Geofence warrants: How police can use protesters’ phones against them (The searches, sometimes known as reverse location requests, increased fivefold from 2018 to 2019.)

Geofence warrants: How police can use protesters’ phones against them (The searches, sometimes known as reverse location requests, increased fivefold from 2018 to 2019.)

google-maps-2

(Google has received up to 180 geofence warrants a week. Angela Lang/CNET)

Rather than seeking warrants for a person backed up with probable cause, police have begun relying on geofence warrants that sweep up information on any device that happened to be in the vicinity of a crime.

Using these wide-ranging data requests, police often get information from companies like Google, collecting data on people who were in the area and almost all of whom are innocent. Police have used the tactic for serious cases like murder investigations, as well as nonviolent property crimes like burglaries.

Meanwhile, thousands of people have been arrested nationwide following protests over police brutality sparked by the killing of George Floyd, who died after being pinned down by officers in Minneapolis. On Tuesday, BuzzFeed News reported that the Drug Enforcement Agency had been given authority to conduct surveillance on protesters.

Geofence warrants, sometimes known as reverse location searches, are just one of those tools. They effectively allow police to get information on every protester through one single request. Google, which gets the majority of these requests because of its location history feature, said it only provides data from that feature, which needs to be opt-in.

“We vigorously protect the privacy of our users while supporting the important work of law enforcement.  We developed a process specifically for these requests that is designed to honor our legal obligations while narrowing the scope of data disclosed,” Richard Salgado, Google’s director of law enforcement and information security, said in a statement.

The company also said it doesn’t comply with requests without a warrant and has litigated against location history requests without a warrant. Google didn’t comment on whether it would comply with a geofence warrant related to protests.

“I hope that Google would not comply with a reverse location warrant associated with an investigation of a protest,” said Mark Rumold, a senior staff attorney at the Electronic Frontier Foundation. “If nothing else for the fact that it is bound to disclose so much information about so many people engaged in a First Amendment activity.”

The unprecedented number of tools police have to surveil the public en masse has prompted the creation of several guides on maintaining your privacy while attending protests.

Police have used similar tactics in the past to identify protesters. Records obtained by the EFF found that the University of California police issued a warrant to phone providers to identify phone numbers and names of demonstrators that were at the 2017 protests at University of California, Berkeley.

“It’s so chilling to imagine how easily this sort of tool can be used to identify every single person at a protest, regardless of whether or not they broke the law or any suspicion of wrongdoing,” said Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project.

Here’s a breakdown of geofence warrants, how often they’ve been used and how to find out if you’ve been a part of these sweeping surveillance tactics.

What are geofence warrants?

Geofence warrants are warrants used by police to tech companies for information about devices in specific areas.

Normally, search warrants are carried out with probable cause and tied to a specific suspect or address. Geofence warrants allow for sweeping searches across areas.

If a company complies with the warrant, it will have to provide details on all devices in a specific area at a specified time. That means investigators don’t just get data on a person they’d consider to be a suspect, but also information on everyone else who happened to be at the same place at the same time.

Many of these requests are sent to Google because the Android operating system, installed on 2.5 billion active devices, is more widespread than Apple’s iOS. Google also has apps, such as Google Maps, that collect data on any device they’re installed on, including Apple products.

warrant-geofence.png
A geofence warrant issued in 2019 looking for people within 150 meters of a bank robbery. United States v. Chatrie

Though requests can be sent to other companies, many don’t have the vast reach and location data retention that Google does.

The geofence warrant requests to Google ask for information from its Sensorvault database, which has location logs of hundreds of millions of people. The database is intended for Google’s advertising purposes, but police are increasingly using it for investigations.

To comply with the requests, Google searches through millions of users to pinpoint them at the specific time and place that police are investigating.

“The general warrants from colonial times authorized law enforcement to go house by house looking for evidence,” Rumold said. “You’re going Google user by Google user and searching their location history. It’s unprecedented.”

The results return anonymous ID numbers. Police then pick certain devices they consider suspicious to get more specific information.

In a court document from December 2019, Google said the data provided by the Sensorvault database is often more accurate than phone tower location logs. That’s because its location data doesn’t come from just one source, but a combination of GPS signals, Wi-Fi networks, Bluetooth beacons and cell tower data.

How often have they been used by investigators?

Geofence warrant requests are becoming more popular among investigators.

Google saw a 15-fold increase in geofence requests from 2017 to 2018. The following year, it increased fivefold, the company said in court documents. A New York Times report from April 2019 found that Google received as many as 180 requests a week.

Forbes reported in December 2019 that in an investigation from the Bureau of Alcohol, Tobacco, Firearms and Explosives, Google provided records on 1,500 phone locations from a reverse location search.

In Minnesota, KSTP-TV found that geofence warrants in the state more than doubled from 2018 to 2019. The majority of the requests involved nonviolent crimes like burglary. In New York, the Manhattan district attorney also used reverse search warrants to get information on devices used near a brawl between anti-fascists and The Proud Boys, a far-right group, to identify people involved.

Google received more than 156,000 government requests for user information in 2019, but the company doesn’t break out how many of those are from geofence warrants.

How do I know if I’ve been swept up as part of a search request?

Google is supposed to notify you if your data is collected and given to law enforcement as part of a geofence warrant. The notice can come as a surprise for many innocent people, like a cyclist who rode his bike past a burglarized home, according to NBC News.

With warrant requests, though, the documents can often be sealed or requested under a gag order, which would prevent Google from informing people that their data was provided to police. This is sometimes done to prevent an ongoing investigation from being revealed.

How easy are these warrants for police to get?

You’d think that a warrant that sweeps across an entire area would be difficult to obtain. With a geofence warrant, however, police don’t even need a person’s name to get a judge to sign off on it.

In a warrant request from police in Virginia in 2019, the probable cause included seeing that the suspect had a phone in his hand during a bank robbery. That’s all it took for a judge to OK a sweeping warrant of the area, which led Google to hand over cellphone location data on 19 people from the requested time frame.

report from Minnesota Public Radio found that judges signed off on geofence warrant requests in as little as four minutes, sometimes without authorities ever explaining how many people would be caught up in the searches or how large the areas would be.

Are these warrants being challenged by lawmakers?

No federal laws prohibit or restrict these types of search warrants, but state officials and lawyers are challenging their legality.

In New York, Zellnor Myrie, a state senator, and Dan Quart, an assembly member, sponsored a bill in April that would prohibit geolocation warrants. If passed, it would be the only law in the country that prevents this practice.

“It wouldn’t just ban reverse search warrants, it would block officers from circumventing a warrant and simply purchasing this information from a data broker,” Surveillance Technology Oversight Project’s Cahn said.

The National Association of Criminal Defense Lawyers is also challenging the constitutionality of geofence warrants in a Virginia case. The organization argues that geofence warrants are unconstitutional because of how broad the requests are.

“This is no ordinary warrant. It is a general warrant purporting to authorize a classic dragnet search of every Google user who happened to be near a bank in suburban Richmond during rush hour on a Monday evening,” the association said in court documents. “This is the kind of investigatory tactic that the Fourth Amendment was designed to guard against.”

Congress has questioned Google on its Sensorvault database and how it’s shared with third-parties without specifically addressing geofence warrants.

Can this data be misinterpreted or misleading?

Because these warrants don’t carry the name of a specific individual or person of interest, the resulting investigations can often be a shot in the dark against innocent people.

When the Manhattan district attorney’s office filed a geofence warrant, Google gave data on two people who turned out to be innocent bystanders near the Proud Boys and Antifa brawl. The two people were never arrested, but it doesn’t end that way for everyone.

In Times’ investigation, an Arizona man was arrested on murder suspicions based on evidence from the geofence warrant that put him near the slaying. He spent nearly a week in jail before investigators found evidence exonerating him. During that time, he lost his job and his car.

Google also said in court documents that the data provided isn’t completely accurate.  The company said it estimates it logs where a person is with a 68% chance of accuracy.

“As a result, it is possible that when Google is compelled to return data in response to a geofence request, some of the users whose locations are estimated to be within the radius described in the warrant (and whose data is therefore included in a data production) were in fact located outside the radius,” Google said in the documents.

That could be a minor inconvenience if you’re using Google Maps to find a store, but a serious flaw if you’re using that data in a criminal prosecution.

How can I prevent my data from getting collected as part of these searches?

The short answer is to turn off your location history, your Wi-Fi, Bluetooth and phone signals on your device if you’re going to a protest or any situation where you don’t want to be surveilled.

In court documents, Google said the data is only collected in Sensorvault when location history is enabled. Roughly one-third of Google users have it turned on, meaning tens of millions of people who are potentially vulnerable to these searches.

“Make that feature as useless as possible, and these warrants will stop,” the EFF’s Rumold said.

But many people swept up in geofence warrants have been involved in activities in which there’s little reason to expect they’d be surveilled. You wouldn’t expect to be the target of surveillance going for a bike ride, stopping by the bank or driving in your own neighborhood.

The requests don’t just go to Google, either. The Manhattan district attorney’s warrant was also sent to companies like Lyft and Uber. Apple doesn’t get as many reverse location requests as Google does because it doesn’t store location data in the same way that Sensorvault does.

And even if police don’t request the location data from Google or other tech companies, they’re always able to purchase that information from data brokers. Location data brokers have offered information on people’s movement to track COVID-19, and the data can be used in the same way by law enforcement.

Data brokers get location data from seemingly innocuous apps like weather services and games, a detail that’s often hidden in usually unread privacy policies.

In February, The Wall Street Journal reported that federal agencies have turned to location data brokers to buy this information rather than getting a warrant for it. A Gizmodo report outlined the ways your phone data is taken by advertisers, tied to your identity and provided to police.

The way things are set up, short of not having a phone or constantly having your device in airplane mode, there’s always some risk of being surveilled by your device.

To learn about Granite Discovery‘s cell site analysis and computer/cellphone forensic services, contact us today.

To view original post, click here.
by Alfred Ng
Published: June 4, 2020