After pressure from activists, Google revealed in a press release last week that it had granted geofence warrants to U.S. police over 20,000 times in the past three years.
Geofences are a tool for tracking location data linked to specific Android devices, or any device with an app linked to Google Maps. Advertisers often use geofences. It allows them to draw a virtual fence around an area and target everyone who visits the same place with the same messaging. However, police departments have also been using geofences to uncover suspects: they present warrants to Google, asking for the location data and histories of any users who have been logged near a crime scene. Google is obligated to provide that data to law enforcement. While that data is anonymized, the police can then go back to Google and ask for more specific data on anyone of interest.
Until now, there has been no solid information on how widespread the practice was, though previous reports had shown that it had risen sharply in the past few years. It is also unclear how many people have been arrested or convicted based on geofence warrants. We now know that from 2018 to 2021, police came to Google with a warrant for location data 20,932 times.
The 20,932 figure does not represent 20,932 people; 20,932 is just the number of geofences drawn. The number of people implicated could be many times larger. Everyone who passed through those 20,932 fences with a device would have been logged.
What is geofencing?
According to Daniel Schwartz, a privacy and technology strategist with the New York Civil Liberties Union (NYCLU), geofences take two forms. “Either they are specific pinpoint location, and it is a radius that is described whatever distance to that particular location, or it is a set of location points, drawing a polygon, and basically then requesting all the subscriber data that were within that geofence for a particular time period,” he tells me.
“Google has described in the past that they were responding to such requests in a way that they were pseudonymously handing over data,” he said. “But it's unclear how detailed that information is and how law enforcement makes decisions, and how they then narrow down that data to a smaller subset. And then also how small that subset of information will be.”
Geofencing is far more invasive than something like public CCTV. It doesn’t just hand over your location data, but your history as well. “So that can identify where you go to work, with whom you meet, with whom you associate, your political practices, your religious affiliations, the health providers you frequent, and all directly tied to your identity,” Schwartz says. “With the geofence warrant, really it can make anyone a suspect.”
“The only way is to keep your phone shut off and in a Faraday bag. But who’s going to do that?”
And turning off your location data does not actually mean that Google doesn’t know where you’ve been – it just doesn’t tell you that it's been tracking you. A 2018 investigation by AP News showed that your device would still report your whereabouts to Google, even if you’d turned the setting off.
“The only way to really prevent that is to keep your phone shut off and in a Faraday bag,” Schwartz says. “But who’s going to do that?”
What’s the danger?
Many have drawn attention to the possibility that these warrants could be used to grab data from protesters, and while there were no confirmed uses of it—although police use of other surveillance technology is well-known—Forbes broke the story last week that geofence warrants were used during the George Floyd protests.
In Kenosha, WI, police asked for geofence data four times based on two arson attacks and other damaged property, even though the data included protesters who were trying to fight the fires. No charges from the cases have yet been made public.
Other arrests, or even suspects, based on geofence warrants are hard to find. As the Markup reported, a cyclist became a suspect in a local burglary in 2019 because he had been riding near where the crime took place, when the crime took place. He was tracking his ride on an app that depended on Google location data, which was later caught up in the geofence warrant issued by the Alachua County Court in Florida.
“Police pegged McCoy as a potential suspect without security camera footage, eye-witness accounts, or any sort of forensic evidence because his device had shown up as near the burglary site,” Leila Barghouty wrote.
Although the data is anonymized, a New York Times report from 2018 found that location history makes identifying individuals trivially easy. With one users’ permission, they were able to easily identify her in a set of anonymized data, based on the fact that she was the only person who made the exact journey she did from her home address to the school where she worked. The Times was also able to find out how long she stayed at a dermatologists’ appointment, where she went hiking, and when she stayed over at her boyfriend’s place.
The state of Arizona is currently suing Google over this privacy breach. “When consumers try to opt out of Google’s collection of location data, the company is continuing to find misleading ways to obtain information and use it for profit,”Arizona Attorney General Mike Brnovich said in an interview.
"Fail #2: *I* should be able to get *my* location on *my* phone without sharing that information with Google," one Google employee said.
Google spokesperson José Castañeda wrote to The Verge, saying that the Arizona Attorney General had “mischaracterized Google’s services. “We have always built privacy features into our products and provided robust controls for location data,” he wrote. “We look forward to setting the record straight."
In documents made unredacted by the Arizona lawsuit, some of Google’s employees complain about the tracking.
"Fail #2: *I* should be able to get *my* location on *my* phone without sharing that information with Google," one employee said.
Schwartz emphasizes that geofencing only represents one of a portfolio of surveillance tech. He pointed out that several Black men have been falsely identified as suspects by facial recognition software that has been shown to have racist algorithms at its core. Similarly, at protests, police have employed dummy antennas called “Stingray” devices that force nearby mobiles to connect to it before forwarding that signal to an actual cell tower, which gives the police the ability to filter, monitor, and block signals at will.
Perhaps most alarming are “reverse keyword” warrants, which permit authorities to ask Google for data based on specific search terms. CNET reported last October that a man in Minnesota had been arrested in a fraud case based on the police’s application to Google, which asked it for everyone who’d searched the name and personal information of the fraud victim. The warrant asked for any and all subscriber information of anyone who’d searched that name from December 1 to January 7, 2017, a period of just over a month.
“It is grounded in this language of the terrorism. And obviously has also been weaponized most strongly against communities of color, against Muslim communities.”
As Schwartz explains, the roots of this tech go back a long way. “A lot of the surveillance infrastructure we're seeing now that has expanded so much can be traced back to responses by law enforcement to 9/11,” he says. “[It] is grounded in this language of the terrorism. And obviously has also been weaponized most strongly against communities of color, against Muslim communities.”
Geofence warrants have been challenged in courts across the US—and in the state of Illinois, have been ruled as failing to meet the standard of 'probable cause' required by a warrant—but there have also been some efforts at the legislative level to ban them. New York State Senator Zellnor Myrie and State Assemblymember Dan Quart have sponsored a bill asking that the practice be banned.
In a statement with the NYCLU, Schwartz said:
“We’re proud to be working with Senator Myrie and Assemblymember Quart to pass S296/A84 and prevent New York law enforcement from making these kinds of overly broad requests. Carrying a smartphone and accessing the internet is a part of our daily activities and it’s chilling to think that participation in digital life may lead people to be tracked or monitored by police and the government.”