The New Mandate: How US Police Use Google for Your Location and Search History | American Police


It was a routine bike ride through the neighborhood that landed Zachary McCoy in the crosshairs in Gainesville, Fla., police department.

In January 2020, an alarming email from Google landed in McCoy’s inbox. Police were asking for his user data, the company told him, and McCoy had seven days to go to court and block his publication..

McCoy later discovered that the request was part of an investigation into the burglary of a nearby house the previous year. The evidence that passed him off as a suspect was his location during his bike ride – information police obtained from Google through what’s known as a geofence warrant. For simply being in the wrong place at the wrong time, McCoy was under investigation and, as a result, his Google data was in danger of being turned over to the police.

Geographic fencing warrants and reverse search warrants such as those McCoy has been involved with are increasingly becoming law enforcement’s tool of choice. Google first revealed in August that it had received 11,554 geofence location warrants from law enforcement in 2020, up from 8,396 in 2019 and 982 in 2018.

This is a worrying trend, argue experts and lawyers. They fear that this increase signals the start of a new era, in which law enforcement agencies are finding ever more creative ways to obtain user information from data-rich technology companies. And they fear that agencies and jurisdictions will use this relatively uncontrolled mechanism in the context of new and controversial laws such as the criminalization of almost all abortions in Texas.

“As long as the data is there, all it takes is for a creative law enforcement officer to say, ‘Hey, we can get a warrant or we can send a subpoena for this sub- particular set of data that is already being collected, “” Caleb Kenyon, the defense attorney representing McCoy, told The Guardian. “They go out of their way to do their job. That’s all it takes for the next kind of [reverse] search warrant to come.

Dragnet search warrant

Lawyers such as Kenyon and privacy experts argue that the geofence and other broad mandates such as those that require companies to sift through searched keywords are akin to a blanket warrant, rendered illegal by the Fourth Amendment, against unreasonable searches and seizures. Unlike other types of search warrants, which are targeted and seek information about people whom law enforcement has reasonable grounds to believe have committed a specific crime, these warrants do not relate to a person. specifically.

In other words, with reverse search warrants, law enforcement is always looking for their suspect and asking tech companies to give them a list of people to investigate. For geofence warrants, anyone in a certain location at a certain time becomes a suspect and is investigated further, which could mean giving the police even more user data. For keyword search warrants, another relatively new mechanism for obtaining user information that has emerged, anyone who has searched for a certain phrase or address becomes a suspect.

The latter is potentially more extensive than geo-close warrants, argues Kenyon, because keyword research warrants are not necessarily geographically or materially linked to a specific crime and could make people around the world suspect. specific terms. “This is what I would define more as a true digital mandate, with no connection or connection or attachment to the physical world,” he said.

Privacy groups argue that tech companies are responsible for law enforcement’s increasing access to these types of data by developing new features that index user information to make it more searchable.

One of those features is the Child Pornography Material Detection (CSAM) feature offered by Apple, which would analyze images to detect images of child sexual abuse.

“From our perspective, creating more vulnerabilities on our devices that can be exploited, whether by authoritarian governments, law enforcement, or hackers, doesn’t make anyone any safer,” Caitlin Seeley said. George, director of campaigns and operations at Fight for the Future, who staged a protest outside Apple stores in 11 cities to pressure the company to abandon plans for the feature. “It fits perfectly with the search and monitoring function of the law enforcement dragnet, because it makes the images searchable.

“For communities disproportionately targeted by law enforcement surveillance based on their skin color, religion, country of origin, this adds more fodder,” she said. .

Information vulnerability

The standardization of these mechanisms is of particular concern as controversial laws such as the Texas abortion ban are being passed, said privacy advocate Albert Fox Cahn, founder of the Surveillance Project. surveillance technology. While Texas law does not allow public officials to prosecute abortion providers or those who assist them, it does not prohibit them from helping private citizens who sue, he stressed.

“You could use a pretext to get a reverse search warrant targeting the location of an abortion provider, literally using any other applicable law, and then provide that information to activists,” Cahn said.

And it’s getting easier and easier. A company called Hawk Analytics offers services that claim to put together Google geofencing warrants in “a few clicks.” In a webinar hosted exclusively for law enforcement, the company said it would guide attendees through “all of Google,” including “What is available, how to get it and what to do with it, with a focus on reverse location returns from Google Geofence.”

Without specifying how much, Google spokeswoman Genevieve Park said the company has challenged many overly broad government demands.

“We use a rigorous process designed to meet our legal obligations while reducing the scope of the data disclosed,” Park said in a statement.

However, it is not only the big technological players like Google and Facebook that are targeted. Personal information held by smaller companies that may not have the resources or the means to withstand high-profile mandates is equally vulnerable, Cahn said. “You can subpoena period tracking apps to provide any user who has apparently become pregnant within a certain period of time, for example,” he said.

“This information is flowing to so many different companies and vendors, even if one company tries to protect your location data, you have so many more points of vulnerability in the commercial market than ten years ago,” said Cahn. . “All it takes is a business to give up this information without a fight or more often than not to sell it.”

While there is legislation in the works that would impose safeguards on other means of obtaining large swathes of sensitive location data, such as cell site simulators and outright sale of this information, it does not. There is currently no known public effort by Congress to do the same for geo-fence mandates, according to Jake Laperruque, senior policy adviser to the Government Oversight Project. In the meantime, it is incumbent on state and local jurisdictions not to issue overly broad mandates and on tech companies to fight against those mandates, argue Laperruque and Cahn.

For tech companies that count advertising as one of their revenue streams – or as a major source of revenue, as is the case with Google, there is no real technical solution to limiting government demands on their data. “It would be technically impossible to make this data available to advertisers in a way that the police could not buy it, subpoena it or take it with a warrant,” Cahn said.

That’s why Apple’s now postponed plan to launch a feature that searches for CSAM has caused such fury. When the FBI in 2019 asked Apple to unlock the suspect’s phone in a mass shooting in San Bernardino, Calif., Apple resisted the request arguing the company couldn’t comply without building a backdoor. , which she refused to do. Once Apple starts scanning and indexing photos of anyone who uses its devices or services, however, nothing prevents the police from issuing warrants or subpoenas for these images in the context of investigations unrelated to the CSAM.

“We cannot ignore that these technologies are sold under legal regimes where, if you create a tool to fight a set of crimes, you cannot refuse when governments force you to use them to identify others. types of crimes like political dissent and religious expression, ”Cahn said.

For McCoy, while he was one of many known to be swept away by a broad dragnet-type tenure, he was one of the lucky few. Police withdrew the summons after Kenyon filed a motion to quash. The fact that Google informed McCoy of the request is a relative anomaly. Summons and warrants issued to tech companies often contain a nondisclosure clause. Yet, as is typical of such reviews, McCoy only had a few days to hire an attorney who knew what a geofence warrant was and how to handle it – something Kenyon says is still hard to come by. many places. For many without resources, this is an almost impossible question.

“Every time one of these warrants is signed, it somewhat erodes the foundation of the protections we have under the law,” Kenyon said.


About Author

Comments are closed.