TechScape: Police use data to track suspects; errors minimized
4 min read
In this week’s newsletter: Questions arise over ‘Geofence warrants’ wrongly associating an individual with a crime, prompting scrutiny of similar cases
In January 2020, Zachary McCoy, a resident of Florida, received a concerning email from Google. The message notified him that local authorities were requesting his personal information, and he had a mere seven days to prevent Google from disclosing it.
Later, McCoy found out that the police were investigating a burglary and had issued a ‘geofence warrant’ to Google. This court-ordered warrant required Google to identify and provide information about all devices in the vicinity of the burglarized home during the alleged crime. Unfortunately, McCoy was on one of his regular bike rides in the neighborhood at the time, and the data provided by Google to the police wrongly positioned him near the scene of the burglary.
Consequently, McCoy was wrongly implicated in a crime simply because he happened to be in the wrong place at the wrong time.
This incident is not an isolated occurrence. Throughout the United States, from Virginia to Florida, law enforcement agencies are increasingly employing investigative tools like reverse search warrants. These encompass geofence location warrants and keyword search warrants, which are utilized to compile a list of potential suspects associated with specific criminal activities.
Specifically, geofence warrants empower law enforcement to compel tech companies to identify all devices near a specified location and time. On the contrary, keyword search warrants are employed to acquire information about individuals who have searched for particular keywords or phrases.
Public defenders, privacy advocates, and many lawmakers have criticized this practice, contending that it violates Fourth Amendment protections against unreasonable searches. Unlike traditional warrants and subpoenas, which focus on specific individuals with established probable cause of involvement in a particular crime, geofence warrants are broad and often used to create a list of potential suspects for further investigation.
A lack of transparency
Furthermore, there is a notable lack of transparency surrounding this practice. While major tech companies such as Apple and Google regularly issue transparency reports revealing the number of user data requests they receive worldwide, historically, there has been limited information about the specific number of these requests related to geofence warrants.
Under pressure from advocacy organizations like the Surveillance Oversight Tech Project (Stop) and the Electronic Frontier Foundation (EFF), Google, in 2021, disclosed, for the first time, a breakdown of the number of geofence warrants it received. The company reported nearly 21,000 geofence warrants between 2018 and 2020 but did not specify how many were complied with. Google did note that in the latter half of 2020, it responded to 82% of all government data requests in the United States with some level of information. Since then, there have been no updates from the company on the number of geofence warrants received, and it did not respond to requests for comment at the time of publication.
They’re putting their users at risk
Although companies like Google claim to thoroughly assess every legal data request, there are constraints when they face valid subpoenas or warrants. Tech companies can resist these requests only to a certain extent, depending on their access to the requested data. As illustrated in Apple’s transparency report, the primary strategy to protect user data from broad law enforcement requests is either to avoid collecting it in the first place or, at the very least, to encrypt or implement other protective measures to hinder easy access.
Nonetheless, according to Albert Fox Cahn, the director of Stop, technology companies like Google heavily depend on gathering user data to enhance their financial performance. They are frequently unwilling to implement necessary measures to safeguard this data, even when viable technical solutions exist.
Google has faced increasing requests from U.S. consumers to improve the protection of location and health data, particularly after the Supreme Court’s decision to overturn federal abortion protections. In response, the company committed to concealing location data when users visit “sensitive locations,” such as reproductive care clinics. However, as first reported by The Guardian in November 2022, searches for routes to Planned Parenthood facilities and directions to abortion clinics via Google Maps were still being recorded in users’ Google activity timelines for several months thereafter.
Not an isolated case
Despite experts suggesting that Apple could further safeguard user data, like implementing default encryption for personal information rather than requiring opt-ins, the transparency report might contribute to the increasing pressure on competitors like Google to improve protection against extensive reverse search warrants. According to Crocker, “Google has faced heightened scrutiny over geofence warrants, and I believe that scrutiny is here to stay.”
Meanwhile, geofence warrants persist in disrupting the lives of individuals, particularly as public defenders and lawyers are still in the process of comprehending these legal requests and figuring out how to contest them.
In this context, Zachary McCoy stands among the fortunate few. Normally, individuals whose data is sought through subpoenas or warrants do not receive notification from the company regarding the potential disclosure of their information. Such requests frequently come with gag orders that prohibit the company from informing the subject of the request. Following the receipt of the email, McCoy sought legal advice, resulting in the filing of a motion to quash the subpoena. This ultimately prompted the local police to retract the warrant. However, many others are not as fortunate in comparable situations.
