Reverse Keyword Warrant Challenged After Cops Asked Google To Search Millions Of People’s Data Multiple Times

Legal Issues

from the Dragnet-2:-The-Dragnetting dept

Cops have been running to Google for years, warrants and subpoenas in hand, asking the data behemoth to give them info they can sift through to find criminal suspects. Location data is a big one. Comparable to cell phone tower dumps, geofence warrants allow law enforcement to obtain a certain amount of data on every phone in an area, allowing them to work backwards towards probable cause to seek identifying data on possible suspects. But the only “probable cause” needed for the original, Google-enabled search is the (strong) probability Google has data responsive to the request.

Another backdoor to probable cause is keyword warrants. These are even more questionable since it’s not just the Fourth Amendment being implicated. Getting data dumps on everyone who might have searched for certain terms wanders into First Amendment territory, making people suspects just because they’ve attempted to access information.

These have been increasing in popularity over the past several years as law enforcement moves towards internet-based alternatives to canvassing neighborhoods to ask people if they’ve seen anything suspicious. This has led to some really strange interpretations of probable cause, like cops searching for anyone who searched for a certain person’s name while investigating bank fraud.

That case was a half-decade ago. And the request was granted, presumably because the judge felt it was likely Google had responsive data: the supposed “probable cause.” It’s only now that one of these keyword warrants is being challenged by someone other than the original recipient. Here’s Jon Schuppe, reporting for NBC News. (h/t Michael Vario)

A teen charged with setting a fire that killed five members of a Senegalese immigrant family in Denver, Colorado, has become the first person to challenge police use of Google search histories to find someone who might have committed a crime, according to his lawyers.  

[…]

In documents filed Thursday in Denver District Court, lawyers for the 17-year-old argue that the police violated the Constitution when they got a judge to order Google to check its vast database of internet searches for users who typed in the address of a home before it was set ablaze on Aug. 5, 2020. Three adults and two children died in the fire.

That search of Google’s records helped point investigators to the teen and two friends, who were eventually charged in the deadly fire, according to police records. All were juveniles at the time of their arrests. 

The aforementioned document [PDF] (which NBC News inexplicably failed to include with its article) opens with a concise, but powerful, point-by-point discussion of everything that’s wrong with warrants that allow law enforcement to ransack digital warehouses in hopes of finding something it can work with.

A reverse keyword search is a novel and uniquely intrusive digital dragnet of immense proportions. It requires Google to search billions of people’s search queries—everyone who ran a Google search—and produce information on anyone who looked for certain search terms, or keywords. Here, the government searched for, and then seized, the personal data associated with everyone who searched for nine variations of an address, “5312 Truckee Street,” over the course of 15 days in 2020.

That’s not how probable cause, or even reasonable suspicion, works. Possessing a warrant doesn’t really change anything, since the only supporting probable cause is that Google has information, most (if not all, in some cases) that is completely unrelated to the crime being investigated.

In this case, the speculative excursion was far less precise than even that dismissive term would indicate. Google rejected two previous warrants served to it by investigators, suggesting even the investigators had no idea what they were searching for, much less what they expected Google to search for.

But for this reverse keyword search, law enforcement would not have identified Mr. Seymour as a suspect in this case. Indeed, the keyword warrant was preceded by a litany of other constitutionally suspect searches. None of them, however, pointed law enforcement to Mr. Seymour. In fact, the operative keyword warrant, issued on November 19, 2020, was the third keyword warrant issued in this case. Google refused to comply with the first two. And just the day before Denver police obtained the warrant, investigators were interrogating an alternate suspect. Law enforcement went on a massive fishing expedition, trawling through everyone’s cell phone records, location data, and Google data—without cause to search any of it—until they identified Mr. Seymour with a third keyword warrant.

Admittedly, banging away until something gives is also a law enforcement technique, but those generally don’t implicate the search engine history of people who haven’t committed crimes. A warrant was obtained, which means discussions about the Third Party Doctrine will be limited (and the fact that most users know Google searches are known, if not stored indefinitely, by Google is another factor), but that doesn’t excuse the apparent abuse of a third party’s date stores to root around for people reasonably suspected of participating in a crime.

While law enforcement may portray this as a search of Google, it is actually a search of Google users and their internet use.

The government searched an ocean of intensely private data in this case, yet it lacked probable cause to search even one Google user. Instead, it demanded that Google search everyone’s Google searches in order to generate suspicion. This process is profoundly different from the one that governs the application for and execution of typical warrants, where a suspect is known and the warrant seeks their data. Instead, this “reverse warrant” first identifies categories of data and then seeks information about people whose data falls into those categories.

It’s fishing. It’s not limited, targeted, supported by probable cause, or even based on law enforcement’s evidence gathering to date. In this investigation, investigators and their fishing poles were all over the lake.

Prior to the third keyword warrant, the government executed at least 23 other warrants, escalating over time to “very general search warrants” without any named suspects. […] [P]olice requested a “traditional tower dump” and “specialized location data dump,” from four major cell phone carriers, one returned 1,471 “unique devices…within a 1-mile radius” of the fire, and another returned 4,595 devices.

Just pure guesswork. The cops even went wardriving for cell phones.

Police deployed a “cell-site simulator” (a.k.a. “IMSI catcher”) in the same neighborhoods in an attempt to “throw out” some numbers. A cell-site simulator is a fake cell phone tower operated by the police from the back of a car. As the police drove the device around Truckee St. on August 20, 2020 at 2 a.m., the simulator forced every cell phone within range to connect to it instead of to the authentic cell phone network. The phones then identified themselves to the police by providing their unique international mobile subscriber identifier (“IMSI”) numbers. Police identified 723 devices in the area, most of which belonged to neighbors in private homes. None of this information, however, led investigators to say, “We’ve got our guy or gal or anything.” Id. at 129.

So, it appears this won’t be the only warrant/search technique being challenged in this case. Investigators tried everything and did so with very little lawful justification. This may be the first time a keyword search has been challenged in court, but it also appears another law enforcement favorite — geofence warrants — will be receiving the same treatment from the accused’s defense lawyer.

Police also obtained two Google geofence warrants, one on August 10, 2020, and another on October 6, 2020. […] For reference, Google had 592 million Location History users in 2018. To conduct a geofence search, regardless of the size or shape of the area, Google must comb through the account of every Location History user. That is because Google does not know which users may have responsive data before conducting the search. As a result, the two geofence warrants here, covering six geographic areas, led to the search of hundreds of millions of people, multiple times. Yet, like the prior searches, this approach also failed to produce any “fruitful” leads.

On top of all of this, investigators also went to a data broker to trawl for leads, serving a warrant to “Fog Data Science,” which (according to the description in the filing) appears to gather location data from apps and provide that access to government agencies.

Multiple dragnets. Zero returns. Thousands directly affected. Millions indirectly searched. And only one of the 24 warrants (on top of the Stingray wardriving, which doesn’t appear to have been backed by a warrant) produced anything usable.

The totality is an embarrassing indictment of law enforcement officers’ preference to allow others to do their neighborhood canvassing for them. Searches performed by others and overseen by desk jockeys is a whole lot easier than hitting the streets and looking for eyewitnesses and evidence.

Unfortunately, court decisions are on a case-by-case basis. The totality of this fiasco may be viewed through a very narrow lens that only considers the probability Google retains this data. And that may be all the probable cause needed, especially when Google refuses to provide identifying info until law enforcement offers up something approaching actual probable cause.

Then again, this may be the toe in the door that results in more judicial examination of these fishing expeditions and starts demanding probable cause be related to the suspect being sought, rather than the location of the data cops wish to obtain.

Filed Under: 4th amendment, reverse warrant
Companies: google