In principle and with some caveats, I support this use of tracking information: it's usually quite specific, it has a very positive efect for law enforcement, it's not a breach of fundamental rights of the suspect as confirmation of the physical location at a certain time is not secret and can be obtained by the police from CCTV cameras, eyewitnesses etc.
The privacy of the bystanders is not significantly reduced if and only if the police will use the specific datadump for the purpose of solving the crime for which the warant has been issued - as opposed to building a massive cross-referenced database from multiple such incidents. I am concerned that a few warrants like 'all information on everybody who was at the Superbowl' would quickly download massive amounts of data from Google to the police.
I think regulation should be enacted that balances the social interest with the private interest, for example, Google could be issued a specific warrant of the type "data on all individuals that were in location X1,T1 and also in X2,T2", and Google should answer only when the query is sufficiently specific to return only a handful of results.
The idea that they will use such data responsibly seems like handing a bag of candy to a 6 year-old and saying "Make sure to only eat one!"
Perhaps I'm wrong, but I can't imagine them managing the overwhelming temptations to quietly abuse the data, especially as time goes on.
Edit: I realize this is a crude analogy that glosses over a lot of important details, but it gets at the heart of my intuition on the matter. The lack of restraints found in the child-candy system seems to mirror very well the weakness of restraints found in the dynamics between government apparatuses and fancy tools.
For many tools, this is fine. But I'm worried about the long tail risks and externalities of large-scale privacy destroying tools.
I don't think this is exclusively an issue with government organizations. However, in America they are the only organization with the ability to forcefully restrict the actions of individuals and groups. So extreme vigilance is required to balance out this immense power. If a random company overuses a fancy tool, the potential damages are more limited.
I can see both sides on this. I do think that such data when used responsibly can really help in solving serious crimes. But, as you say, there is a serious danger of law enforcement abusing the system and gathering far more data than they need. It's not like they haven't been guilty of such abuses in the past. Look at the situation with gathering fingerprints or DNA and then not scrubbing the data of innocents once an investigation has finished.
I am wondering if the solution is to have an independent service. One that would sit as a middleman between police and technology companies such as Google. Their mandate would be to provide the minimum amount of data required for an investigation (the example used in the article is a good one, where anonymous data for a particular location at a particular time-frame is requested and used to narrow down the search and then get more information on a subset of that data). They could be required to keep logs of what is being requested and what is being provided and could be audited at intervals by, say, the EFF. Obviously this is only a rough sketch of the idea, it would need fleshing out more completely.
It is not Google’s role to restrict the use of judge-mandated information share. If we suspect that law-enforcement agencies abuse their request, then their oversight committees need the ability to check this is not happening; whistle-blower within the agency should be protected.
That 'regulation' is the fourth amendment to the U.S. Constitution and the 200+ years of accumulated case law describing what is and is not appropriate.
Tangentially, that's why upvote/downvote is inadequate — it squashes unpopular opinions and creates echo-chambers/groupthink. The solution is to have reactions that separate constructive/unconstructive, agree/disagree, and so on (a few other sensible categories) and only bury based on being unconstructive…
I don't know if I really understand your argument. You're justifying this by comparing it to CCTVs and eyewitnesses, but there isn't really any expectation that CCTVs and eyewitnesses respect the privacy of bystanders or limits on reviewing CCTV data or receiving reports of crimes from eyewitnesses in most areas.
Which isn't to say that I think we should allow limitless collection but rather that, even while justifying it using CCTVs, you're still treating them differently. I'd wager that's because it is different.
CCTV and facial recognition can give you address (follow face to where they sleep). That and one of any number of databases can give you a name. Biometric national id / passport makes it all easy, but it's not a requirement.
The privacy of the bystanders is not significantly reduced if and only if the police will use the specific datadump for the purpose of solving the crime for which the warant has been issued - as opposed to building a massive cross-referenced database from multiple such incidents. I am concerned that a few warrants like 'all information on everybody who was at the Superbowl' would quickly download massive amounts of data from Google to the police.
I think regulation should be enacted that balances the social interest with the private interest, for example, Google could be issued a specific warrant of the type "data on all individuals that were in location X1,T1 and also in X2,T2", and Google should answer only when the query is sufficiently specific to return only a handful of results.