defendant had enabled Location History on his device, no one could determine how he enabled Location History or what information he was given when he did so.

The court also explained Google’s three-step process for responding to geofence requests, which Google developed in collaboration with the Department of Justice’s Computer Crime and Intellectual Property Section and other law enforcement agencies.  The protocol is as follows:

First, when Google receives a geofence warrant, it produces to law enforcement a de-identified list of all Google users whose Location History data registers an estimated location within the geographic boundaries of the geofence during the specified time frame.  In other words, Google produces the Location History data of the users whose “stored latitude/longitude coordinates fall within the radius described in the warrant.”  Op. at 19.

Second, the Government reviews the de-identified data to determine devices of interest, and if it needs additional location information to determine whether a device “is actually relevant to the investigation,” the Government can compel Google to provide additional location coordinates beyond the time and geographic scope of the original request.  Id. at 20-21.  In order for the Government to receive additional data outside the original scope, Google generally requires that the warrant explicitly expand that timeframe in its text.  In addition, Google typically requires that the Government narrow the number of users from the initial set so that it cannot “simply seek geographically unrestricted data for all users within the geofence.”  Id. at 21.  Google does not have “firm policy as to precisely when a Step 2 request is sufficiently narrow,” but it generally accepts a request asking for a smaller number of devices than the full produced set.  Id.

Third, the Government can compel Google to provide account-identifying information (including the name and email address associated with the account) for users that law enforcement determines are relevant to the investigation.  Here, Google also prefers that law enforcement request this data on fewer users than the previous step, but it will approve a request that is not narrowed from the second step.

The warrant in Chatrie sought data for an area with a 150-meter radius (encompassing roughly 17.5 acres) for a one hour period on the day of the bank robbery.  The execution of the warrant implicated the data of many Google users, including the defendant.

In its analysis, the court declined to “wade into the murky waters” of whether the defendant had a reasonable expectation of privacy in the data sought by the warrant (and, by extension, whether the Government’s request was a “search”) because the court was independently denying the motion to suppress on good faith grounds.  Id. at 35-36.

However, the court described its “deep concern . . . that current Fourth Amendment doctrine may be materially lagging behind technological innovations.”  Id. at 36.  In particular, the court noted its concerns with the “expansive, detailed, and retrospective nature of Google location data” and the inability of individuals caught in a geofence to assert privacy rights unless subsequently charged with a crime, in which case they could seek suppression of the evidence.  Id. at 36-37.  With respect to the third party doctrine, the court explained that it “simply cannot determine whether Chatrie ‘voluntarily’ agreed to disclose his Location History based on this murky, indeterminate record,” and expressed broad “skepticism about the application of the third-party doctrine to geofence technology.”  Id. at 52.

For the purposes of the rest of its Fourth Amendment analysis, the court assumed without deciding that the Government’s collection of Sensorvault data was a search.  The court then held that the Government did not establish probable cause to search every person within the geofenced area, explaining that the Fourth Circuit has “clearly articulated that warrants, like this one, that authorize the search of every person within a particular area must establish probable cause to search every one of those persons.”  Id. at 38-39.  The court also cited to Ybarra v. Illinois, 444 U.S. 85 (1979), for the proposition that mere proximity to others suspected of criminal activity does not create probable cause to search that person.

The court then held that the second and third steps of the multistep warrant execution cannot “cure” or “buttress” the warrant’s defects as to probable cause; rather, these steps “provided law enforcement and Google with unbridled discretion to decide which accounts will be subject to further intrusions” and thus “fail independently under the Fourth Amendment’s particularity prong.”  Op. at 39.  In so holding, the court contrasted the warrant at issue in Chatrie with the one in In re Search of Information That Is Stored at the Premises Controlled by Google LLC, No. 21-sc-3217, 2021 WL 6196136 (D.D.C. Dec. 30, 2021).  The court noted that the Chatrie warrant authorized iterative productions of data without further judicial involvement after the initial warrant was approved.  By contrast, the warrant in the D.C. case forced the Government to identify to the court devices it believed belonged to the perpetrator, and then the court could order, at its discretion, Google to disclose personal identifying information to the Government.

Turning last to the good faith exception to the Fourth Amendment exclusionary remedy, the court ultimately denied suppression because, faced with a novel investigative technique, the court could not deem the warrant facially deficient “where the legality of an investigative technique is unclear.”  Op. at 56.  The court explained that “in light of the complexities of this case, [the officer’s] prior acquisition of three similar warrants, and his consultation with Government attorneys before obtaining those warrants, the Court cannot say that [the officer’s] reliance on the instant warrant was objectively unreasonable.”  Id. at 57.

The court closed the opinion by noting that despite its finding of good faith, “the Court nonetheless strongly cautions that this exception may not carry the day in the future,” explaining that it “will not simply rubber stamp geofence warrants.”  Id. at 62.  There is no indication yet whether this decision will be appealed.

 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jim Garland Jim Garland

Jim Garland’s practice focuses on government investigations and enforcement matters, litigation, and cybersecurity. Recognized by Chambers USA as a leading practitioner in both the white collar and cybersecurity categories, Jim draws upon his experience as a former senior Justice Department official to advise…

Jim Garland’s practice focuses on government investigations and enforcement matters, litigation, and cybersecurity. Recognized by Chambers USA as a leading practitioner in both the white collar and cybersecurity categories, Jim draws upon his experience as a former senior Justice Department official to advise clients on sensitive, multidimensional disputes and investigations, often with national security implications. He previously served as co-chair of Covington’s “Band 1”-ranked White Collar and Investigations Practice Group and currently is a member of the firm’s Management and Executive Committees.

Jim regularly represents corporate and individual clients in government investigations and enforcement actions. He has successfully handled matters involving allegations of economic espionage, theft of trade secrets, terrorism-financing, sanctions and export control violations, money laundering, foreign bribery, public corruption, fraud, and obstruction of justice. He has particular expertise advising clients in connection with investigations and disputes involving electronic surveillance and law enforcement access to digital evidence.

Jim has substantial experience litigating high-stakes, multidimensional disputes for clients across a range of industries, including companies in the high-tech, financial services, defense, transportation, media and entertainment, and life sciences sectors. Many of his civil representations have substantial cross-border dimensions or involve parallel government enforcement proceedings in multiple forums.

In conjunction with his investigations and litigation practice, Jim regularly assists clients with cybersecurity preparedness and incident-response matters. He helps clients in assessing security controls and in developing policies and procedures for the protection of sensitive corporate data. He also regularly assists companies in responding to significant cybersecurity incidents, including in connection with criminal and state-sponsored attacks targeting customer and employee data, financial information, and trade secrets.

From 2009 to 2010, Jim served as Deputy Chief of Staff and Counselor to Attorney General Eric Holder at the U.S. Department of Justice. In that role, he advised the Attorney General on a range of enforcement issues, with an emphasis on criminal, cybersecurity, and surveillance matters.

Photo of Alexander Berengaut Alexander Berengaut

Alex Berengaut is a nationally recognized litigator and co-chair of Covington’s Government Litigation practice group. He has served as lead counsel in a range of commercial disputes and government enforcement proceedings, and currently represents several leading technology companies in litigation and compliance matters…

Alex Berengaut is a nationally recognized litigator and co-chair of Covington’s Government Litigation practice group. He has served as lead counsel in a range of commercial disputes and government enforcement proceedings, and currently represents several leading technology companies in litigation and compliance matters relating to data privacy, platform liability, artificial intelligence, and cybersecurity.

In recent years, Alex obtained a series of landmark victories against the federal government in bet-the-company disputes for technology clients. Alex represented TikTok in challenging the Trump Administration’s efforts to ban the app, delivering the winning argument that led the court to enjoin the ban hours before it was set to take effect. He also represented Xiaomi Corporation in challenging the Department of Defense designation that would have blacklisted the company from U.S. financial markets, delivering the winning argument that led the court to enjoin the designation, restoring $10 billion to Xiaomi’s market capitalization.

At the state level, Alex has successfully challenged unconstitutional state legislation and defended against state consumer protection actions. He obtained an injunction blocking Montana’s law banning the TikTok platform, and he secured the outright dismissal of multiple State AG consumer protection lawsuits relating to data privacy and security—a string of victories which resulted in Alex being recognized as Litigator of the Week

Alex has served as counsel to Microsoft Corporation in precedent-setting cases involving government surveillance issues, including Microsoft’s landmark challenge to the government’s attempt to compel disclosure of customer emails stored in Ireland using a search warrant; Microsoft’s First Amendment challenge in the Foreign Intelligence Surveillance Court to restrictions on disclosures about government surveillance; and Microsoft’s constitutional challenge to the statute that allows courts to impose gag orders on technology companies, resulting in nationwide reform of the government’s practices under the statute. 

 Alex maintains an active pro bono practice, focusing on trial-level indigent criminal defense and youth immigration matters. From 2017 to 2020, Alex represented the University of California in challenging the Trump Administration’s rescission of the Deferred Action for Childhood Arrivals (DACA) program, ultimately resulting in a 5-4 victory in the U.S. Supreme Court. See Department of Homeland Security, et al. v. Regents of the University of California et al., 140 S. Ct. 1891 (2020).

Photo of Megan Crowley Megan Crowley

Megan Crowley is a nationally recognized litigator who serves as co-chair of Covington’s Government Litigation practice. In her practice, Megan draws upon her experience at the U.S. Department of Justice where she litigated constitutional, statutory, and administrative law cases of national significance. In…

Megan Crowley is a nationally recognized litigator who serves as co-chair of Covington’s Government Litigation practice. In her practice, Megan draws upon her experience at the U.S. Department of Justice where she litigated constitutional, statutory, and administrative law cases of national significance. In addition to her federal practice, Megan has extensive experience challenging unconstitutional state actions, and defending against novel uses of state consumer protection laws by State Attorneys General.

Most recently, The American Lawyer named Megan “Litigator of the Week” for her successes in obtaining a preliminary injunction against the state of Montana’s ban of TikTok and securing the complete dismissal of a consumer protection lawsuit brought by the Indiana Attorney General. Megan also was a key member of the Covington team that represented TikTok in its successful challenge to the Trump Administration’s efforts to ban the app, as well as the team that represented Xiaomi Corporation in its successful challenge to the Department of Defense designation that would have banned the company from U.S. financial markets.

Megan has particular expertise representing technology companies in cutting-edge litigation relating to data privacy, and in 2022, she was named a Law360 Rising Star in Privacy. Megan also regularly represents clients in litigation under the Administrative Procedure Act, as well as disputes related to Section 230 of the Communications Decency Act, government demands for data under the Electronic Communications Privacy Act, and the First Amendment.

Megan maintains a robust pro bono practice, focused on civil rights litigation. She played a central role on the team representing the University of California in its challenge to the government’s rescission of the Deferred Action for Childhood Arrivals (DACA) program, obtaining a nationwide injunction and, ultimately, a 5-4 victory in the U.S. Supreme Court.

Photo of Chloe Goodwin Chloe Goodwin

Chloe Goodwin is a litigator and regulatory attorney focused on privacy and technology issues. She represents several leading technology companies in litigation and compliance matters relating to electronic surveillance, law enforcement access to digital evidence, cybersecurity, and data privacy.