On February 18, 2010, the FBI field office in Denver issued a "wanted" notice for two men known as "the High Country Bandits"—a rather grandiose name for a pair of middle-aged white men who had been knocking down rural banks in northern Arizona and Colorado, grabbing a few thousand dollars from a teller's cash drawer and sometimes escaping on a stolen all-terrain vehicle (ATV).

In each of their 16 robberies, the bandits had a method: "The unknown male identified as suspect number one often enters the banks in rural locations near closing time and brandishes a black semi-automatic handgun. Suspect number one then demands all the money from the teller drawers. He obtains an undisclosed amount of money, puts it in a bag, orders everyone on the ground, then exits the banks with a second suspect. They have been seen leaving the banks on a green or maroon four-wheel ATV with suspect number two driving."

Investigators had bank surveillance footage of the robberies, but the bandits wore jackets, ski masks, and gloves and proved hard to track down. It wasn't for a lack of witnesses or police effort, either. At one 2009 robbery in Pinetop, Arizona, for instance, the bandits got away with $3,827. Witnesses saw a man run from the bank and into a residential area, "looking around as if he were lost." Witnesses later saw the man tear out of the area on an ATV driven by another man. Police followed their escape route and found the spot where the ATV left the road through a freshly-cut barbed wire fence. The cops followed the tracks 17 miles northwest of town before losing the trail completely.

As the regional robberies continued, the FBI was brought into the case. They found a witness to one of the robberies who had seen a suspicious man hanging out by the bank a couple of hours before the robbery, talking on a cell phone. But how does one find a single cell phone user without knowing the cell phone number or the subscriber's name? Indeed, without knowing anything but the time and location?

If you're the FBI, you ask a judge to approve a full "cell tower dump," in which wireless operators will turn over the records of every cell phone that registered with a particular tower at a particular time. (Phones "register" with the nearest cell towers so that the network knows how to route calls.) And then you look for any numbers that stand out.

Fishing for phone numbers

To find the High Country Bandits, the FBI asked a federal magistrate judge to approve four of these cell tower dumps. Investigators picked the "four most rural [robbery] locations in order to minimize the amount of extraneous telephone data that would likely be obtained through such a court order," including the bank in Pinetop, said the FBI. The judge approved the request.

Tower dumps aren't like going after targeted cell phone data on a known suspect; they are more like casting a limited dragnet, pulling in the phone numbers and (rough) location of everyone in the vicinity of the event. And tower dumps are usually obtained without a warrant, instead utilizing a "court order" with judicial oversight but a lower burden than "probable cause." This could potentially mean the government getting warrantless location information for hundreds of people who are not being investigated for any crime.

Did I say "hundreds" of people? The FBI actually received more than 150,000 registered cell phone numbers from this particular set of tower dumps, despite picking the most rural locations possible. What the case agents wanted to do was scan the logs from all four sites on the belief that no single person was likely to be at all four banks during the robbery—except for the robber.

So the FBI dumped all the numbers into a Microsoft Access database and ran a query. As expected, only a single number came back: Verizon Wireless phone number 928-205-xxxx had registered with the tower closest to three of the banks on the day of each robbery. (Verizon didn't have a cell tower covering the fourth bank.) Further analysis found a second number, 928-358-xxxx, that had been in contact with 928-205-xxx and that had registered with two of the towers in question.

The FBI then went back to the judge and obtained more particular court orders covering these specific phone numbers. The phone numbers came back with subscriber names attached: Joel Glore and Ronald Capito. And the location data returned showed that these two phones had been present at most of the 16 bank robberies under investigation. Further, the data showed that both phones tended to travel from Show Low, Arizona, to the location of each bank just before each robbery.

If you're one of those people who still doesn't understand just how much a cell phone reveals about your movements, consider this FBI reconstruction of a single day:

On 11/25/2009, both CAPITO's and GLORE's mobile telephones begin the day at 6:31AM on the same cell tower in Show Low, Arizona, when CAPITO calls GLORE's mobile telephone. Both mobile telephones remain in Show Low until CAPITO's telephone uses a cell tower near Punkin Center, approximately 30 miles south of Payson, Arizona. By approximately 11:00AM, both CAPITO's and GLORE's phones are using the same cell tower in Star Valley, Arizona, approximately 5 miles east of Payson, Arizona, and likely covering areas of Payson, Arizona. By 11:50AM, both CAPITO's and GLORE's mobile telephones are using towers in Payson, Arizona, that are almost certainly within the coverage area of the Compass Bank located at 613 S. Beeline Highway, Payson, Arizona. GLORE's telephone remains on these Payson cell towers and last uses a Payson cell tower located only 1 mile from the Compass Bank at 3:27PM when he receives a call from CAPITO's cell telephone. CAPITO's telephone continues to use the Star Valley and Payson towers through the 3:27PM call, when CAPITO's telephone is using a cell tower located only 1.7 miles from the Compass Bank. At approximately 3:29PM, the High Country Bandits rob the Compass Bank, 613 S. Beeline Highway, Payson, Arizona. The next call on either GLORE or CAPITO's mobile telephones is at approximately 4:40PM when they are contacting each other and both are using the cell tower near Punkin Center, approximately 30 miles south of Payson, Arizona. Both mobile telephones remain using that cell tower throughout the night and return to Show Low, Arizona by 11:00AM the next day.

The FBI now had a pair of suspects, and they weren't exactly crown princes of crime. For one thing, they used real names when registering their cell phones, and they took their phones with them on the robberies. For another, they kept getting involved with police over issues like dog bites, dramatically raising the odds that they would come under some kind of suspicion. Indeed, on one dramatic occasion, Capito actually called the cops himself.

Glore and Capito, both in their early 50s, had a fractious relationship. In February 2010, three days after they had robbed a bank in Park City, Utah, police received a 911 call from Capito. He was in the mountains outside of Telluride, Colorado, and when the cops arrived they found him carrying a Glock handgun and standing next to a silver Toyota Avalon with blood in the front seat and signs of struggle in the snow.

Capito told them that he and Glore had argued and that he had punched Glore in the nose, after which Glore ran off into the woods. After several hours, Glore had not returned and Capito was worried. The police eventually found Glore "hypothermic and bloody," and they charged Capito with carrying a concealed weapon and with disorderly conduct. But they gave Capito's $4,029 wad of cash to Glore, who promptly used it to bail Capito out of jail. (The Glock had likely just been used in the robbery and the money had probably come from the Park City heist.)

The cops in Telluride had no information to link the two men to bank robberies, but a few weeks later the FBI did, and it put them under surveillance in Show Low, Arizona, where both men lived in the same neighborhood. Agents moved in on March 11. Glore had been having a tough month; agents found him in a hospital, receiving treatment for a ruptured appendix. He admitted everything, saying that he and Capito had been "desperate for money" and that he had served only as the getaway driver.

Capito, too, was picked up but demanded a lawyer. A search of Capito's property turned up all kinds of incriminating evidence, including a log book and the stolen ATV. Capito's wife told investigators that she thought the money he brought home was from casino winnings, and she said that her husband—a former girls' basketball coach—had been out of work for over a year.

On May 15, 2012, Capito was sentenced to 18 years in prison and ordered to pay back his half of the $150,000 he had stolen. Glore's sentencing is, apparently, still pending.

About those 149,998 other numbers...

Bandits? Caught. Justice? Done. But let's step back from the final result for a moment and ponder the technique that provided the big lead—the cell tower dumps. Should we have any concerns with the government getting that sort of mass tracking information on so many Americans without a warrant?

Some judges say yes. Former Magistrate Judge Brian Owsley dealt routinely with warrant requests and court orders until becoming a law school professor earlier this year; he has just written an intriguing paper about the issues surrounding cell tower dumps. In his view, these are clearly "searches" under the Fourth Amendment, and they require a full warrant backed by evidence of "probable cause."

That's because the Supreme Court jurisprudence on surveillance has relied for decades in part on the idea of someone's "reasonable expectation of privacy"—and people certainly expect that their location won't be easily and routinely accessible to law enforcement without a warrant, regardless of whether cell phone technology tracks them or not.

In addition, in its well-known Jones decision of 2012, the Supreme Court ruled that warrantless GPS tracking of a suspect was not allowed, and in response the FBI switched off 3,000 tracking devices. Cell tower dumps might well qualify as warrantless "tracking" under this standard, so Owsley argues that it is in the best interests of both society and investigators to get a warrant first:

In discussing requests for court orders, warrants, and subpoenas with various case agents, I always stressed that denying orders that fail to satisfy the standard is not just doing right by the Constitution and the applicable statutes, but also benefits society as well. These agents do not want to have a conviction hinge on and potentially be overturned because of an order or warrant that does not satisfy the standard. This argument has been made easier by the Supreme Court's decision in Jones, because some agents are now furiously working to determine what, if anything, they need to do to salvage cases involving a Jones-like search. Moreover, Jones has demonstrated that the courts are willing to act as a check on government investigations regarding electronic surveillance. That is particularly true because Jones was a unanimous judgment from a Court that routinely issues decisions split along ideological lines.

In some ways, the issue with tower dumps is more pressing than in Jones because it involves so many people, not just one. As Judge Nicholas Garaufis put it in an opinion:

The cell-site-location records at issue here currently enable the tracking of the vast majority of Americans. Thus, the collection of cell-site-location records effectively enables "mass" or "wholesale" electronic surveillance and raises greater Fourth Amendment concerns than a single electronically surveilled car trip. This further supports the court's conclusion that cell-phone users maintain a reasonable expectation of privacy in long-term cell-site-location records and that the Government's obtaining these records constitutes a Fourth Amendment search.

Cell tower dumps don't provide the precision of GPS tracking, of course, but they can in some cases provide directional and range information from a specific tower at a specific time—close enough to pin people within a few hundred yards. Because warrant applications often remain sealed, however, even judges rarely know how other judges have ruled on them; Owsley was reduced to asking judges he met at conferences whether they had encountered the issue, which is becoming increasingly common.

In the end, Owsley supports the use of tower dumps, so long as agents seek a warrant first and so long as they explain their plan to purge all numbers not germane to the current case. In addition, he argues that those whose records are swept up should be notified after the fact—especially because the records have a bad habit of ending up as evidence in court cases.