This is an important story, but a little difficult to summarize. Here's my attempt at an overview:
1. Google stores location history data for more of its mobile users than you might expect. The precision is greatest when GPS is on, but less precise data from cell towers and WiFi sources is used almost any time a Google app is being used on an Android or non-Android phone. There have been cases in the past where Google has recorded such information even when the user has explicitly turned off all location services, but Google says they have stopped this practice.
2. On multiple recent occasions, police in North Carolina have quietly been successful in obtaining search warrants that force Google to turn over these records. Rather than "standard" search warrants asking for the location of a particular suspect in a crime, these "reverse" or "area based" warrants ask for time and location data for all users who have entered a geographical area during a time of interest. The records returned are initially anonymous account numbers, and the police then make followup requests for identifying information of the subset of accounts that they think are of interest to the case.
3. This open-ended "drag net" approach scares some people. Typically, at least in the US, suspects are identified first, and then further information is gathered that confirms or removes the suspicion. The express fear seems to be that innocent people will be falsely accused due to coincidence, but there is also a more general fear that once mechanisms are in place that allow the police to have easy access to location tracking information, this information will end up being abused.
You live in Los Angeles (according to Google). How will GDPR help you? Companies such as Google and Facebook aren't going to implement European laws for their American customers!
Google and Facebook may choose not to, but plenty of others will. Consider the technical challenges of implementing one set of compliance rules in one place, and one set elsewhere. The profit gain from not following GDPR in an area must exceed the cost of maintaining separate rulesets.
LinkedIn's new policy that goes into effect in May appears to grant GDPR-like permissions across all users, for instance, though it does specify that EEA countries may have additional rights under the law. I suspect the majority of companies will end up complying with GDPR globally.
Under a hypothetical US version of the GDPR, Google might be prohibited from sharing that data with non-governmental third parties. But it wouldn't be prohibited from collecting and storing that data, as showing someone their location history (with clear opt-out language) is actually in the legitimate interest of providing better mapping services for that individual. And law enforcement wouldn't be subject to those third-party restrictions.
There are additional laws that could protect citizens against overreach. But something like the GDPR alone would not do the trick.
This is especially dangerous given that there is already overreach in which data on the correlation of travel and behavior with crime, is being used to unlawfully detain people: https://www.npr.org/2017/12/05/568351544/teens-arrested-on-g... This data would only serve to multiply that problem. It's not an easy problem to solve.
How is remembering where I have been useful to me at all? Hopefully something like a us GDPR would make them excplicitly ask my permission before stalking me.
'“When you first get to Facebook you are shocked at the level of transparency. You are trusted with a lot of stuff you don’t need access to,” said Evans, adding that during his induction he was warned not to look at ex-partners’ Facebook accounts.'
I'm not the original commenter, but I could find it by getting your name from Github, then googling it. Your LinkedIn was the first result, and there was LA.
> It’s pretty hard to imagine those laws coming to the US in our lifetimes with all the corporate interests that would oppose them
...or with the large number of ordinary citizens who would oppose them or be indifferent to them. People here tend to have their privacy/safety balance set quite a bit more toward the "privacy" side than do most people.
Where most people draw the line, I think, is when surveillance is looking into their homes. Being surveilled when they are out and about in public does not bother them much.
Not really, the GDPR is applicable to persons in the EU (not just in Europe) and not to persons using a VPN server in the EU.
Anyway, the GSPR does not ban American-style surveillance in Europe. Most European countries have used the Snowden leaks as a blueprint to increase surveillance in almost every aspect, especially online and with many related obligations for Internet companies.
I’m not sure how other companies will implement it but I certainly expect most to bluntly use geo-IP to locate customers and apply GDPR-compliant practices without digging too much whether that particular customer is likely to lawyer-up. European services probably will blanket apply it to all their customers.
It’s possible (if unlikely) that after a militant based in Europe but geo-IP located elsewhere by accident notices something unsavoury and complaints, that companies implements an “Are you based within the EU?” toggle in account settings to avoid headaches.
For social services, I’m curious on how processes based on your friends’ will be implemented when your friends are partially in the EU and elsewhere. But I don’t expect this will be much harder than it currently is to circumvent, say, Netflix geo-blocks.
Every time this happens, the same people magically transform from saying “What, are you paranoid?” to “What, are you naive?”
The NSA’s surveillance dragnet is a very different situation because they are a government agency, but you could see the same exact phenomenon happened when the Snowden revelations came out.
“Do you really think the government cares enough to log all your phone calls? You must be paranoid.” became “Well, obviously the government does this. How could you not expect this?” in the blink of an eye.
I think both reactions are for psychological comfort. It is that it's comforting if someone else is in charge, in control in the face of chaos, and it's comforting to place trust in those above you and thus happily mock conspiracy theories.
Just be aware that deletion isn't instant though. From the TOS:
>We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
Replying to cbr/muro - those are emails about specific people that you have allowed to see your location data. The NC police are getting warrants for everyone in an area's location data. It doesn't matter if you've shared it - GPS, cell-tower data is passively collected by Google and then provided en masse to the police when subpoenaed. Nobody receives periodic emails from Google saying "you have your location services turned on [which we will nag the shit out of you about if you don't] and thus Google has a running log of everywhere you go [and if you happen to be in a jurisdiction that wipes it ass with the Fourth Amendment we'll also turn over all the data we've collected to the police]."
You can go into your account settings under Personal Info and Privacy\Manage Your Google Activity and toggle your location history if you want to turn it off, but I've never had them update me via email. Given how much information is in that, I'd be surprised if they prompted anyone to go review it since most folks would likely feel like it's creepy to see a map of everywhere they went.
Subject: You are using Google Location Sharing to share your real-time location.
Hi Jeff,
To protect your privacy, we would like to remind you that you are sharing your real-time location using Google Location Sharing with [wife] and [close friend and housemate].
If you didn't enable this or want to stop sharing your location at any time, please go to your Google Location Sharing settings.
Sounds like this is a reminder that you're sharing your location history. People who just have it on (which means, "just" sharing with Google), do not get these notices.
Law enforcement can triangulate location from a mobile phone signal via your celluar network provider with or without Google's help, and has been able to do so since the very beginning.
"On May 28th, Lisa Marie Roberts, of Portland, Oregon, was released from prison after serving nine and a half years for a murder she didn’t commit. A key piece of overturned evidence was cell-phone records that allegedly put her at the scene."
If it's as accurate and straight forward as law enforcement tell us - how did _that_ happen?
Bingo, knowing the location of each phone at all times is intrinsic to how the cellular network works.
The interesting question here is why law enforcement is going to Google instead of the cellular network providers directly? By definition, they're missing out on data from all non-Android phones.
From the top comment here: The precision is greatest when GPS is on, but less precise data from cell towers and WiFi sources is used almost any time a Google app is being used on an Android or non-Android phone.
I haven't read the original article since the website doesn't work without off-domain scripts running, but I assume that's why - they do have data for iOS users running Google apps, and that data is often higher resolution than cell tower triangulation. I'd also assume they're getting the cell information as well and correlating the two.
Why don't you want the police to be able to find your when there's a crime? What if you're the victim of a kidnapping? Or murder that goes unsolved because Google wouldn't tell them who did it?
The incident rate of kidnappings is so low that it's not anywhere close to ranking in the first volume of "List of Things I Worry About".
The government abusing data it collected on its citizens to silence dissenters, however, is something I've seen on a daily basis. And so, we set priorities.
My main concerns are how such tools may facilitate automated injustice, as well as providing the means for heavy-handed political/intellectual influence and control.
Innocent people are commonly investigated because they were nearby when crimes were committed. Or because they somewhat match a victim's description of the attacker. Or because they're driving a vehicle that somewhat matches a description.
But this is taking it to another level. Here, location and time are the only identifiers. Once you've identified someone who was at the location of the crime when it was committed, they were either a perpetrator or a witness. Or maybe neither, because they weren't close enough in space and time.
But anyway, what happens next? Police hope to get a confession? Maybe some physical evidence. Or witnesses. But then, people often lie. And there's less opportunity for an alibi, except maybe a friend who says he was there with you. But his phone had better agree with yours.
And really, it's hard to imagine that someone doing serious crime would be carrying a smartphone. At least, one that's not turned off, and in a Faraday bag. But then, some criminals are just plain stupid, I guess.
Police can lie with impunity when interrogating and it is all legal and protected mostly. They can get innocent people to plead guilty to all kind of crimes the didn't commit simply by threatening them.
I once used an app to record my location, which I'm sure was in my Google account. It mis-recorded my location to be in the centre of a park in the town I was in the middle of the night, but I was actually at home asleep. Needless to say, it crossed my mind if this data could be used as a false positive in any investigation if they got hold of all people recorded as being in that area.
In addition to all the other, very serious concerns, I'll also ask this:
How long until these records are available for subpoena, e.g. in a divorce case? (Maybe -- hopefully! -- not in area sweeps, but nonetheless, where was the other party and who was in proximity. As I'm writing this, well, maybe they will ask for all connections in proximity, that list then to be whittled down to a list of candidates (per the police's approach in the OP's story)).
When are police going to start sweeping such data up en masse, looking for e.g. parole violations?
When will every "free association" be a tracked association?
> How long until these records are available for subpoena, e.g. in a divorce case?
I see nothing preventing this information being sought in U.S. discovery right now--at least in Federal litigation[0]. That isn't to say that the subpoena won't be squashed by a court for one of the traditional rationales under FRCP 26(b).[1]
>When are police going to start sweeping such data up en masse, looking for e.g. parole violations?
Arguably runs afoul of the particularity requirement of the fourth amendment, although I do not pretend to be an expert on criminal law. That said, I understand the fourth amendment to be a low bar these days.
> When will every "free association" be a tracked association?
Rhetorical question?
[0] Your specific example, divorces, are state law in the US. I don't do that, and the relevant laws / cases can change on a state-by-state basis.
Yes, the last part could be considered rhetorical. Except, I think that is the very real direction some -- including especially some already in authority, in the U.S. as well as around the world -- want to take things.
On the other hand, maybe my question is rhetorical, in that the tracking is already in place.
The use of this information in the hands of the statistically incompetent will lead to miscarriages of justice and disaster. This basically institutionalizes the prosecutor's fallacy.
Much less afraid of false accusation and more concerned with incidental data being used against me later, or being used to build a profile the police can use in some other way.
Is this actually a real problem for normal non-criminal people? Murders happen every day and this would help deter or prevent repeat offenses. But having information about you that's correct, and can't be used in court because it was obtained without the correct warrant, when is that ever a problem? I'm not talking about high profile journalists or terrorist suspects. Just normal people like you.
I live in a continent with a lot of fresh memories about uncomfortable answers to your questions. No need to go as far back as WW II: take a look at https://en.m.wikipedia.org/wiki/Stasi for a painfully contemporary read.
It’s astonishing how quickly we forget. It’s astonishing and painful, to the memories of those whose pain and sacrifice was, in the end, wasted on us :(
We have such an astonishing amount of laws and codes that everybody is guilty of something. And the more data is available on you, the more you enable the government to go on a fishing expedition, should they ever dislike you.
But that's only the selfish motivation.
The wider reason is that mass surveillance can easily be used to silence dissent. And if you think that's far-fetched for the US, I invite you to read up on e.g. COINTELPRO.
That's a slippery-slope argument. Guns can be used to silence dissent. Violence can be used to silence dissent. Targeted facebook ads and social-media emotional warfare can be used to target dissent. Skilled orators can be used to silence dissent. So can political distractions, wars, etc. All of it can and does, so I wouldn't quite call that an effective measure of whether something should exist in our political sphere or not.
Those laws/codes that you mention are there for a reason. We shouldn't be breaking them, is what we're told. If the whole thing was built on the predicate that only a fraction of people would be charged with them, what sort of criteria do you think those lawmakers had in mind as to when to apply that charge? Well, silencing dissent, for one.
But more to the point, either they're valid crimes and we need to do everything that is reasonable and cost-effective to enforce them. Or, we don't really consider them a crime, but we work on some funky as yet-undefined honor system about when to apply those laws. I.e. Let's use them to stick it to the bad-guy™. Usually, it's at the whim of whoever is deciding on whether to charge someone.
You are absolutely right that government can use these laws against you if they dislike you. But they can do that with a whole host of other things that we consider pretty benign. Being a white minority and a foreigner in an majority black country, I am constantly singled-out and harassed and at the whims of whatever government official I interact with. Usually police, but desk-clerks and the like also have their fair share of it. Government, and their agents can ruin your life on whim, even with existing non-surveillance-like laws.
We need to get past the point where vagueness and subjective criteria are used to enforce whatever laws we deem as a society to want to have. The vagueness and subjectiveness is the problem, not the laws.
It's not a slippery slope if the government already does it, no?
And mass surveillance can be used to silence on a large scale - that's the whole point of objecting to it. It's not about you. Or me. It's about the effect on society as a whole
You don't have to be using Maps or an app that obviously uses location for Google to be collecting location related information. I have no idea when they do or don't but I'd bet people would be surprised if they found that the gmail app was relaying their location to Google. On the other hand few wouuld be surprised at all if you told them the maps app was sending their location.
If you have all location services turned on then your phone tracks your location constantly in real time. Go to My Timeline on Google Maps and it can show you a full map of everywhere you went on any particular day.
No, only if you allow to track you even when you’re not using it.
Unless you are speaking about android and in that case it may well be like this, no idea honestly.
Most people have Android, it has an 85% global market share. And yes, this is how Android works. Play Services, which includes "Google Location Services" is preinstalled on essentially every phone that isn't an iPhone, and runs in the background by default. Doesn't matter if you have any apps open or not, Google's collecting location unless you explicitly go in and shut it off.
> No, only if you allow to track you even when you’re not using it.
I possibly wasn't clear enough. That's what I meant when I wrote "If you have all location services turned on". Location tracking is part of location services.
In principle and with some caveats, I support this use of tracking information: it's usually quite specific, it has a very positive efect for law enforcement, it's not a breach of fundamental rights of the suspect as confirmation of the physical location at a certain time is not secret and can be obtained by the police from CCTV cameras, eyewitnesses etc.
The privacy of the bystanders is not significantly reduced if and only if the police will use the specific datadump for the purpose of solving the crime for which the warant has been issued - as opposed to building a massive cross-referenced database from multiple such incidents. I am concerned that a few warrants like 'all information on everybody who was at the Superbowl' would quickly download massive amounts of data from Google to the police.
I think regulation should be enacted that balances the social interest with the private interest, for example, Google could be issued a specific warrant of the type "data on all individuals that were in location X1,T1 and also in X2,T2", and Google should answer only when the query is sufficiently specific to return only a handful of results.
The idea that they will use such data responsibly seems like handing a bag of candy to a 6 year-old and saying "Make sure to only eat one!"
Perhaps I'm wrong, but I can't imagine them managing the overwhelming temptations to quietly abuse the data, especially as time goes on.
Edit: I realize this is a crude analogy that glosses over a lot of important details, but it gets at the heart of my intuition on the matter. The lack of restraints found in the child-candy system seems to mirror very well the weakness of restraints found in the dynamics between government apparatuses and fancy tools.
For many tools, this is fine. But I'm worried about the long tail risks and externalities of large-scale privacy destroying tools.
I don't think this is exclusively an issue with government organizations. However, in America they are the only organization with the ability to forcefully restrict the actions of individuals and groups. So extreme vigilance is required to balance out this immense power. If a random company overuses a fancy tool, the potential damages are more limited.
I can see both sides on this. I do think that such data when used responsibly can really help in solving serious crimes. But, as you say, there is a serious danger of law enforcement abusing the system and gathering far more data than they need. It's not like they haven't been guilty of such abuses in the past. Look at the situation with gathering fingerprints or DNA and then not scrubbing the data of innocents once an investigation has finished.
I am wondering if the solution is to have an independent service. One that would sit as a middleman between police and technology companies such as Google. Their mandate would be to provide the minimum amount of data required for an investigation (the example used in the article is a good one, where anonymous data for a particular location at a particular time-frame is requested and used to narrow down the search and then get more information on a subset of that data). They could be required to keep logs of what is being requested and what is being provided and could be audited at intervals by, say, the EFF. Obviously this is only a rough sketch of the idea, it would need fleshing out more completely.
It is not Google’s role to restrict the use of judge-mandated information share. If we suspect that law-enforcement agencies abuse their request, then their oversight committees need the ability to check this is not happening; whistle-blower within the agency should be protected.
That 'regulation' is the fourth amendment to the U.S. Constitution and the 200+ years of accumulated case law describing what is and is not appropriate.
Tangentially, that's why upvote/downvote is inadequate — it squashes unpopular opinions and creates echo-chambers/groupthink. The solution is to have reactions that separate constructive/unconstructive, agree/disagree, and so on (a few other sensible categories) and only bury based on being unconstructive…
I don't know if I really understand your argument. You're justifying this by comparing it to CCTVs and eyewitnesses, but there isn't really any expectation that CCTVs and eyewitnesses respect the privacy of bystanders or limits on reviewing CCTV data or receiving reports of crimes from eyewitnesses in most areas.
Which isn't to say that I think we should allow limitless collection but rather that, even while justifying it using CCTVs, you're still treating them differently. I'd wager that's because it is different.
CCTV and facial recognition can give you address (follow face to where they sleep). That and one of any number of databases can give you a name. Biometric national id / passport makes it all easy, but it's not a requirement.
This seems to me to be a major revelation: police in North Carolina have successfully requested Google account information on all phones near a crime scene. While Google routinely responds to search warrants, this is a much broader type of data request.
Arguably, this leaks everyones data. Anyone who was not in the area will be excluded from the list, therefore letting the police know where I wasn't at the time.
I wonder how Google show that on their transparency report? Hopefully "Accounts searched: 1.5 Billion"
> Anyone who was not in the area will be excluded from the list, therefore letting the police know where I wasn't at the time.
No, at best this only shows that your google linked device (presumably a phone) did not have location information for that area at the specific time.
Alternatively it suggests the device could have been switched off/disconnected from the network to hide your presence - making you really a suspect of interest if your name comes into the investigation for some reason.
Dragnet approaches to law enforcement are inherently wrong. They unreasonably cast suspicion on everyone without any good basis and reverse the accepted safeguard that your guilt requires to be proven, and replace it with the idea that you require to prove your innocence.
"...Alternatively it suggests the device could have been switched off/disconnected from the network to hide your presence - making you really a suspect of interest if your name comes into the investigation for some reason..."
That's really interesting. If I'm understanding you correctly, people who routinely switch off their location services, could potentially end up as suspects in crimes if they, for instance, live in the apartment across the hall from the victim or something.
So keeping location services on let's the police keep tabs on you, potentially making you a suspect in some crime in the future. Alternatively, turning it off potentially turns you into a suspect of interest in some potential crime in the future.
Sounds like you agree entirely with the poster's final comment :
"They unreasonably cast suspicion on everyone without any good basis and reverse the accepted safeguard that your guilt requires to be proven, and replace it with the idea that you require to prove your innocence."
What about a situation where, say, 4 bank robberies happen and it is suspected to be the same person. Would it be reasonable to intersect cell phone records looking for someone who was present for all 4? Not sure if that officially counts as a dragnet if only we need result I s expected
While I understand your point, and think it's a valid privacy concern, the reasoning about leaking info on all of Google's users doesn't make sense. If I install a security camera in my room, I'm not leaking information about you if it shows you're not here. There was no expectation of the possibility of that in the first place, so no information is leaked. This is only leaking information about the Google users who are reasonably likely to be within the radius where the query is executed. So perhaps a couple thousand users, (so a legit privacy concern) but not all of them.
Police have used this sort of investigative technique for ages this is just an instance of it being applied to Google and phones.
For example, Sparkfun received a subpoena[0] once and they ended up having to turn over customer details of anyone from Georgia who purchased a particular Sparkfun product that was used in some crime.
Another example, we've all seen movies or heard where someone sees a vehicle that flees the scene of the crime and they knew the make and color or the first few digits of the plate but not enough to identify the vehicle so they go and pull all DMV records matching the vague description and use those leads to narrow things down from there.
This Google thing is really the same thing in this case they have a vague description of a person and a narrow time period and area in which to search. They also are getting a warrant. Seems like an application of an old technique to modern technology.
So this is another reason why as a business you want to keep minimal information on your customers. Not only does it respect their privacy, but it makes your data security compliance much easier.
I think people might be missing the finer details of this story. This is an example of the system working the way it is supposed to. They are getting a warrant and asking for very narrowly scoped information. If you take your argument to the logical extreme then businesses shouldn't have security cameras either. No crime would ever be solved.
That is why it is reviewed by a judge. No one is suggesting there is a one size fits all test. If you look at the location of the first example given in the article though it is a suburban area and only asks for records within 150 Meters for two different 1 hours period when the suspect is known to have been in the area based off video footage of the scene.
Your DMV example is not quite the same as what is being done. If it was, it would quite probably be reasonable in the circumstances.
The dragnet is every device, not just those matching a partial description of a suspect. For it to compare with your car example, the police would need to have a description of a suspect using an Android Galaxy S4 (or whatever) and then ask only for Galaxy S4 devices in the area.
They do have a description based off the security cameras of a suspect using a phone at a location at a very narrow time. Go read the warrant it says within 150 Meters of the spot the crime took place in a narrow one hour period.
The only way is to not use any Google services. If you connect from mobile IP ranges as other users who are in the area, you could also easily be included. Same goes for cell towers but at least it's not a single entity.
Google collects location data from WLAN networks in reach, triangulates from cell tower signal strength, GPS, GLONASS, geoip and if all that fails, sheer historical prediction.
And no one quite knows why, other than "because we can". There is Google Maps, but when I'm not using it, when exactly is this orwellian infrastructure to my benefit and not exclusively Googles?
It's extremely cumbersome and confusing to turn off. At first, it was opt-in. Once would ignore the notifications to turn things on, and eventually things became opt-out. But it's not 100% clear what one is opting out of - the only thing that seems you can really opt out of are ad-related tracking (by 'request' it seems - the ad tech companies get to use the honor system), and personalized recommendations. Well, just because you turn off recommendations doesn't mean they're not already collecting your personalized data - even if you don't use it.
Did I make mistakes in the above paragraph? Probably. But you know what, that's Google's fault, because it sure isn't clear what they aren't and are doing, who can and can't use it, and what I can can't opt out of.
That's the really frustrating part, here. It's purposely obfuscated and changing - similar to Facebook's privacy settings - to keep you on your toes even if you are in the tiny percentage of the population that actually cares. Most won't until something panicky / headliney happens to make them care. I'm kind of glad the EU is making life tough for American tech companies with regards to privacy (even though I work for American tech companies).
If you turn off continuous background location tracking in Android, Google maps will bug you every time you use it. Even though foreground location is on and set to use all available signals.
While your location can absolutely still be tracked (via WiFi, Cell Towers, etc), disabling GPS significantly reduces the accuracy of this tracking, and disabling location history makes it even more difficult to freely track you.
While it's certainly possible Google maintains location history even after you opt out, doing so would likely be illegal, would possibly invalidate any data obtained from a warrant, and would unquestionably be a PR fiasco for Google when it got out.
As far as I'm aware, there's no evidence that GPS continues to function after turning off the software kill switch.
I have many apps I can use offline, plus if I need to use my phone it doesn't take long to turn it off airplane mode and have everything reconnect. It's amazing how fast all the notifications come in once you turn off Airplane mode. I don't do that daily, but when I am conscious about battery usage I do. Maybe I just might try doing it more often. I also do it when charging my phone.
Don't act all snarky when someone says the only way not to be tracked is to not carry a phone. It's pretty close to being true, and you don't know if hitting the software switch to turn off your GPS really turns it off or if it goes into a low power mode where it only updates your position every five minutes- this is not unheard of to keep the time to fix low for when a person turns location services back on.
As mentioned in the article, Google was previously caught tracking people even when they had location, data, and Wi-Fi turned off. We just have to take their word now that they don't do it anymore, and the word of a big profit driven corporation that has been implicated in PRISM and previously tracked people isn't worth too much.
Furthermore, even if Google doesn't track you the cell phone companies still know which tower your cell phone was connected to, so they know your location within three miles at all times. It's not as precise as GPS info, but the police could still ask the cell phone companies to give them a list of phone accounts that were visible to a specific set of cell phone towers at a particular set of times.
It does something that's completely useless since you're already being tracked by other means. By the mechanisms of physics, you can't have untrackable wireless communications. It's not how radiation works.
Petty is allowing Chinese state run companies to hand over all of their users data to the Chinese government while proclaiming you respect and protect your users privacy.
And Google, now a defense contractor willing to work on weapons of war to make a (bigger) profit, will gladly assist them.
They're themselves creating the incentive to do that, just as when they got into the content and content licensing game, they ended up creating the most aggressive content censorship system on the (free) internet, beyond even what the laws require. It's no longer a matter of "choosing to do the right thing". The (bad) incentives are already in place. Now Google just reacts to the incentives it created.
We're also supposed to "just trust them" that their secret AI Ethical Board, which can be replaced at any moment, also in secret, will do the right thing when things will go bad with its AI. They've already created the incentive to cheat by keeping that board secret.
Wow that's deeply disturbing but also feels like a similar tactic to the stingrays. Does simply owning a cell phone and being in a geographical area make you open to 4th amendment search and identification?
It seems morally similar to scooping up all CCTV from nearby businesses.
If this is going through a warrant process, and it's geofenced around a specific crime they're investigating, it's hard to feel too worried about it. The worst case scenario I can see is that it makes it easy to generate false hypotheses and put innocent people under suspicion, but then so can canvassing the neighborhood and trawling all the nearby CCTV.
CCTV is more analogous to a witness that provides a fixed point of view. Location data feels much closer to providing the point of view of the suspect and comes much closer, to my mind, to being protected by our 5th amendment rights to avoid self incrimination.
Also, given that Google don't make it obvious when they're storing information in the phone or on their servers, information that intuitively feels like it's inside the phone should be protected by the 4th amendment's prohibitions on illegal searches. That's if the phone is owned by the suspect. If the phone is owned by the victim or anyone willing to give consent to search, I have no problem with police using it.
> 4th amendment's prohibitions on illegal searches.
The due process required by the 4th amendment is performed when the court issues a warrant, which they did here. If Google were providing this without a warrant, or in response to an NSL or the feds were using the 3rd-party doctrine to argue that these searches weren't protected by the 4th amendment then I'd be worried.
I get that existing case law is different, but I was providing my own interpretation of how I believe the 4th and 5th amendments should apply to a technology that the people who wrote those amendments could not have envisioned. I strongly believe that implementation details shouldn't be legal loopholes that allow law enforcement additional leeway. In this case, location information being stored on Google's servers is an implementation detail that isn't immediately obvious to non-technical people.
> The due process required by the 4th amendment is performed when the court issues a warrant, which they did here
The warrant was to search Google's servers, not the potential suspects' phones. What I'm saying is that I believe this data is logically part of the phone despite the fact that it resides on Google's servers because of the way that Google chose to implement their services. If they want to get a warrant for a specific person's phone because they believe the location information in the phone will prove that the suspect was in the area, that's different. But fishing for suspects using location data feels wrong to me. For one, it is almost guaranteed to also cover innocent people. Unless it's a remote area where only the perpetrator and victim were present, someone innocent will get unnecessarily dragged into the investigation.
The difference is in that, while CCTV cameras are usually visible and obvious (many areas even have signs indicating as such), most people are unaware they are being tracked in the manner described in the article.
CCTV and GPS "fencing" would be comparable if Google were to issue statements clarifying that your location is being tracked and recorded, and may be surrendered to the police without your knowledge.
CCTVs don't invade my privacy by opening up my entire digital life to the police, including conversations and pictures that have nothing to do with the crime scene. It's completely different.
> CCTVs don't invade my privacy by opening up my entire digital life to the police
Well, neither do the sorts of warrant mentioned in the article. They don't even get phone numbers, just arbitrary phone IDs and where they were located to be inside the region.
If they were scooping up everyone's digital fingerprints en masse without probable cause and without a warrant, then that's something else entirely, but that didn't happen here.
What's even worse is that sooner than later, not owning a cellphone with gps tracking will be seen as incriminating. Were you trying to hide your position? How do we know that you weren't there at the time of the crime?
I don’t think this is a valid fear. The cost of a state issued license is considered too high to be fair in use in a much less important area of society, voting.
Ownership of a gps enabled tracking device? No chance that is ever cheap enough to be considered required to own as evidence against incarceration.
This is probably one of the cons of using VPN. If criminal used VPN service that you happen to use and connect to the same node, expect police to read your emails, courtesy of Google.
I'm still in the process of getting off google mail and switching to Proton. It takes time to go thru all my google emails and clean them up. Yes I know deleting them won't change a thing BUT at least I consent to deleting them on my end, versus merely abandoning my mailbox altogether.
I know Google has capacity to keep all emails forever, but whether they do so or delete them after X amount of years, I don't know.
Does it guarantee to do this for everyone or just Europeans? Genuinely curious here since they might have separate policies in place for different countries- I imagine that China prefers to keep all its citizens' emails indefinitely.
Google has been doing this for years, before even making public guarantees. There wasn't a separate policy for China when I left years ago and Gmail is blocked there anyway.
It's actually complicated to know where your mailbox is. Even if you knew its current locations, Gmail rebalances the N replicas across X data centers all the time, based on a number of factors.
I used to wonder why New York subways were somehow a high crime area. I thought, surely they're such small closed places that if there's a crime, the police can just block the exits and check everyone leaving, or look at the CCTV footage to identify them. But then I found out that they don't do that! Americans are so concerned about privacy, they let themselves get robbed and murdered every day.
It's clear that they don't trust their own police. That's perhaps the real problem. If they could be made trustworthy like in many other countries, people would probably be happy to have murders solved through video footage, cellphone locations, etc. It amazes me that even one person on here thinks this is a bad idea. Real killers would have got away otherwise. This isn't some wild NSA anti-terrorism dragnet, it's just normal police work collecting normal evidence specific to the crime.
Asset forfeiture, crooked cops, shoot first ask questions later, a strong union which protects their own, and their ability to spy on their personal rivals through NSA/FBI tools makes us a paranoid bunch.
The last part.. NYPD mis-used tools to track former lovers[1] and there was no reprocussion. How can we feel safe?
1. Google stores location history data for more of its mobile users than you might expect. The precision is greatest when GPS is on, but less precise data from cell towers and WiFi sources is used almost any time a Google app is being used on an Android or non-Android phone. There have been cases in the past where Google has recorded such information even when the user has explicitly turned off all location services, but Google says they have stopped this practice.
2. On multiple recent occasions, police in North Carolina have quietly been successful in obtaining search warrants that force Google to turn over these records. Rather than "standard" search warrants asking for the location of a particular suspect in a crime, these "reverse" or "area based" warrants ask for time and location data for all users who have entered a geographical area during a time of interest. The records returned are initially anonymous account numbers, and the police then make followup requests for identifying information of the subset of accounts that they think are of interest to the case.
3. This open-ended "drag net" approach scares some people. Typically, at least in the US, suspects are identified first, and then further information is gathered that confirms or removes the suspicion. The express fear seems to be that innocent people will be falsely accused due to coincidence, but there is also a more general fear that once mechanisms are in place that allow the police to have easy access to location tracking information, this information will end up being abused.