Author: Prince Raj, K.K. University
ABSTRACT
The Fourth Amendment was written in 1791 to stop government agents from rummaging through a colonist’s home under a general warrant. In 2026, the average American carries a far more detailed record of their life in their pocket than any filing cabinet the Framers could have imagined — location history, biometric data, search queries, and private messages, all updated by the minute. This article examines where the constitutional line currently sits between law enforcement’s investigative needs and an individual’s digital privacy, drawing on recent U.S. Supreme Court rulings, federal legislation, and documented enforcement failures. It traces the doctrinal path from Katz v. United States through Carpenter v. United States to the Supreme Court’s landmark June 2026 ruling in Chatrie v. United States, which extended Fourth Amendment protection to geofence location data for the first time. It also surveys the unresolved fronts in this fight — encryption backdoors, facial-recognition misidentification, and the so-called “data broker loophole” that lets agencies buy what they cannot subpoena. The throughline is that courts, far more than Congress, have carried the weight of adapting eighteenth-century text to twenty-first-century surveillance, and the gaps left open remain wide.
To The Point
The constitutional question at the center of this debate is simple to state and hard to answer: how much of a person’s digital life can the government access without a warrant? A modern smartphone generates location history, biometric identifiers, app activity, and communications metadata continuously, often without the user’s active awareness — a volume and intimacy of data that bears little resemblance to the phone bills and bank statements that older Fourth Amendment case law was built around.
For most of the twentieth century, courts treated information voluntarily shared with a third party, such as a bank or a phone company, as falling outside Fourth Amendment protection. The reasoning was that disclosing information to anyone carries the risk that the recipient might later hand it to the government. That assumption, known as the third-party doctrine, has come under increasing strain as ordinary daily life now runs through corporate servers by necessity rather than choice.
The Supreme Court has moved the line twice in the past decade. In 2014’s Riley v. California, the Court required police to obtain a warrant before searching the digital contents of a phone seized during an arrest. In 2018’s Carpenter v. United States, it required a warrant before police could obtain more than about a week of historical cell-site location records from a wireless carrier. On June 29, 2026, the Court extended that protection again in Chatrie v. United States, ruling 6–3 that “geofence” warrants — which direct companies like Google to hand over location data on every phone that passed near a crime scene, guilty or innocent — trigger Fourth Amendment scrutiny and generally require a valid warrant.
Outside the courtroom, three other fights continue in parallel. Tech companies and the FBI remain locked in a decade-long standoff over encryption: can government compel Apple or Google to build law enforcement backdoors into phones and cloud backups? Police departments face mounting lawsuits over facial-recognition technology after more than a dozen documented wrongful arrests. And civil liberties groups are pressing Congress to close the “data broker loophole,” which lets federal agencies simply purchase location and communications data from commercial vendors instead of seeking a warrant. Congress has repeatedly proposed fixes, most notably the Fourth Amendment Is Not For Sale Act, without passing comprehensive legislation — leaving courts to draw the constitutional line case by case, technology by technology.
Legal JARGON
A handful of recurring terms shape every digital-privacy dispute and are essential to following the case law below.
The Fourth Amendment itself protects “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures,” and requires that warrants be supported by probable cause and describe with particularity the place to be searched and the things to be seized.
A reasonable expectation of privacy is the modern test for whether government conduct counts as a “search” at all. It comes from Katz v. United States (1967) and asks two things: did the person subjectively expect privacy, and is that expectation one society recognizes as reasonable? If both answers are yes, a warrant is generally required.
The third-party doctrine holds that a person who voluntarily shares information with another party — a bank, a phone company, a tech platform — assumes the risk that the party will pass it to the government, and therefore has no reasonable expectation of privacy in it. This doctrine, born in 1970s-era cases involving bank records and dialed phone numbers, is the central battleground of the digital privacy debate, since nearly every modern app or service technically involves “sharing” data with a company.
Probable cause and particularity are the two textual requirements a warrant must satisfy: enough evidence to believe a crime has occurred or evidence exists in a specific place, and a description narrow enough that officers cannot conduct an open-ended fishing expedition.
A general warrant is the historical evil the Fourth Amendment was written to prevent — a warrant so broad it authorizes searching anyone, anywhere, for anything. Courts now ask whether bulk digital-data requests, like geofence warrants, function as general warrants in digital form.
The exclusionary rule bars evidence obtained through an unconstitutional search from being used at trial, while the good-faith exception allows that evidence to be admitted anyway if officers reasonably relied on a warrant later found to be defective — a frequent fallback for prosecutors even after a court finds a Fourth Amendment violation.
Finally, CSLI (cell-site location information) refers to the location records a phone generates by connecting to nearby cell towers, while a geofence or reverse warrant asks a company to identify all devices within a defined area and time window, rather than targeting one known suspect — inverting the traditional logic of a search warrant.
The PROOF
The scale of modern digital surveillance is documented in court records, government reports, and corporate disclosures. Geofence warrant requests to Google grew from roughly 982 in 2018 to nearly 11,550 at their 2020 peak. In the case that became Chatrie v. United States, a single geofence warrant tied to a Virginia bank robbery required Google to search the location histories of an estimated 500 million users in order to identify just three possible suspects, a scope one defense attorney called illustrative of how sweeping the technique can be.
Facial recognition’s error rate has produced a documented pattern of wrongful arrests. The American Civil Liberties Union has tracked at least fourteen known cases nationwide, beginning with Robert Williams in Detroit in 2020. The list includes a Tennessee grandmother held for five months after a Clearview AI match wrongly linked her to bank fraud in North Dakota, a woman who was eight months pregnant when arrested for a carjacking that surveillance footage never suggested involved a pregnant suspect, and a New York man jailed despite being roughly eight inches shorter and seventy pounds lighter than the actual suspect. A Washington Post investigation similarly found a recurring pattern across multiple departments: detectives treating an algorithmic match as sufficient grounds for arrest without independently verifying it, a tendency researchers call automation bias.
State legislatures have responded unevenly. By early 2025, fifteen states had enacted some form of facial-recognition oversight law, with several more considering similar measures; meanwhile, roughly nineteen to twenty states now have comprehensive consumer data privacy statutes, creating a patchwork where protections can differ sharply depending on where a person lives.
Congress has come closest to addressing the data-broker loophole without crossing the finish line. The House passed the Fourth Amendment Is Not For Sale Act by a 219–199 vote in 2024, with bipartisan support from both party leaders, but the bill stalled in the Senate and has not been reenacted since. In the meantime, reporting has documented federal agencies — including the IRS, the Department of Defense, and Department of Homeland Security components — purchasing Americans’ location and communications data from commercial brokers rather than seeking a warrant, a practice oversight groups describe as a direct workaround of Carpenter’s warrant requirement.
CASE Laws
The doctrinal foundation begins with Katz v. United States (1967), which moved Fourth Amendment analysis away from physical trespass and toward the question of whether a person has a reasonable expectation of privacy, establishing the framework every later digital-privacy case has had to apply to new technology.
The third-party doctrine that complicates digital cases traces to United States v. Miller (1976) and Smith v. Maryland (1979), which held that bank records and dialed telephone numbers carried no reasonable expectation of privacy because the defendant had voluntarily conveyed that information to a third party. Critics have long argued that applying this 1970s logic to twenty-first-century cloud storage would effectively eliminate Fourth Amendment protection for email, photos, and documents, since virtually all of it is technically “shared” with a service provider.
Riley v. California (2014) addressed whether police could search a cell phone’s digital contents without a warrant during an arrest, under the long-standing search-incident-to-arrest exception. A unanimous Court rejected the analogy between a phone and a physical object like a wallet, with Chief Justice Roberts writing that comparing the two was like equating a horseback ride to a flight to the moon — both are travel, but little else unites them. The Court held that officers must generally obtain a warrant, even after a lawful arrest.
Carpenter v. United States (2018) considered whether police needed a warrant to obtain historical cell-site location records covering 127 days of a defendant’s movements. In a 5–4 decision, the Court held that the third-party doctrine did not strip CSLI of constitutional protection, reasoning that carrying a cell phone is effectively indispensable to modern life and that such detailed location tracking risks the kind of government overreach the Fourth Amendment was designed to prevent.
State courts began applying similar logic to geofence warrants even before the Supreme Court weighed in. In People v. Dawes (2022), a California state court suppressed evidence from a geofence warrant issued to the San Francisco Police Department, becoming the first state court to do so and finding the warrant violated both the Fourth Amendment and California’s electronic privacy statute.
That state-level trend culminated in Chatrie v. United States, decided by the Supreme Court on June 29, 2026. Police investigating a Virginia credit union robbery obtained a geofence warrant directing Google to identify phones within a 150-meter radius of the crime scene, ultimately leading to the indictment of Okello Chatrie. In a 6–3 decision, the Court held that acquiring this location data constitutes a Fourth Amendment search, rejecting the government’s argument that opting into Google’s location-history feature waived constitutional protection. The Court remanded the case to the Fourth Circuit to determine whether the specific warrant satisfied the probable cause and particularity requirements, leaving open how narrowly future geofence warrants must be drawn even as it settled the threshold question of whether they require Fourth Amendment scrutiny at all.
Conclusion
Read together, this line of cases shows a Supreme Court willing to extend Fourth Amendment protection to new technology, but doing so narrowly and reactively, one device or technique at a time, while leaving the underlying third-party doctrine largely intact. Chatrie answered the immediate question of whether geofence warrants are searches, but it did not resolve the broader issue Justice Gorsuch raised at oral argument: whether the same reasoning that protects location history should also protect the emails, photos, and documents people store in the cloud. That question, along with the use of facial recognition and the purchase of personal data from brokers, remains for Congress, state legislatures, or future litigation to settle.
The pattern across these fights is consistent: law enforcement adopts a new surveillance capability, rights groups document its abuses through wrongful arrests or lawsuits, and only then does legislative or judicial correction follow, often years later. The Fourth Amendment Is Not For Sale Act has passed one chamber of Congress without becoming law. Facial-recognition oversight exists in fewer than a third of states. Whether the Constitution’s eighteenth-century text can keep pace with modern data collection will likely depend less on any single ruling and more on whether Congress eventually writes comprehensive rules, instead of leaving the courts to draw the line case by case.
FAQS
Q. Does the Fourth Amendment apply to data stored on my phone or in the cloud? Generally yes, but the strength of that protection depends on the type of data and how it was obtained. Phone contents searched during an arrest, and historical or geofence location data, now require a warrant under Riley, Carpenter, and Chatrie. Data voluntarily purchased by the government from a commercial broker currently falls into a legal gray area that courts have not fully resolved.
Q. Can police search my phone if I am arrested?
Not without a warrant in most circumstances. Riley v. California held that the search-incident-to-arrest exception does not extend to a phone’s digital contents, though officers may still seize and secure the device, and exigent circumstances, such as a real-time remote-wipe threat, can justify an immediate search.
Q. What is a geofence warrant, and is it legal now? A geofence warrant asks a company like Google to identify all devices within a specific area and time window, rather than targeting one known suspect. After Chatrie v. United States, obtaining this data is considered a Fourth Amendment search requiring a warrant, but courts are still working out how narrowly such warrants must be drawn to satisfy the particularity requirement.
Q. Can the government force Apple or Google to unlock an encrypted phone?
This remains contested. Following the 2016 dispute over the San Bernardino shooter’s iPhone, courts have not definitively resolved whether the All Writs Act can compel a company to build new software defeating its own encryption, and major tech companies continue to resist government backdoor proposals on the grounds that any backdoor can be exploited by bad actors as easily as by law enforcement.
Q. Is it legal for police to arrest someone based solely on a facial recognition match?
Policy varies by department and state. At least fourteen documented wrongful arrests have resulted from uncorroborated facial-recognition matches, and several states now require independent corroborating evidence before an arrest, though no uniform federal standard exists.
Q. Can the government simply buy my data instead of getting a warrant?
Currently, yes, in many cases. Federal agencies have purchased location and communications data from commercial data brokers without a warrant, a practice civil liberties groups call the “data broker loophole.” The Fourth Amendment Is Not For Sale Act would close this gap but has not been enacted into law as of mid-2026.
