Kansas Court Rejects Government's 'Reverse Warrant,' Sets Ground Rules For Future Requests

from the getting-some-of-that-crucial-bulwarking-done dept

We haven’t seen a lot of legal challenges to so-called “reverse warrants.” This is likely due to their relative novelty. It’s probably also due to the fact that no one “targeted” by these warrants knows about them until well after an investigation has been closed.

Reverse warrants don’t target people or places. They target (and I’m using that term loosely) areas roughly defined/confined by GPS coordinates. Everything inside the geofence is a target. Working backward from the data obtained from companies like Google, investigators try to determine which of these data points is their suspect.

For the time being, it’s mostly up to the judges reading the warrant affidavits to raise challenges to the methods used or the broadness of request. And, so far, we’ve only seen one rejection of a reverse warrant, albeit one rejected twice by consecutive judges (a magistrate and a district court judge).

Now we have one more rejection to examine, coming to us via FourthAmendment.com. A magistrate judge in Kansas has rejected [PDF] the government’s attempt to obtain location data from Google. The magistrate notes that judges all over the nation should expect to see more of these as time goes on and should be aware of the constitutional issues at play when the government works backwards from bulk data to identify a criminal suspect. Because this investigative technique is only expected to become more common, this judge has decided to set some ground rules for the government’s future attempts to work its way backwards to probable cause.

The court issues this written order not only to address the subject application, but also to provide guidance for future search warrant applications involving geofence technology given the relatively sparse authority on this issue.

And the court is doing this because this warrant just doesn’t cut it, constitutionally speaking.

Here, the application and accompanying affidavit are not sufficiently specific or narrowly tailored to establish probable cause or particularity. The court therefore denies the application without prejudice.

The order doesn’t detail the federal crime suspected of being committed but does note it involves a heavily trafficked business. The government is seeking location data on every device in the area during a one-hour period. That isn’t narrow enough for the court.

The application here establishes probable cause that a crime was committed at the subject business establishment during the relevant one-hour time period. However, it does not establish probable cause that evidence of the crime will be located at the place searched—that is, Google’s records showing the location data of cell phone users within the geofence boundaries.

The court notes it’s obviously true that Google’s data would show what devices were in the business during this time period, but goes on to point out the flaws in the warrant affidavit. The warrant request, as written, fails to provide a link between the data sought and the suspected criminals.

The court has considered the agent’s statements in the current application based on his training and experience, and finds that they are too vague and generic to establish a fair probability—or any probability—that the identity of the perpetrator or witnesses would be encompassed within the search. For beginners, the affidavit does not suggest that any relevant perpetrator or witness even had a smartphone. In Arson, the court relied on an affidavit that explained that that co-conspirators probably would have been coordinating their efforts by phone. Here, the affidavit contains no analogous explanation, whether based on the agent’s training and experience or based on the facts of the investigation. To the contrary, the affidavit suggests only that the culprit was a lone pedestrian in the early morning hours who was caught on surveillance footage. The affidavit conspicuously omits any suggestion that the surveillance footage shows that the individual had a cell phone.

Almost everyone carries a phone wherever they go. Almost. And there’s no reason to believe the phone being gradually targeted here would be transmitting location data to Google. Android devices may make up 85% of the market, but that’s not enough market share for the court to ignore the assumptions made by the agent seeking the warrant. iOS users don’t always send location data to Google. Android users have the option to deny Google access to location data. The judge says there’s too much unknown to allow this warrant to be granted without modification.

The judge also says the warrant makes a mockery of probable cause by allowing the government to treat every person in the area as a suspect until proven otherwise.

The application also does not address the anticipated number of individuals likely to be encompassed within the targeted Google location data. This also goes to the particularity requirement, which is intertwined with probable cause. If a geofence warrant is likely to return a large amount of data from individuals having nothing to do with the alleged criminal activity—as in Pharma I & II—the sheer amount of information lessens the likelihood that the data would reveal a criminal suspect’s identity, thereby weakening the showing of probable cause.

And that may result in a whole lot of incidental targeting that could negatively affect the rights and freedoms of people who had nothing to do with the alleged crime.

[T]he geofence boundary appears to potentially include the data for cell phone users having nothing to do with the alleged criminal activity. The boundary encompasses two public streets, so anyone driving their automobile by the target location during the relevant time period could be identified in the data. Google Maps also indicates that the subject building contains another business, which the application does not address. The government is also seeking data within the geofence’s “margin of error,” meaning that it seeks location-point data outside of the geofence but which could conceivably fall within the geofence if the margin of error would permit the device to be located within the parameters. See Pharma II, 481 F. Supp. 3d at 745 n.11 (describing the margin of error). As a result, the warrant may return data from users who are outside of the radius of the geofence. Id. Google Maps shows that the area just outside of the perimeter of the geofence includes residences and other businesses that could be implicated by the margin of error.

The government supplied no data or specifics on the expected margin of error nor did it explain what steps it would take to ensure it only gathered as much info as needed to identify its suspect.

The court also says the time period of the data sought is far too long and too disconnected from the criminal activity.

The application also does not adequately justify the time period requested. It seeks an hour of data, which is longer than what was at issue in either Pharma I & II or Arson. And the nexus between the alleged criminal activity and this one-hour duration is weak. According to the affidavit, video surveillance footage shows the suspect at three discrete times. The proposed geofence’s temporal scope ranges from just before the second sighting to approximately 10 minutes after the suspect fled the scene. The affidavit does not explain why the government does not seek data from the time period surrounding the first sighting, and it does not explain why the government seeks data for the entire period between the second and third sighting.

The government will be given another chance to request this data. But it will need to provide far more information and include far more limitations than it did with its first pass. This is now the minimum expectation for reverse warrants, at least in this court.

The court… issues this opinion to provide fair notice that geofence warrant applications must sufficiently address the breadth of the proposed geofence and how it relates to the investigation. It is not enough to submit an affidavit stating that probable cause exists for a geofence warrant because, given broad cell phone usage, it is likely the criminal suspect had a cell phone. If this were the standard, a geofence warrant could issue in almost any criminal investigation where a suspect is unidentified. The Fourth Amendment requires more, particularly where the warrant implicates the privacy interests of individuals who have nothing to do with the alleged criminal activity.

If the government wants to work its way backwards to a suspect, it needs more particularity and better probable cause to do so.

Filed Under: , ,
Companies: google

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Kansas Court Rejects Government's 'Reverse Warrant,' Sets Ground Rules For Future Requests”

Subscribe: RSS Leave a comment
12 Comments
Anonymoussays:

Re: Re: Warrants seem to like those cell phones

It really isn’t that hard to disable GPS in most cell phones. Simply remove the battery. No power, no GPS, no matter what the police procedurals say. A lot harder with apple phones, which are more like limitted term rentals than purchases, with hardware built to expire on you and no way to fix it (especially a dead or dying battery in a case not made to be opened). If I were a criminal I’d carry a burner phone with the battery removed, except when I needed to use it.

Anonymoussays:

Re: Re: Warrants seem to like those cell phones

More like everyone should start leaving their cellphones at home. This kind of overreach by the government was one of the most obvious threats that everyone was warned about when Google and co. started all of their data mining.

Today, it’s two streets over a one hour period. Ten years from now it will be an entire state (if not the whole country), over a three week period. (Got to find out where he hid the money, obviously.)

People need to see these things for what they are: Prisoner Trackers. The government sure does.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Report this ad??|??Hide Techdirt ads
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
12:25 Australian Privacy Commissioner Says 7-Eleven Broke Privacy Laws By Scanning Customers' Faces At Survey Kiosks (6)
10:50 Missouri Governor Doubles Down On 'View Source' Hacking Claim; PAC Now Fundraising Over This Bizarrely Stupid Claim (45)
10:45 Daily Deal: The All-in-One Microsoft, Cybersecurity, And Python Exam Prep Training Bundle (0)
09:43 Want To Understand Why U.S. Broadband Sucks? Look At Frontier Communications In Wisconsin, West Virginia (8)
05:36 Massachusetts College Decides Criticizing The Chinese Government Is Hate Speech, Suspends Conservative Student Group (71)
19:57 Le Tigre Sues Barry Mann To Stop Copyright Threats Over Song, Lights Barry Mann On Fire As Well (21)
16:07 Court Says City Of Baltimore's 'Heckler's Veto' Of An Anti-Catholic Rally Violates The First Amendment (15)
13:37 Two Years Later, Judge Finally Realizes That A CDN Provider Is Not Liable For Copyright Infringement On Websites (21)
12:19 Chicago Court Gets Its Prior Restraint On, Tells Police Union Head To STFU About City's Vaccine Mandate (158)
10:55 Verizon 'Visible' Wireless Accounts Hacked, Exploited To Buy New iPhones (8)
10:50 Daily Deal: The MacOS 11 Course (0)
07:55 Suing Social Media Sites Over Acts Of Terrorism Continues To Be A Losing Bet, As 11th Circuit Dumps Another Flawed Lawsuit (11)
02:51 Trump Announces His Own Social Network, 'Truth Social,' Which Says It Can Kick Off Users For Any Reason (And Already Is) (100)
19:51 Facebook AI Moderation Continues To Suck Because Moderation At Scale Is Impossible (26)
16:12 Content Moderation Case Studies: Snapchat Disables GIPHY Integration After Racist 'Sticker' Is Discovered (2018) (11)
13:54 Arlo Makes Live Customer Service A Luxury Option (8)
12:05 Delta Proudly Announces Its Participation In The DHS's Expanded Biometric Collection Program (5)
11:03 LinkedIn (Mostly) Exits China, Citing Escalating Demands For Censorship (14)
10:57 Daily Deal: The Python, Git, And YAML Bundle (0)
09:37 British Telecom Wants Netflix To Pay A Tax Simply Because Squid Game Is Popular (32)
06:41 Report: Client-Side Scanning Is An Insecure Nightmare Just Waiting To Be Exploited By Governments (35)
20:38 MLB In Talks To Offer Streaming For All Teams' Home Games In-Market Even Without A Cable Subscription (10)
15:55 Appeals Court Says Couple's Lawsuit Over Bogus Vehicle Forfeiture Can Continue (15)
13:30 Techdirt Podcast Episode 301: Scarcity, Abundance & NFTs (0)
12:03 Hollywood Is Betting On Filtering Mandates, But Working Copyright Algorithms Simply Don't Exist (66)
10:45 Introducing The Techdirt Insider Discord (4)
10:40 Daily Deal: The Dynamic 2021 DevOps Training Bundle (0)
09:29 Criminalizing Teens' Google Searches Is Just How The UK's Anti-Cybercrime Programs Roll (19)
06:29 Canon Sued For Disabling Printer Scanners When Devices Run Out Of Ink (41)
20:51 Copyright Law Discriminating Against The Blind Finally Struck Down By Court In South Africa (7)
More arrow