Justice and Due Process

Data privacy: Is the law keeping up to tech?


Recently, law enforcement has been tapping into the reserves of data that are held by tech companies through “reverse search warrants.” This increasingly popular practice (not yet used in Utah) allows police to work backward in order to solve a crime. 

How exactly do these warrants work? Say a crime is committed near your workplace; police can serve a reverse location warrant to Google in order to access the past location data of every cellphone within a certain/specified geographic location (geofence) around your workplace. The end goal is to identify a possible suspect by combing through the location data received from Google. 

This practice is extremely problematic. Oftentimes, the geofence can encompass a highly populated area where hundreds or even thousands of innocent people’s location and personal information is at risk of being shared with government and law enforcement, ultimately without their consent. On a deeper level, reverse location warrants breach our constitutional rights, especially those highlighted in the Fourth Amendment. The fact that almost all of these warrants don’t name a suspect throws the idea of probable cause out the window, thus subjecting random people to investigation without sufficient evidence. The Fourth Amendment was created to protect us against “unreasonable searches and seizures.” It is important that these constitutional safeguards include our personal data. 

Legislation is having a difficult time keeping pace with the rapid technological developments. This lag is leaving gaping loopholes in our constitutional rights. Fortunately, there has been an increasing amount of pushback in regards to reverse warrants. Recently, two federal judges released statements that delivered harsh criticism on a reverse warrant submitted by the government. In one statement, Judge Weisman of the Northern District of Illinois stated, “The government’s warrant application suffers from overbreadth, lack of particularity, and provides no compelling reason to abandon Fourth Amendment principles.” If judges are starting to question the constitutionality of reverse warrants, then we should too.

Luckily, states are beginning to recognize that legislation concerning data privacy must be brought to the 21st century. For example, Utah passed a bill in 2019 that made warrantless searches of personal data held by a third-party (like Google) illegal. Even though this bill (HB 57) doesn’t directly address reverse warrants, it is a huge step forward in protecting digital data and ensuring that the Fourth Amendment is being preserved. 

For starters, stipulations within the bill are strenuous enough that it highly discourages the government from using reverse warrants. If a warrant is obtained, all of the searched individuals must be notified within 14-days that their data was obtained. Under HB 57, there is a presumption of ownership over personal data, and any acquired information must also be destroyed shortly after, thus better protecting the rights of the individual. This bill ultimately promotes transparency and accountability, something that seems to be lacking in regards to reverse warrants. 

It is time for the law to catch up with the realities of the digital age that we live in. Other states would do well to follow in Utah’s footsteps and ensure that data privacy legislation is up to date.  A desirable outcome would be the elimination of reverse location warrants and the third-party doctrine in its entirety. Companies like Google should not have to hand over the personal information of their users, and we, as Americans, should continue to be protected by the Fourth Amendment.

Westley Cottam is a policy analyst intern for the Libertas Institute.