You’ve assuredly heard this before about ubiquitous surveillance, or perhaps even said it yourself: “If you have nothing to hide, and you’ve done nothing wrong, why should you worry?”
Zachary McCoy, of Florida, offers this answer:
If you’re innocent, that doesn’t mean you can’t be in the wrong place at the wrong time, like going on a bike ride in which your GPS puts you in a position where police suspect you of a crime you didn’t commit.
As NBC News reports, McCoy, an avid cyclist, got an email from Google in January.
It was from Google’s legal investigations support team. They were writing to let the 30-year-old know that local police had demanded information related to his Google account. He had seven days in which to appear in court if he wanted to block the release of that data, Google told him.
He was, understandably, terrified, in spite of being one of those innocent people who should have nothing to hide. NBC News quotes him:
I was hit with a really deep fear.
I didn’t know what it was about, but I knew the police wanted to get something from me. I was afraid I was going to get charged with something, I don’t know what.
How is it that McCoy didn’t know what police were inquiring about? Because his Android phone had been swept up in a surveillance dragnet called a geofence warrant – a type of warrant done in secret.
McCoy’s device had been located near the scene of a burglary that had taken place near the route he takes to bicycle to his job. Investigators had used the geofence warrant to try to suss out the identity of people whose devices are located near the scene of a crime around the time it occurred.
As NBC News reports, police hadn’t discovered his identity. The first stage of data collection doesn’t return identifying information – only data about devices that might be of interest. It’s during the next stage, when police sift through the data looking for suspicious devices, that they turn to Google to ask that it identify users.
Like many of us, McCoy had an Android phone that was linked to his Google account, and he used plenty of apps that store location data: Gmail, YouTube, and an exercise-tracking app called RunKeeper that feeds off of Google location data and which helps users to track their workouts.
You can look up your location history to find out exactly what Google knows about you, by date. On the day of the burglary – 29 March 2019 – Google knew that McCoy had passed the scene of the crime three times within an hour as he looped through his neighborhood during his workout.
It was a “nightmare scenario,” McCoy said:
I was using an app to see how many miles I rode my bike and now it was putting me at the scene of the crime. And I was the lead suspect.
How McCoy fought his way out of the dragnet
When it receives a request about a user from a government agency, Google’s general policy is to email that user before disclosing information.
There wasn’t much of anything in that notice about why police were asking about him, McCoy said. However, there was one clue: a case number.
McCoy ran a search for that case number on the Gainesville, Florida, police department’s website. What he found was a one-page investigation report on the burglary of an elderly woman’s home 10 months earlier. She lived less than a mile from where McCoy was living.
He knew he had nothing to do with the break-in, but he had very little time – seven days – in which to prove it. So McCoy hired a lawyer, Caleb Kenyon, who did some research and learned that Google’s notice had been prompted by a geofence warrant: one that swept up the GPS, Bluetooth, Wi-Fi and cellular connections of everyone nearby.
After they figured out why police were trying to track McCoy down, Kenyon told NBC News that he called the detective on the case and told him, “You’re looking at the wrong guy.”
On 31 January, Kenyon filed a motion in civil court to render the warrant “null and void” and to block the release of any further information about McCoy, identifying him only as “John Doe.” If he hadn’t done so, Google would have turned over data that would have identified McCoy. In his motion, Kenyon argued that the warrant was unconstitutional because it allowed police to conduct sweeping searches of phone data from untold numbers of people in order to find a single suspect.
Kenyon’s motion gave investigators pause. Kenyon told NBC News that not long after he filed it, a lawyer in the state attorney’s office assigned to represent the Gainesville Police Department told him there were details in the motion that led them to believe that his client wasn’t the culprit. The state attorney’s office withdrew the warrant, saying in a court filing that it was no longer necessary.
Even after police acknowledged that McCoy wasn’t a suspect anymore, Kenyon wanted to make sure they wouldn’t harbor suspicions about his client, whom they still only knew as “John Doe.” So the lawyer met with the detective in order to show him screenshots of McCoy’s Google location history, including data recorded by RunKeeper. The maps showed months of bike rides past the burglarized home, NBC News reports.
McCoy was lucky. He and his family are also a bit poorer because of the incident. If his parents hadn’t helped him out by giving him thousands of dollars to hire a lawyer, things could have turned out differently, he says.
I’m definitely sorry [the burglary] happened to her, and I’m glad police were trying to solve it. But it just seems like a really broad net for them to cast. What’s the cost-benefit? How many innocent people do we have to harass?
Geolocation data: It’s hit or miss
Geolocation data sometimes gets it right when it comes to tracking down criminals. For example, last year, a homicidal cycling and running fanatic known for his meticulous nature in tracking his victims was undone by location data from his Garmin GPS watch.
Other convictions based on location data have included the pivotal Carpenter v. United States, which concerned a Radio Shack robbery – the legal arguments from this case have gone on to inform subsequent decisions, including one from January 2019 in which a judge ruled that in the US, the Feds can’t force you to unlock your phone with biometrics.
Geofence warrants, however, are a whole other thing.
Privacy and civil liberties advocates have voiced concerns about the warrants potentially violating constitutional protections against unreasonable search. Police have countered by insisting that they don’t charge somebody with a crime unless they have evidence to go on besides a device being co-located with a crime scene.
These searches are becoming increasingly widespread, however. In December 2019, Forbes reported that Google had complied with geofence warrants that, at that time, had resulted in what the magazine called an unprecedented data haul for law enforcement.
Google had combed through its gargantuan Sensorvault database to find 1,494 device identifiers for phones in the vicinities of multiple crimes. Sensorvault is where Google stores location data that flows from all its applications. If you’ve got the Location History setting turned on in your Google account, you’re feeding this ocean of data, which is stuffed with detailed location records from what The New York Times reports to be at least hundreds of millions of devices worldwide.
To investigators, this is gold: a geofence demand enables them to pore through location records as they seek devices that may be of interest to an investigation.
Geofence data demands are also known as ‘reverse location searches’. Investigators stipulate a timeframe and an area on Google Maps and ask Google to give them the record of each and every Google user who was in the area at the time.
When police find devices of interest, they’ll ask Google for more personal information about the device owner, such as name, address, when they signed up for Google services and which services – such as Google Maps – they used.
Google’s location history data is routinely shared with police. Detectives have used these warrants as they investigate a variety of crimes, including bank robberies, sexual assaults, arsons, murders, and bombings.
And it’s not just Google. As Fast Company reported last month, recently discovered court documents confirm that prosecutors have issued geofence warrants for data stored by Apple, Uber, Lyft, and Snapchat.
Fast Company reported that it didn’t know what data, if any, the companies had handed over (Apple, for one, has said that it doesn’t have the ability to perform these kind of searches). All it knows was that the warrants had been served.
How to turn off Google’s location history
If you don’t like the notion of Google being able to track your every movement, you can turn off location history.
To do so, sign into your Google account, click on your profile picture and the Google account button. From there, go to Data & personalization, and select Pause next to Location History. To turn off location tracking altogether, you have to do the same for Web & App activity in the same section.
Latest Naked Security podcast
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.