TPC 6: A Virtual Dragnet Nightmare

Sent to prison for a crime you didn’t commit because the police got location data from Google – this isn’t the plot of a novel or a hypothetical scenario. It’s happened, multiple times, in the US already.

The police is now using virtual dragnets to pull in cellphone app location data from everyone who was in the area when a crime occured. Even one of the guys at Google who designed one of the apps that is most used for this kind of thing calls these warrants “a fishing expedition”. On today’s episode of The Private Citizen, we are looking into how this works in detail.

I am aware that this is only being used in the US so far, but it nonetheless impacts all of us. This is because the US very often is a test bed for ideas that sooner or later will be introduced for all of us who live in other countries.

But before we get into the main topic of the show, let’s quickly go back to episode 1 of the show and Clearview AI. They apparently worked to integrate all mugshots taken in the US in the past 15 years into their database, as early as August 2019. At least that’s what Medium staff writer Dave Gershgorn is reporting:

“We are… working to acquire all U.S. mugshots nationally from the last 15 years, so once we have that integrated in a few months’ time it might just be superfluous anyway,” wrote the Clearview AI employee.

The email, sent by a representative for Clearview AI in August 2019, was in response to an inquiry from the Green Bay Police Department in Wisconsin, which had asked if there was a way to upload its own mug shots to Clearview AI’s app.

Clearview AI did not immediately respond to a request for comment from OneZero. It is unclear whether the company ultimately succeeded in acquiring such a database.

It’s unclear how many images a national database of mug shots would add to the online sources Clearview AI has already scraped. For context, the FBI’s national facial recognition database contains 30 million mug shots. Vigilant Solutions, another facial recognition company, has also compiled a database of 15 million mug shots from public sources.

The Clearview AI employee also told the Green Bay Police Department that it was developing a way for its customers to upload their own images to the company’s app. This would allow police departments to combine their databases with Clearview AI’s.

How Google Turned a Cyclist into a Burglary Suspect

In the US, NBC News broke the story of a cyclist who was contacted by Google in response to a warrant for his user data from a local police department. He found out that he was the prime suspect in a burglary he didn’t commit. He had to hire a lawyer to prove his innocence. And all of this just because he used a cycling tracking app that created location data on Google’s servers.

The email arrived on a Tuesday afternoon in January, startling Zachary McCoy as he prepared to leave for his job at a restaurant in Gainesville, Florida. It was from Google’s legal investigations support team, writing to let him know that local police had demanded information related to his Google account. The company said it would release the data unless he went to court and tried to block it. He had just seven days.

In the notice from Google was a case number. McCoy searched for it on the Gainesville Police Department’s website, and found a one-page investigation report on the burglary of an elderly woman’s home 10 months earlier. The crime had occurred less than a mile from the home that McCoy, who had recently earned an associate degree in computer programming, shared with two others. McCoy worried that going straight to police would lead to his arrest. So he went to his parents’ home in St. Augustine, where, over dinner, he told them what was happening. They agreed to dip into their savings to pay for a lawyer. The lawyer, Caleb Kenyon, dug around and learned that the notice had been prompted by a “geofence warrant,” a police surveillance tool that casts a virtual dragnet over crime scenes, sweeping up Google location data – drawn from users’ GPS, Bluetooth, Wi-Fi and cellular connections – from everyone nearby.

Still confused – and very worried – McCoy examined his phone. An avid biker, he used an exercise-tracking app, RunKeeper, to record his rides. The app relied on his phone’s location services, which fed his movements to Google. He looked up his route on the day of the March 29, 2019, burglary and saw that he had passed the victim’s house three times within an hour, part of his frequent loops through his neighborhood, he said.

“It was a nightmare scenario,” McCoy recalled. “I was using an app to see how many miles I rode my bike and now it was putting me at the scene of the crime. And I was the lead suspect.”

A Fishing Expedition

How did this happen? A classic fishing expedition.

The victim was a 97-year-old woman who told police she was missing several pieces of jewelry, including an engagement ring, worth more than $2,000. Four days after she reported the crime, Gainesville police, looking for leads, went to an Alachua County judge with the warrant for Google. In it, they demanded records of all devices using Google services that had been near the woman’s home when the burglary was thought to have taken place. The first batch of data would not include any identifying information. Police would sift through it for devices that seemed suspicious and ask Google for the names of their users.

That request triggered the Jan. 14 notice the technology giant sent to McCoy, part of its general policy on notifying users about government requests for their information. The notice was McCoy’s only indication that police wanted his data.

While privacy and civil liberties advocates have been concerned that geofence warrants violate constitutional protections from unreasonable searches, law enforcement authorities say those worries are overblown. They say police don’t obtain any identifying information about a Google user until they find a device that draws their suspicion. And the information alone is not enough to justify charging someone with a crime, they say. Google geofence warrants have been used by police agencies around the country, including the FBI. Google said in a court filing last year that the requests from state and federal law enforcement authorities were increasing rapidly: by more than 1,500 percent from 2017 to 2018, and by 500 percent from 2018 to 2019.

“It’s a great tool and a great technology,” said Kevin Armbruster, a retired lieutenant with the Milwaukee Police Department, where he oversaw the use of high-tech investigative work, including geofence warrants. “I would think the majority of citizens in the world would love the fact that we are putting violent offenders in jail,” Armbruster said.

Yeah, we do. The issue isn’t with that. The issue is the methods you are using. Exitus acta probat is an extremely slippery slope. Especially German history is very clear on this.

Unconstitutional Warrants

So how did this guy’s lawyer fight these bogus charges?

There have been very few court challenges to Google geofence warrants, mainly because the warrants are done in secret and defense lawyers may not realize the tool was used to identify their clients. One exception is an accused bank robber in Midlothian, Virginia, who is fighting the charge by arguing the geofence warrant used against him was illegal. That case is pending.

Once McCoy realized his bike ride had placed him near the scene of the crime, he had a strong theory of why police had picked his device out of all the others swept up by the warrant. He and Kenyon set out to keep them from getting any more information about him – and persuade them that he was innocent. Kenyon said he got on the phone with the detective on the case and told him, “You’re looking at the wrong guy.”

On Jan. 31, Kenyon filed a motion in Alachua County civil court to render the warrant “null and void” and to block the release of any further information about McCoy, identifying him only as “John Doe.” At that point, Google had not turned over any data that identified McCoy but would have done so if Kenyon hadn’t intervened. Kenyon argued that the warrant was unconstitutional because it allowed police to conduct sweeping searches of phone data from untold numbers of people in order to find a single suspect. That approach, Kenyon said, flipped on its head the traditional method of seeking a search warrant, in which police target a person they already suspect.

“This geofence warrant effectively blindly casts a net backwards in time hoping to ensnare a burglar,” Kenyon wrote. “This concept is akin to the plotline in many a science fiction film featuring a dystopian, fascist government.”

This approach worked. It seems to have prompted the police officers in question to look at the data properly for the first time.

The filing seemed to give law enforcement authorities second thoughts about the warrant. Not long afterward, Kenyon said, a lawyer in the state attorney’s office assigned to represent the Gainesville Police Department told him there were details in the motion that led them to believe that Kenyon’s client was not the burglar. The state attorney’s office withdrew the warrant, asserting in a court filing that it was no longer necessary. The office did not respond to a request for comment.

Even then, Kenyon wanted to make sure police didn’t have lingering doubts about McCoy, whom they still knew only as “John Doe.”” So he met with the detective again and showed him screenshots of his client’s Google location history, including data recorded by RunKeeper. The maps showed months of bike rides past the burglarized home.

In the end, the same location data that raised police suspicions of McCoy also helped to vindicate him, Kenyon said. “But there was no knowing what law enforcement was going to do with that data when they got it behind closed doors. Not that I distrust them, but I wouldn’t trust them not to arrest someone.” He pointed to an Arizona case in which a man was mistakenly arrested and jailed for murder largely based on Google data received from a geofence warrant.

Kenyon said that in a visit to his office, the detective acknowledged that police no longer considered his client a suspect. On Feb. 24, Kenyon dropped his legal challenge. The case ended well for McCoy, Kenyon said, but “the larger privacy fight will go unanswered.”

Innocence Doesn’t Protect You

This story is a perfect example of why the idea that you don’t have anything to worry about if you are innocent is utter horseshit. It also teaches us that people who are generally privacy-focused may overlook whole areas of very private data which they are leaking.

For most of his life, McCoy said, he had tried to live online anonymously, a habit that dated to the early days of the internet when there was less expectation that people would use their real names. He used pseudonyms on his social media accounts and the email account that Google used to notify him about the police investigation. But until then, he hadn’t thought much about Google collecting information about him.

Just before the start of his ordeal, he’d listened to a call-in radio debate about the Department of Justice’s fight with Apple over access to an iPhone left by a Saudi national who’d gunned down several people at an air base in Pensacola, Florida, in December. He remembered some callers saying they had no problem with law enforcement having access to phone data, arguing that people had nothing to worry about as long as they didn’t break the law. Now McCoy thought the callers weren’t considering predicaments like his.

“If you’re innocent, that doesn’t mean you can’t be in the wrong place at the wrong time, like going on a bike ride in which your GPS puts you in a position where police suspect you of a crime you didn’t commit,” McCoy said.

The Rise of Geofence Warrants

Unfortunately, geofence warrants seem to be on the rise, according to an earlier story from the same writer.

The use of geofence warrants seems to be increasing, according to defense lawyers and privacy advocates. There is no easy way to track them, but they have been documented in cases in North Carolina, Minnesota, Virginia, Arizona and elsewhere. Contractors now offer to help police looking to use the warrants.

Google said it only produces location-history data if served with a geofence warrant, and has fought attempts to get such information without one. The company did not provide information on how often it received those requests. Its transparency reports show that the number of search warrants sent to the company more than doubled in the past two years, to 19,046 from July 2018 to June 2019.

“It is the digital equivalent of searching every home in the neighborhood of a reported burglary, or searching the bags of every person walking along Broadway because of a theft in Times Square,” Chatrie’s lawyers said in an October court filing. “Without the name or number of a single suspect, and without ever demonstrating any likelihood that Google even has data connected to a crime, law enforcement invades the privacy of tens or hundreds or thousands of individuals, just because they were in the area.”

Prosecutors say that the search was legal because Chatrie had opted into Google’s location services, allowing his Android phone and the company’s apps to track his movements. And they say police avoided collecting personal information from people unconnected to the robbery.

As we know from what I talked about in episode 3 of the podcast, the US Supreme Court seems to be on the side of privacy advocates when it comes to location data collected from cell towers. Which makes it likely that they will eventually decide similarly on location data collected via apps.

This is another example of the US government circumventing the Carpenter decision via location data collected by apps. We need to fight this now and we need to fight it hard.

Google’s Sensorvault

This story on an innocent man who went to jail for a murder he didn’t commit in The New York Times has some more information on how these geofence warrants work.

The warrants, which draw on an enormous Google database employees call Sensorvault, turn the business of tracking cellphone users’ locations into a digital dragnet for law enforcement. In an era of ubiquitous data gathering by tech companies, it is just the latest example of how personal information – where you go, who your friends are, what you read, eat and watch, and when you do it – is being used for purposes many people never expected.

Sensorvault, according to Google employees, includes detailed location records involving at least hundreds of millions of devices worldwide and dating back nearly a decade.

According to several current and former Google employees, the Sensorvault database was not designed for the needs of law enforcement, raising questions about its accuracy in some situations. Though Google’s data cache is enormous, it doesn’t sweep up every phone, said Mr. Edens, the California intelligence analyst. And even if a location is recorded every few minutes, that may not coincide with a shooting or an assault. Google often doesn’t provide information right away, investigators said. The Google unit handling the requests has struggled to keep up, so it can take weeks or months for a response.

But despite the drawbacks, detectives noted how precise the data was and how it was collected even when people weren’t making calls or using apps – both improvements over tracking that relies on cell towers.

The new orders, sometimes called “geofence” warrants, specify an area and a time period, and Google gathers information from Sensorvault about the devices that were there. It labels them with anonymous ID numbers, and detectives look at locations and movement patterns to see if any appear relevant to the crime. Once they narrow the field to a few devices they think belong to suspects or witnesses, Google reveals the users’ names and other information.

The new factor here seems to be that they are using this data for fishing expedition, which leads to many, many innocent people having their privacy invaded. And it, apparently, also leads to innocent people getting into the cross hairs.

Technology companies have for years responded to court orders for specific users’ information. The new warrants go further, suggesting possible suspects and witnesses in the absence of other clues. Often, Google employees said, the company responds to a single warrant with location information on dozens or hundreds of devices. Law enforcement officials described the method as exciting, but cautioned that it was just one tool.

It is unclear how often these search requests have led to arrests or convictions, because many of the investigations are still open and judges frequently seal the warrants. The practice was first used by federal agents in 2016, according to Google employees, and first publicly reported last year in North Carolina. It has since spread to local departments across the country, including in California, Florida, Minnesota and Washington. This year, one Google employee said, the company received as many as 180 requests in one week. Google declined to confirm precise numbers.

“There are privacy concerns that we all have with our phones being tracked – and when those kinds of issues are relevant in a criminal case, that should give everybody serious pause,” said Catherine Turner, a Minnesota defense lawyer who is handling a case involving the technique.

Mr. Molina, 24, said he was shocked when the police told him they suspected him of murder, and he was surprised at their ability to arrest him based largely on data. “I just kept thinking, You’re innocent, so you’re going to get out,” he said, but he added that he worried that it could take months or years to be exonerated. “I was scared,” he said.

Current and former Google employees said they were surprised by the warrants. Brian McClendon, who led the development of Google Maps and related products until 2015, said he and other engineers had assumed the police would seek data only on specific people. The new technique, he said, “seems like a fishing expedition.”

What data is stored?

In 2009, the company introduced Location History, a feature for users who wanted to see where they had been. Sensorvault stores information on anyone who has opted in, allowing regular collection of data from GPS signals, cellphone towers, nearby Wi-Fi devices and Bluetooth beacons.

People who turn on the feature can see a timeline of their activity and get recommendations based on it. Google apps prompt users to enable Location History for things like traffic alerts. Information in the database is held indefinitely, unless the user deletes it.

Feedback

RikyM gives me a ringing endorsement that would make an excellent label for the website:

Kudos to Fab for having the last crap-free website in the history of humanity!

Thanks for the nice words, man. I certainly try.

Niall Donegan, aside from having provided me with the topic for this episode, tells me about http://lite.cnn.com which purposefully works over HTTP.

In this particular case, the brief was to put as few requirements to access the site as possible, hence why it works under pure http as well as https. Actually heard a really good interview with one of the people involved but can’t remember which podcast it was on.

A shame about the (real-time) tracking cookies, though.

If you also have thoughts on the things discussed here, please feel free to contact me.

Toss a Coin to Your Podcaster

I am a freelance journalist and writer, volunteering my free time because I love digging into stories and because I love podcasting. If you want to help keep The Private Citizen on the air, consider becoming one of my Patreon supporters.

You can also support the show by sending money to via PayPal, if you prefer.

This is entirely optional. This show operates under the value-for-value model, meaning I want you to give back only what you feel this show is worth to you. If that comes down to nothing, that’s OK with me, pard. But if you help out, it’s more likely that I’ll be able to keep doing this indefinitely.

Thanks and Credits

I like to credit everyone who’s helped with any aspect of this production and thus became a part of the show.

Aside from the people who have provided feedback and research and are credited as such above, I’m thankful to Raúl Cabezalí, who composed and recorded the show’s theme, a song called Acoustic Routes. I am also thankful to Bytemark, who are providing the hosting for this episode’s audio file.

But above all, I’d like to thank the following people, who have supported this episode through Patreon or PayPal and thus keep this show on the air: Niall Donegan, Michael Mullan-Jensen, Jonathan M. Hethey, Georges Walther, Dave, Kai Siers, Matt Jelliman, Fadi Mansour, Joe Poser, Mark Holland, Steve Hoos, Butterbeans, Shelby Cruver, Dave Umrysh, Vytautas Sadauskas, RikyM, drivezero and Ali Buchan.