The US Robber Betrayed by His Phone – and What It Means for Your Privacy

In Virginia, an unlucky crook got caught because he had his location data turned on. Now the US Supreme Court has ruled that future crooks will have more protection from such searches.

US Supreme Court ruling limits police access to location data.

A US Supreme Court ruling limits police access to location data after a Virginia suspect was caught through location tracking. Photo: Statement/AI

One of the classic techniques in most Western countries for detectives investigating a crime is to examine a suspect’s trash – hoping, for example, to find a discarded handkerchief or plastic spoon with the suspect’s DNA on it.

The reason going through bins is valuable for police forces is that, in most jurisdictions, doing so does not require a search warrant: if a person has discarded something or tossed it in the trash, it ceases to be their personal item, and the state has every right to search what amounts to discarded property.

This entire area of jurisprudence in the United States comes under the Fourth Amendment to the Constitution, which protects the citizen from “unlawful searches and seizures”. For scholars of American law, it is a rich area of argument and debate. For example, in Kyllo v. United States, the late Justice Antonin Scalia wrote a famous majority opinion that ruled that the authorities’ use of heat-detecting technology to detect a cannabis grow farm in Kyllo’s home violated the Fourth Amendment, because the state had essentially used technology to “look inside” the home without a warrant.

This week, it was at issue again in a wide-ranging ruling from the justices with major implications for digital privacy.

Little Dog Is Watching You

You might be interested Little Dog Is Watching You

The Unfortunate Crook Who Kept Location Data Turned On

The case involved one Okello T. Chatrie, who was charged after a 2019 robbery of a credit union in Midlothian, Virginia. Police had video and witness evidence showing that the robber approached the credit union from near an adjacent church and appeared to be talking on a cellphone, but they did not know who he was. A few weeks later, police applied for something called a “geofence warrant” directed to Google. That warrant required Google to identify devices within a 150-meter radius of the credit union around the time of the robbery.

The warrant used Google’s then-existing Location History database. Google Location History recorded a user’s phone location roughly every two minutes, using GPS, Wi-Fi, Bluetooth, cell towers and IP address data. The Court described it as highly precise: often within about 20 meters, sometimes even able to estimate elevation and therefore a phone’s floor within a building.

And so, the unfortunate Mr Chatrie was exposed as a crook. He was guilty of the robbery; with that evidence, there was little doubt. In all of this, that he actually committed the crime is not in doubt.

However, the Supreme Court decided, in essence, that the cops had broken the US Constitution to nab him.

Privacy "Thrown Away"

The state’s appeal to the Court, justifying the warrant against Chatrie, was essentially that because he had given Google access to his location data, he had “thrown away” his privacy. Tossed it in the trash. Made it, in essence, something he did not care about. Therefore, the state argued, it had every right to obtain that data and identify him from it – not entirely unlike picking up a glass bottle he had thrown in the bin and taking his fingerprints from it.

Chatrie’s central argument, by contrast, was simple: when the government forces Google to search its location database and identify people who were near a crime scene, that is a Fourth Amendment search. He argued that Location History is intensely revealing, that most users do not meaningfully “share” it with Google in the ordinary sense, and that geofence warrants are dangerous because they work backwards from a place and time to a pool of possible suspects.

Or in plain English: the police did not identify Chatrie as a suspect before they searched his data; rather, they searched his data – and that of many other Americans – in order to identify him as a suspect. It was a “dragnet” approach, he argued, that impinged on the constitutional rights of many other Americans simply to identify him as a suspect.

The implications of the case are obvious: had Chatrie not prevailed, a precedent would have been set whereby the government could essentially pore through people’s data to see if they had committed any crimes, much as in Kyllo, where – had the judgment gone the other way – the government could simply have infrared scanned every home to detect unusual heat signatures.

In any case, the Supreme Court sided with Chatrie, not the police.

In a 6–3 ruling, the Court essentially agreed that so-called “geofence warrants” constitute a search within the meaning of the Fourth Amendment, and would therefore require “probable cause” – i.e. the requirement that police show a fair probability, based on specific facts, that evidence of a crime will be found in the place to be searched.

Fears Grow EU Set to Clamp Down on VPNs

You might be interested Fears Grow EU Set to Clamp Down on VPNs

Notably, the Court sidestepped the question of whether probable cause had been established in the Chatrie case specifically and sent that particular question back to the lower courts. But it did very clearly state that probable cause is required, which will have major implications for future such searches. That aspect of the case, then, will require further litigation.

However, the implications for privacy and law enforcement are clear: the police can no longer simply conduct widespread surveillance and searches of cellphone location data in order to, in essence, identify suspects. Instead, they must show probable cause and particularity before compelling access to such data.

Digital privacy campaigners have been delighted by the outcome, presenting it as a major win for digital privacy.

A Pyrrhic Victory

Alas, for poor Mr Chatrie, the case will have little practical effect: the lowest court in all of this, the US District Court, has already found what it called a “good faith exception” in his case – i.e. that the police acted in good faith in an obscure area of law. While future robbers may be shielded by Chatrie’s case, he himself will still serve time for his crime.

As to the dissents? Those made two points, one procedural and one substantive: Justice Alito noted that the Court’s ruling was premature precisely because it would not alter Chatrie’s case. Meanwhile, Justice Barrett argued – and was outvoted – that handing your location data to Google means that you can have no legitimate expectation of privacy.

In any case, the lesson for aspiring criminals both in the United States and elsewhere is clear: to avoid expensive litigation and time in prison, it is advisable to turn off your phone’s location data before you commit the crime. Even with the Chatrie ruling, the police can still access that data with a warrant, once they have satisfied the Constitution’s requirements.

Chatrie’s alleged mistake was to bring a smartphone to a bank robbery. The government’s mistake, six justices concluded, was to assume that this made everyone else’s smartphone fair game too. Lessons for everyone, there.