EFF would like to thank former intern Haley Amster for drafting this post, and former legal fellow Nathan Sobel for his assistance in editing it.
The Fourth Amendment requires authorities to target search warrants at particular places or things—like a home, a bank deposit box, or a cell phone—and only when there is reason to believe that evidence of a crime will be found there. The Constitution’s drafters put in place these essential limits on government power after suffering under British searches called “general warrants” that gave authorities unlimited discretion to search nearly everyone and everything for evidence of a crime.
Yet today, Google is facilitating the digital equivalent of those colonial-era general warrants. Through the use of geofence warrants (also known as reverse location warrants), federal and state law enforcement officers are routinely requesting that Google search users’ accounts to determine who was in a certain geographic area at a particular time—and then to track individuals outside of that initially specific area and time period.
These warrants are anathema to the Fourth Amendment’s core guarantee largely because, by design, they sweep up people wholly unconnected to the crime under investigation.
For example, in 2020 Florida police obtained a geofence warrant in a burglary investigation that led them to suspect a man who frequently rode his bicycle in the area. Google collected the man’s location history when he used an app on his smartphone to track his rides, a scenario that ultimately led police to suspect him of the crime even though he was innocent.
Google is the linchpin in this unconstitutional scheme. Authorities send Google geofence warrants precisely because Google’s devices, operating system, apps, and other products allow it to collect data from millions of users and to catalog these users’ locations, movements, associations, and other private details of their lives.
Although Google has sometimes pushed back in court on the breadth of some of these warrants, it has largely acquiesced to law enforcement demands—and the number of geofence warrants law enforcement sends to the company has dramatically increased in recent years. This stands in contrast to documented instances of other companies resisting law enforcement requests for user data on Fourth Amendment grounds.
It’s past time for Google to stand up for its users’ privacy and to resist these unlawful warrants. A growing coalition of civil rights and other organizations, led by the Surveillance Technology and Oversight Project, have previously called on Google to do so. We join that coalition’s call for change and further demand that Google:
- Resist complying with geofence warrants
- Be much more transparent about the geofence warrants it receives
- Provide all affected users with notice, and
- Give users meaningful choice and control over their private data
As explained below, these are the minimum steps Google must take to show that it is committed to its users’ privacy and the Fourth Amendment’s protections against general warrants.
First: Refuse to Comply with Geofence Warrants
EFF calls on Google to stop complying with the geofence warrants it receives. As it stands now, Google appears to have set up an internal system that streamlines, systematizes, and encourages law enforcement’s use of geofence warrants. Google’s practice of complying with geofence warrants despite their unconstitutionality is inconsistent with its stated promise to protect the privacy of its users by “keeping your information safe, treating it responsibly, and putting you in control.” As recently as October, Google’s parent company’s CEO, Sundar Pichai, said that “[p]rivacy is one of the most important areas we invest in as a company,” and in the past, Google has even gone to court to protect its users’ sensitive data from overreaching government legal process. However, Google’s compliance with geofence warrants is incongruent with these platitudes and the company’s past actions.
To live up to its promises, Google should commit to either refusing to comply with these unlawful warrants or to challenging them in court. By refusing to comply, Google would put the burden on law enforcement to demonstrate the legality of its warrant in court. Other companies, and even Google itself, have done this in the past. Google should not defer to law enforcement’s contention that geofence warrants are constitutional, especially given law enforcement’s well-documented history of trying novel surveillance and legal theories that courts later rule to be unconstitutional. And to the extent Google has refused to comply with geofence warrants, it should say so publicly.
Google’s ongoing cooperation is all the more unacceptable given that other companies that collect similar location data from their users, including Microsoft and Garmin, have publicly stated that they would not comply with geofence warrants.
Second: Be Meaningfully Transparent
Even if Google were to stop complying with geofence warrants today, it still must be much more transparent about geofence warrants it has received in the past. Google must break out information and provide further details about geofence warrants in its biannual Transparency Reports.
Google’s Transparency Reports currently document, among other things, the types and volume of law enforcement requests for user data the company receives, but they do not, as of now, break out information about geofence warrants or provide further details about them. With no detailed reporting from Google about the geofence warrants it has received, the public is left to learn about them via leaks to reporters or by combing through court filings.
Here are a few specific ways Google can be more transparent:
Immediate Transparency Reforms
Google should disclose the following information about all geofence warrants it has received over the last five years and commit to continue doing so moving forward:
- The amount of geofence warrants Google has received to date, broken out in 6-month increments.
- The percentage of requests with which it has complied.
- How many device IDs Google has disclosed per warrant.
- The duration and geographic area that each geofence warrant covered.
Google should also resist nondisclosure orders and litigate to ensure, if imposed, that the government has made the appropriate showing required by law. If Google is subject to such an order, or the related docket is sealed (prohibiting the company from disclosing the fact it has received some geofence warrants or from providing other details), Google should move to end those orders and to unseal those dockets so it can make details about them public as early as allowable by law.
Long-term Transparency Reforms
Google should also support and seek to provide basic details about court cases and docket numbers for orders authorizing each geofence warrant and docket numbers for any related criminal prosecutions Google is aware of as a result of the geofence warrants. At minimum, Google should disclose details on the agencies seeking geofence warrants, broken down by each federal agency, state-level agencies, and local law enforcement.
Third: Give All Affected Users Notice
Google must start telling its users when their information is caught up in a geofence warrant—even if that information is de-identified. This notice to affected users should state explicitly what information Google produced, in what format, which agency requested it, which court authorized the warrant, and whether Google provided identifying information. Notice to users here is critical: if people aren’t aware of how they are being affected by these warrants, there can’t be meaningful public debate about them.
To the extent the law requires Google to delay notice or not disclose the existence of the warrant, Google should challenge such restrictions so as to only comply with valid ones, and it should provide users with notice as soon as possible.
It does not appear that Google gives notice to every user whose data is requested by law enforcement. Some affected users have said that Google notified them that law enforcement accessed their account via a geofence warrant. But in some of the cases EFF has followed, it appears that Google has not always notified affected users who it identifies in response to these warrants, with no public explanation from Google. Google’s policies state that it gives notice to users before disclosing information, but more clarity is warranted here. Google should publicly state whether its policy is being applied to all users’ information subject to geofence warrants, or only those who they identify to law enforcement.
Fourth: Minimize Data Collection and Give Users Meaningful Choice
Many people do not know, much less understand, how and when Google collects and stores location data. Google must do a better job of explaining its policies and practices to users, not processing user data absent opt-in consent, minimizing the amount of data it collects, deleting retained data users no longer need, and giving users the ability to easily delete their data.
Well before law enforcement ever comes calling, Google must first ensure it does not collect its users’ location data before obtaining meaningful consent from them. This consent should establish a fair way for users to opt into data collection, as click-through agreements which apply to dozens of services, data types, or uses at once are insufficient. As one judge in a case involving Facebook put it, the logic that merely clicking “I agree” indicates true consent requires everyone “to pretend” that users read every word of these policies “before clicking their acceptance, even though we all know that virtually none of them did.”
Google should also explain exactly what location data it collects from users, when that collection occurs, what purpose it is used for, and how long Google retains that data. This should be clear and understandable, not buried in dense privacy policies or terms of service.
Google should also only be collecting, retaining, and using its customers’ location data for a specific purpose, such as to provide directions on Google Maps or to measure road traffic congestion. Data must not be collected or used for a different purpose, such as for targeted advertising, unless users separately opt in to such use. Beyond notice and consent, Google must minimize its processing of user data, that is, only process user data as reasonably necessary to give users what they asked for. For example, user data should be deleted when it is no longer needed for the specific purpose for which it was initially collected, unless the user specifically requests that the data be saved.
Although Google allows users to manually delete their location data and to set automated deletion schedules, Google should confirm that these tools are not illusory. Recent enforcement actions by state attorneys allege that users cannot fully delete their data, much less fully opt out of having their location data collected at all.
* * *
Google holds a tremendous amount of power over law enforcement’s ability to use geofence warrants. Instead of keeping quiet about them and waiting for defendants in criminal cases to challenge them in court, Google needs to stand up for its users when it comes to revealing their sensitive data to law enforcement.