Court documents suggest the FBI has been using controversial geofence search warrants at a scale not publicly seen before, collecting account information and location data on hundreds of devices inside the US Capitol during a deadly invasion by a right-wing mob on January 6.
While Google receives over 10,000 geofence warrants for location data in the US a year, those covering the Capitol breach appear to have been particularly productive, apparently enabling the FBI to build a large, searchable database in its hunt for the rioters.
Geofence warrants are intended to locate anyone in a given area using digital services. Google has been the target for many geofence warrants because its location technologies, which leverage GPS, Wi-Fi, and Bluetooth signals to pinpoint a phone within a few yards, are powerful and widely used.
Investigators can and do also serve warrants on phone companies. However, cell phone towers can only locate phones to within about three-quarters of a mile. While court documents suggest that the FBI collected cell tower records for “thousands of devices that were inside the Capitol” during the riot, Google’s data offers a much higher degree of accuracy.
The use of a geofence search warrant was first reported by The Washington Post, and others have previously noted specific instances of investigations that used Google geolocation data. But Wired has found 45 federal criminal cases that cite Google geolocation data to place suspects inside the US Capitol on January 6, including at least six where the identity of the suspect appears to have been unknown to the FBI prior to the geofence warrant. One of these involved a serving Chicago police officer.
“I’m terribly concerned about the potential for misuse of that technology,” says Ari Waldman, professor of law and computer science at Northeastern University. “Even if I think staging a coup against a democratic government is abhorrent, it doesn’t mean that constitutional privacy protections shouldn’t be in place.”
In fact, court documents refer to two geofence warrants relating to January 6, one of which a government filing seems to say was served even as the riot was raging. They were immediately sealed and are unlikely to be made public for years. However, a close reading of hundreds of court filings reveals that both the secretive geofence warrants and further Google-focused geolocation warrants delivered a wealth of information about dozens of suspects.
Geofence warrants are essentially a fishing expedition: Investigators know roughly where and when a crime was committed, and want to find out who might have been nearby at the time. As this would normally include innocent people and bystanders, Google requires law enforcement to go through a three-step process to access the information.
“If we’re depending on giant tech companies to protect people’s privacy against the government, that’s a very shaky proposition.”
A geofence warrant initially seeks an anonymised list of devices tracked within a specific area at a specific time. Investigators then use that list to focus on tracks that look suspicious, and can ask Google to widen the time or geofence boundaries on only those devices. Finally, investigators can go back to Google to unmask the real name, email, phone number and other information of just a few account holders.
Courts can and have – albeit very rarely – denied geofence warrant requests that are overly broad.
But where a typical geofence fishing expedition might catch only one or two suspects, the January 6 investigation appears to have landed a netful.
Court documents show that the initial Google geofence warrant included the US Capitol building and the stairs leading down to Capitol Plaza. They also reveal that within days or weeks, the FBI had access to personal information about many of their owners, including at least the account name, email, and phone number.
None of the legal experts Wired spoke with had heard of another case where the personal data for devices in a geofence warrant had been unmasked at this scale.
“What might have happened is that the FBI got the anonymised data and just got straight back in touch with Google and said we suspect 90 per cent of these people, so give us their IDs,” says Matthew Tokson, a law professor and Fourth Amendment expert at the University of Utah. “Or it may have been an atypical warrant where they said to Google: Give us not only the numbers but the account names, because we think we have probable cause on the bulk of them.”
However, the FBI secured the information, court documents show that before the end of January it had a trove of personal data from Google that it could use to easily identify suspects, or confirm their presence inside the Capitol in a narrow window of time.
Investigators first excluded anyone authorized to be in the Capitol on January 6, such as members of Congress and their staffs, law enforcement, first responders, and government employees. That left the FBI with a set of Google accounts and related data that it could search as its investigations proceeded.
For example, court documents say that Jeffrey Register deleted photographs of his time in the Capitol and even claimed to have factory-reset his phone in the days after the breach to obscure his tracks. It was already too late; the FBI appears to have identified him from the Google geofence data in January, and it used his driver’s license photo to confirm his alleged appearance in a video shot inside the building during the riot. Register has pleaded not guilty to four charges relating to entering and disorderly conduct within the Capitol.
The evidence from the warrant also appears to have enabled more sophisticated data mining. On March 2, the FBI learned of a YouTube video showing people within the Capitol on January 6, including a white woman wearing a jacket from a plumbers and pipefitters union in Joliet, Illinois.
The FBI investigator searched the geofence data for all phones having Joliet’s 815 area code. Two of the six 815 records were attributed to women, and one of those names was Amy Schubert. Schubert’s public Facebook profile photo matched the woman in the video. Identifying her led the FBI to her husband, John, a previously unknown suspect who allegedly appeared in a different video. The Schuberts were each charged with four counts last week related to entering the US Capitol; they pleaded not guilty.
Another suspect that the FBI seems to have originally identified using the Google geofence data was Karol Chwiesiuk, whose phone Google placed inside the Capitol between 2:37 and 3:24 pm on January 6. When the FBI ran Chwiesiuk’s name through “publicly available resources,” says the filing, they found a Chicago police officer with the same name. The Chicago Police Department confirmed that Chwiesiuk’s home phone number was the same as the one Google had captured.
- A Wired report