Reverse Keyword Warrant Challenged After Cops Asked Google To Search Millions Of People’s Data Multiple Times

from the Dragnet-2:-The-Dragnetting dept

Cops have been running to Google for years, warrants and subpoenas in hand, asking the data behemoth to give them info they can sift through to find criminal suspects. Location data is a big one. Comparable to cell phone tower dumps, geofence warrants allow law enforcement to obtain a certain amount of data on every phone in an area, allowing them to work backwards towards probable cause to seek identifying data on possible suspects. But the only “probable cause” needed for the original, Google-enabled search is the (strong) probability Google has data responsive to the request.

Another backdoor to probable cause is keyword warrants. These are even more questionable since it’s not just the Fourth Amendment being implicated. Getting data dumps on everyone who might have searched for certain terms wanders into First Amendment territory, making people suspects just because they’ve attempted to access information.

These have been increasing in popularity over the past several years as law enforcement moves towards internet-based alternatives to canvassing neighborhoods to ask people if they’ve seen anything suspicious. This has led to some really strange interpretations of probable cause, like cops searching for anyone who searched for a certain person’s name while investigating bank fraud.

That case was a half-decade ago. And the request was granted, presumably because the judge felt it was likely Google had responsive data: the supposed “probable cause.” It’s only now that one of these keyword warrants is being challenged by someone other than the original recipient. Here’s Jon Schuppe, reporting for NBC News. (h/t Michael Vario)

A teen charged with setting a fire that killed five members of a Senegalese immigrant family in Denver, Colorado, has become the first person to challenge police use of Google search histories to find someone who might have committed a crime, according to his lawyers.  


In documents filed Thursday in Denver District Court, lawyers for the 17-year-old argue that the police violated the Constitution when they got a judge to order Google to check its vast database of internet searches for users who typed in the address of a home before it was set ablaze on Aug. 5, 2020. Three adults and two children died in the fire.

That search of Google’s records helped point investigators to the teen and two friends, who were eventually charged in the deadly fire, according to police records. All were juveniles at the time of their arrests. 

The aforementioned document [PDF] (which NBC News inexplicably failed to include with its article) opens with a concise, but powerful, point-by-point discussion of everything that’s wrong with warrants that allow law enforcement to ransack digital warehouses in hopes of finding something it can work with.

A reverse keyword search is a novel and uniquely intrusive digital dragnet of immense proportions. It requires Google to search billions of people’s search queries—everyone who ran a Google search—and produce information on anyone who looked for certain search terms, or keywords. Here, the government searched for, and then seized, the personal data associated with everyone who searched for nine variations of an address, “5312 Truckee Street,” over the course of 15 days in 2020.

That’s not how probable cause, or even reasonable suspicion, works. Possessing a warrant doesn’t really change anything, since the only supporting probable cause is that Google has information, most (if not all, in some cases) that is completely unrelated to the crime being investigated.

In this case, the speculative excursion was far less precise than even that dismissive term would indicate. Google rejected two previous warrants served to it by investigators, suggesting even the investigators had no idea what they were searching for, much less what they expected Google to search for.

But for this reverse keyword search, law enforcement would not have identified Mr. Seymour as a suspect in this case. Indeed, the keyword warrant was preceded by a litany of other constitutionally suspect searches. None of them, however, pointed law enforcement to Mr. Seymour. In fact, the operative keyword warrant, issued on November 19, 2020, was the third keyword warrant issued in this case. Google refused to comply with the first two. And just the day before Denver police obtained the warrant, investigators were interrogating an alternate suspect. Law enforcement went on a massive fishing expedition, trawling through everyone’s cell phone records, location data, and Google data—without cause to search any of it—until they identified Mr. Seymour with a third keyword warrant.

Admittedly, banging away until something gives is also a law enforcement technique, but those generally don’t implicate the search engine history of people who haven’t committed crimes. A warrant was obtained, which means discussions about the Third Party Doctrine will be limited (and the fact that most users know Google searches are known, if not stored indefinitely, by Google is another factor), but that doesn’t excuse the apparent abuse of a third party’s date stores to root around for people reasonably suspected of participating in a crime.

While law enforcement may portray this as a search of Google, it is actually a search of Google users and their internet use.

The government searched an ocean of intensely private data in this case, yet it lacked probable cause to search even one Google user. Instead, it demanded that Google search everyone’s Google searches in order to generate suspicion. This process is profoundly different from the one that governs the application for and execution of typical warrants, where a suspect is known and the warrant seeks their data. Instead, this “reverse warrant” first identifies categories of data and then seeks information about people whose data falls into those categories.

It’s fishing. It’s not limited, targeted, supported by probable cause, or even based on law enforcement’s evidence gathering to date. In this investigation, investigators and their fishing poles were all over the lake.

Prior to the third keyword warrant, the government executed at least 23 other warrants, escalating over time to “very general search warrants” without any named suspects. […] [P]olice requested a “traditional tower dump” and “specialized location data dump,” from four major cell phone carriers, one returned 1,471 “unique devices…within a 1-mile radius” of the fire, and another returned 4,595 devices.

Just pure guesswork. The cops even went wardriving for cell phones.

Police deployed a “cell-site simulator” (a.k.a. “IMSI catcher”) in the same neighborhoods in an attempt to “throw out” some numbers. A cell-site simulator is a fake cell phone tower operated by the police from the back of a car. As the police drove the device around Truckee St. on August 20, 2020 at 2 a.m., the simulator forced every cell phone within range to connect to it instead of to the authentic cell phone network. The phones then identified themselves to the police by providing their unique international mobile subscriber identifier (“IMSI”) numbers. Police identified 723 devices in the area, most of which belonged to neighbors in private homes. None of this information, however, led investigators to say, “We’ve got our guy or gal or anything.” Id. at 129.

So, it appears this won’t be the only warrant/search technique being challenged in this case. Investigators tried everything and did so with very little lawful justification. This may be the first time a keyword search has been challenged in court, but it also appears another law enforcement favorite — geofence warrants — will be receiving the same treatment from the accused’s defense lawyer.

Police also obtained two Google geofence warrants, one on August 10, 2020, and another on October 6, 2020. […] For reference, Google had 592 million Location History users in 2018. To conduct a geofence search, regardless of the size or shape of the area, Google must comb through the account of every Location History user. That is because Google does not know which users may have responsive data before conducting the search. As a result, the two geofence warrants here, covering six geographic areas, led to the search of hundreds of millions of people, multiple times. Yet, like the prior searches, this approach also failed to produce any “fruitful” leads.

On top of all of this, investigators also went to a data broker to trawl for leads, serving a warrant to “Fog Data Science,” which (according to the description in the filing) appears to gather location data from apps and provide that access to government agencies.

Multiple dragnets. Zero returns. Thousands directly affected. Millions indirectly searched. And only one of the 24 warrants (on top of the Stingray wardriving, which doesn’t appear to have been backed by a warrant) produced anything usable.

The totality is an embarrassing indictment of law enforcement officers’ preference to allow others to do their neighborhood canvassing for them. Searches performed by others and overseen by desk jockeys is a whole lot easier than hitting the streets and looking for eyewitnesses and evidence.

Unfortunately, court decisions are on a case-by-case basis. The totality of this fiasco may be viewed through a very narrow lens that only considers the probability Google retains this data. And that may be all the probable cause needed, especially when Google refuses to provide identifying info until law enforcement offers up something approaching actual probable cause.

Then again, this may be the toe in the door that results in more judicial examination of these fishing expeditions and starts demanding probable cause be related to the suspect being sought, rather than the location of the data cops wish to obtain.

Filed Under: ,
Companies: google

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Reverse Keyword Warrant Challenged After Cops Asked Google To Search Millions Of People’s Data Multiple Times”

Subscribe: RSS Leave a comment
Tirear says:


It’s just a matter of evidence. If a particular neighbor is the arsonist then their cell phone would have been caught in the original reverse search, but if that particular neighbor isn’t the arsonist then their cell phone probably still would have been caught in the original reverse search. So that person being caught in the original reverse search can’t tell us much about whether or not they are the arsonist.

If a particular outsider is the arsonist then their cell phone probably would have been caught in the original reverse search (criminals still haven’t learned to leave their phone behind), but if that particular outsider isn’t the arsonist then their cell phone probably wouldn’t have been caught in the original reverse search (they’re probably at home during the target period, or if they did leave them they probably left in the wrong direction to get caught up in the search, or if they left in that direction there is still the possibility that they left before the target period, overshot the target area, and returned after the target period). So that person being caught in the original reverse search tells us that they are significantly more likely to be the arsonist. Not anywhere near proof (the base rate for arsonists is very low even before considering that the police are looking for a specific one), but possibly enough to be worth looking into.

If the police had a lead on one of the neighbors then they would of course want to look into it. But if they don’t have a lead, then they probably can’t convince a judge “We need to search this guy’s house because he is one of 723 individuals who live within a few blocks of the victim”, and almost certainly wouldn’t be willing to spare the manpower to perform that many searches. If instead they can say “This is one of a couple dozen people who left their house to travel to the approximate area of the arson at the approximate time of the arson”, that is much more actionable. Judging by the numbers on the article the math didn’t end up working out for it (remember that there are a lot more outsiders than there are neighbors, so even if most outsiders didn’t go near the home around the time it was burnt you can still end up way too many suspects), but I’m guessing the police didn’t look up typical traffic rates to try and predict if this information would be useful before asking for it.

Bergman (profile) says:

Re: Re:

You’re making the same assumptions police did – that anyone who wants to burn down a house or rob a bank or whatever has to look it up on the internet first. There were plenty of people successful at both long before the internet was invented, and excluding anyone as a suspect who is a neighbor but didn’t look up how to commit the crime is naive.

Anonymous Coward says:

Re: Re: Re:

You’re making the same assumptions police did – that anyone who wants to burn down a house or rob a bank or whatever has to look it up on the internet first.

Tirear made a well-reasoned, cogent argument as to why the police shouldn’t have been asking for the data, actually. But, as per usual, it went straight over your head.

(And now two regular trolls will probably attack Tirear and accuse them of being me just because I defended them.)

Anonymous Coward says:

Big Tech + Big Money + Captive CongressCritters have effectively annihilated the freedoms the founders of this country worked so hard to establish. The foundation of our entire society depends upon the voters being smart enough to elect honorable men and women to represent them. “Honor” was abandoned long ago and our dismal education system isn’t capable of producing smart voters. What was launched as a beautiful dream has been destroyed by ignorance and greed.

That Anonymous Coward (profile) says:

I think the much larger concern thats being glossed over…

Despite the huge budgets & toys, they wouldn’t even come up with a correctly worded warrant.

They had no leads, one wonders if their investigative techniques were as flawed as their warrant wording.

The idea that a group of kids willing to burn (or kill) a family out of their home would have nothing that could have made them persons of interest beyond… they googled an address raises question about how lazy the cops are.

That or lets just be honest they have serious problems going after racists for the same reason you don’t see spiderman and peter parker together.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...