Skip to main content

How police laid down a geofence dragnet for Kenosha protestors

ATF investigators used a controversial technique to investigate arson incidents connected to the 2020 police protests

Share this story

Illustration by Alex Castro / The Verge

On August 23rd, 2020, police shot Jacob Blake four times in the back in Kenosha, Wisconsin — and within hours, the streets were full of protestors. The National Guard was activated the following morning, and the next week would see as many as 40 buildings destroyed, as well as two people shot dead by a counter-protestor before order was restored.

But while the events of that week have been closely watched, many of the law enforcement tactics used to respond to those protests are only now coming to light. A series of six newly unsealed warrants (1 2 3 4 5 6), some previously reported by Forbes, show a persistent effort to use Google’s location services to identify Android users in the vicinity of arson incidents.

Issued in quick succession on September 3rd, the warrants came from a team of 50 arson investigators from the bureau of Alcohol, Tobacco and Firearms, deployed to Kenosha to prosecute property damage cases connected to the protests. Using the warrants, The agents targeted seven different geographical zones, asking to identify anyone located within that area during a span that could stretch as long as two hours. The result was a kind of location dragnet, spread over some of the busiest times and locations in the first days of the protest.

Searching location data for users in a particular area — called a geofence warrant — is a controversial practice that has become widespread in recent years. In one incident in 2020, the data implicated a bicyclist in the burglary of a home he often rode by. But while the technique is always controversial, it’s particularly alarming when it’s used in conjunction with a mass protest event, inevitably sweeping up innocent civilians alongside suspected arsonists.

Jennifer Lynch, who leads the Electronic Frontier Foundation’s Street Level Surveillance project, says the fact that police were able to obtain the six warrants with little pushback from the courts shows how dangerous geofence warrants can be. “We know there were hundreds if not thousands of people in the area who were engaged in lawful protest activity,” says Lynch. “It’s unconstitutionally broad. There’s no probable cause alleged in any of the warrants that would support a search encompassing so many people.”

Most concerning to privacy advocates, the warrants contain no acknowledgement of the risks of incidental data collection or provisions that would limit the privacy risks of such a request. “When you have an investigation that necessarily involves the collection of information on protests,” says Brett Kaufman, an attorney with the American Civil Liberty Union’s Speech, Privacy, and Technology Project, “protections need to be in place to both limit collection on the front end and establish the destruction of incidental data afterwards. Otherwise, you’re just giving the government carte blanche.”

The six geofence warrants issued after the Kenosha protests vary widely in their specificity. The most particular request draws on video footage and an eyewitness account of an attempted arson at a TCF Bank just southwest of the city center. That evidence allowed police to narrow the timeframe to a 22-minute period when someone on the north side of the bank broke its windows and hurled in flaming objects.

The area around the Kenosha public library, as marked by police. Under the terms of the warrant, any users detected in this area between 1AM and 3AM on August 25th would be flagged to investigators.
The area around the Kenosha public library, as marked by police. Under the terms of the warrant, any users detected in this area between 1AM and 3AM on August 25th would be flagged to investigators.

Other warrants are far more general. A different warrant looks at a suspected arson of the Kenosha Public Library, based on lighter fluid and rags that were discovered in a northeast window well alongside minimal fire damage. Without direct witnesses to the fire, police set a two-hour window and a geofence covering the middle third of the downtown’s largest public park space. It was a significant span of time on the busiest night of the protest in an area that provided a natural meeting place for anyone who had taken to the streets that night.

The near-certainty of incidental collection is particularly alarming for Lynch. “What’s not provided in the warrants is any discussion of how many people were in that geographic area at the time covered by the warrant,” she says. “Those people were not connected to the arsons under investigation and there’s absolutely no reason law enforcement should be able to get access to their location information.”

Notably, this isn’t the first time the technique has been used in the wake of a police protest. In May 2020, Minneapolis police used a similar technique to investigate the vandalization of an Autozone store during protests sparked by the murder of George Floyd.

While many devices collect location data, Google has become a particular target for geofence warrants because of its data retention practices. iOS stores location data in an anonymized and ephemeral way that makes it less accessible to court orders. Google has been reluctant to adopt such a system for Android, in part because of the data’s value for targeted advertising.

The last pages of the warrants show a particular procedure put in place by Google in an effort to address the privacy risks of the system, although much of the process would take place outside of the oversight of the court. Under the system, Google first produces a series of location points, identified with timestamps and unique IDs but no further identifiable information. Once presented with that list, law enforcement “may, at its discretion, identify a subset of the devices,” the warrant reads.

But while Google’s system could potentially narrow the scope of the warrant, there’s no guidance for how the requests would be narrowed in practice. Most importantly, there’s no mechanism to stop law enforcement from routinely asking to identify every device ID provided, and Google would have no grounds to resist such a request once the warrant has been issued.

As a result, critics of geofence warrants see the system as offering little meaningful protection. “It’s a little preposterous to have Google doing its own assessment of what the constitution requires,” says Kaufman. “The rules that govern this kind of data do not come from a private company. They come from the constitution.”

Kaufman sees the problem as particularly urgent given the rapid growth of geofence warrant requests. Google served more than 11,000 geofence warrants in 2020, according to a transparency report released by the company earlier this month, the vast majority coming from state and local jurisdictions.

“It really is an alarming development that this has expanded so rapidly,” says Kaufman. “The courts need to start paying particular attention to it.”

Correction: A previous version of this piece said Jacob Blake was shot during a traffic stop. In fact, police were responding to a 911 call. The Verge regrets the error.

Today’s Storystream

Feed refreshed Sep 24 Striking out

External Link
Emma RothSep 24
California Governor Gavin Newsom vetoes the state’s “BitLicense” law.

The bill, called the Digital Financial Assets Law, would establish a regulatory framework for companies that transact with cryptocurrency in the state, similar to New York’s BitLicense system. In a statement, Newsom says it’s “premature to lock a licensing structure” and that implementing such a program is a “costly undertaking:”

A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm.

Andrew WebsterSep 24
Look at this Thing.

At its Tudum event today, Netflix showed off a new clip from the Tim Burton series Wednesday, which focused on a very important character: the sentient hand known as Thing. The full series starts streaming on November 23rd.

The Verge
Andrew WebsterSep 24
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.

Andrew WebsterSep 24
Looking for something to do this weekend?

Why not hang out on the couch playing video games and watching TV. It’s a good time for it, with intriguing recent releases like Return to Monkey Island, Session: Skate Sim, and the Star Wars spinoff Andor. Or you could check out some of the new anime on Netflix, including Thermae Romae Novae (pictured below), which is my personal favorite time-traveling story about bathing.

A screenshot from the Netflix anime Thermae Romae Novae.
Thermae Romae Novae.
Image: Netflix
Jay PetersSep 23
Twitch’s creators SVP is leaving the company.

Constance Knight, Twitch’s senior vice president of global creators, is leaving for a new opportunity, according to Bloomberg’s Cecilia D’Anastasio. Knight shared her departure with staff on the same day Twitch announced impending cuts to how much its biggest streamers will earn from subscriptions.

Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.

External Link
If you’re using crash detection on the iPhone 14, invest in a really good phone mount.

Motorcycle owner Douglas Sonders has a cautionary tale in Jalopnik today about the iPhone 14’s new crash detection feature. He was riding his LiveWire One motorcycle down the West Side Highway at about 60 mph when he hit a bump, causing his iPhone 14 Pro Max to fly off its handlebar mount. Soon after, his girlfriend and parents received text messages that he had been in a horrible accident, causing several hours of panic. The phone even called the police, all because it fell off the handlebars. All thanks to crash detection.

Riding a motorcycle is very dangerous, and the last thing anyone needs is to think their loved one was in a horrible crash when they weren’t. This is obviously an edge case, but it makes me wonder what other sort of false positives we see as more phones adopt this technology.

External Link
Ford is running out of its own Blue Oval badges.

Running out of semiconductors is one thing, but running out of your own iconic nameplates is just downright brutal. The Wall Street Journal reports badge and nameplate shortages are impacting the automaker's popular F-series pickup lineup, delaying deliveries and causing general chaos.

Some executives are even proposing a 3D printing workaround, but they didn’t feel like the substitutes would clear the bar. All in all, it's been a dreadful summer of supply chain setbacks for Ford, leading the company to reorganize its org chart to bring some sort of relief.