Supreme Court says police need warrant to obtain Google location data

The Supreme Court on Monday said that police must generally obtain a warrant to gather detailed location data tracked by smartphones, in a case that brings into sharper the Constitution’s protections for Americans’ digital privacy.

In a 6-3 vote that scrambled ideological lines, the majority found that a request by police officers for Google to turn over a robbery suspect’s location history constituted a search protected by the Constitution’s guarantee to be free of unreasonable searches and seizures.

“An individual has a reasonable expectation of privacy in records about his cell phone’s location, and police intrude on that constitutionally protected interest when they demand the information — even though for only a limited time, and from a third-party tech company.” Justice Elena Kagan wrote for the majority.

The court, however, declined to answer another major question in case: whether the “geofence” warrant in the suspect’s case — used to locate everyone who was within a specific geographic area at a particular time — was reasonable.

The upshot of the ruling is that, at a minimum, police need a warrant to get the data — but that even with a warrant, it may be out of bounds. The justices sent the latter question back to a lower court to decide.

The case is the latest in which the Supreme Court has balanced the Constitution’s privacy safeguards with law enforcement’s attempts to access reams of data that tech and cellphone companies gather from users.

In 2018, the high court ruled 5-4 that police need a warrant — which requires a sign-off by a judge — to obtain cell site location data from phone companies. The majority, led by Chief Justice John G. Roberts Jr., found that “time-stamped data provides an intimate window into a person’s life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations.’”

The present case differed in that it concerned Google location data collected by the company’s apps. Google said in a brief to the court that this data is more precise than cell tower data, with the ability to pinpoint a device’s location within “twenty meters or less.” The company described the technology as a “personal journal of one’s movements” — although it must be activated by a user.

When law enforcement officers obtain a warrant, they use the data to draw a “geofence” to locate everyone who was within a specific geographic area at a particular time. Law enforcement officials, backed by the Trump administration, say the information is critical in helping them solve difficult cases. The benefits to public safety, they argue, justify the government’s intrusion into an individual’s private life.

Google and other major tech companies oppose the sweeping nature of the warrants. In its brief to the high court, Google noted that many of “these overbroad warrants swept in hundreds, sometimes even thousands, of innocent people.”

Privacy advocates, and the tech companies collecting the data, say the technology can be abused. Law enforcement, for example, could catalogue everyone who was at a particular location — such as a place of worship or political organization — at a particular time.

Roughly one-third of Google users had activated the Location History feature, according to the company. Google began receiving requests for location data in 2016. The tool soon became popular with law enforcement. In 2020, the company received 11,554 requests for location data from police in the United States, Google said in a transparency report in 2021. After that, it stopped disclosing the number of requests publicly.

Google has said it has objected to thousands of requests from law enforcement agencies, but has never disclosed how many it fulfilled. Until last year, Google had been storing the data on its servers, but after mounting scrutiny of the location warrants, Google said it had stopped storing the data and could no longer respond to warrants.

Other companies, however, continue to keep such data.

Elon Musk’s X Corp. — which runs the social platform X — also shared concerns in a brief to the court, noting that it also collects “multiple classes of sensitive user data pertaining to millions of innocent individuals,” including location data. It also receives requests from law enforcement agencies for data and “routinely resists overbroad or otherwise invalid” demands.

Microsoft filed a similar statement, as did the Software and Information Industry Association, which represents nearly 400 software companies, platforms, data and analytics firms, and digital publishers.

Concerns about abuses are overblown, the Local Government Legal Center, which represents local municipalities, wrote in a brief.

“A geofence warrant … offers a ‘brief glimpse’ into an individual’s ‘whereabouts,’ and when properly executed, is unlikely to ‘offer insight into his habits, routines, and associations,’” the organization said.

Google was still storing Location History data in its cloud servers in 2019 when a robbery took place at a credit union in Richmond. Okello Chatrie, who had his location history turned on at the time of the robbery, pleaded guilty after police found him by using a geofence warrant.

The warrant, signed by a local judge, asked the company to provide an anonymized map of every Google user within 150 meters of the bank and within a half-hour of the robbery, according to court filings. That search returned information on 19 users and their movements.

But Google had reservations when detectives asked for the identities of those 19 users, and the company told detectives to narrow the list. They did so by specifying the target’s movements an additional 30 minutes before and after the initial time frame.

The search turned up three suspects. Google then “unmasked” those users, providing their names and account information. One of them was Chatrie, whose movements appeared to match those of the robber. Detectives then obtained another warrant to search Chatrie’s home, finding a handgun, two robbery demand notes and nearly $100,000 in cash, according to court records. Some of the cash was wrapped in bands signed by a teller from the robbed credit union.

Although Chatrie pleaded guilty, he reserved his right to challenge evidence obtained through the geofence warrant. A federal judge in Virginia found that the warrant violated Chatrie’s Fourth Amendment rights but ruled that detectives were acting in good faith, so the data could not be excluded as evidence.

A panel of the U.S. Court of Appeals for the 4th Circuit affirmed the decision, as did the full appeals court.

Central to the case is whether Chatrie had a “reasonable expectation of privacy.” Because he had his Google location history turned on during the robbery, the government argues that he in effect volunteered a record of his movements and had no reasonable expectation of privacy, meaning a warrant was not even necessary.

Attorneys for Chatrie argue that his location history is his property, which Google was storing for his personal use. When police obtained it, it was as if they had rummaged through his house, the attorneys argued.