Police are Forcing Google to Hand Over User Data Through 'Reverse Location Search Warrants'

Police are Forcing Google to Hand Over User Data Through 'Reverse Location Search Warrants'

Though Big Tech usually manages to make the headlines for problematic privacy rights all on their own, we also shouldn’t underestimate the snooping powers of America’s police departments. An investigative report published by Slate revealed that tech companies such as Google have been forced to provide user data to law enforcement of anyone who had the misfortune of being near the scene of a crime.

“Police departments across the country have been knocking at Google’s door for at least the last two years with warrants to tap into the company’s extensive stores of cellphone location data,” reported journalist Aaron Mak last month. “Known as ‘reverse location search warrants,’ these legal mandates allow law enforcement to sweep up the coordinates and movements of every cellphone in a broad area. The police can then check to see if any of the phones came close to the crime scene. In doing so, however, the police can end up not only fishing for a suspect but also gathering the location data of potentially hundreds (or thousands) of innocent people.”

This practice was used by law enforcement for North Carolina’s city of Raleigh where the biggest arson attack in the state’s history took place. It’s been reported the fire, which spanned over 10 buildings including churches, businesses and a seven-story apartment complex, caused around $50 million in damages. Despite remaining unsolved since March 2017, sources from NBC-affiliate WRAL claim police investigators served Google with search warrants requesting data on any and all phone and computer data in the area between 7:30 p.m. and 10:30 p.m. on the night of the fire. 

Unlike actual search warrants, no specific targets were named to hold the investigation to account. This grants the police a blank check to simply search entire databases — whether users are innocent, guilty or have any reason to justify probable cause — where potential crimes unrelated to the initial search are discovered through these data troves. “WRAL was able to uncover four instances in which the Raleigh Police Department sought reverse-location data in 2017 for investigations into murder, sexual battery, and the suspected arson,” report Slate, meaning officers were able to build cases outside the scope of the reported crime, including “crimes that occurred as far back as 2015”. 

“The department reportedly got the idea to use reverse location searches after learning that the State Bureau of Investigation in Orange County, California, had also employed the technique,” the report continues, discovering that police “obtained at least 22 reverse-location search warrants since August. The warrants have, at times, sought location data in 33-hour windows, potentially giving officers information on tens of thousands of people. The warrants have sought to gather identifying data in crimes ranging from home invasions to a theft of $650 worth of tires. In one case, the reverse-location data was requested to help solve a fatal shooting from 2013.”

Only a single case resulted in an arrest. The rest were left unproven.

The practice isn’t exclusive to local police craving easy work through data dumps — this happens on a federal level. Thanks to another investigation conducted by Forbes, this broad method of data-mining the crowds allowed the bureau to investigate any Google account holders “within a 375-meter radius” of the Virginia Dollar Tree robberies during March and September 2018 when the crimes took place. Once again, the warrants don’t specify which targets are data-mined, which crimes are being considered and offer no assurances to avoid the harvesting of irrelevant information used to track the public.

“The government has long applied a broad dragnet approach to cellphone location data,” Slate explains. “Law enforcement at the local, state, and federal levels have made thousands of requests for “cell tower dumps” since 2010, which involves collecting information on every phone connected to a cell tower at a certain time. Police have also been known to use StingRays, which are devices that send out broadcast signals stronger than those coming from actual cell towers, thus tricking cellphones into connecting to the device. The StingRay operator can then locate all connected phones.”

It appears Google’s tracking methods are more powerful than these traditional snooping tactics. “When authorities request this cell tower data,” the journalist continues, “they can see the approximate locations of any phone connected to a nearby tower. But they can retrieve much more reliable data from users of Android phones or certain Google apps. These location-tracking functions are often more precise than those of cell towers for tools like Maps and even Gmail. Plus, the company collects tracking data from phones that aren’t connected to cell towers, such as those using GPS satellites or Wi-Fi. When police request location data from Google-connected devices, they’ve also been known to ask for more personal information, like browsing history and past purchases” — with no reason for deletion in sight.

Google, of course, has remained relatively quiet on the matter recently. In their statement to Forbes last year, the company said: “We always push back on overly broad requests for our users’ data. We have an established process for managing requests for data about our users, and in these particular instances, require a search warrant. We always push back on overly broad requests to protect our users’ privacy.” Despite this narrative, it goes against Google’s proven track-record regarding privacy.

Our publication has routinely been on the heels of Google for a pervasive history of exploiting data rights for the sake of profit and PR expediency. In February, the company was revealed to be the data-mining puppet master behind Screenwise Meter, a VPN surveillance app used to track the phone data of users, which was banned from Apple’s app store for violating the service’s Enterprise Certificate System. The app had reportedly been running since 2012 and remains live on the Android play store service (which is in the pocket of the monopoly of, you guessed it, Google). No warrants are required for Google to syphon this information — it just requires a few button clicks.

“We’ve always tried to accurately define what it meant to be a good force, always doing what’s right, what’s ethical,” once said Larry Page, former CEO of Google. “In the end, [our company motto] ‘Don’t Be Evil’ seemed to be the easiest way to sum it up.” Gone are those days as the company increasingly shuns morals in favor of lucrative user espionage. 

In July 2018, Google was also caught allowing their associated third-party app developers to read through the emails of millions of Gmail users for ad optimization — despite the company’s 2017 pledge to discontinue the practice. “Consumer Gmail content will not be used or scanned for any ads personalization,” wrote Diane Greene, Google Cloud senior vice president, in her announcement blog post. “G Suite customers and free consumer Gmail users can remain confident that Google will keep privacy and security paramount as we continue to innovate.” This, of course, was a lie.

By October, it was reported that the internet’s favorite search engine monopoly exposed the private data of hundreds of thousands of their Google+ users and covered up the leak “fearing repercussions” from Congressional lawmakers. This was confirmed by internal documents reviewed by The Wall Street Journal and a source for The Washington Post who found that a harmful “API bug” placed the entire network at risk. The company still hasn’t confirmed how much data was extracted from the network, echoing Facebook’s Cambridge Analytica scandal where 87 million of its users’ personal data was exposed.

Where’s the reason to believe Google suddenly plays ethical data privacy warrior when the government comes calling for data-troves of their own? Given Google’s record of fighting the California Consumer Privacy Act (CCPA) and the European Union’s GDPR provisions, requiring true explicit consent from users regarding data management, why are these techno-libertarians given the assumption of innocence when there’s so much red on their hands? Privacy advocates and skeptical minds should demand more consideration of the warrant system, particularly regarding new technologies, so laws can keep the invasiveness of their own enforcement officers to account and to maintain Google as a true protector of the digital public space.

Related News