Motion to Suppress - Evidence Obtained Pursuant to "Geofence" General Warrant

IN THE UNITED STATES DISTRICT COURT

FOR THE EASTERN DISTRICT OF [State]

[City] Division

UNITED STATES OF AMERICA )

)

) [Case number]

)

[Defendant name], )

Defendant )

DEFENDANT [Defendant’s] MOTION TO SUPPRESS EVIDENCE

OBTAINED FROM A “GEOFENCE” GENERAL WARRANT

[Defendant], through counsel, moves the Court to suppress evidence that law enforcement obtained pursuant to a warrant authorizing state police to obtain the cell phone location information of 19 Google users who happened to be in the vicinity of a bank robbery on a Monday afternoon in [City]. This is a “geofence” warrant, and it is an unlawful and unconstitutional general warrant that is both overbroad and lacks the particularity required by the Fourth Amendment. The Court should therefore suppress all evidence obtained from the warrant and all fruit of the poisonous tree, including the identification of [Defendant].

INTRODUCTION

Law enforcement obtained [Defendant’s] cell phone location information from Google using a “geofence” warrant. A geofence warrant requires Google to produce data regarding all devices using Google services within a geographic area during a given window of time. Unlike a typical warrant for location data, this geofence warrant did not identify [Defendant] in any way. In fact, it did not identify any of the 19 people whose personal information was searched by the [State] police as a result. Instead, the warrant operated in reverse: it required Google to identify a large cache of deeply private data—held in the “Sensorvault”—and then allowed police the discretion to obtain private information from devices of interest. This is nothing less than the modern-day incarnation of a “general warrant,” and it is prohibited by the Fourth Amendment.

[State] police obtained a warrant for the Sensorvault data in this case, presumably because they recognized, correctly, that such information is intensely private and constitutionally protected. Like the cell site location information (“CSLI”) in Carpenter v. United States, 138 S. Ct. 2206 (2018), cell phone users constantly generate Sensorvault location information by either (1) using devices running Google’s software (“Android” phones), or (2) interacting with Google services (Maps, Gmail, Search, YouTube, etc.). See Background, infra. And as in Carpenter, users have a reasonable expectation of privacy in their location data, which is sensitive and revealing of the “privacies of life.” 138 S. Ct. at 2214. Not only can this data reveal private activities in daily life, but it can also show that someone is inside a constitutionally protected space, such as a home, church, or hotel—all of which are in the immediate vicinity of the bank that was robbed in [City]. The ability to access data that can locate individuals quickly, cheaply, and retroactively is an unprecedented expansion of law enforcement power, and doing so constitutes a Fourth Amendment search, just as it did in Carpenter. Id at 2230; see also Prince Jones v. United States, 168 A.3d 703, 712 (D.C. 2017) (recognizing that access to cell phone location data permits the “police to locate a person whose whereabouts were previously completely unknown.”). In fact, the location data available in Google’s Sensorvault is even more precise than the data in Carpenter. Google can pinpoint an individual’s location to approximately 20 meters compared to “a few thousand meters” for cell site location data. Google, Find and Improve Your Location’s Accuracy (Oct. 24, 2019), https://support.google.com/maps/answer/2839911?co=GENIE.Platform %3DAndroid&oco=1. Therefore, the third-party doctrine should not apply, and a valid warrant should be required for law enforcement to access any user’s Sensorvault data.

Nonetheless, the fact that law enforcement obtained a warrant in this case does not save the search from constitutional infirmity. This is no ordinary warrant. It is a general warrant purporting to authorize a classic dragnet search of every Google user who happened to be near a bank in suburban [City] during rush hour on a Monday evening. This is the kind of investigatory tactic that the Fourth Amendment was designed to guard against. Geofence warrants like the one in this case are incapable of satisfying the probable cause and particularity requirements, making them unconstitutional general warrants.

In the alternative, should the Court find that geofence warrants are not wholly impermissible under the Fourth Amendment, the warrant in this case fails to satisfy the particularity requirement and fails to establish probable cause to search [Defendant’s] Sensorvault data. Despite the prevalence of Google phones and services, there are no facts to indicate that the bank robber used either, whether ever or at the time of the robbery. There is no evidence that the robber used an Android operating system or accessed any Google service in connection with the crime. Instead, based only on Google’s popularity and the prevalence of cell phones generally, law enforcement searched a trove of private location information belonging to 19 unknown Google users who happened to be near a local bank on a Monday evening. The government’s generalized assumptions about cell phone use, devoid of any specific factual nexus to the criminal activities alleged, are insufficient to establish probable cause for the sweeping and invasive search in this case. Additionally, the discretion afforded to police to determine which accounts to search is the essence of an unparticularized warrant. In short, the warrant both lacks particularity and is fatally overbroad.

Finally, the good faith exception to the exclusionary rule does not apply to evidence obtained from this warrant. Given the lack of particularity and absence of probable cause for any and all individuals whose data would be searched, no objectively reasonable officer could rely on such a warrant. For these reasons, the Court must suppress all evidence obtained from the geofence warrant and all fruit of the poisonous tree.

BACKGROUND

Over the last few decades, the ability of law enforcement to cheaply and easily access highly sensitive digital data has progressed in leaps and bounds. Requests for user information from cellular service providers and other online service providers like Google have become a powerful investigative tool for law enforcement to locate and identify almost any individual, as 96% of Americans now own cell phones. Pew Research Center, Mobile Fact Sheet (Jun. 12, 2019), http://www.pewinternet.org/fact-sheet/mobile/. As a result, “[o]nly the few without cell phones could escape this tireless and absolute surveillance.” Carpenter, 138 S. Ct. at 2218.

Law enforcement can locate cell phones using user location data, which is collected and maintained by cell phone companies as well as third-party service providers, such as Google. For example, Google regularly collects detailed location information from all phones running Google’s “Android” operating system. Android phones routinely transmit their GPS location to Google, but Google can also identify a phone’s location based on nearby Wi-Fi networks, mobile networks, and device sensors. Google, How Google Uses Location Information (Oct. 25, 2019), https://policies.google.com/technologies/location-data. While it is possible to turn off location history on an Android phone, opening Google Maps or running a Google search will still pinpoint a user’s latitude and longitude and create a record with Google. Ryan Nakashima, Google Tracks Your Movements, Like it or Not, Associated Press (Aug. 13, 2018), https://www.apnews.com/828aefab64d4411bac257a07c1af0ecb (identifying Google services that register a user’s application upon use, including “Location History, Web and App activity, and … device-level Location Services.”). Even non-Android devices, such as Apple iPhones, transmit location information to Google when individuals use a Google service or application, such as Gmail, Search, and Maps. Id. Consequently, although Google’s Sensorvault does not collect data on every phone, it nevertheless contains an enormous trove of location information on most Android phones and many iPhones in use in the United States.

In recent years, law enforcement has begun requesting this data from Google using geofence warrants to identify devices present in a geographic area during a window of time. Jennifer Valentino-DeVires, Tracking Phones, Google Is a Dragnet for the Police, N.Y. Times (Apr. 13, 2019), https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html. Since a geofence warrant identifies a geographic area, and not a suspect, these requests “ensnare anyone who uses Google services at specific times in the … areas [near a crime],” sweeping up innocent individuals in an unconstitutional dragnet search. Debra Cassens Weiss, FBI Asks Google to Turn Over All Data on Users Who Were Close to Robbery Locations, ABA Journal (Oct. 25, 2018), http://www.abajournal.com/news/article/fbi_asks_google_for_location_ data_on_anyone_close_to_robbery_locations_in_t. Individuals may be caught up in this search by merely using an Android phone, conducting an internet search using Google, running a Google application such as Google Maps or YouTube, or even receiving an automatic weather update from an Android service. Nakashima, supra, Google Tracks Your Movements, Like it or Not.

FACTS

Geofence warrants compel Google to produce location information about devices interacting with Google technology within a geographic area during a given timeframe. In this case, the government requested data from Google regarding all Google devices that were within 150 meters of the _____ Credit Union in [City], [State], during a one-hour period at the beginning of Monday evening rush hour. Specifically, the warrant sought information on all devices within 150 meters of [coordinates] between ___ p.m. and ___ p.m. EST. See Ex. A State Warrant at 3¹...