Arstechnica has a post that will get you thinking. How bank thieves were caught with cell tower dumps that provided the list of phones numbers in a location with specific times.
Fishing for phone numbers
To find the High Country Bandits, the FBI asked a federal magistrate judge to approve four of these cell tower dumps. Investigators picked the "four most rural [robbery] locations in order to minimize the amount of extraneous telephone data that would likely be obtained through such a court order," including the bank in Pinetop, said the FBI. The judge approved the request.
Tower dumps aren't like going after targeted cell phone data on a known suspect; they are more like casting a limited dragnet, pulling in the phone numbers and (rough) location of everyone in the vicinity of the event. And tower dumps are usually obtained without a warrant, instead utilizing a "court order" with judicial oversight but a lower burden than "probable cause." This could potentially mean the government getting warrantless location information for hundreds of people who are not being investigated for any crime.
The article goes on to describe the finding of a phone # that was in each location which happens to be at the time when there was a bank robbery. You get the idea. With the phone # they traced more, etc, etc.
The FBI then went back to the judge and obtained more particular court orders covering these specific phone numbers. The phone numbers came back with subscriber names attached: Joel Glore and Ronald Capito. And the location data returned showed that these two phones had been present at most of the 16 bank robberies under investigation. Further, the data showed that both phones tended to travel from Show Low, Arizona, to the location of each bank just before each robbery.