But errors in the geofence warrant applications that go before a judge can violate the privacy of vastly more people — in one case almost two miles away.
It’s not known which law enforcement agency requested the nearly two-mile-long geofence warrant, or for how long the warrant was in effect.
The ACLU attorneys reviewed thousands of geofence warrants filed in San Francisco Criminal Court that were issued over three years between 2018 and mid-2021, which they say was likely only a fraction of geofence warrants used in San Francisco during that time.
The attorneys’ findings also showed the geofence warrants disproportionately targeted certain San Francisco neighborhoods more than others, particularly immigrant-heavy areas like Portola.
Other tech companies that store troves of users’ location data — like Uber, Microsoft and Yahoo (which owns TechCrunch) — are known to receive geofence warrants.
Bangladesh thanked a security researcher for citizen data leak discoveryWhen a security researcher found that a Bangladeshi government website was leaking the personal information of its citizens, clearly something was amiss.
TechCrunch verified that the Bangladeshi government website was leaking data, but efforts to alert the government department were initially met with silence.
The data was so sensitive, TechCrunch could not say which government department was leaking the data, as this might expose the data further.
Florida’s Lee County took the heavy-handed (and self-owning) position of threatening the security researcher with Florida’s anti-hacking laws.
Several state CISOs and officials responsible for court records systems across the U.S. saw the disclosure as an opportunity to inspect their own court record systems for vulnerabilities.
Even the courts cannot agree on whether geofence warrants are legal, likely setting up an eventual challenge at the U.S. Supreme Court.
While Google is not the only company subject to geofence warrants, Google has been far the biggest collector of sensitive location data, and the first to be tapped for it.
Although the companies have said little about how many geofence warrants they receive, Google, Microsoft and Yahoo last year backed a New York state bill that would have banned the use of geofence warrants across the state.
The data showed Google received 982 geofence warrants in 2018, then 8,396 geofence warrants in 2019, and 11,554 geofence warrants in 2020 — or about one-quarter of all the legal demands that Google received.
But there is hope that Google shutting the door on geofence warrants — at least going forward — could significantly curtail this surveillance loophole.
