Phones, computers, and tablets connect to WiFi networks—and in turn, the Internet—through a physical access point. Since a single access point can only service a limited number of devices within a certain range, WiFi networks that have many users and cover larger geographic areas have multiple stationary access points. When a device owner moves through a WiFi network with multiple access points, their device seamlessly switches to the nearest available point. This means that an access point can serve as a proxy for a device owner’s physical location. As an access point records a unique identifier for each device that connects to it, along with the time the device connected, access point logs can reveal a device’s precise location over time.
In Dunkins, police were investigating a robbery that occurred in the middle of the night in a dorm at Moravian College in eastern Pennsylvania. To identify a suspect, police obtained logs of every device that connected to the 80-90 access points in the dorm—about one access point for every other dorm room—around the time of the robbery. From there, police identified devices belonging to several dozen students. They then narrowed their list to include only non-residents. That produced a list of three devices: two appeared to belong to women and one appeared to belong to a man who later turned out to be Dunkins. Since police believed the suspect was a man, they focused their investigation on that device. They then obtained records of Dunkins’ phone for five hours on the night of the robbery, showing each WiFi access point on campus that his phone connected to during that time. Dunkins was ultimately charged with the crime.
We argued in our brief that searches like this violate the Fourth Amendment. The WiFi log data can reveal sensitive location information, so it is essentially identical to the cell phone location records that the Supreme Court ruled in Carpenter require a warrant. Just like cell phone records, the WiFi logs offered the police the ability to retrospectively track a person’s movement, including inside constitutionally protected spaces like students’ dorm rooms. And just as the Carpenter court recognized that cell phones are essential for participation in modern life, accessing a college WiFi network is equally indispensable to college life.
Additionally, we argued that even if police had obtained a warrant, such a warrant would be invalid. The Fourth Amendment requires law enforcement to obtain a warrant based on probable cause before searching a particular target. But in this case, police only knew that a crime occurred—they did not have a suspect or even a target device identifier. Assessing virtually the same situation in the context of a geofence warrant, two federal judges recently ruled that the government’s application to obtain location records from a certain place during a specific time period failed to satisfy the Fourth Amendment’s particularity and probable cause requirements.
The police’s tactics in this case illustrate exactly why indiscriminate searches are a threat to a free society. In acquiring and analyzing the records from everyone in the dorm, the police not only violated the defendant’s rights but they also wrongly learned the location of every student who was in the dormitory in the middle of the night. In particular, police determined that two women wholly unconnected to the robbery were not in their own dorm rooms on the night of the crime. That’s exactly the type of dragnet surveillance that the Fourth Amendment defends against.
The outcome of this case could have far-reaching consequences. In Pennsylvania and across the nation, public WiFi networks are everywhere. And for poor people and people of color, free public WiFi is often a crucial lifeline. Those communities should not be at a greater risk of surveillance than people who have the means to set up their own private networks. We hope the court will realize what’s at stake here and rule that these types of warrantless searches are illegal.