To my untrained eyes, the incidents at the US Capitol on January 6, 2021, looked more like a bunch of vandals, delinquent sightseers and horn-helmeted lunatics engaging in mass civil disobedience, sometimes escorted by compliant police, rather than a plausible attempt to overthrow the government. Nevertheless, using force to reverse the result of a democratic election is bound to upset everyone on the winning side, and some of the more principled losers too. Lots of effort has been put into identifying and punishing the trespassers on that day and it was inevitable that law enforcement would demand the supply of data from communications networks too. We can treat this as inevitable because comms data has also been used by authorities around the world to monitor movements during the pandemic, to track the whereabouts of opponents of the Iranian government, to identify an opportunity to murder a Saudi dissident, and to check the locations of 250 million US phones just because police found a way to obtain that data legally. Nevertheless, it would be good for some legal limits to be placed on this kind of invasion of privacy, not least because there is a big difference between gathering evidence because a specific person is suspected of committing a crime and collecting data because some people within a given area might have committed a crime. The American legal debate surrounding ‘geofence’ warrants, where the police ask comms providers for data about all phone users within a certain area at a certain time, has intensified in the wake of the events of January 6, 2021. Fortunately, the issues receive a balanced examination in a recent decision about whether to allow the use of geofence evidence that showed the defendant, David Rhine, was in the Capitol on that day.
In USA vs Rhine, Judge Rudolph Contreras issued a memorandum opinion in late January that denied Rhine’s motion to suppress geofence evidence. This was a weighty matter to deliberate, especially with respect to the constitutional right that protects Americans from unreasonable searches and seizures, as written into the Fourth Amendment. The judge explained:
As the relatively few other courts to consider the validity of geofence warrants have noted, technological advances coupled with corporate data collection practices have rapidly expanded law enforcement surveillance capabilities in ways that present new and consequential Fourth Amendment questions, the answers to which are not neatly directed by existing precedent.
The Judge hence decided to review the state of the law on the ‘evolving and important’ topic of geofence warrants before reaching his decision as to whether the evidence was admissible. He began by explaining the essentials of a geofence warrant and why its use may be contentious.
Unlike a warrant authorizing surveillance of a known suspect, geofencing is a technique law enforcement has increasingly utilized when the crime location is known but the identities of suspects is not. At a basic level, a geofence warrant seeks cell phone location data stored by third-party companies like Google, which offers the Android operating system on which millions of smart phones run and offers other applications commonly used on phones running on other operating systems.
Prosecutors obtained Google Location History (LH) from the day of the Capitol riots because Google’s data is accurate and because Google gathers data about very many people. The Judge commented on its accuracy, as described in previous cases.
LH is “considerably more precise than other kinds of location data, including cell-site location information” because LH is determined based on “multiple inputs,” including GPS signals, signals from nearby Wi-Fi networks, Bluetooth beacons, and cell towers… LH “logs a device’s location, on average, every two minutes,” and tracking occurs “across every app and every device associated with a user’s account,” because LH is tied to the user’s account, not any particular application or device… “Once a user opts into Location History, Google is always collecting data and storing all of that data” in the Sensorvault… Google LH is designed to be correct that a user actually is within the error radius of where they appear to be approximately 68% of the time.
The geofence warrant obtained LH data for a four-and-a-half period and an area closely corresponding to the perimeter of the Capitol building (as pictured above).
The application sought LH data between 2:00 p.m. and 6:30 p.m. on January 6, 2021 for individuals in a target area slightly larger than but roughly tracing the contours of the Capitol building itself, excluding most of the plazas and lawns on both sides of the building and the abutting streets.
Some of the evidence that David Rhine and his phone were inside the Capitol came from an informant who said he had seen a message from Rhine.
In a March 2021 interview, one of the tipsters provided a text message exchange with Defendant and his wife in which Defendant stated, “I witnessed ZERO violence. I saw no ‘proud boys.’ Capitol police removed barriers and let people in.”
That would be consistent with subsequent video footage that suggests claims of violence were exaggerated and that the police offered no resistance to law-breakers. Nevertheless, entering the building was still breaking the law.
Because the Capitol building was not open to the public on January 6 due to the counting of the votes of the Electoral College, the fact of having entered the building during the geofence timeframe itself constitutes evidence of a crime.
The activities of the trespassers, who idiotically sent messages and took selfies whilst inside the Capitol, weighed against any argument that law enforcement would have no good reason to suspect that comms data would yield evidence of crimes being committed.
Based on an unusual abundance of surveillance footage, news footage, and photographs and videos taken by the suspects themselves while inside the Capitol building, there is much more than a “fair probability” that the suspects were within the geofence area and were carrying and using smartphones while there, such that their devices’ LH would provide evidence of a crime.
The chances of a false positive, where a passerby might incorrectly be recorded as being within the building were significantly reduced because of where the Capitol is situated and because of specific limitations on movement that day.
…the area around the Capitol is unusual for its lack of nearby commercial businesses or residences. Indeed, while Defendant does not make any specific allegations about any such nearby buildings, the Court’s best estimate is that the nearest is no less than about a quarter of a mile away, or approximately 400 meters… Furthermore, while public streets do appear to be somewhat closer to the geofence area, extensive road closures west of the Capitol, in anticipation of the rally on the ellipse on January 6, including on Pennsylvania Avenue, reduce the likelihood that any stray cars would have been picked up in the geofence error radius…
There would have needed to be a lot of errors for Rhine to credibly claim he never entered the Capitol.
The Geofence Warrant returns show that Defendant’s cell phone was present in at least 26 points within the geofence, of which 22 were in the Capitol itself, between 2:24 p.m. and 4:37 p.m. on January 6.
The Judge denied the motion to suppress the geofence evidence. The nature of the Judge’s reasoning does not open the floodgates for widespread abuse of comms data by police and prosecutors who hunger for data. It rather shows there can be circumstances where even a very large number of people can all be suspected of a crime just because they are all in a location at the same time. As the Judge observes, the Capitol is an unusually large place for such a warrant, and four-and-a-half hours could be considered an overly long period of time, but not when considering the nature of the crimes committed that day, and the existence of plenty of independent evidence that showed crimes were committed.
We always need to be wary of comms data being reflexively used to monitor anybody and everybody, even when there is no reason to investigate their actions. However, Judge Contreras’ memorandum of opinion in USA vs Rhine serves as an example of how to reason about the limits of when it is appropriate to gather evidence just because a person’s phone was somewhere around the place where a crime was committed.
Today’s episode of The Communications Risk Show will discuss forensic analysis of communications network data for police investigations with former police detective Tom Beiser, who is now the Director of LATRO’s Cellular Forensics Lab, and Donald Reinhart, CEO of LATRO. They will answer questions from the live audience about the challenges involved in drawing conclusions from CDRs and other kinds of network data. Join us at 4pm UK time at tv.commsrisk.com, or if you miss the live show then the video recording and audio podcast will be available soon after the live broadcast has finished.
