from the everything-everywhere-all-in-one-place dept
Dominating a field is a mixed blessing. On one hand, it gives you extensive reach, immensely profitable products, and — if you’re just too good at it — the horrific realization your brand name has been commodified to the point that hundreds of millions of people now use your proper noun as a verb. (It also gets you targeted by the DOJ.)
On the other hand — if you’re good at what you do and hundreds of millions of people access your services every day — you become a place cops come first when they have no better investigative ideas.
This has been true for years with Google. Its collection of location data — as well as searches performed by users — makes it an extremely convenient starting point for law enforcement investigations where investigators have no leads at all.
This trend of law enforcement googling was first noted more than a half-decade ago. In some cases, warrants delivered to Google sought specified targets. The others, however, sought location data on anyone in the area of a suspected crime, with Google (and the courts) expected to trust investigators to use this wealth of data responsibly to identify potential suspects.
A few months later, it was revealed (to no one’s surprise) that federal agencies were also approaching Google for massive amounts of user location data, gathering haystacks in search of needles aided and abetted my Google’s massive collection user data.
In addition to location data, investigators were also asking Google for information on anyone who used certain search terms. While these requests were often limited to specific time frames and (if possible) certain areas, the fact was Google was expected to search all stored user data (with a single warrant) to provide investigators with this information.
The Supreme Court’s Carpenter decision was delivered less than three months after the revelation of this search, potentially limiting access to weeks or months of user location data. However, that decision dealt with location data gathered by cell service providers. Moving this data out from under the Third Party Doctrine’s free pass meant recognizing that data collected to provide service was hardly data voluntarily turned over by cell phone users. Either you agreed to turn on cell tower access or you went without phone service.
That hole in the Third Party Doctrine has been repeatedly exploited by law enforcement agencies, who have continued to approach Google to collect data on multiple people in order to find specific people. And that’s when they can’t get this data from other sources even less likely to push back against broad law enforcement requests, like data brokers who harvest all the information they can from app users who clearly aren’t aware the data they agree to hand over to app creators is being sold to others who then sell it to the government.
A half-decade on and the only thing that has changed is how often law enforcement goes to the Google well to turn tons of data points into possibly usable information. Here’s the latest, as reported by Julia Love and Davey Alba for Bloomberg. Their report opens with anecdotal evidence about Google-derived evidence — something that starts with a would-be cop being saved from his own carelessness by the readily available access to Google user data.
One morning in January 2020, Robert Potts was loading up his SUV for a trip to the police academy in Raleigh, North Carolina. He started warming up the car, his mind on exams, and went back into his apartment to grab his lunch. When he returned the SUV was gone, along with a rubber training pistol, a set of handcuffs and a portable radio.
Raleigh cops found the SUV by lunchtime. Potts was distraught. Losing your gear is very bad form for a cop, especially a rookie, and the thief had walked off with some of Potts’, including the most sensitive item—the radio. Someone could use that to disrupt the police department’s communications with false reports. Potts’ supervisors reassured him they’d take care of it.
Potts returned his focus to exams, completely unaware of the events his early-morning blunder had set in motion. He says the Raleigh PD was able to remotely disable his radio, ensuring that their communications remained uncompromised. But the cops weren’t ready to drop the matter. In their determination to recover the radio, they capitalized on two cutting-edge investigative tools available to local law enforcement—both made possible by Google.
Within days of the theft, the Raleigh PD sent Google a search warrant demanding a list of people who were in the neighborhood when the gear was stolen. They also secured a judge’s order for the company to identify anyone who Googled “Motorola APX 6000,” the model of the radio, and similar phrases in the days after the device went missing. Google handed over user location data in response.
And thus begins another law enforcement career, in which a rookie blunder is handled by the rest of the PD with no apparent effort to hold the prospective cop responsible for screwing things up this badly. Instead, investigators doubled down on Google, asking it for both location data and Google searches.
The only probable cause is the probability Google retains this data. The only specificity is whatever restraints investigators impose on themselves (geofence limitations, time period limitations). In rare cases, judges push back against these warrants for exactly these reasons. In other cases, judges don’t know (or don’t care) how much information is being gathered or how broad these requests are.
While Google is (theoretically) free to challenge these warrants, in many cases courts will decide Google can’t intercede on behalf of those targeted by these broad requests. Because Google’s intercession is limited and often ultimately ineffective, law enforcement has steadily increased its reliance on a third-party to hand over as much data as they can possibly obtain. We’re not seeing massive year-over-year gains in crime clearance rates. But we’re definitely seeing exponential growth in these warrants, which ask magistrate judges to do nothing else but decide whether or not it’s likely Google has (at least some) of the requested data on hand.
Google says it received a record 60,472 search warrants in the US last year, more than double the number from 2019. The company provides at least some information in about 80% of cases.
Cops aren’t going to cut themselves off. Google can only do so much because of legal standing issues. The rest is up to the courts. And, in most cases, magistrates are rubber-stamping these requests, while the courts above them are mostly willing to settle for the backwards interpretation of probable cause wherein Google becomes the “suspect” for the purposes of the search because it has the data investigators seek. It’s only after they receive the bulk data that investigators go to work to determine who might actually be a criminal suspect. It’s not a house-to-house search for a suspect in a physical sense. But, in a digital sense, that’s exactly what’s happening.
Since little limits law enforcement from exploiting this handy byproduct of Google products, cops are using it for everything, despite it being clear to everyone (but cops) that broad searches should be restrained to the most severe crime, otherwise it’s law enforcement making a mockery of law enforcement.
Bloomberg Businessweek collected and analyzed 115 warrants for the company’s location and search data in five states, one of the largest known reviews of such documents. The analysis, based on search warrants filed from 2020 to 2023 with courthouses in Austin, Denver, Phoenix, Raleigh and San Francisco, showed that departments used them not only to solve violent crimes but also for more routine offenses. About 1 in 5 location warrants were for offenses such as theft and vandalism. A detective in Scottsdale, Arizona, got one in search of somebody accused of stealing a Louis Vuitton handbag. In that investigation and many others, the Google data offered nothing useful.
In the Phoenix suburb of Surprise, Detective Taylor Knight obtained five geofence warrants in a span of less than three months to investigate a spate of burglaries and vandalism at construction sites last year. Among the equipment police sought to recover were a microwave and a cooktop. One of the warrants, obtained for the theft of a wood chipper, demanded information on anyone who was near the construction site for almost an entire week. The Surprise Police Department says no prosecutions have materialized.
And that’s how cops are going to end up burning their Google sources. When it’s easiest to sit at a desk and fill out a form, that will remain the preferred option for investigators. Much like cops started out using Stingrays to track people suspected of major crimes, the easy access to EASY button tech soon resulted in cops deploying repurposed war gear to hunt down people suspected of stealing fast food worth less than $100 at full retail.
It’s clear Google needs to keep collecting this information to retain its (seemingly) insurmountable search engine/advertising lead over its competitors. While that shouldn’t be considered an acceptable tradeoff for access to goods and services, the exploitation of this collection by law enforcement is a bigger concern. US law enforcement has been granted considerable leeway and considerable power to engage in investigations. That cops have decided to do all their “investigating” from their desks, moving nothing more than a mouse-finger, should be considered early-onset dystopia. But, until courts are willing to actually confront what’s happening here — rather than pushing its own EASY button (the Third Party Doctrine) — we’ll never see cops deterred from going where the data’s at, rather than doing what’s been expected for years before the internet even existed: finding suspects first and working backwards to find the evidence they need to support their suppositions and searches.