This seems to me to be a major revelation: police in North Carolina have successfully requested Google account information on all phones near a crime scene. While Google routinely responds to search warrants, this is a much broader type of data request.
Arguably, this leaks everyones data. Anyone who was not in the area will be excluded from the list, therefore letting the police know where I wasn't at the time.
I wonder how Google show that on their transparency report? Hopefully "Accounts searched: 1.5 Billion"
> Anyone who was not in the area will be excluded from the list, therefore letting the police know where I wasn't at the time.
No, at best this only shows that your google linked device (presumably a phone) did not have location information for that area at the specific time.
Alternatively it suggests the device could have been switched off/disconnected from the network to hide your presence - making you really a suspect of interest if your name comes into the investigation for some reason.
Dragnet approaches to law enforcement are inherently wrong. They unreasonably cast suspicion on everyone without any good basis and reverse the accepted safeguard that your guilt requires to be proven, and replace it with the idea that you require to prove your innocence.
"...Alternatively it suggests the device could have been switched off/disconnected from the network to hide your presence - making you really a suspect of interest if your name comes into the investigation for some reason..."
That's really interesting. If I'm understanding you correctly, people who routinely switch off their location services, could potentially end up as suspects in crimes if they, for instance, live in the apartment across the hall from the victim or something.
So keeping location services on let's the police keep tabs on you, potentially making you a suspect in some crime in the future. Alternatively, turning it off potentially turns you into a suspect of interest in some potential crime in the future.
Sounds like you agree entirely with the poster's final comment :
"They unreasonably cast suspicion on everyone without any good basis and reverse the accepted safeguard that your guilt requires to be proven, and replace it with the idea that you require to prove your innocence."
What about a situation where, say, 4 bank robberies happen and it is suspected to be the same person. Would it be reasonable to intersect cell phone records looking for someone who was present for all 4? Not sure if that officially counts as a dragnet if only we need result I s expected
While I understand your point, and think it's a valid privacy concern, the reasoning about leaking info on all of Google's users doesn't make sense. If I install a security camera in my room, I'm not leaking information about you if it shows you're not here. There was no expectation of the possibility of that in the first place, so no information is leaked. This is only leaking information about the Google users who are reasonably likely to be within the radius where the query is executed. So perhaps a couple thousand users, (so a legit privacy concern) but not all of them.
Police have used this sort of investigative technique for ages this is just an instance of it being applied to Google and phones.
For example, Sparkfun received a subpoena[0] once and they ended up having to turn over customer details of anyone from Georgia who purchased a particular Sparkfun product that was used in some crime.
Another example, we've all seen movies or heard where someone sees a vehicle that flees the scene of the crime and they knew the make and color or the first few digits of the plate but not enough to identify the vehicle so they go and pull all DMV records matching the vague description and use those leads to narrow things down from there.
This Google thing is really the same thing in this case they have a vague description of a person and a narrow time period and area in which to search. They also are getting a warrant. Seems like an application of an old technique to modern technology.
So this is another reason why as a business you want to keep minimal information on your customers. Not only does it respect their privacy, but it makes your data security compliance much easier.
I think people might be missing the finer details of this story. This is an example of the system working the way it is supposed to. They are getting a warrant and asking for very narrowly scoped information. If you take your argument to the logical extreme then businesses shouldn't have security cameras either. No crime would ever be solved.
That is why it is reviewed by a judge. No one is suggesting there is a one size fits all test. If you look at the location of the first example given in the article though it is a suburban area and only asks for records within 150 Meters for two different 1 hours period when the suspect is known to have been in the area based off video footage of the scene.
Your DMV example is not quite the same as what is being done. If it was, it would quite probably be reasonable in the circumstances.
The dragnet is every device, not just those matching a partial description of a suspect. For it to compare with your car example, the police would need to have a description of a suspect using an Android Galaxy S4 (or whatever) and then ask only for Galaxy S4 devices in the area.
They do have a description based off the security cameras of a suspect using a phone at a location at a very narrow time. Go read the warrant it says within 150 Meters of the spot the crime took place in a narrow one hour period.
