US Supreme Court Divided Over Geofence Search Warrants and Digital Privacy

The United States Supreme Court appears sharply divided on the constitutionality of geofence warrants, a powerful digital surveillance tool that law enforcement uses to demand location data from tech companies. The case, Chatrie v. United States, could set a precedent for how the Fourth Amendment applies to digital privacy in the modern era.

What Are Geofence Warrants and Why Do They Matter?

Geofence warrants allow police to request location data from companies like Google for every device within a virtual boundary around a crime scene. This technique effectively lets investigators identify suspects by sifting through massive troves of anonymized data. However, critics argue that these warrants are overbroad and sweep up innocent bystanders.

Since 2016, federal agencies have filed thousands of such warrants each year, according to a New York Times investigation. The practice has become a cornerstone of digital investigations, but it raises serious questions about privacy and mass surveillance.

The Core Legal Question: Reasonable Expectation of Privacy

At the heart of the case is whether Americans have a reasonable expectation of privacy over location data collected by tech giants. The Fourth Amendment protects against unreasonable searches and seizures, but courts have struggled to apply this to digital information shared with third parties like Google.

Civil liberties advocates argue that geofence warrants violate this principle by enabling a “search first, develop suspicions later” approach. They contend that the government should not be able to demand data on hundreds of thousands of people without individualized suspicion.

Chatrie v. United States: The Facts

The case centers on Okello Chatrie, who was convicted of a 2019 bank robbery in Virginia. Police used a geofence warrant to obtain location data from Google, eventually identifying Chatrie as a suspect. His legal team argued that the warrant was unconstitutional because it lacked probable cause linking him to the crime.

Although Chatrie pleaded guilty, his appeal challenged the legality of the evidence. Lower courts allowed the evidence under a “good faith” exception, but the Supreme Court agreed to hear the case to address the broader constitutional issue.

Justices Appear Split After Oral Arguments

Following oral arguments in Washington, D.C., the nine justices seemed divided. Some expressed concern about the breadth of geofence warrants, while others worried about hampering law enforcement. Orin Kerr, a law professor at UC Berkeley, predicted the court would likely reject a complete ban but may impose limits on scope.

Attorney Cathy Gellis described the court’s stance as favoring “baby steps, not big rules.” This suggests a narrow ruling that allows geofence warrants under stricter conditions, rather than a sweeping decision on digital privacy.

Broader Implications for Tech Companies and Users

While Google stopped responding to geofence warrants last year by storing location data locally on devices, other companies like Microsoft, Uber, and Snap still store data on servers accessible to law enforcement. This means the Supreme Court’s decision could affect how all tech companies handle location data requests.

Building on this, privacy advocates hope the court will establish clear rules that protect innocent people from being caught in digital dragnets. However, the government argues that such warrants are essential for solving crimes in the digital age.

What Happens Next?

A final decision is expected later this year. If the court upholds geofence warrants with limitations, law enforcement may need to adopt more targeted requests. Alternatively, a ruling against the practice could force a major shift in how police investigate crimes using location data.

For now, the case underscores the ongoing tension between privacy rights and law enforcement needs in an era of ubiquitous digital tracking. Read more about how to protect your digital privacy or explore the Fourth Amendment in the digital age.

Paragon Refuses to Cooperate With Italian Authorities in Spyware Probe, Report Alleges

New allegations suggest that Paragon Solutions, the Israeli-American surveillance technology firm, is stonewalling Italian prosecutors investigating a massive spyware scandal. According to a report from Wired Italy, the company has failed to respond to a formal request for information sent via the Israeli government—more than a year after the investigation began. This development marks a significant turn in the ongoing Paragon spyware scandal, which has shaken Italy’s political and journalistic communities.

Last year, both WhatsApp and Apple alerted several Italian citizens—including journalists and activists—that they had been targeted with government-grade spyware. WhatsApp specifically identified Paragon as the supplier of the “Graphite” spyware used in a global hacking campaign that affected roughly 90 individuals. The notifications triggered a wave of criminal complaints and a formal investigation by Italian prosecutors.

The Alleged Refusal to Cooperate in the Italian Spyware Investigation

Building on the initial scandal, the latest twist involves Paragon’s apparent unwillingness to assist authorities. Wired Italy reports that prosecutors in Rome and Naples jointly sent a formal request for information to Paragon through diplomatic channels. However, the company has not replied. This silence contradicts earlier public statements from Paragon, in which the firm claimed it had offered to help investigate the hacking of a journalist—an offer it says the Italian government rejected.

As a result, Paragon even canceled its contracts with Italy’s two main intelligence agencies, AISE and AISI. The company argued that the Italian government turned down its proposal to probe whether a journalist was actually spied on using Graphite. This public feud between a spyware vendor and a former client is highly unusual in the secretive surveillance industry.

Possible Reasons for Paragon’s Silence

Observers speculate that the Israeli government may have intervened to block Paragon’s cooperation. In 2024, The Guardian reported that Israeli authorities seized documents from NSO Group to prevent the company from complying with legal demands in a lawsuit brought by WhatsApp. Israeli human rights lawyer Eitay Mack told Wired Italy that while the Israeli government has the legal power to force local companies to cooperate with foreign judicial requests, it has never done so. This context raises questions about whether Paragon is acting on its own or under state pressure.

Meanwhile, Spain’s High Court closed its own investigation into NSO spyware targeting Spanish politicians earlier this year, citing a lack of cooperation from Israeli authorities. This pattern suggests a broader reluctance among Israeli surveillance firms to engage with foreign probes.

Paragon’s Attempt to Position Itself as an Ethical Alternative

In the history of government spyware, it is extremely rare for a company to engage in a public dispute with a former customer. Paragon’s aggressive stance appears to be part of a strategic effort to differentiate itself from rivals like NSO Group and Intellexa, which have been mired in numerous scandals worldwide. The company’s now-defunct official website once claimed it provides customers “with ethically based tools, teams, and insights.”

However, the Paragon spyware scandal is its first major public controversy. The firm currently holds an active contract with U.S. Immigration and Customs Enforcement (ICE), which has been using Paragon’s technology to arrest and deport tens of thousands of immigrants. ICE told lawmakers that its law enforcement arm, Homeland Security Investigations (HSI), deploys Paragon’s spyware to counter terrorism and drug trafficking.

Italy’s Government Denies Involvement in Journalist Hacking

Italy’s government, led by Prime Minister Giorgia Meloni, has consistently denied authorizing the hacking of journalists Francesco Cancellato and Ciro Pellegrino, both of whom work for the online news outlet Fanpage. The Citizen Lab, a leading research organization that has investigated spyware abuses for over a decade, confirmed that both journalists were compromised using Graphite. Other victims include activists from Mediterranea Saving Humans, an Italian nonprofit dedicated to rescuing migrants crossing the Mediterranean Sea.

In June of last year, the Italian parliamentary committee overseeing intelligence agencies concluded that the targeting of activists was lawful. However, the committee stated it could not find evidence that Cancellato was targeted, and it did not examine Pellegrino’s case at all. Then, in March, the same prosecutors who requested information from Paragon announced that a forensic analysis of Cancellato’s device confirmed he was hacked, though the results for Pellegrino’s phone were inconclusive.

What Comes Next for the Italian Spyware Probe?

The prosecutors’ investigation remains open. Without Paragon’s cooperation, Italian authorities face significant hurdles in uncovering the full scope of the spyware campaign. This situation underscores the challenges that national governments encounter when trying to hold foreign surveillance companies accountable. For now, the Paragon spyware scandal continues to unfold, leaving journalists, activists, and legal experts watching closely for any signs of progress—or further obstruction.

For more insights into similar cases, read about how spyware targets journalists globally and explore the ethics of government surveillance.

Do you have more information about Paragon Solutions and the spyware scandal in Italy? Contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.

Cookeville Regional Medical Center Discloses Rhysida Ransomware Attack Affecting 337,917 Patients

A major Rhysida ransomware breach has hit Cookeville Regional Medical Center (CRMC) in Tennessee, exposing the personal and medical data of 337,917 individuals. The hospital confirmed the incident this week, sending breach notification letters to affected patients nearly nine months after the attack was first detected.

This healthcare ransomware attack, which occurred in July 2025, ranks among the largest in the United States for that year. The 309-bed facility serves about 250,000 patients annually across 14 counties in the Upper Cumberland region, making the scale of the data compromise particularly concerning for the local community.

How the Rhysida Ransomware Breach Unfolded at CRMC

According to a filing with the Maine Attorney General’s Office, an unauthorized party accessed or acquired files between July 11 and July 14, 2025. The Rhysida ransomware group, a Russia-linked ransomware-as-a-service operation active since May 2023, claimed responsibility on August 2, 2025. The gang demanded a ransom of 10 Bitcoin—worth roughly $1.15 million at the time—and posted sample files on its dark web leak site. It remains unclear whether any ransom was paid.

The hospital began mailing notification letters on April 14, 2026, roughly nine months after the intrusion. This delay, while typical for complex investigations, left patients in a prolonged state of uncertainty about their data security.

Data Exposed in the Attack

The compromised information may include names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account details, medical record numbers, treatment information, and health insurance data. CRMC is offering 12 months of free identity theft protection through Experian to those affected.

Given the sensitive nature of medical records, this Rhysida ransomware breach poses significant risks for identity theft and medical fraud. Patients are advised to monitor their accounts closely and take advantage of the offered protection services.

The Growing Threat of Rhysida Ransomware in Healthcare

The CRMC incident is not an isolated case. According to Comparitech, which tracks healthcare breaches, this ranks as the eighth-largest US healthcare ransomware breach of 2025 by records compromised. Last year, there were 134 confirmed attacks on US healthcare providers, exposing 11.7 million records in total.

Rhysida alone claimed 91 attacks across all sectors in 2025, with 23 confirmed. The average ransom demand from the group was $1.2 million. Other recent healthcare victims of Rhysida include Florida Lung, Asthma & Sleep Specialists (May 2025, $639,000 demand), MedStar Health in Maryland (September 2025, $3.09 million demand), and Spindletop Center in Texas (September 2025, $1.65 million demand).

These incidents highlight the persistent targeting of the healthcare sector by ransomware groups. For more on Rhysida’s tactics, see our analysis on Rhysida Ransomware Analysis Reveals Vice Society Connection.

Why Breach Notifications Take So Long

Rebecca Moody, head of data research at Comparitech, explained that the lengthy investigation timeline reflects the scale of forensic work required after a hospital ransomware hit. “It can take a considerable amount of time for organizations to investigate what data has been impacted in these breaches,” she said.

“While some organizations avoid using the word ‘ransomware’ and don’t issue any form of data breach notification for months,” Moody added, “this lack of clarity and confirmation can leave those affected open to identity theft and phishing campaigns.” CRMC, however, has been transparent about the nature of the attack, which helps patients understand the risks they face.

Impact on Patient Care and Hospital Operations

Ransomware incidents at US hospitals routinely force extended downtime, canceled appointments, and patient diversions, even when clinical systems remain operational. In CRMC’s case, the hospital stated it has put additional security measures in place since the attack to prevent future incidents.

For patients, the immediate concern is the potential misuse of their data. Social Security numbers and medical records are particularly valuable on the black market, often fetching higher prices than credit card numbers. This means that even if no direct financial loss occurs, victims may face long-term risks such as fraudulent medical claims or identity theft.

Healthcare organizations across the country are increasingly investing in cybersecurity defenses, but as the CRMC case shows, the threat from groups like Rhysida remains potent. For more insights on protecting patient data, read our guide on Healthcare Cybersecurity Best Practices.

In conclusion, the Rhysida ransomware breach at Cookeville Regional Medical Center underscores the urgent need for robust cybersecurity in healthcare. With 337,917 patients affected and sensitive data exposed, this incident serves as a stark reminder of the vulnerabilities in our medical infrastructure. Patients are urged to remain vigilant and take advantage of identity protection services offered by the hospital.