Outsourcing Police Investigations to Google Risks Privacy and Justice

Outsourcing Police Investigations to Google Risks Privacy and Justice

In December, Jorge Molina was arrested on suspicion of the murder of Joseph Knight, an airport worker who was shot dead as he cycled home in the early hours of March 14, 2018, in Avondale, Arizona. The United States witnesses around 17,000 murders a year, but what made Knight’s case different was that police were led to their suspect only after asking Google to send Global Positioning System (GPS) data on all the mobile phones passing through Knight’s cycling route.

The data revealed that a suspect vehicle, captured on surveillance footage, had taken the route. In receiving data from Google on all the devices that passed through it, the Avondale Police Department not only provided another example of what’s becoming an increasingly common practice in law enforcement, it also set a new precedent for other police departments elsewhere in the US. Even though it’s now a common and familiar practice for police to exhaustively trace the digital footprints of already identified suspects, it’s a relatively new development for them to actually gather the digital footprints of numerous people in order to home in on a suspect in the first place.

That the Avondale Police Department was able to identify Molina using aggregated, area-based Google data is certainly an impressive feat. However, it required the filing of a “reverse search warrant,” which involves applying for information on a group of people in order to narrow down the search to specific persons of interest. And because this entailed the handing over of data belonging to individuals with no connection to Knight’s death, it raises some alarming questions about privacy. It also raises questions about the reliability of the arrests and convictions police secure, given that there is at least one case on record of an individual being wrongly imprisoned as a result of phone-sourced location data.

Data Isn’t Infallible

This case of wrongful imprisonment relates to the arrest and conviction of Lisa Marie Roberts, who in 2014 was released from prison after having pleaded guilty in 2004 to manslaughter charges in the death of her girlfriend, Jerri Lee Williams. Roberts had submitted a guilty plea solely on the basis of evidence provided by cell tower records, which had put her in the vicinity of the crime. However, despite her confession, a judge ultimately overturned the conviction, arguing that cell tower records alone weren’t convincing enough as evidence, and that a jury most likely wouldn’t have found her guilty if she’d stood trial.

Such an outcome reveals the folly of relying on location data alone when seeking to explain a crime, and while cell tower records aren’t exactly the same as GPS data collected from smartphones by Google, it offers a stark warning, especially because US police forces have been increasingly prodding Google for such data in recent months and years.

For example, the North Carolina-based WRAL news agency reported that, on at least four occasions in 2017, the Raleigh Police Department had obtained warrants to receive Google data on any device that had been within the area of certain crimes at specific times. In one case of homicide, the department asked for information associated with the Google accounts located within the geographical region defined as being within 150 meters of the GPS coordinates 35.785556 and -78.617145 between 6 pm and 7 pm Eastern time, on November 7, 2016, and between 5:25 pm and 6:25 pm Eastern time on November 8, 2016.

More specifically, such “information” comprises anything that could be attached to a Google account, such as internet protocol addresses, email addresses, payment info and names. It’s usually more than enough to identify someone, which is why the authorities haven’t been asking for it only in North Carolina, but also in other states.

In Minnesota in early 2017, a judge signed a reverse search warrant so that police could receive the Google account info of anyone who searched for the name of a fraud victim. In Maine last March, the FBI asked Google for the data of anyone who had been near the location of at least two of nine robberies, covering a total area of around 45 hectares (although it would seem that Google didn’t provide the data in this case). In October, Virginia saw the FBI pester Google again, this time for the account data and location histories of anyone within three separate areas (linked to repeated robberies of the same Dollar Tree), all of which had at least a 300-meter radius.

While the examples cited only six states, the emergence of reverse search warrants in these areas in recent years signals an alarming trend, especially given the general nature of the data requests involved and the potential for false convictions.

Most police departments aren’t forthcoming about whether they’ve begun seeking such warrants (although the New York Police Department told Truthout that it has never submitted such a request), yet data from Google indicate that search warrants of all kinds have been increasing significantly in recent years. In the second half of 2012, Google received 1,896 search warrants from US police forces, while in the first half of 2018, the company received 6,900. This is a 264 percent increase, and despite Google not offering a breakdown of warrants into those that focus on already identified suspects and those that simply cast a geographical net, it at least shows that police forces are becoming more reliant on Google data.

While the evidence suggests that reverse search warrants are becoming more common, legal experts say it’s not clear whether their use will affect the reliability of arrests and convictions, and there’s certainly a chance such warrants could have negative ramifications.

“I believe that the use of Google location data will lead to investigations and arrests that would not have happened but for this data,” said Marina Medvin, a legal expert and founding attorney at Medvin Law. “Simultaneously, law enforcement will cease pursuing certain leads that are not corroborated by the location data, and hence, will not arrest suspects based on lack of corroborative information or in lieu of new leads. The new information will simultaneously endanger and protect.”

Medvin is cautious as to whether the use of aggregated data could lead the authorities astray more than it would lead them along the right path, if only because arrest and prosecution standards have always relied on “probable cause,” meaning that at least a minimal degree of uncertainty has almost always been present in criminal cases. That said, she acknowledges that Google data are inherently different from other, more traditional kinds of evidence, such as that provided by fingerprints.

“While a fingerprint is entirely unique to the individual, Google location data is unique only to a phone: a handheld device that does not reliably corroborate the identity of the user of said device at the specific moment,” she says. “So, while your phone was at a particular place, [that] does not mean that you were there too. This personally unidentifiable data will always lead to big questions of reasonable doubt at trial.”

The possibility of doubt or error might be disconcerting for any future defendants, but Medvin notes that the use of reverse Google data could eventually be taken up by defense as well as prosecution teams, something which could effectively balance out the play of forces.

“Looking on the opposite side of the spectrum in cases where there is no Google location data, or where the location data puts the accused in a different location, defense attorneys will be able to argue that a lack of Google location data exonerates their client,” she says. “This is no different than when we argue that our clients’ prints were not found on certain pieces of evidence, and hence, there is reasonable doubt that our client is not the culprit.”

Privacy and Constitutionality

Yet, according to some privacy advocates, the biggest issue here isn’t the possibility of wrongful arrests, but the wider implications of Google sharing the data of innocent and unaware individuals, as well as the ramifications of having our every move tracked.

“When it comes to personal, sensitive details, people should always be concerned, especially of what information they give out to third parties and whether it is absolutely necessary,” says Daniel Markuson, the digital privacy expert at NordVPN, a virtual private network service provider. “Having a device with [an operating system] developed by Google automatically means that you are fine with at least some data collection. The question is whether or not you are fine with how that data is going to be used.”

Markuson acknowledges that the privacy implications of handing over personal info to agencies such as the police would vary depending on the scale and volume of data involved. “However, giving out people’s private information without their consent is definitely a form of privacy violation,” he adds.

Yet, as Mark Weinstein, a privacy expert and the founder/CEO of social network MeWe explains, the violation of our privacy doesn’t simply stop with the handing over of details to law enforcement.

“The complexities arise when Google’s ‘Big Brother’ ability to know at all times where we are and who we are assembling with is misused or abused,” he says. “The good news is that Google has a stated legal process, including subpoenas, court orders and search warrants for law authorities to follow in order to gain such information. The bad news is that Google even has this information at all.”

This is what advocates like Weinstein warn against: Even if Google has the best of intentions, it has built technologies and erected a system that, if misappropriated, could arguably become one of history’s greatest instruments of repression. “Therein lies the rub: Is Google sticking to their guns, so to speak, and making sure proper legal process is followed to gain this information?” Weinstein asks. “And to the question of does it put innocent people coincidentally nearby at risk for becoming suspects: Well yes, but that is always the case in a crime investigation.”

Returning to the matter of legal process, there’s also the question of whether the use of reverse search warrants in criminal cases is constitutional, and would actually be upheld in a court of law. Attorney Medvin suggests that this question hinges on whether, when we use services such as Google Maps, we have a reasonable expectation of privacy. “This is a classic American privacy question,” she explained, citing the 1967 Katz v. United States Supreme Court case in which the Court ruled that the Fourth Amendment – which protects individuals against unreasonable searches and seizures – also applies to electronic searches.

In that landmark case, the Supreme Court outlined a privacy analysis, specifying two conditions in which an individual’s privacy, as protected by the Fourth Amendment, would be unjustifiably violated in the context of electronic communications. Firstly, a defendant would have to have exhibited an expectation of privacy in using a particular mode of communication, and, secondly, this expectation would have to be one that society recognized as “reasonable.”

“Applying that reasoning to Google location data is much more complicated,” Medvin says. “Does a Google user have an expectation of privacy in his location history, and will society recognize that expectation as reasonable?” In other words, is it legal for the police to use location data to put you inside your home, even though the law forbids them from actually entering and searching your home without a warrant?

There is, of course, no easy way to decide such questions outside of a court of law. Moreover, Medvin raised the possibility that user consent might remove the presence of a reasonable expectation of privacy. “By use of the free app and acceptance of the ‘Click to Agree’ terms, does the Google location user voluntarily consent to the distribution of that data any way Google sees fit and therefore waives his right to assert a privacy interest in that data? This is all heavily complex and will need to be decided by the higher courts.”

Assuming that police departments continue requesting Google data on all the devices in particular areas, it is perhaps only a matter of time before a state or federal court is called upon to decide on the constitutionality of reverse search warrants. But it remains unclear which way the question will be decided.

The possibility of increasing interconnection between the police and Google raises vital questions for anyone who cares about their privacy, especially because area-based data can be collected on not only those who use Android smartphones, but on anyone who uses Google apps (including Google Maps).

Even more worryingly, there seems to be no way of preventing your smartphone from collecting location data, since even switching on airplane mode (on iPhones and Android phones) fails to disable GPS. “People can disable their location services, mobile data and Wi-Fi while moving around, which would reduce the risk,” NordVPN’s Markuson explains. “However, the impact on their privacy wouldn’t be that significant and would come at the expense of people’s comfort and convenience. It is definitely not a bulletproof solution.”

There is, then, no practical way of avoiding the fact that our smartphones have essentially become little spies working on behalf of law enforcement agencies, short of using custom firmware or ditching Google or our smartphones altogether. This is why it’s vital that lawyers and judges push back against the indiscriminate use of area-based Google data, since the alternative may be false arrests and miscarriages of justice.