Federal prosecutors have cited secretive "geofence" warrants — which allow law enforcement to pinpoint cell-phone users' precise locations over time — in 45 Capitol riot cases, including six where where suspects had not previously been identified.
Geofence warrants, also known as reverse-location warrants, allow law enforcement to obtain data from Google to identify potential suspects. "Unlike ordinary warrants for electronic records that identify the suspect in advance of the search, geofence warrants essentially work backwards by scooping up the location data from every device that happened to be in a geographic area during a specific period of time in the past," the Electronic Frontier Foundation explained.
Wired reported Thursday that "while Google receives over 10,000 geofence warrants for location data in the US a year, those covering the Capitol breach appear to have been particularly productive, apparently enabling the FBI to build a large, searchable database in their hunt for the rioters."
The magazine added that "where a typical geofence fishing expedition might catch only one or two suspects, the January 6 investigation appears to have landed a netful."
"None of the legal experts WIRED spoke with had heard of another case where the personal data for devices in a geofence warrant had been unmasked at this scale," Wired reported, adding that it would also mark the first time law enforcement has created a searchable database of geofence data.
Capitol rioters who appear to have been nabbed using geofence warrants — the first of which reportedly was served while the insurrection was still raging — include Jeffrey Register, who later attempted to factory-reset his phone, although it was too late. The FBI also used geofence warrants to identify rioter Amy Schubert, after she was shown on video wearing a jacket from a plumbers union in Joliet, Illinois, as well as Chicago police officer Karol Chwiesiuk, according to court records.
While geofence warrants were critical to identifying and charging dozens of Capitol riot defendants, experts are warning that law enforcement's use of the data could become "a slippery slope."
"When law enforcement and prosecutors see what they can do in an unusual case, it normally spills over and then becomes the usual case," a digital forensics lawyer who asked not to be named told Wired. "I think that not only will you see this in murders, you'll probably start seeing it in car thefts. There are no reins on this."
The geofence warrants typically remain sealed from public scrutiny for years, and the law governing them was passed in 1996, prior to smartphones.
"I'm terribly concerned about the potential for misuse of that technology," said Ari Waldman, professor of law and computer science at Northeastern University. "Even if I think staging a coup against a democratic government is abhorrent, it doesn't mean that constitutional privacy protections shouldn't be in place."
Matthew Tokson, a law professor and Fourth Amendment expert at the University of Utah, said the fact that Google makes the FBI obtain search warrants for the company's data is a good first step.
"But if we're depending on giant tech companies to protect people's privacy against the government, that's a very shaky proposition," Tokson said. "These companies depend heavily on the government for business, and to not regulate them to death."