By ByteBot
The Supreme Court ruled 6-3 yesterday that geofence warrants — the surveillance technique that let police draw a circle on a map and demand location data on everyone inside it — are Fourth Amendment searches requiring probable cause. If your platform stores user location data server-side, this ruling is your problem now.
The “Search First” Technique That Just Died
Geofence warrants flipped the normal investigative process. Instead of identifying a suspect and then seeking evidence, law enforcement would compel a tech company to search its entire location database for anyone present in a geographic area during a specific window. The company returned an anonymized list; police narrowed it down; the warrant came after. The case that killed this approach — Chatrie v. United States — started with a 2019 Virginia bank robbery. Police had no leads. They served Google with a geofence warrant for a 150-meter radius around the bank. Google returned 19 accounts. Eighteen of those people had nothing to do with the robbery.
What the Court Actually Said
Justice Elena Kagan wrote the majority opinion, joined by five colleagues. The core holding: individuals retain a reasonable expectation of privacy in cell phone location data, even when that data is held by a third party like Google. This rejected the long-standing “third-party doctrine” — the legal theory that sharing data with a company meant surrendering any privacy claim to it. Kagan’s reasoning was pointed: location data reveals “visits to the psychiatrist, the plastic surgeon, the abortion clinic, the AIDS treatment center, the strip club, the criminal defense attorney.” It is, she wrote, “the automatic price of conventional cell-phone usage” — not a voluntary disclosure. TechCrunch covered the ruling in depth. Justice Alito, dissenting, acknowledged the ruling would send “seismic waves through our Fourth Amendment doctrine.” He’s not wrong.
Google Got Smart Early. Others Didn’t.
Here’s the split that matters for the industry: Google moved its Location History off of centralized servers and onto users’ devices in December 2023. Data backed up to the cloud is encrypted such that even Google can’t read it. The Electronic Frontier Foundation noted that change made it “impossible for Google to provide mass location data in response to a geofence warrant.” Google proactively made itself a dead end for law enforcement. Apple, Uber, Lyft, and Snapchat still retain location data server-side. They now face direct compliance pressure — and likely a wave of updated law enforcement data policies in the coming weeks. SCOTUSblog has the full legal analysis.
What Developers and Companies Must Do Now
The ruling doesn’t prohibit collecting location data. It changes what happens when law enforcement asks for it. Here’s where to start:
- Audit your law enforcement request procedures. If your current process involves handing over location data upon any government request without a probable-cause warrant, that process is non-compliant. Update it now.
- Review location data retention. Google’s model — on-device storage, 90-day auto-deletion, encrypted cloud backups — is now the industry benchmark. Evaluate whether your architecture can move in this direction.
- Minimize what you collect. If your feature needs approximate location (city-level), don’t store GPS coordinates. Collect only what the feature actually requires.
- Consider on-device processing. For many location features, computation can happen locally. Data that never leaves the device can’t be subpoenaed.
- Update your transparency report and privacy policy to reflect that law enforcement now needs a probable-cause warrant before receiving location data.
A Pattern the Court Is Clearly Committed To
Chatrie is not a one-off. In 2012 (Jones), SCOTUS ruled that attaching a GPS tracker to a car constitutes a search. In 2018 (Carpenter v. United States), the Court extended Fourth Amendment protection to cell-site location records. Yesterday’s ruling continues that trajectory: the Supreme Court is methodically applying constitutional scrutiny to digital surveillance methods that didn’t exist when the Fourth Amendment was written. Stanford Law Professor Orin Kerr described the outcome as “just about the best possible outcome” for privacy advocates. More importantly for developers: this direction isn’t reversing. Gizmodo’s coverage breaks down what the ruling means for users. Design your location data architecture accordingly.
