Google Disrupts Geofence Warrants, Says (Most) Location Data Will Be Stored Locally
from the lolololooooooooooooool dept
For years, Google has collected all the data it can about its users. And for years, it has utilized this data to… well, it depends on who you ask.
For Google, it meant a whole lot of targeted advertising — something so valuable Google tended to collect the data even when it told users it wouldn’t.
Once law enforcement realized Google loved data, it started approaching Google to get data it couldn’t get elsewhere. Google was home to the most popular search engine and most popular map app in the world. For those to work, users needed to allow Google to collect data. And if Google was collecting the data, law enforcement knew exactly where to go with so-called “warrants” that assumed nothing else than the probability (as in “probable cause”) Google’s servers might contain this data.
Everything just took off from there. Another boost to law enforcement hoovering of data was given (inadvertently) by the Supreme Court’s Carpenter decision. That decision said law enforcement needed to obtain warrants before obtaining cell site location data, especially if it covered weeks, months, or years of collected data.
No problem, said the cops. We’ll just use questionable warrants to obtain data we could credibly argue is still subject to the Third Party Doctrine. That’s how geofence warrants came to be: warrants that seek data on everyone in a certain area at a certain time, even if this theoretically limited time/place might give law enforcement plenty of data on innocent people who happened to be in the wrong place at the wrong time.
Also enter keyword warrants, in which law enforcement submits search keywords to Google, seeking anyone who might have used those terms at a particular time and place. Sounds great… right up until you realize Google has to search all of its retained user data to find information responsive to these requests.
While not exactly novel, geofence and keyword warrants reside in the gray area of unsettled law. That means the government can rack up “wins” with little fear of being found deliberately on the wrong side of the Constitution.
Legislation is in the works to curb the government’s acquisition of location data from third parties (the data brokers buying data from app developers). On this front, however, there are only the courts (mixed results) and the location data collectors (collective shrugs to this point) standing between the government and mass collection of location data.
The government isn’t going to restrain itself. But, in a surprise announcement, a company that feasts on data says it will consume a little less if it means protecting users from government overreach.
This week, the company said it will begin changing where it stores that Timeline data. Currently, it lives on your devices and Google’s servers, but when the shift takes place, your location history will remain solely on the hardware you own. And less of that data will be stored over time, Google says — only three months’ worth by default, down from the 18 months that are currently saved.
The company says the changes will “gradually roll out through the next year.”
Well… holy shit… at least to some degree. It’s an in-progress rollout, which means not everyone is protected right out of the gate. And it means that users will have to decide whether limited data collection works better for them than the wholesale collection they’re used to. If the latter appeals more than the former, users will need to find their own way to create a long-running, rolling history of their movements.
For most people, the default option will work. For most cops, it obviously won’t. And even if users decide they want to store everything Google collects about their movements, there’s no easy way for law enforcement to access this information. That data will be encrypted by default — accessible to users, but not to the government.
This is a win for Google users, which comprise roughly 99.9% of the nation. It will be portrayed by government officials as a loss for law enforcement, which will now have to perform investigations the way it has for decades: by finding suspects first and looking for evidence after.
That shouldn’t be a problem for cops who have done things the old way for years. But, of course, there are always those willing to argue that protecting citizens from their government is a net loss for society. That’s where law prof Orin Kerr comes in with his post on this subject for the Volokh Conspiracy.
My very tentative sense, from a public policy standpoint, is that this seems like a bit of a bummer. Geofencing was being used to solve some really serious crimes—like murders, rape, and armed robberies—when there were no known suspects or leads and the case had gone cold. Having governments be able, with sufficient cause, to go to a court, get a court order, and then obtain potentially responsive location records that could provide a lead to investigate was, on the whole, a good thing.
I often disagree with Orin Kerr — a Fourth Amendment scholar for whom I still retain a great deal of respect. But today is no different. The respect and the disagreement are both present here.
Even given the links to crimes supposedly solved by access to Google location data, there’s no way allowing law enforcement to force Google to search all users’ data, compile a list of data involving almost entirely innocent people, and handing that over to the government, is “on the whole, a good thing.”
Without a doubt, law enforcement could solve a lot of major crimes by searching houses door-to-door with nothing more than a “because you’re home” warrant. Would that be a “good thing” for society? Or would it be what we’ve been witnessing for years: a willingness to operate in areas ungoverned by constitutional bright line decisions just because cops can?
There are plenty of net goods for humanity that could be realized with governmental abuses of power. But, at least in the United States, the balancing of the government’s needs against the rights of the people tends to favor the people most of the time. Why? Because they have the least power. And that imbalance of power doesn’t change just because it’s a third party collecting all the data. Google may be the 800 lb. gorilla of the internet but its power pales in comparison to what the government is capable of doing when it decides to flex its muscles.
This move won’t make Google any more popular with US law enforcement agencies. As as much as it may irritate US cops (and irk Orin Kerr), the fact remains that private companies serve their users, not the US government. If the government wants the access it used to have, it needs to have a long talk with itself. If it thinks now is the time to abridge rights, it can talk to sympathetic legislators and hope any resulting laws pass the constitutional sniff test. Otherwise, it can go back to performing investigations the way it used to before everyone carried a power computer in their pockets at all times.
What’s happening here is just a long-needed course correction from one of the thirstiest data collectors in internet history. What it definitely isn’t is a net loss for society.
Filed Under: 3rd party doctrine, 4th amendment, geofence warrant, law enforcement, location data, privacy, surveillance, warrants
Companies: google
Comments on “Google Disrupts Geofence Warrants, Says (Most) Location Data Will Be Stored Locally”
Yes, typical LEO BS.
90%-plus of all crimes are solved because the suspect is obvious. Most murders, for example, are committed by people known to each other, and most are committed in the heat of passion – not clever puzzles for Law & Order or Chicago PD to figure out over the span of an hour.
If anything, hoovering the data on 2,000 innocent people to find a perp means either (a) a lot of wasted police time or (b) “round up the usual suspects” where the person who fits the profile – past record, or wrong skin colour – gets udue attenton because cops are lazy and “they all look alike”.
I agree, but...
here’s the thing. Google doesn’t give 2c for the user, Google doesn’t want the hassle, the bad optics, or the cost of fending off warrants. That’s it. This is a legal and compliance department bottom-line issue.
Oh, and if they don’t need to store location data for millions of Android users for 18 months, that’s a massive saving on data centre hardware too. Though that’s probably small bananas compared to getting the lawyers a few days off.
Re:
Sure, but even if it’s based entirely on numbers on a balance sheet, it’s still a significant shift for Google.
Re:
I gave up trying to inspect the hearts or morals of corporations a long time ago. I can only judge their actions, and in this case I think Google’s actions are an unalloyed good.
If I were to guess motivations, I think data hoovers like Google have been dreading the day a Texas or Florida prosecutor issues a geofence subpoena for women’s healthcare clinics to support prosecuting some poor woman for taking care of herself.
Google is giving users the ability to store the timeline data on Google’s servers in an encrypted format that means they cannot respond to a subpoena, so I don’t think it’s storage.
Re:
Google probably figured out that it is cheaper to, not only store the data on the user’s phone, but also to compile the add-auction-data on the user’s phone (and send only that to Google). Meaning less data-storage cost, less processing cost, less internet traffic cost, less geofence-reply cost and as a byproduct good PR by claiming more user privacy.
Now, can the cops invent a reason to force Google and Apple to search everybodies phones at the drop of a warrant? (The data is there, the apps can see it so it can be searched).
Re:
Can the cops invent a reason to force Google to keep the data on the server? And, oh yeah, you better keep it for the original 18 months. Actually, on second thought, keep it for 5 years.
But, I’m still waiting on a renewed scream from our FBI director about going dark.
I don’t really have a problem with Google providing data to the government that people have publicly provided to Google–and, no, it isn’t private data. It may be data that a person wants to keep confidential, but that’s not the same as “private.” Privacy only exists within the confines of a single person; once two or more people–and not just people–are involved, privacy goes out the door (so to speak).
Re:
So you see no problem living in state where marijuana is illegal, and the authorities looking to see that you regularly visit a state where it is legal?
Re: Re:
It maybe a bit worse than that. These asshats are busy trying to limit your travel when pregnant. Better just move to a place that is not trying to kill you.
Re:
The bootlicking rationale you’ve outlined is exactly why the government is able to hoover up every email, phone call, and text you’ve ever made, as well as every location and website you’ve ever visited.
What you’re saying is that there should be no privacy, and the government should have access to everything you’ve ever said and done from the time you’re born until the day you die.
Literally everything should go directly to the government, and the only exception is thoughts that you’ve kept to yourself. THAT’S what you’ve stated you believe.
It’s revolting, and obviously contrary to (at least) the 4th and 5th Amendments.
Re:
I challenge you to set up cameras around your house, apartment, or wherever you live and give your local representatives full access to the camera feed livestream for two whole weeks. Once the livestream is over, they will be able to retain the two-week-long recording, and you will receive no rewards in return. Do you accept this challenge?
I hope this challenge feels icky, and I hope you realize that you’re advocating for this just in a different form.
Re:
That’s why there’s a difference between “public expectation of privacy” and “privacy”.
When driving your car around in public, you know you’re in public, and have an expectation that people can see where you currently are.
But there’s a general expectation that while doing so, the government isn’t visually monitoring your every movement, recording every sound you make, screening every air sample that escapes the cabin of your vehicle, and monitoring the content of all EM radiation leaving your vehicle. Technically they could DO all these things, but it would be considered overreach and a breach of privacy, because you are not suspected of breaking any government rules before the fact.
Ah the refreshing taste of schadenfreude...
Oh noes, law enforcement might have to actually get person-specific warrants if they want to trawl through copious amounts of private data on people rather than grabbing everything and pinky-promising they’ll only look closely at ‘real’ suspects.
If they didn’t want their toys taken away like this they shouldn’t have abused it for so long and so casually. While this is a change long overdue I’ve no sympathy whatsoever for those whining that this’ll make the job ‘harder’ for law enforcement as they brought this upon themselves via their complete lack of restraint.
Unfortunately location information is available from cell towers. It may be lower precision though.
True, but the police have to get a warrant to look at the cell location information. To get that warrant they need more than just “we think the data we want is in that giant haystack of data you’ve collected. Please dig it out for us”
This comment has been flagged by the community. Click here to show it.
I like the efforts you have put in this, regards for all the great content.