How Google Geofence Warrants Helped Catch Capitol Rioters

For multiple suspects, the FBI eventually gathered a wide set of Google data, including recovery numbers and emails, and dates on which the accounts were created and last accessed. Some court filings even note that FBI agents could see a field called “User Deleted Locations,” although its meaning was not explained. It is unclear whether this data came from the initial geofence warrant, a follow-up, or traditional search warrants after the suspects had been identified.

If, as it appears, the DOJ used the geofence warrant data to build a searchable database of suspects, it would be the first known instance, say legal experts.

“It does sound unusual, but it’s worth noting that this whole circumstance is unusual,” says Tim O’Brien, a tech industry executive currently working on AI policy at Microsoft, who studied geofence warrants at the University of Washington School of Law. “If I were law enforcement, I would argue that the three-step process is unnecessary in this case, because the moment you set foot inside the Capitol, you became a suspect or witness.”

Others see the start of a slippery slope. “When law enforcement and prosecutors see what they can do in an unusual case, it normally spills over and then becomes the usual case,” says a digital forensics lawyer who asked not to be named. “I think that not only will you see this in murders, you’ll probably start seeing it in car thefts. There are no reins on this.”

Google provided a statement: “We have a rigorous process for geofence warrants that is designed to protect the privacy of our users while supporting the important work of law enforcement. To the extent we disclose any data in response to a geofence warrant, we always produce de-identified data as the initial step in the process. Then, any production of additional information is a separate step as mandated by the warrant or a new court order.”

Google also noted that court orders are often accompanied by gag orders that prevent the recipient from discussing them.

The DOJ did not respond to requests for comment.

Geofence warrants are usually filed before defense counsels become involved, are often sealed from public scrutiny for years, and there has been no substantial litigation over their constitutionality or use. The law governing them, the Stored Communications Act, was passed in 1986, long before smartphones, Wi-Fi, or widespread GPS use, and it has not been significantly updated since.

Instead, the DOJ’s Computer Crime and Intellectual Property Section (CCIPS) and Google quietly came up with their own framework for processing geofence warrants, which most courts to date have accepted.

The fact that Google at least makes the DOJ obtain search warrants for its data is a great first step, says Tokson. “But if we’re depending on giant tech companies to protect people’s privacy against the government, that’s a very shaky proposition,” he says. “These companies depend heavily on the government for business, and to not regulate them to death.”

Over 600 people have now been arrested, and at least 185 charged, in connection with the Capitol breach, with the most recent criminal complaint using Google’s geofence data filed just last week.

Meanwhile, the secret Capitol breach geofence warrants have yet to be identified themselves. In April, The New York Times thought it had tracked one down and filed a motion to unseal it. The warrant turned out to be for an unrelated drug trafficking case. When it comes to geofence data, it seems that information flows strictly in one direction.


More Great WIRED Stories