J6 Suspect Challenges FBI’s Geofence Warrant, Exposing The Massive Scale Of The Fed’s Data Haul
from the bring-me-everyone,-said-the-g-men dept
Geofence warrants are popular. They’re also controversial. Cops have discovered Google houses plenty of location data. Going to cell phone providers is a bit tricky, thanks to the Supreme Court’s Carpenter decision, which erected a warrant requirement for acquiring weeks or months of location data.
But geofence warrants don’t have a particular target. The only probability (as in “cause”) that exists is that it’s highly likely Google has collected some location data — data completely divorced from the cell towers owned and operated by cell service providers. These warrants dodge the scrutiny of Carpenter. And, since they’re warrants, it’s also possible to dodge judicial conversations about where the Third Party Doctrine begins and ends.
Geofence warrants have no specific target. Instead, law enforcement hopes grabbing massive amounts of data will help them work backwards from the haystack to the needle. But that’s not how things are supposed to work under the Fourth Amendment. Facts need to be particular at the outset, not several steps removed from the original dragnet. Some courts have rejected these fishing expeditions. Others have found there’s no privacy interest in data willingly (but actually unknowingly) shared with third parties like Google.
When Trump supporters converged on the Capitol Building in hopes of (apparently violently) keeping their preferred president in office, the FBI — pursuing cases involving a ton of federal crimes — started searching for suspects. This search began at Google with the deployment of geofence warrants issued in hopes of giving the feds a list of investigation targets.
The warrants used by the FBI remain under seal. But a challenge of this so-called evidence by a January 6th defendant has exposed just how much data was sought, along with the efforts made by the FBI to narrow down a voluminous data dump into something it could use to locate investigation targets.
Mark Harris of Wired has written a pretty thorough examination of the government’s geofence-related efforts. That report is largely based on a suppression motion [PDF] obtained by Marcy Wheeler, who broke the news at her blog, Emptywheel. Wheeler says she’s been waiting for a competent challenge of a geofence warrant. This suspect may have delivered.
The motion to suppress from David Rhine may be that challenge. Rhine was charged only with trespassing (though he was reportedly stopped, searched, and found to be carrying two knives and pepper spray, but ultimately released).
As described in his arrest affidavit, Rhine was first identified via two relatively weak tips and a Verizon warrant. But somewhere along the way, the FBI used the general GeoFence warrant they obtained on everyone in the Capitol that day. Probably using that (which shows where people went inside the Capitol), the FBI found him on a bunch of surveillance video, with his face partly obscured with a hat and hoodie.
The motion to suppress, written by Tacoma Federal Public Defender Rebecca Fish, attempts to build off a ruling in the case of Okello Chatrie (and integrates materials from his case) to get the GeoFence used to identify Rhine and everything that stemmed from it thrown out.
The geofence warrants served by the FBI utilized a three-step process. The first request was for everything. Then efforts were made to separate insurrectionists from non-insurrectionists. As is summarized here by Harris at Wired, the first dragnet warrant simply gathered data on everyone.
A filing in the case of one of the January 6 suspects, David Rhine, shows that Google initially identified 5,723 devices as being in or near the US Capitol during the riot. Only around 900 people have so far been charged with offenses relating to the siege.
Apparently, the first step of “rounding up the usual suspects” is the rounding up of “the everybody.” There’s a 4,800 person gap between what was originally obtained and who was originally charged. The court told the FBI to go back to Google with another request that would eliminate people suspected of nothing but being victims of this attack. So, it went back to Google to obtain info on people the FBI definitely knew weren’t possible suspects. This quote of the suppression motion comes from Emptywheel:
In this case, the second step of the geofence warrant was also done in bulk, given the lack of specificity as to the people sought. In the initial warrant, the Court ordered Google to make additional lists to eliminate some people who were presumptively within the geofence and committed no crimes. First, the warrant ordered Google to make a list of devices within the geofence from 12:00 p.m. to 12:15 p.m. on January 6. And second, the warrant ordered Google to make a list of devices within the geofence from 9:00 p.m. to 9:15 p.m. Ex. A at 6.
An important step, but one that seems divorced from the demands of the Fourth Amendment, which strongly suggests the government only serve warrants targeting suspected criminals or evidence, rather than to help it find actual criminal suspects to go after. But even if this is an important step, it should have been part of the original warrant. It should not have taken a court order to force the FBI to do the obvious thing: obtain a list of people who could not have possibly been involved in the criminal act under investigation. It’s not like geofence warrants are new. The FBI has been using them for years and apparently still has yet to develop best practices that reduce constitutional violations.
Google does push back on broad demands. It did that here, but it still resulted in the FBI obtaining a ton of location data and identifying info, some of which undoubtedly belongs to people who committed no crimes.
For the final step, the government sought subscriber information, including phone numbers, Google accounts, and email addresses, for two groups of users. The first was for devices that appeared to have been entirely within the geofence, to about a 70 percent probability. The second was any devices for which the Location History was deleted between January 6 and January 13.
From this, in early May 2021, the FBI received identifying details for 1,535 users, as well as detailed maps showing how their phones moved through the Capitol and its grounds.
The problems inherent to these warrants are present here. The government asks for information on everyone in an area when a crime is committed, despite knowing that almost everything it requests will result in Google handing over location data and identifying info on dozens, hundreds, or — in this case — thousands of innocent people. That it may help guide investigators towards legitimate investigative targets isn’t enough to excuse the initial intrusion. And this info can be obtained for nearly any law enforcement reason, whether it’s to identify people who performed a violent raid of a federal building or women just seeking contraceptive advice.
This challenge could prove uncomfortable to the federal government. What’s shown in this suppression motion isn’t pretty. Better still, it makes the sealing of these warrants moot, which means the court should unseal them in the near future because whatever the government wanted to keep hidden is no longer a secret. The federal court system needs to subject these warrants to a whole lot of scrutiny. That they’re warrants shouldn’t excuse the fact that they’re untargeted dragnets the government hopes will eventually result in a list of criminal suspects. The entire process inverts the Fourth Amendment. And, to date, the only excuse the government can offer for this intrusion is that it isn’t really an intrusion. That’s the weakest of sauces, and it only works because courts have often decided the ends are what’s important, rather than the means.