A Model Framework for Regulating Geofence Warrants

Vivek Krishnamurthy is an Associate Professor of Law at the University of Colorado Law School and Director of its Samuelson-Glushko Technology Law and Policy Clinic.

In the United States, law enforcement's use of geofence warrants—court orders compelling tech companies to provide location data for all devices within a specified area and timeframe—is among the most contentious digital civil liberties issues of our time. Federal courts have struggled to apply existing Fourth Amendment doctrine to such searches, and in the meanwhile, a three-step procedure developed by Google—currently the main purveyor of location data to law enforcement—has been doing most of the work that the law should be doing in channeling how law enforcement agencies conduct searches of geolocation databases.

We believe that this situation is untenable, and that geofence searches should be regulated by statutory law. Since most crimes are state offenses and are investigated by state and local law enforcement, we believe that state legislatures should step up to improve the manner in which such searches are conducted. Accordingly, the Samuelson-Glushko Technology Law and Policy Clinic at the University of Colorado Law School has developed a comprehensive model policy framework that states can adopt to regulate these powerful but invasive investigative tools. We have done so at the request of the Center for Democracy and Technology (CDT), although the policy we have developed reflects the thinking of our clinic team, rather than the position of CDT, on this issue.

Geofence warrants represent a fundamental shift in how criminal investigations are conducted. Unlike traditional warrants targeting specific suspects, these "reverse-location warrants" cast a digital dragnet, capturing location data from every device within designated boundaries. When a bank robbery occurs, for instance, law enforcement might request data for all devices within a 150-meter radius during the hour surrounding the crime—potentially sweeping up information about hundreds of innocent bystanders.

The privacy implications of such warrants can be staggering. Location data reveals intimate details about our lives: where we work, worship, seek medical care, and our familial, recreational, and sexual associations. Yet confusion reigns in the federal courts as to the very constitutionality of such searches. Last year, the Fifth Circuit declared geofence warrants to be a species of a general warrant and therefore per se unconstitutional, but in April, a plurality of en banc Fourth Circuit justices found that geofence database queries did not even rise to the Fourth Amendment's definition of a search.

Our model policy addresses this uncertainty by establishing clear, technology-neutral guidelines that strongly protect privacy while recognizing the utility of this investigative tool—albeit only in rare and extenuating circumstances. The framework rests on four pillars:

First, strict limitations on when geofence warrants may be used. These warrants should be reserved for investigating only the most serious crimes—typically those involving violence or severe harm. States can define eligible offenses using their existing classifications for the most serious felonies or by referencing crimes that qualify for wiretap warrants.

Second, robust exhaustion requirements. Before seeking a geofence warrant, law enforcement must demonstrate that traditional investigative methods—witness interviews, surveillance footage, targeted suspect tracking—have either failed or would likely prove futile. This prevents premature use of privacy-invasive investigative techniques when less invasive alternatives exist.

Third, enhanced judicial oversight throughout the process. Our framework introduces a four-step process that begins with law enforcement obtaining a count of devices within their proposed geofence via subpoena. This innovation helps assess whether the number of devices for which location data will be collected is reasonable under the circumstances. The policy then implements escalating legal standards at each stage: probable cause for initial anonymized data, an intermediate standard for expanded temporal searches, and renewed probable cause for de-anonymization. Courts remain actively involved throughout, preventing the current practice where a single warrant authorizes the entire process.

Fourth, careful tailoring factors to minimize privacy intrusions. Judges must consider the geographic scope, timeframe, population density, and presence of sensitive locations like health clinics or houses of worship. A geofence warrant covering Times Square on New Year's Eve demands far greater scrutiny than one targeting a remote rural area. These factors ensure searches remain as narrow as possible while still serving investigative purposes.

The policy also mandates transparency through annual reporting requirements similar to those governing wiretaps. This creates public accountability for how often geofence warrants are used, their success rates, and how many innocent people's data is collected.

Importantly, our framework anticipates technological change. With Google transitioning its Location History feature to on-device storage later this month, law enforcement will likely pivot to other data sources—mobile carriers, app developers, and data brokers—when issuing geofence warrants. Our technology-neutral approach ensures protections remain effective regardless of which entities hold location data.

Our proposal is not about hampering legitimate investigations into serious crimes. When traditional methods fail to identify suspects, geofence warrants can provide crucial leads. But their invasiveness demands that they are used only as a last resort, and subject to strong safeguards to protect the privacy of innocent individuals who just happen to be in the vicinity of where a serious crime has been committed.

As location-tracking technology becomes ever more pervasive and precise, the need for state action to govern geofence warrants has never been more urgent. Courts move slowly, deciding individual cases without establishing comprehensive rules that govern the process by which search warrants are issued and executed. Legislation can provide the clarity law enforcement needs while protecting citizens' reasonable expectation of privacy in their movements.

The full report, including detailed implementation guidance and model statutory language, offers legislators a roadmap for crafting effective geofence warrant regulations. By adopting these recommendations, states can lead in protecting both the privacy and the safety of their citizens in today's digital environment.