Legal development

In major geofence warrant case, Supreme Court holds that government access to smartphone location history data is a search

swirl background

    Courts of appeals will now determine whether multistep geofence warrants are reasonable under the Fourth Amendment.

    Last week, the Supreme Court of the United States issued its opinion in the closely watched case of Chatrie v. United States concerning the use of so-called geofence search warrants to seize account holders’ historical location data and identifying information from Google. The Court concluded that the government conducted a Fourth Amendment search when it acquired the stored Location History data of defendant Okello Chatrie from Google via a geofence warrant and remanded the case to the U.S. Court of Appeals for the Fourth Circuit to decide whether the subject geofence warrant satisfied the Fourth Amendment requirements of probable cause and particularity. Chatrie clarifies and expands constitutional protections for electronically stored data, but the Court declined for now to reach important questions regarding how law enforcement agencies may lawfully obtain such data.

    The challenged geofence warrant and lower court proceedings

    The case stemmed from an unsolved May 2019 credit union robbery in Richmond, Virginia. After a two-month investigation yielded no viable leads, law enforcement turned to a then-novel technique: a geofence warrant served on Google. Rather than targeting a specific suspect’s account, the geofence warrant cast a search over the time and place of the crime to capture an initial pool of nearby account holders (based on their devices’ Location History). From there, it authorized law enforcement to identify a narrowed pool of potential suspects via a three-step process of elimination.

    At step one, the geofence warrant directed Google to disclose de-identified location data for users whose electronic devices (such as smartphones or tablets) appeared to be within a 150-meter radius of the crime scene for a period of one hour (30 minutes before and after the robbery). The warrant directed law enforcement to review the step-one data and attempt to narrow the list of devices of interest by eliminating devices whose locations and movements were inconsistent with the crime. At step two, the warrant directed Google to produce, for that narrowed list of devices, additional de-identified location data both inside and outside the geofence for a two-hour period. Law enforcement was to review that data to attempt, once again, to narrow the list of suspect devices. At step three, the warrant directed Google to provide identifying information (including the account holder’s name and email address) for each device on the narrowed list. Following this process, law enforcement seized step-three identifying information for three devices. One of those devices belonged to Mr. Chatrie, who was later charged by a federal grand jury with the robbery and related firearms offenses.

    Mr. Chatrie moved to suppress the geofence evidence, arguing that law enforcement obtained his Location History data pursuant to a Fourth Amendment search and that the geofence warrant authorizing the search was constitutionally invalid. The court agreed but nonetheless denied the motion to suppress on the basis that law enforcement had acted in good faith.

    A divided panel of the Fourth Circuit affirmed by concluding that no search had occurred, reasoning that Mr. Chatrie did not have a reasonable expectation of privacy in two hours of location data that he had voluntarily exposed to Google. 107 F. 4th 319, 325 (2024). After granting rehearing en banc, the Fourth Circuit affirmed in a one-sentence per curiam. In multiple writings, the court divided evenly on the question of whether a Fourth Amendment search had occurred.

    The Supreme Court’s opinion

    The Supreme Court sided with Mr. Chatrie on the main question presented: whether the government’s collection of Google Location History data constituted a search. Justice Elena Kagan’s majority opinion holds squarely that individuals have a reasonable expectation of privacy in their smartphone location data as stored on Google and other similar applications and services. In reaching this conclusion, the Court focused on three characteristics of Google Location History data: (1) it reflects a precise and detailed record of a device’s historical movements over time; (2) it is retrospective, thereby allowing law enforcement to reconstruct a person’s comings and goings in any area at any time without having to devote resources to surveilling physical locations in real time; and (3) users own and control their Location History data, which is stored for their personal access and use, similar to their emails, photos, and calendar data.

    The Supreme Court rejected the government’s two principal arguments. First, the Court reasoned that the so-called third-party doctrine—which provides that persons do not have a reasonable expectation of privacy in information they voluntarily share with third parties—does not defeat individuals’ reasonable expectation of privacy in electronic data shared with application and cloud service providers. The Court noted that it had rejected the application of the third-party doctrine to an individual’s cell-site location information in Carpenter v. United States, 585 U.S. 296 (2018), and the same result is appropriate for granular cellular location data generated by a smartphone application or service.

    Second, the Court determined that the government conducted a search notwithstanding the relatively limited duration and geographic scope of the geofence warrant at issue, explaining that “[w]hen the Fourth Amendment applies, it applies—regardless of the quality or quantity of information the government obtains.” That reasoning appears to foreclose future governmental arguments that short-term or de minimis digital surveillance may escape constitutional scrutiny.

    Chatrie leaves unresolved, however, the most anticipated issue of the case: whether the geofence warrant obtained by law enforcement satisfied the Fourth Amendment requirements of particularity and probable cause. Those questions, the Supreme Court held, must be addressed by the Fourth Circuit on remand. Consequently, lower courts addressing motions to suppress Location History information gathered through geofence warrants will continue to grapple with what constitutes a reasonable geographic area and timeframe for geofence searches.

    Notably, the Supreme Court appears to have settled the question of whether each individual step of a multistep geofence warrant constitutes a search by underscoring that, to be constitutionally reasonable, each step of the geofence search must be described with particularity and supported by probable cause. This leaves open the question of whether a geofence warrant can ever be lawful at step one. The Court also appears to have left undisturbed, at least for now, the opinion of the U.S. Court of Appeals for the Fifth Circuit in United States v. Smith, 110 F.4th 817 (2024), which answered that question in the negative, concluding that geofence warrants are categorically unlawful general searches. Chatrie also seemingly forecloses the government’s ability to argue that, in the context of similarly structured reverse warrants, such as keyword warrants (which authorize law enforcement to seize an initial pool of de-identified user search queries and then identify potential suspect account holders through a two-step process of elimination), no search occurs until the government obtains a user’s identifying information—thereby heightening the government’s burden to justify a reverse search at step one.

    Key takeaways for service providers and their customers

    Chatrie provides a strong basis for service providers to require a warrant before disclosing a user’s private, retrospective data (including but not limited to location data) that is collected and stored when users utilize an application or service. The strength of this argument for providers and users may depend, at least in part, on the data’s ability to reveal private, intimate details about a person’s life and the individual customer’s or subscriber’s ability to access the data for their personal use.

    Chatrie further clarifies that governmental demands for records or data in which a user has a reasonable expectation of privacy require a warrant, regardless of the duration, quality, or quantity of that data. This means, for example, that the government must get a warrant to obtain location data that reflects an individual’s movements in public spaces.

    Chatrie also signals that a user’s consent to a provider’s terms of service or privacy policy does not automatically waive Fourth Amendment protections for the data they share with that provider to use an application or service. While the opinion does not foreclose the possibility that some form of affirmative opt-in or consent to data-sharing could effectively waive Fourth Amendment protections, the opinion is a significant step toward relieving the tension between provider transparency and user privacy.

    The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
    Readers should take legal advice before applying it to specific issues or transactions.

    Key Contacts