New mass warrant reverses concepts: demands all data about everybody who searched for a specific term on Google
A Minnesota judge has issued a warrant to Google to provide the local police with all data relating to anybody who searched for specific keywords. This is an enormous expansion of the concept of mass surveillance, and turns all previous concepts of search and seizure on their heads: no longer is a suspect subject to search, but the entire population is dragnetted without restraint. Privacy is supposed to be protected at the citizen level, not at the search term level.
In a small-scale fraud case, local police in the small city of Edina (population 50,000) asked a judge to issue a warrant to Google for the entire city’s searches – and the judge said yes. This has astounding ramifications.
It used to be that when you were under suspicion of a crime, a court could – maybe – agree to try to compel third party providers into surrendering part of your digital history. This concept completely turns the tables on normality and takes the direct opposite approach: “Give us the identities of anybody and everybody who searched for specific terms related to this fraud.”
First, there’s the standard language in the warrant that only requires Google to give out information within the jurisdiction of the requesting police. Just in the opening sentence right there, chills go down our spine – is Google and everybody else suddenly required to keep track of the physical location, physical location, from where requests originate? How can it even know when you’re using a VPN or Tor? Is search history now to be sorted by jurisdiction? The notion that it can be compelled to give out “searches made in this city” is chilling.
But as you look closer, and realize it’s Google we’re talking about, things get worse. Much worse. The warrant is for “any/all user or subscriber information” for the people who made the searches in question. Any and all. From Google. It’s not just IP address we’re talking about here. It’s not just identity.
How much does Google know about a person?
How much does Google know about you? Consider that Google’s code may have been hearing every single sound made in the same room as your phone. And computer. Computers: all of them. Consider that Google Chrome stores your complete web history for… eternity, until proven otherwise. Consider that Android phones detect and record your movements, basically at the footstep level. This is cross-correlatable with similar information of other people.
Basically, Google has the capacity to know what you have ever thought about, what you know, what you have ever said in private or public, where you have ever walked, and whom you met with there. That’s what “any and all user information” means in this warrant.
Is it reasonable to hand over that information as part of a lazy dragnet because the Police don’t want to do police work? While the search terms are fairly specific – the fraud victim’s name – it’s also guaranteed to catch any person who considered dating them, employing them, and so on, at a bare minimum. Additionally, in this specific case, the name was fairly common – apparently Miller – so there would be a crazy amount of extra hits.
Privacy is supposed to be protected at the individual level, not at the search term level. This warrant completely negates all checks and balances that are built into Western constitutions.
Google has suggested it’s going to fight the subpoena in court, even though it refrains from commenting on specific cases. This is a nasty one to watch.
Ars Technica has more details.
Privacy remains your own responsibility.