The California Court of Appeal has held that a geofence warrant seeking information on all devices located within several densely-populated areas in Los Angeles violated the Fourth Amendment. This is the first time an appellate court in the United States has reviewed a geofence warrant. The case is People v. Meza, and EFF filed an amicus brief and jointly argued the case before the court.
Geofence warrants, which we have written about extensively before, are unlike typical warrants for electronic information because they don’t name a suspect and are not even targeted to specific individuals or accounts. Instead, they require a provider—almost always Google—to search its entire reserve of user location data to identify all users or devices located in a geographic area during a time period specified by law enforcement.
In the Meza case, Los Angeles Sheriff’s Department deputies were investigating a homicide and had video footage suggesting the suspects followed the victim from one location to another before committing the crime. To try to identify the unknown suspects, they sought a warrant that would force Google to turn over identifying information for every device with a Google account that was within any of six locations over a five hour window. The warrant covered time periods where people were likely to be in sensitive places, like their homes, or driving along busy streets. In total, police requested data for geographic area equivalent to about 24 football fields (five to six city blocks), which included large apartment buildings, churches, barber shops, nail salons, medical centers, restaurants, a public library, and a union headquarters.
Typically, as in this case, geofence warrants lay out a three-step process by which police are supposed to execute the warrant: first, Google provides anonymized identifiers for each device within the geofenced area; second, police identify a subset of those devices and ask Google for additional information on where those devices traveled over an expanded time period; and finally, police identify a further subset of the anonymized devices and ask Google to unmask them and provide detailed account information for those device owners. A judge is only involved in issuing the initial warrant, and police have little or no direction from the court on how they should narrow down the devices they ultimately ask Google to identify. This can allow the police to arbitrarily alter the process, as they did in this case, or attempt to unmask hundreds or even thousands of devices, as they have in other cases.
In Meza, the Court of Appeal found that these problems doomed the geofence warrant at issue. The court held the warrant was invalid under the Fourth Amendment because it failed “to place any meaningful restriction on the discretion of law enforcement officers to determine which accounts would be subject to further scrutiny or deanonymization.” The court also held the warrant was overbroad because it “authorized the identification of any individual within six large search areas without any particularized probable cause as to each person or their location.” The court held the geographic areas and time periods covered by the warrant were impermissibly broad because they included areas where the suspects could not have been (like inside apartments) and covered time periods when police knew—based on time-stamped video footage—that the suspects had already moved on. This part of the court’s opinion largely tracks prior lower court rulings.
Defendants also argued that the warrant violated California’s landmark Electronic Communications Privacy Act (CalECPA), which requires state warrants for electronic communication information to “describe with particularity the information to be seized by specifying, as appropriate and reasonable . . . the target individuals or accounts.” Defendants argued that a warrant that seeks information on every individual or account fails to meet this requirement.
Unfortunately, here the court disagreed. The court focused on the statutory language limiting CalECPA’s particularity requirement to requiring police only specify accounts and individuals when it is “appropriate and reasonable” to do so. The court held the geofence warrant met this requirement by making it clear that police sought “individuals whose devices were located within the search boundaries at certain times,” even though it failed to identify those individuals.
Ultimately, the court’s CalECPA analysis proved fatal to the defendants’ case. Despite ruling the warrant violated the Fourth Amendment, the court refused to suppress the evidence, finding the officers acted in good faith based on a facially valid warrant. And while CalECPA has its own suppression remedy, the court held it only applied when there was a statutory violation, not when the warrant violated the Fourth Amendment alone. This is in clear contradiction to an earlier California geofence case, although that case was at the trial court, not at the Court of Appeal.
The court’s ruling creates an incongruous and possibly dangerous precedent on CalECPA’s particularity requirements and suppression remedy. Contrary to the court’s interpretation, CalECPA was intended to offer greater protections than existing Fourth Amendment and federal statutory law—especially for location data like that revealed through a geofence warrant. CalECPA also makes clear that its suppression remedy applies to violations of both the Fourth Amendment and CalECPA itself. Yet the California Court of Appeal’s holding in Meza ignores legislators’ clear intent in passing CalECPA. It appears to create a lower particularity standard for CalECPA warrants than warrants issued under the Fourth Amendment alone, and it significantly undermines CalECPA’s power by constraining its suppression remedy solely to statutory violations.
Given the court’s harmful CalECPA analysis and the fact that the number of geofence warrants used by police continues to increase year over year, we hope defendants will petition the California Supreme Court for review. We will continue to support them if they do.