Court Documents Show The FBI Used A Whole Lot Of Geofence Warrants To Track Down January 6th Insurrectionists
from the easier-to-do-when-most-people-are-in-an-area-illegally dept
The new hotness for law enforcement isn't all that new. But it is still very hot, a better way to amass a list of suspects when you don't have any particular suspect in mind. Aiding and abetting in the new bulk collection is Google, which has a collection of location info plenty of law enforcement agencies find useful.
There's very little governing this collection or its access by government agencies. Most seem to be relying on the Third Party Doctrine to save their searches, which may use warrants but do not use probable cause beyond the probability that Google houses the location data they're seeking.
Law enforcement agencies at both the local and federal levels have availed themselves of this data, using "geofences" to contain the location data sought by so-called "reverse warrants." Once they have the data points, investigators try to determine who the most likely suspect(s) is. That becomes a bigger problem when the area contained in the geofence contains hundreds or thousands of people who did not commit the crime being investigated.
These warrants have been used to seek suspects in incidents ranging from arson to... um... protesting police violence. They've also been used to track down suspects alleged to have raided the US Capitol building on January 6, 2021 -- the day some Trump supporters decided (with the support of several prominent Republicans, including the recently de-elected president) that they could change the outcome of a national election if they committed a bunch of federal crimes.
Plenty of those suspects outed themselves on social media. For everyone else, there's reverse warrants, as reported by Wired. (h/t Michael Vario)
Court documents suggest the FBI has been using controversial geofence search warrants at a scale not publicly seen before, collecting account information and location data on hundreds of devices inside the US Capitol during a deadly invasion by a right-wing mob on January 6.
While Google receives over 10,000 geofence warrants for location data in the US a year, those covering the Capitol breach appear to have been particularly productive, apparently enabling the FBI to build a large, searchable database in its hunt for the rioters.
Well, the documents do more than "suggest." The underlying warrants are likely still sealed, so some conjecture is involved. But other stuff has leaked out around the redactions and the sealing, showing the FBI was issuing warrants even while the attempted insurrection was still underway. The feds can move fast when needed, apparently. This is from a criminal complaint related to Mitchell Vukich -- one Capitol raider who not only tweeted he was inside the Capitol while still apparently in the Capitol ("I was one of the first 15 people in the #Capitol. Wild stuff. Be safe out there."), but was caught on several security cameras as he made his way through the building and seemingly ran off with some government documents.
According to records obtained through a search warrant which was served on Google, on January 6, 2021, in and around the time of the incident, a mobile device associated with mitchellvukich66@gmail.com was present at and in the interior of the U.S. Capitol on January 6, 2021.
However you may feel about the Asshat Revolution of January 6th, this isn't an ideal -- or even an acceptable -- way to conduct an investigation. Reverse warrants make everyone in the area a criminal suspect. Probable cause doesn't exist. It does in terms of Google: there's a highly probable chance the company has location data captured in areas under investigation. But law enforcement asks for all of it and works backwards to find suspects. Once it does that, it has probable cause to seek identifying information. But this method inverts the accepted (under the Fourth Amendment) formula for performing searches.
And, since the search warrant (as well as the results of the search) are still secret, we can only assume the FBI acted in good faith. It may not have.
“What might have happened is that the FBI got the anonymized data and just got straight back in touch with Google and said we suspect 90 percent of these people, so give us their IDs,” says Matthew Tokson, a law professor and Fourth Amendment expert at the University of Utah. “Or it may have been an atypical warrant where they said to Google: Give us not only the numbers but the account names, because we think we have probable cause on the bulk of them.”
And that's the concern law enforcement can keep from being addressed by asking for (and receiving) permission to seal warrant affidavits and discussions of this investigative technique, even though the technique is known and understood and already widely discussed in the public arena.
Suspects who think they can beat these warrants actually can't. A lot of that can be traced back to Google, which has never been completely honest about its location data harvesting. Some of that can be pinned on the suspects, who fail to understand that a factory reset only affects data stored on that device.
[C]ourt documents say that Jeffrey Register deleted photographs of his time in the Capitol and even claimed to have factory-reset his phone in the days after the breach to obscure his tracks. It was already too late; the FBI appears to have identified him from the Google geofence data in January…
That's the kind of thing that happens when you're cosplaying insurrection, OPSEC is an afterthought. For the people hunting you down, however, finding and acquiring reams of culpatory data is the thing they get paid to do. Getting high on your own supply of confirmation bias can have consequences, especially when it involves the impromptu violation of federal laws.
But at the end of all this is the skyrocketing use of reverse warrants to identify criminal suspects. That it has only resulted in a few false arrests is a miracle, not an endorsement of the investigative technique. While there has been occasional pushback against inverting the constitutional status quo, the large number of geofence warrants served to Google every year suggest law enforcement isn't too worried about losing access to a powerful tool that takes full advantage of private companies' apparently unslakable thirst for personal data.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, doj, fbi, geofence warrants, january 6th
Reader Comments
Subscribe: RSS
View by: Time | Thread
An opinion about geofence warrants
I think that geo-fence and time-fence warrants are simply a tool. One that can be misused.
In the case of Jan 6, most people in that place and time are at least people of interest. Other evidence, especially video and photos, would make them suspects.
Mobile device tracking of time/location should be only part of a case against someone. Not the entire case. Why were they there? And why at that particular time? If nothing else, the location data is simply to undermine any statements they make that they weren't there. (but their device was there)
I also remember a case from years ago, in Europe, where people were using tampered credit cards and chips at retail stores. Police got the list of persons at that time and place, along with security footage. Then at all of the different locations and times where the fraud occurred, over time, a pattern emerged of a small group who were involved. Security footage helped. This enabled further investigation which discovered irrefutable evidence.
I'm not sure it is an absolute bad thing to use this as part of an investigation, or as an investigation technique. But it must be understood that all it is, is simply a fact about someone's device being at a certain time and place.
[ link to this | view in chronology ]
geofence warrants
What is the right standard for these warrants? I ask from a position of ignorance. In an older technology, I thought I understood it. If the police ask all storekeepers on the block for security camera recordings, and then watch the recordings to see who was there around the time the bad act occurred, using that as a key to further investigations, it is not problematic in and of itself. Is this right? All it proves is that someone was there, which could be either a little or a lot of what eventually gets proved in court. And focusing investigative resources on people who were there seems sane. Is this right?
What is the principled difference between "the police saw me there on video just before the bad act" and "the police saw in a database that my phone was there just before the bad act"? If these questions are too dumb to answer, but there is something I could easily read, I'd appreciate a link! Learn a lot from reading you guys.
[ link to this | view in chronology ]
Re: geofence warrants
If the police ask all storekeepers on the block for security camera recordings, and then watch the recordings to see who was there around the time the bad act occurred, using that as a key to further investigations, it is not problematic in and of itself.
The police can ask for whatever information they want, only attorney-client privilege specifically bars someone from providing information to the police.
If the storekeepers responded to the question with "fuck off," the police would have a difficult time compelling production of many of those recordings.
If one of the stores was the victim of the crime, they could easily get a warrant for recordings owned by that store.
If a store unrelated to the crime has a camera which provably would have observed the crime (not merely might have observed the crime if the criminal cooperated), they would probably be able to get those recordings, though it's not guaranteed.
If they have already identified a suspect and have evidence of specific movements on the block, they might be able to grab recordings from unrelated stores which cover areas of already proven movement, though it's also not guaranteed.
If a store is merely on the same block as a crime, they would substantially never be able to compel production of footage.
Of course, this rarely comes up, because such stores generally just hand over that information voluntarily.
[ link to this | view in chronology ]
Re: Re: geofence warrants
One difference, is that these geofence warrants are often not narrow in scope. Sometimes they'll cover multiple square miles and months of time. That borders on general surveillance of the population.
[ link to this | view in chronology ]
Re: Re: Re: geofence warrants
That is no different than getting a warrant for all stores on the block to provide their security camera footage from as far back as they have any. And not just on the block, but in the entire city. That way we can find out who broke in to this one specific location.
The problem is simply that the warrant is too broad in time and space. That can apply to any kind of warrant. It doesn't mean that geofence and timefence warrants are inherently evil given a proper scope.
[ link to this | view in chronology ]
Re: Re: Re: Re: geofence warrants
Except it can cover several blocks, and far longer than stores generally retain security footage. Not sure if this is still true, but it used to be tapes were reused after 48 hours or so. Your location history is now kept indefinitely.
Technology improvements are allowing wider and longer searches after the fact, incrementally, but adding up to a very dramatic difference in scope.
Warrants were intended to be narrow in scope, covering specific locations and suspect individuals at the moment of the search, not tens of thousands of uninvolved people over months.
[ link to this | view in chronology ]
Re: Re: Re: Re: geofence warrants
Sorry, missed that sentence in the middle, this is very early morning for me :)
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: geofence warrants
Thank you also mhajicek and DannyB, I learned a lot from this discussion as well.
[ link to this | view in chronology ]
Re: Re: geofence warrants
Thank you, I learned a lot from this Anonymous Coward.
[ link to this | view in chronology ]
Re: geofence warrants
"What is the principled difference between "the police saw me there on video just before the bad act" and "the police saw in a database that my phone was there just before the bad act"?"
The logic and severity of integrity violation.
If the police see you on the scene of the crime they still needs reasonable suspicion. They still need to have you connected somehow with the victim. If your phone is "around" it just means your phone has been found to have been within that city block.
Put it like this, would you be able to approve of a search warrant targeting a thousand people who happened to live or work within a certain distance of where the crime happened?
Would you feel comfortable if the police could ignore every right you have to a private life every time you happened to be in the vicinity of a crime? Your phone being detected within a given area serviced by a signal repeater may be an important indicator if the crime takes place in rural areas where beside the victim and your phone there'd only be a few cows and chickens...but not so much in the inner city where that logic makes everyone a suspect due a thorough police investigation.
[ link to this | view in chronology ]
This seems like a time where this is exactly when a geowarrant would be valid due to the fact that specific time and location can be tracked for general events.
Considering how slow arrests are happening since Jan 6th, it's not like they are just getting this information and arresting people, they are also corroborating it with additional data.
This is one of the few occasions I disagree with Techdirt, with the other time I remember being in relation to the boston marathon bombings where they shut down cell phone communications in an area.
[ link to this | view in chronology ]
why is this even necessary
If there aren't RF detectors in the Capital buildings that could detect every device as it came through the door/window, then we need to find out why.
[ link to this | view in chronology ]
Re: why is this even necessary
... because they have cell tower equivalents at multiple places within the capitol buildings. What do you think a cell tower is, besides an RF detection (and transmission) device, specific to the frequencies used by cell phones?
And when you have more than one, you can use triangulation to locate the RF source. So, what need for RF detectors at every window and door?
[ link to this | view in chronology ]
Leave It At Home
Whether you're an Antifa shitbag about to burn down a police station with cops still inside or a Capitol rioter with a noose in your hand, the smartest course of action as you set out to do your do your dirty business is...
Leave
Your
Damn
Phone
At
Home
[ link to this | view in chronology ]