As President Trump revives his administration’s familiar fight with Apple over encryption, condemning the tech giant for not breaking into its own devices, news is coming to light about a new frontier in the battle over government surveillance. Court documents reveal previously unreported instances of the so-called “reverse search warrant”: court orders demanding that tech firms provide all the information on users in a certain geographic area at a certain time. While this tactic is relatively rare today, it holds the power to transform every internet-enabled gadget into a government tracking device.
Search warrants date back before the founding of this country and are enshrined in the Fourth Amendment, and today, some warrants work the same way that they did in 1789. Want to search a house or arrest a suspect? Have an officer swear under oath why they have probable cause. Want to search another home or arrest a second person? You’ll have to get a second warrant.
But digital searches are increasingly diverging from their brick-and-mortar predecessors. Traditional warrants allow police to get records from banks, utilities, and other companies to track a single person’s location over time, but reverse search warrants turn the process on its head, beginning with only a location. Moreover, with reverse search warrants, officers no longer need to limit their request to a single person. Officers could ask Google for the names of every device user on a specific block, whether it’s a secluded country road or Times Square on New Year’s Eve. Worse than that, it’s impossible for them to know how many people they’re targeting in advance. A reverse search warrant for a house might just give you the owner’s devices, but it may also give you data on hundreds of visitors. The judges approving these orders simply can’t know how much data they’re handing over to law enforcement when they approve the request.
One particularly high-profile reverse search warrant case unfolded in New York in late 2018, when the founder of the extremist, far-right Proud Boys group spoke to a Republican club in Manhattan. When protesters responded with chants and spray paint outside the Upper East Side event, Proud Boys members responded with fists and kicks. Alarmingly, when the assault and riot charges against four Proud Boys went to trial, prosecutors revealed that they had used a reverse search warrant. More concerning still, prosecutors didn’t do this to find the Proud Boys—they did it to find protesting Antifa members.
News of the reverse search warrants was first reported last summer, but at the time, the public only knew that the tactic had been used to demand records from Google. But iPhone owners may have breathed a sigh of relief too soon. Previously unreported court documents now confirm that prosecutors also use the same tactic to target Apple, along with Uber, Lyft, and Snapchat’s data. These requests included “user information for accounts that were active at those specific longitudes and latitudes at those specific times.” We don’t know how much data was handed over, just that the request was made.
This is hardly a unique case. A month after the Proud Boys attack, the FBI used the tactic to investigate a Wisconsin bank robbery. Less than a year later, Virginia police copied the approach, obtaining phone data on nearly two dozen individuals in another bank robbery investigation. And just last month, Forbes reported that the Bureau of Alcohol, Tobacco, Firearms, and Explosives got a gargantuan reverse search warrant to compel Google to provide information on 1,500 cellphones across 29,387 square meters.
As more police departments learn about the reverse search warrant tactic, they’ll gain the power to transform any device or location-enabled app into a government tracking device. This has always been a threat with traditional search warrants, but with reverse search warrants the capabilities are much more powerful.
Imagine if a politically motivated prosecutor tries to target all the people in the vicinity of a political protest after just one member breaks a store window. Or if another prosecutor uses an investigation as a pretext to find everyone at a healthcare facility or an AA meeting. The possibilities are positively Orwellian.
The request to Snapchat is particularly problematic, highlighting how apps that are marketed with the promise of protecting our privacy are still collecting data that can be used against us. Even the app that promises to make our photos vanish may still have an indelible record of where we were and when.
Developers may respond the way Apple has, by simply not keeping the type of information that law enforcement agencies demand in a reverse search warrant. But that’s easier for some applications than for others, and many firms, like Google, will have a business incentive to hold onto as much of our data as they can.
Consumers shouldn’t have to choose between using devices and apps and having our location tracked by the police. Developers shouldn’t have to choose between retaining data and having that information hijacked by law enforcement. And judges shouldn’t have to choose whether or not each individual reverse search warrant request is legal, when they can’t possibly know how many people their choices will impact.
The answer is simple: We need to ban all reverse search warrants. That step won’t be enough to end all the threats posed to the public’s privacy, but it will make clear that these types of digital dragnets are a step too far.
Albert Fox Cahn is the founder and executive director of The Surveillance Technology Oversight Project (S.T.O.P.) at the Urban Justice Center, a New York-based civil rights and privacy group, and a fellow at the Engelberg Center for Innovation Law & Policy at NYU School of Law.