Data Privacy Court Case Highlights Compliance Queries in AI Age

The Bottom Line

• An upcoming US Supreme Court case may determine whether “geofence warrants,” which identify suspects by searching everyone in a given location, must comply with the Fourth Amendment.
• Data that falls outside Fourth Amendment protection doesn’t just become available to law enforcement, it becomes reachable by private litigants through ordinary civil discovery.
• As AI tools accumulate detailed records of users’ questions, research, and reasoning, they become natural targets for the same reverse warrant approach at issue in Chatrie.

The US Supreme Court in January granted certiorari in Chatrie v. United States, a case that could reshape constitutional privacy protections in an era where nearly every activity generates digital footprints accessible to investigators. The case arose from a 2019 armed bank robbery. Police lacked traditional suspects, so they obtained a “geofence warrant” directing Google to identify every device within 150 meters of the bank during a one-hour window in which the robbery took place.

This digital dragnet captured location data from 19 Google accounts. Eighteen belonged to wholly innocent people who happened to be near the bank. One belonged to Okello Chatrie, who was ultimately convicted and sentenced to nearly 12 years in prison.

The geofence warrant at issue in Chatrie targeted Google’s location history feature, an opt-in service that stored users’ location data in Google’s cloud-based “Sensorvault” database. Google has since amended its policies and no longer stores this data in the cloud, potentially mooting the concern about the specific warrant at issue.

But the constitutional question Chatrie presents extends beyond this now-obsolete practice: Does obtaining digital records about a group of innocent people from third-party companies constitute a search requiring Fourth Amendment compliance?

The Supreme Court’s answer may shape how crimes are investigated, as well as the fundamental relationship between individuals, technology companies, and the government.

Third-Party Doctrine

The constitutional question in Chatrie turns on the “third-party doctrine,” which arose from the Supreme Court’s “reasonable expectation of privacy” test in Katz v. United States. Building on Katz’s framework, the court in Smith v. Maryland held that individuals have no reasonable expectation of privacy in information they voluntarily convey to third parties.

In Smith, police used a pen register to record numbers dialed from a suspect’s phone. The court reasoned at the time that when you share information with a phone company, you assume the risk that the entity might share it with the government.

The third-party doctrine made intuitive sense when telephone calls were one of several common modes of communication. It becomes problematic when applied to modern digital life, where opting out of third-party data sharing means opting out of ordinary existence. We don’t merely convey discrete pieces of information to third parties; we generate constant streams of comprehensive data simply by living.

Modern life requires constant interaction with digital platforms. Smartphones track locations, email providers keep (and sometimes review) correspondence, social media reveals associations and beliefs, and fitness trackers log biometric data. Artificial intelligence assistants such as ChatGPT and Claude receive our most sensitive queries: medical questions, legal concerns, and thought processes we might never voice to another human.

This aggregation has the potential to create all-encompassing records of unprecedented detail. Location history can reveal religious practices, political affiliations, medical conditions, and intimate relationships. As AI analytical capabilities continue to grow, the prospect that investigators could compel companies to analyze these data streams together raises the possibility of assembling comprehensive portraits of individuals’ lives from records they never intended to share.

Limit Without Lines

In Carpenter v. United States, the Supreme Court addressed whether the third-party doctrine extends to comprehensive digital surveillance. The case arose when FBI agents, investigating a series of armed robberies, obtained a court order for 127 days of location data from Timothy Carpenter’s wireless carrier. Carriers automatically log which nearby cell towers each phone connects to, which allowed investigators to track Carpenter’s movements over four months.

Chief Justice John Roberts recognized that 127 days of location data is too comprehensive to fit within traditional third-party doctrine rules. The court recognized that through this time-stamped location data, the records could reveal “familial, political, professional, religious, and sexual associations.”

For the first time, the court held that information shared with third parties could receive constitutional protection when sufficiently comprehensive and sensitive. The court stated: “Given the unique nature of cell phone location information, the fact that the Government obtained the information from a third party does not overcome Carpenter’s claim to Fourth Amendment protection.”

But Carpenter left crucial questions unanswered. The court emphasized its holding was narrow, declining to address real-time location tracking, “tower dumps” (information about all devices connecting to particular cell towers during specific periods), or other surveillance techniques.

The court also didn’t specify how much location data would trigger Fourth Amendment protection—whether a week’s worth differs constitutionally from four months, or whether the comprehensiveness principle applies to other types of third-party records. Lower courts have struggled with how to apply Carpenter’s holding beyond its specific facts.

The Fourth Circuit’s fractured en banc opinion in United States v. Chatrie demonstrates this doctrinal uncertainty. The 15 judges split 7-7—with one not reaching the question of whether a search occurred within the meaning of the 4th Amendment—on whether obtaining geofence data even constitutes a Fourth Amendment search, meaning such data could be obtained as ordinary business records without constitutional constraints. Meanwhile, the Fifth Circuit in United States v. Smith held unanimously that geofence warrants were “categorically prohibited by the Fourth Amendment.”

When does information shared with third parties retain Fourth Amendment protection? Carpenter suggests that quantity matters, but the Supreme Court didn’t specify where lines should be drawn or whether the comprehensiveness principle extends to other types of data. Carpenter carved out an exception but didn’t articulate a broader principle.

Reverse Warrant Revolution

The techniques Carpenter declined to address exemplify the “reverse” warrant problem that has divided lower courts.

Geofence warrants represent a fundamental application of this approach. Instead of developing probable cause against a particular suspect first, investigators identify a crime, obtain data about everyone whose records match certain criteria, then focus on individuals revealed by that initial search. This treats entire populations as investigative targets rather than requiring individualized suspicion before searching.

The technique has expanded rapidly beyond geofence location warrants. Investigators can use reverse warrants requiring Google to identify accounts that searched for particular terms or viewed specific YouTube videos within specific timeframes.

In one investigation into an arson and murder in Coloradopolice obtained a warrant for anyone who searched variations of the victim’s home address in the weeks before the crime. Fitness trackers, e-commerce platforms, and social media services all maintain data that could support similar reverse searches.

Warrants could also target records from social media platforms, which maintain detailed data about users’ locations (through photo metadata), associations (friend networks and message recipients), political views (group memberships and page likes), and prior statements (posts and comments). From this data, investigators could seek identification of anyone who attended particular events, expressed particular views, or associated with particular people or groups. E-commerce platforms maintain purchase histories that could be searched to identify everyone who bought particular combinations of items that might seem innocuous standing alone but together could indicate criminal activity.

AI, which could create even greater uncertainty and potential for intrusion, is even more concerning. AI companies retain conversation histories tied to user accounts. Large language models such as ChatGPT and Claude could be subject to reverse warrants seeking anyone who asked about specific topics of investigative interest.

These AI assistants receive questions about legal rights during police encounters, immigration status, protest information, union organizing, and countless other sensitive topics where the questioner has done nothing wrong but has interests the government might want to monitor.

Whether these platforms can or will be compelled to search beyond keywords for behavioral patterns, writing styles, ideological leanings, or decision-making characteristics across their entire user bases would dramatically expand the scope of reverse warrant searches.

The inversion of constitutional principles is a common thread across these techniques. Like the geofence warrant in Chatrie that swept up 18 innocent people to identify one suspect, reverse warrants transform entire populations into investigative targets. Whether this practice survives constitutional scrutiny is the question Chatrie now presents.

What’s at Stake

The Supreme Court’s decision in Chatrie may determine whether reverse warrant techniques remain available. If the court holds that obtaining comprehensive digital records from third parties doesn’t constitute a Fourth Amendment search, the third-party doctrine would continue to treat these digital footprints as information voluntarily shared with companies, accessible to government without Fourth Amendment compliance.

Carpenter would still apply to certain comprehensive location tracking, but its boundaries remain uncertain. And critically, the Supreme Court decided Carpenter in 2018 before the explosion of AI capabilities that now enable analysis of digital records in ways the court couldn’t have envisioned.

Chatrie’s resolution of how the third-party doctrine applies to comprehensive digital records in the modern age may also have significant ramifications for civil litigation. Without Fourth Amendment protections or clear guidance, courts are already treating AI chat histories and other digital records as discoverable business records in civil cases.

In In re: OpenAI, Inc. Copyright Infringement Litigation , the court initially ordered ChatGPT creator OpenAI to “to preserve and segregate all output log data” amounting to, according to the company, more than 60 billion user prompts and AI responses.

Although the scope of the preservation order has since been limited, the legal principle underlying the court orders remains: Users who voluntarily submit their communications to third-party large language models shouldn’t reasonably expect the information to remain private.

Chatrie could change that, but if not, expect AI queries and outputs to be fertile ground for discovery in employment litigation, insurance coverage disputes, and other civil cases. Recent trends show courts already treat AI queries and outputs as electronically stored information similar to emails and text messages. Kelly A. Lavelle, Discovery Risks of ChatGPT and Other AI Platforms (Aug. 21, 2025). How the Supreme Court resolves the third-party doctrine’s application to comprehensive digital records will influence whether such data requires constitutional safeguards or remains accessible as ordinary business records across legal contexts.

If the court instead holds that obtaining comprehensive digital records from third parties constitutes Fourth Amendment searches requiring probable cause, law enforcement would need specific articulable facts before accessing such records. Technology companies would have clearer legal standards for responding to government requests. Judges would have frameworks for distinguishing between legitimate targeted searches and dragnet general warrants.

Key Takeaways

The Fourth Amendment’s requirement for warrants “particularly describing the place to be searched, and the persons or things to be seized represented a judgment that government must develop individualized suspicion before searching, not search everyone to determine who deserves suspicion. Reverse warrants invert this constitutional structure by authorizing searches of entire populations to identify potential suspects, treating comprehensive databases of ordinary people’s activities as investigative resources.

Modern technology has made such searches easier than the Founding Fathers imagined. But ease doesn’t equal constitutionality. The emerging ability to aggregate digital records using AI makes constitutional constraints more important, not less.

This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law, Bloomberg Tax, and Bloomberg Government, or its owners.

Author Information

Steven M. Silverberg, counsel at Hoguet Newman Regal & Kenney, is a veteran trial lawyer and seasoned federal litigator whose practice centers on complex civil rights, employment, and commercial disputes.

Write for Us: Author Guidelines