Google moves to end geofence warrants, a surveillance problem it largely created

Google will soon allow users to store their location data on their devices rather than on Google’s servers, effectively ending a long-running surveillance practice that allowed police and law enforcement to tap Google’s vast banks of location data to identify potential criminals.

The use of so-called “geofence warrants” have exploded in recent years, in large part thanks to the ubiquity of smartphones coupled with hungry data companies like Google vacuuming up and storing huge amounts of its users’ location data, which becomes obtainable by law enforcement requests.

Police can use geofence warrants (also known as reverse-location warrants) to demand that Google turn over information on which users’ devices were in a particular geographic area at a certain point in time.

But critics say geofence warrants are unconstitutional and inherently overly broad, since these demands often also include the information of entirely innocent people who were nearby at a time when a crime was committed. Even the courts cannot agree on whether geofence warrants are legal, likely setting up an eventual challenge at the U.S. Supreme Court.

Google’s announcement this week did not mention geofence warrants specifically, saying only that the move to store location data on their devices would give users’ “more control” over their data. In reality, the move forces police to seek a search warrant to access that specific device instead, rather than asking Google for the data.

While Google is not the only company subject to geofence warrants, Google has been far the biggest collector of sensitive location data, and the first to be tapped for it.

The practice of police tapping Google for users’ location data was first revealed in 2019. Google has long relied on its users’ location data to drive its advertising business, which during 2022 alone brought in about 80% of Google’s annual revenues, some $220 billion.

But in reality, this surveillance technique is thought to be far wider. Law enforcement later expanded its demands for location data to other companies. Microsoft and Yahoo (which owns TechCrunch) are known to receive geofence warrants, though neither company has yet disclosed how many demands for users’ location data they receive.

In recent years, the number of legal cases involving geofence demands have rocketed.

Police in Minneapolis used a geofence warrant to identify individuals who attended protests following the police killing of George Floyd. The overturning of Roe v. Wade in 2022 prompted fears that law enforcement in states where access to abortion care is limited or seeking an abortion is illegal could use geofence warrants to identify those who seek care. Lawmakers subsequently urged Google to stop collecting location data over fears the information could be used to identify people seeking abortions.

Although the companies have said little about how many geofence warrants they receive, Google, Microsoft and Yahoo last year backed a New York state bill that would have banned the use of geofence warrants across the state. The bill failed to advance into law.

Google has not said how many geofence warrants it has received in recent years. Google published its most recent (and only) disclosure on the number of geofence warrants it received in 2021 following pressure to disclose the figures after mounting criticisms of the surveillance practice.

The data showed Google received 982 geofence warrants in 2018, then 8,396 geofence warrants in 2019, and 11,554 geofence warrants in 2020 — or about one-quarter of all the legal demands that Google received. The disclosure, while limited, offered the first glimpse into the sharp rise in the number of these requests, but Google did not say how often the search giant pushes back against these legal demands for users’ location data — if at all.

News that Google will soon move its users’ location data to their devices was met with cautious praise.

The Electronic Frontier Foundation, which has challenged the constitutionality of geofence warrants in court, said in a blog post that “for now, at least, we’ll take this as a win.” But the EFF noted that there are other ways that Google can still turn over sensitive personal data on its users. Law enforcement uses similar legal demands, dubbed “reverse keyword” warrants, to identify Google accounts that searched for a particular keyword in time, such as prior to a crime being committed. Google has not said if it plans to close the loophole that allows police and law enforcement to serve so-called “reverse keyword” warrants for users’ search queries.

It’s not to say that geofence warrants will fizzle out overnight. Google still retains huge banks of historical location data that police can tap into any time, up until whenever Google decides it no longer wants to keep it. And all the while tech companies store vast troves of users’ location data, they too can be subject to similar legal demands.

But there is hope that Google shutting the door on geofence warrants — at least going forward — could significantly curtail this surveillance loophole.

In its most recent transparency report in 2022, Apple said it received 13 geofence warrants demanding its customers’ location data, but provided no data in return. Apple said it “does not have any data to provide in response to geofence requests” as the data resides on users’ devices, which Apple says it cannot access.