How a Secret Google Geofence Guarantee Helped Capturing the Capitol Riot Mob

For several suspects, the FBI eventually collected a broad set of Google data, including recovery numbers and emails, and dates when the accounts were created and last opened. Some lawsuits even note that FBI agents could see a field called “User Deleted Locations,” although its significance was not explained. It is unclear whether this data comes from the original geofence warrant, a follow-up or traditional search options after the suspects had been identified.

If, as can be seen, the DOJ used the geofence warrant data to build a searchable database of suspects, it would be the first known instance, legal experts say.

“It sounds unusual, but it’s worth noting that this whole circumstance is unusual,” said Tim O’Brien, a technical industry director currently working on AI policy at Microsoft, who studied geofence warrants at the University of Washington School. of Law. “If I were law enforcement, I would argue that the three-step process is unnecessary in this case, because the moment you set foot inside the Capitol, you became a suspect or a witness.”

Others see the start of a slippery slope. “When law enforcement and prosecutors see what they can do in an unusual case, it usually spills over and then becomes the usual case,” said a digital forensic lawyer who asked not to be named. “I think you will not only see this in murder, you will probably start seeing it in car thefts. There is no rein on this. ”

Google issued a statement: “We have a rigorous process for geofence warrants designed to protect the privacy of our users while supporting the important work of law enforcement. To the extent that we pass on data in response to a geofence guarantee, we always produce deidentified data as the first step in the process. Thereafter, any production of additional information is a separate step required by the order or a new legal order. ”

Google also noted that court rulings are often accompanied by gag orders that prevent the recipient from discussing them.

The DOJ did not respond to requests for comment.

Geofence warrants are usually filed before defense councils become involved, are often closed to public scrutiny for years, and there has been no significant lawsuit over their constitutionality or use. The law on them, the stored communications law, was passed in 1986, long before smartphones, Wi-Fi or widespread GPS use, and it has not been significantly updated since.

Instead, the DOJ’s Computer Crime and Intellectual Property Section (CCIPS) and Google quietly found their own framework for dealing with geofence warrants, which most courts to date have accepted.

The fact that Google is at least getting the DOJ to obtain search orders on its data is a good first step, Tokson says. “But if we rely on giant tech companies to protect people’s privacy from the government, it’s a very shocking proposal,” he says. “These companies are heavily dependent on the government for business and for not regulating them to death.”

Over 600 people have now been arrested, and at least 185 charged in connection with the Capitol breach, with the latest criminal complaint using Google’s geofence data filed last week.

Meanwhile, the secret Capitol infringement guarantee schemes have yet to be identified. In April, New York Times thought it had tracked one down and submitted a proposal to remove it. The ruling turned out to be for a case unrelated to drug trafficking. When it comes to geofence data, it seems that information flows strictly in one direction.

Several great WIRED stories


Leave a Comment