How the police set up a geofence dragnet for Kenosha protesters

On August 23, 2020, police shot Jacob Blake four times at a traffic stop in Kenosha, Wisconsin — and within hours the streets were packed with protesters. The National Guard was activated the next morning and the following week would see no less than 40 buildings destroyed, as well as two people shot dead by a counter-protester before order was restored.

But while that week’s events have been closely watched, many of the law enforcement tactics used to respond to those protests are only now coming to light. A series of six newly sealed warrants (1 2 3 4 5 6), some previously reported by Forbes, show an ongoing effort to use Google’s location services to identify Android users near arson attacks.

The arrests, issued in quick succession on Sept. 3, came from a team of 50 arson investigators from the Bureau of Alcohol, Tobacco and Firearms deployed to Kenosha to prosecute property damage cases linked to the protests. Using the arrest warrants, the officers targeted seven different geographic areas, asking to identify anyone who was in that area for a period of time that could last up to two hours. The result was a sort of location dragnet, spanning some of the busiest times and locations in the early days of the protest.

Searching location data for users in a particular area — called a geofence warrant — is a controversial practice that has become widespread in recent years. In one incident in 2020, a cyclist was involved in breaking into a house he often drove past. But while the technique is always controversial, it’s especially troubling when used in conjunction with a mass protest event, inevitably wiping out innocent civilians alongside suspected arsonists.

Jennifer Lynch, who leads the Electronic Frontier Foundation’s Street Level Surveillance project, says the fact that police were able to obtain the six arrest warrants with little reluctance from the courts shows how dangerous geofence warrants can be. “We know there were hundreds, if not thousands, of people in the area engaged in legal protest activity,” Lynch says. “It is unconstitutionally broad. No probable cause has been suggested in any of the warrants that would support a search involving so many people.”

Most worryingly for privacy advocates, the warrants contain no acknowledgment of the risks of incidental data collection or provisions that would mitigate the privacy risks of such a request. “If you have an investigation that necessarily involves gathering information about protests,” said Brett Kaufman, an attorney with the American Civil Liberty Union’s Speech, Privacy, and Technology Project, “protective measures must be put in place to prevent the collection.” on the front-end and the destruction of incidental data afterwards, otherwise you just give the government carte blanche.”

The six geofence orders issued after the Kenosha protests vary widely in their specificity. The most unusual request is based on video footage and an eyewitness account of an attempted arson attack at a TCF Bank just southwest of the city center. That evidence allowed police to narrow down the time frame to a 22-minute period when someone on the north side of the bank broke the windows and threw flaming objects inside.

The area around the Kenosha Public Library, as marked by the police. Under the terms of the warrant, users detected in this area on August 25 between 1 a.m. and 3 a.m. would be flagged by the investigators.

Other warrants are much more general. Another injunction looks at a suspected arson attack at the Kenosha Public Library, based on lighter fluid and rags discovered in a northeast window well in addition to minimal fire damage. With no direct witnesses to the fire, police erected a two-hour window and geofence for the middle third of downtown’s largest public park space. It was a significant span of the protest’s busiest night in an area that provided a natural meeting place for everyone who had taken to the streets that night.

The near certainty of incidental collection is especially worrying for Lynch. “What’s not in the warrants is a discussion of how many people were in that geographic area at the time the warrant covers,” she says. “Those people were not involved in the arson attacks under investigation and there is absolutely no reason law enforcement should have access to their location information.”

Notably, this isn’t the first time the technique has been used in the wake of a police protest. In May 2020, the Minneapolis Police Department used a similar technique to investigate the destruction of an Autozone store during protests over the murder of George Floyd.

While many devices collect location data, Google has become a particular target for geofence warrants because of its data retention practices. iOS stores location data anonymized and ephemeral, making it less accessible to court orders. Google has been reluctant to adopt such a system for Android, in part because of the value of the data for targeted advertising.

The final pages of the injunctions show a particular process put in place by Google in an effort to address the system’s privacy risks, although much of the process would take place outside the court’s oversight. Under the system, Google first produces a series of location points, identified with timestamps and unique identifiers, but no further identifiable information. Once that list is presented, law enforcement may “identify a subset of the devices in its sole discretion,” the order reads.

But while Google’s system could potentially narrow the injunction’s scope, there are no guidelines on how the requests would be limited in practice. Most importantly, there is no mechanism to prevent law enforcement from routinely asking to identify every device ID provided, and Google would have no reason to deny such a request once the warrant is issued.

As a result, critics of geofence safeguards view the system as offering little useful protection. “It’s a bit ridiculous to let Google judge for itself what the constitution requires,” says Kaufman. “The rules that apply to this type of data do not come from a private company. They come from the constitution.”

Kaufman considers the issue particularly urgent given the rapid growth of requests for geofence warrants. Google issued more than 11,000 geofence orders in 2020, according to a transparency report released by the company earlier this month, the vast majority coming from state and local jurisdictions.

“It’s a really worrying development that this has grown so quickly,” says Kaufman. “The courts should pay special attention to it.”