It was a Monday afternoon in May when police say a man wielding a silver and black handgun ordered customers inside the Call Federal Credit Union in Midlothian, Virginia, to their knees and demanded the bank's manager open the safe. The robber fled with $195,000, witnesses said, and was long gone by the time authorities arrived.
After surveillance footage showed the assailant holding a cellphone before he entered the bank, police drafted a search warrant asking Google to provide location information from every user that was within the vicinity of the bank within the hour of the crime.
The results came back with 19 anonymized individuals.
Virginia police whittled down the list to nine users and then asked Google for additional data from an expanded time frame. According to court documents reviewed by The Post, police contacted Google again: they wanted three users' account details, including names, email addresses, subscriber information and phone numbers.
A month after the third request, on August 13, Okello Chatrie was arrested.
The type of request made in Chatrie's case, also known as a "Geofence" warrant, is increasingly being sought by law enforcement across the country.
These warrants, which target a geographic area instead of a suspect, compel tech companies to turn over location data from any user interacting with its technology during a specified time.
"Individuals may be caught up in this search by merely using an Android phone, conducting an Internet search using Google, running a Google application such as Google Maps or YouTube, or even receiving an automatic weather update from an Android service," Chatrie's attorney, Michael Price, wrote in an October motion.
Geofence warrants, he said, "ensnare anyone who uses Google services at specific times...sweeping up innocent individuals in an unconstitutional dragnet search;" court documents noted that within the vicinity of Credit Union was a major highway, a Ruby Tuesday restaurant, a Hampton Inn hotel, a storage facility, two apartment complexes and a church.
Calling the warrant an illegal Fourth Amendment search, Price asked the court to suppress any evidence obtained from it.
"No valid search warrant would permit the police to search every house in a neighborhood or pat down everyone in sight. Yet, with a Geofence warrant, law enforcement can do just that," he continued, and "without ever demonstrating any likelihood that Google even has data connected to a crime."
Chatrie, 24, has pleaded not guilty to the charges; if convicted, he faces up life imprisonment.
Prosecutors called the case the first of its kind, though the issue has come up in other states, including New York, North Carolina, Florida and Minnesota. Experts anticipate Geofence warrants will be the next big Fourth Amendment battle when it comes to digital privacy.
Geofence warrants raise two interesting legal questions, according to Andrew Ferguson, author of "The Rise of Big Data Policing: Surveillance, Race, and the Future of Law Enforcement" and a visiting law professor at American University:
Do people have an expectation of privacy in their location revealed by digital clues? And do search warrants for overbroad collection run afoul of particularity concerns?
"For example, is a warrant for all the phones in a bank building particularized enough when you know you will be collecting information from innocent people? Does it matter if it is 19 innocent people or 190? Or 1900?" Ferguson asked. "These are questions that police will need to resolve before seeking a warrant and judges will need to answer before signing a warrant."
Google received enough reverse location history warrants that it developed a 3-step process to respond: It provides an anonymized data set; if needed, it turns over additional location history; and for relevant devices it produces basic subscriber information.
"We vigorously protect the privacy of our users while supporting the important work of law enforcement," Richard Salgado, Google's director of law enforcement and information security told The Post. "We have created a new process for these specific requests designed to honor our legal obligations while narrowing the scope of data disclosed and only producing information that identifies specific users where legally required."
Although the company said it only turns over historical-location data when served with a search warrant, neither follow-up request in Chatrie's case was court-ordered.
Last year, the U.S. Supreme Court was tasked with deciding whether law enforcement needed a search warrant to compel service providers to hand over cell tower location records, which track a person's minute-by-minute movements. The court held that they do.
But data in that case was collected nearly a decade ago. Since then, network technology and accuracy has advanced tremendously.
The location information stored in Google's Sensorvault is even more precise than cell site location information: Court records mentioned that Google can pinpoint a person's whereabouts to approximately 20 meters, while cell site location data is "a few thousand meters.
More, the company's software permeates smartphone technology. According to Pew Research Center, 96 percent of Americans own cellphones. Google Maps is the most-used navigation app, appearing on 67 percent of smartphones, and its closest competitor is the Google-owned app, Waze. Android operating systems control nearly 90 percent of the smartphone market share worldwide.
"This will become one of the most common legal battles in court," Ferguson said. "Almost everything we do leaves little digital locational clues that are a warrant away from collection."
© The Washington Post 2019