The ACLU and eight federal public defenders ordered a fourth law enforcement agency to exclude mobile device location data obtained from Google via a so-called geofence warrant that helped law enforcement catch a bank robbery suspect. Seeking the Circuit Court of Appeals.
The first geofence civil rights case before a federal appeals court raises serious Fourth Amendment concerns over unjustified searches and seizures related to the location and personal information of mobile device users.
Geofencing warrants are primarily issued to surrender data to Google about all mobile phones or other mobile devices within a specific geographic region and time period. The problem is that the location data of every person with a mobile device in the area is collected on a wide net and that data is handed over to law enforcement in bulk.
“These warrants are plainly unconstitutional,” said Tom McBryan, legal fellow at the nonprofit Electronic Privacy Information Center (EPIC) in Washington, DC. “They look at the location history of everyone in that geographic area to see where they were at that point in time.”
The geofence warrant violated the Fourth Amendment to the U.S. Constitution in several ways, McBrien argued. First, the amendment requires that warrants of evidence meet the “particularity requirement.” In other words, police need to be clear about what and who they are looking for in the data. A warrant cannot be turned into a “fishing expedition,” McBrien said.
Second, probable causes require law enforcement to link a particular person to a crime. Only then would the law allow the invasion of privacy that accompanies geofence data access.
“Google has a rich database of user information,” says McBrien. “You have a Google phone or use Google services. Google makes it very difficult to opt out of location tracking. Even later, Google can track you in other ways [service or app]…like Google Maps. ”
Additionally, Schneier says Google isn’t the only company with access to location information via pings from cell towers. Cellular networks His provider and mobile operators also have that data.
“They collect the data and you can’t opt out,” Schneier said.
McBrien has agreed that mobile operators and other network services can track users, but has yet to see a geofence warrant issued against a company other than Google.
“Apple may know where you are, but there are also many Android users who do not have an Apple iPhone. There is a lot of potential,” said McBrien.
From one suspect to thousands?
The problem with geofence warrants isn’t just that they have access to location data for large numbers of mobile users, whether or not they’re related to crime. Thousands of innocent individuals are made suspects in criminal investigations using warrants each year. According to a Harvard Law Review post.
“While traditional court orders authorize searches on known suspects, geofence warrants are issued only because the suspect cannot be identified,” notes the Harvard Law Review.
The use of geofence warrants has snowballed over the last seven years. According to EPIC, the number of warrants has grown by more than 1,000% each year since the first warrants were served on Google in 2016.
According to the latest data released by the company, Google received 982 geofence warrants in 2018, 8,396 one year later, and 11,554 in 2020. The vast majority of warrants are issued by courts to state and local law enforcement agencies. Geofence warrants issued to federal authorities accounted for only 4% of the warrants provided by Google.
2021, Google revealed A quarter of all warrants received from US authorities (both state and federal) included requests for geofencing.
“It’s clear why these warrants are useful. They have the potential to uncover more suspects,” McBryan said. I can understand why courts are initially hesitant about
what happens to the data?
In addition to possible government overreach, there is no way to know if law enforcement will use location data dumps for other purposes, said Bruce Schneier, a security consultant at Counterpane Systems.
“The exploit in these examples is that it’s hidden,” says Schneier. , but the data obtained from that data is used. ”
For example, the National Security Agency (NSA) obtains geofence warrants specific to suspected criminals and passes all the data to the FBI to inform the agency that something suspicious may be happening in a location. may inform you.
“I’m sure it happens a lot when the NSA passes on FBI data,” Schneier said. “The NSA tells the FBI, ‘This is happening on a street corner,’ and the FBI happens to have cops there, and there is no mention of NSA involvement. If they have, they could use it for anything. [want]”
Last Friday, the ACLU and public defenders issued a statement. Court Companion’s Briefs While demanding that mobile device location data obtained from Google be excluded from evidence, it notes that geolocation writs are becoming increasingly common.
“They raise serious issues under the Fourth Amendment because they are usually issued without the police proving a reason to believe that everyone who owns these devices is involved in some crime. increase. The ACLU said in a statement.
USA vs. Chatley
The civil lawsuit in question USA vs. ChatleyOkello Chatley, 27, is Convicted and sentenced to 12 years in prison We use Google Sensorvault data obtained via geofence warrants by Virginia Law Enforcement Officers. sensor vault is a Google database containing records of users’ past locations.
The appeal came after a federal judge in Virginia ruled that the geofence warrant in Chatrie’s case was too broad and lacked probable causes for much of the data police obtained. requested information about every Google device or app user estimated to be within the 17.5-acre area surrounding the location of the Virginia bank robbery.
“It’s important to note that Google is in the middle of this problem,” McBrien said. “I’ve seen examples of Google pushing back on these warrants. Google says these look very extensive — ‘You’re capturing multiple city blocks, including churches, schools, and apartments.’ — Google says it doesn’t pass the smell test.
Last week, Google in a blog post explained that with thousands of geofence warrants issued each year, they want to better ensure user privacy.
First, tech companies said they would continue to advocate for updates to the law, including: U.S. Electronic Communications Privacy Act Reflect the same protections that apply to citizens’ personal documents.
Google also says that when government agencies request personal information from users (such as what users provide when signing up for a Google account or the content of emails), their policies require several things. .
- “We carefully scrutinize requests to ensure they meet the law and our policies. must be in writing issued under
- “Evaluate the scope of your request. If the scope is too broad, we may refuse to provide information or try to narrow down the request. Do this often.
- “If necessary, we will notify users of legal requests so that they may contact the requesting entity or consult an attorney. We may not be able to ( In that case, we may release a gag order, attempt to open a search warrant) or have no verified contact information.”
Google also said it will do more to communicate with users about the warrant request. created a new section See our Transparency Report for answers to user questions.
ACLU clarifies concerns
The ACLU and public advocates said in the Amicus opinion that the geofence warrants provided “a wealth of information about classified groups of individuals wiped online, from meetings between journalists and sources to church attendance.” claimed that it could be revealed by chance.
In its statement, the ACLU said law enforcement seized the opportunity presented by this “stockpile of information, creating geofence warrants seeking location data for all users within a given area.” increase.
According to EPIC’s McBrien, there is a relative paucity of case law addressing geofence warrants. Currently, law enforcement is only being held back by the courts and pushing the envelope as much as possible, he said.
“I’m currently only aware of seven federal lawsuits that have come out. [of geofence warrants]State-level cases are difficult to track. This is a new problem,” he said McBrien. “There are a lot of pieces coming out every year. With the explosion in the use of these warrants, there could be a lot of judicial precedents about this.”
Schneier said he was not confident the courts would quickly address the issue and said it was up to the public to demand lawmakers use the law to limit the scope of geofence warrants. And citizens need to lobby Congress to address this issue.
“We have to change the law,” Schneier said. “There’s nothing magical you can do to protect your phone. These are systemic problems that require systemic solutions. So make this a political issue.”
McBrien believes courts will eventually catch up with the technology and eventually place limits on companies’ ability to collect geofence data and distribute it to law enforcement. In the meantime, he agreed with Schneier — his two-pronged approach, using both the law and the courts, is the best approach to ensuring that the constitutional right to privacy is preserved. .
For example, the New York State Legislature currently Reverse position search prohibition lawThis prohibits searches of geolocation and keyword data for groups of people who are not personally suspected of having committed a crime, with or without a warrant.
“Part of this is that society needs to be aware of the problem,” McBryan said.
Copyright © 2023 IDG Communications, Inc.
https://www.computerworld.com/article/3686535/aclu-public-defenders-push-back-against-google-giving-police-your-mobile-data.html ACLU, Public Advocate Opposes Google Giving Your Mobile Data to Police