NEWS

US Court Decides Name Search Makes You a Suspect

Police in the US have, for the first time, been granted permission by a court to collect data from Google about all people in a US city that carried out a particular search. Usually, the police must identify the person whose search records they are interested in (while also providing just cause).

On this occasion, however, Senior Judge Gary Larson, from Hennepin County in Minnesota, has decided to award the authorities a warrant that asks Google to hand over “any/all user or subscriber information” about residents from Edina who searched for a particular crime victim’s name. The draconian warrant means that innocent people may end up having their personal details handed over to the police.

Fraudulent Activity

The case surrounds an attempt, in January, to defraud an Edina resident’s account of $28,500. A fraudster asked for the hefty sum to be wired from  Spire Credit Union to an account held at Bank of America.

In order to verify that “Douglas ______” (second name redacted from the warrant to protect the victim) was who he claimed to be, the bank asked for an ID to be faxed over. The con man provided a fake passport (which the bank noticed was a forgery), using a spoofed fax number as an attempt to conceal his own identity and better impersonate the victim.

An investigation began, and law enforcement noticed that whoever had created the false passport may have lifted the photograph from the internet. The photo used on the fake passport was found on Google images, but not on Yahoo or Bing, which inspired the authorities to seek a warrant. The logic is that whoever was attempting to perpetrate the crime may have used Google to search for the photo of the victim when creating the fake ID.

google warrant

Much Too Broad

The idea of a whole city’s data being handed over to the police is rather troubling. On this occasion, the search term is highly specific. Unless this Douglas is some sort of local celebrity, it seems unlikely that too many people will have searched for his name during the five-week period in question. As such, if Google complies, the police may well be able to figure out who the criminal is. So, why all the fuss?

The warrant asks Google to provide the police with the names, email addresses, account information, payment details, social security numbers, and IP addresses, of anyone who searched for the victim’s name between 1 December 2016 and 7 January 2017. Privacy experts are concerned that this case could set a precedent.

Innocent Data Scooped Up

That is a long list of personal data, and privacy advocates feel that the warrant’s broad scope can’t be justified. After all, the police could receive data pertaining to many innocent people: neighbors, colleagues, family, friends, and even employers could wind up having their data passed to the police just for searching for the Douglas in question.

innocent

Google has come forward to say that it will fight the overreaching warrant:

“We will continue to object to this overreaching request for user data, and if needed, will fight it in court. We always push back when we receive excessively broad requests for data about our users.”

Just Doing Their Job

It is unclear how the police know that the suspect lives in Edina. After all, it is quite possible that the perpetrator was from out of town. Perhaps the police are simply hoping to turn the little information they have into a lead.

Having said that, it is true that the fraudster knew where Douglas banked. As such, it’s probable that he or she knew the victim in some way. Of course, this is all conjecture. However, if this is the only clue the police have, they can’t really be blamed for wanting to follow up on it. After all, it is their job to catch the criminal.

What Happens Next?

The implications for the future are pretty severe. People are rightly wondering what the next step would be, should the warrant pinpoint a number of people who searched for the victim’s name. Tony Webster, a self-confessed “web engineer, public records researcher, and policy nerd,” has made the following comment:

“Could this type of search warrant be used to wrongly ensnare innocent people? If Google were to provide personal information on anyone who Googled the victim’s name, would Edina Police raid their homes, or would they first do further investigative work? The question is: what comes next? If you bought a pressure cooker on Amazon a month before the Boston bombing, do police get to know about it?”

Rob Kahn, a privacy law professor at the University of St Thomas, is equally concerned about the implications:

“I’m concerned both about ensnaring innocent people but also … that this become a pattern. It’s certainly a scary slippery slope that they’re setting up here.”

fourth amendment

Fourth Amendment

William McGeveran, a law professor at the University of Minnesota, agrees that the warrant is far too broad and invasive in its scope.

“This kind of warrant is cause for concern because it’s closer to these dragnet searches that the Fourth Amendment is designed to prevent,” he said, before adding,

“It’s much more usual for a search warrant to be used to gather evidence for a suspect that’s already identified, instead of using evidence to find a suspect. If the standards for getting a broad warrant like this are not strong, you can have a lot of police fishing expeditions.”

Stephanie Lacambra, an attorney for the Electronic Frontier Foundation, has also gone on record as being “skeptical of the warrant’s ability to survive constitutional scrutiny.”

Let the Perp Slip Away?

This type of warrant is a slippery slope that could lead to blanket search engine surveillance. That prospect, when combined with the power of artificial intelligence, is a massive concern. Without a doubt, this case raises highly interesting questions. If the police don’t follow up on this lead and attempt to arrest the perp, he or she will be on the loose and could strike again. If the criminal struck your bank account next and you lost your money, would you rather have given the police your private data on this occasion?

Personally, I can see both sides of the coin. Although what the police are asking for is rather broad, it is also quite limited – after all, how many people would have searched for this random name during that limited five week period? With that in mind, this case may demonstrate a need for circumstances like this to be scrutinized on a case by case basis.

vpn google

A VPN and Alternative Search Engines

This case also highlights the usefulness of privacy-focused search engines such as StartPage. The editor of Tech Rights, Dr. Roy S. Schestowitz, told me that he believes Google is far too invasive, but he also implies that people who use Google may be opening up their data to this sort of invasion:

“The core of the problem is that Google maintains logs about people who search, what they search for, and even compiles this information (for purposes of advertising or customized results) in a fashion that facilitates such warrants. No search engine ought to collect this much information. People who choose to use search engines that do, put themselves at risk of wrongful accusations, i.e. a potential legal Hell even if they are entirely innocent.”

It is also yet another fantastic example of why everyone should use a virtual private network (VPN) for even the most mundane tasks. VPN subscribers don’t have to worry that their data might get hoovered up in cases like these. Using a VPN and a private search engine is something everyone should consider for protecting their digital footprint.

Finally, the fact that the suspected criminal used a spoofed phone number seems to suggest that the perp is likely to have used a proxy or VPN service. As such, the police may well end up with plenty of false leads and nothing of value – even if Google does comply.

Also, I know I am not a police officer, but answer me this: if the fraudster asked for the sum to be wired from an account held at Spire Credit Union to one at Bank of America, then why the need for all this rigmarole with Google? Why not just have a nice chat with the Bank of America account holder?

Opinions are the writer’s own.

Title image credit: Luxcor/Shutterstock.com

Image credit: Casimiro PT/Shutterstock.com

Image credit: ibreakstock/Shutterstock.com

Image credit: r.classen/Shutterstock.com

Image credit: StanislauV/Shutterstock.com


Ray Walsh I am a freelance journalist and blogger from England. I am highly interested in politics and in particular the subject of IR. I am an advocate for freedom of speech, equality, and personal privacy. On a more personal level I like to stay active, love snowboarding, swimming and cycling, enjoy seafood, and love to listen to trap music.

Related Coverage

More

2 responses to “US Court Decides Name Search Makes You a Suspect

  1. Seems to me that law enforcement refuses to do good old fashioned police work. They want to set that dangerous precedent of being able to get a blanket warrant whenever actual investigating gets to be a hassle or demand too many resources. Paralleling this is the ‘going dark’ excuse for weakening encryption.

    Whatever investigative techniques they decide to use in this particular case, Bank of America should have been their first stop. The dullest of third graders could have figured that out.

  2. Your very last paragraph is spot on: since the money was wired to a known account at BOA, then the Police and the bank already know the requester. The fabricated “need” to blanket spy on the area’s general population is nothing more than typical over reaching out of control police abuse of American citizens. And this behavior is not acceptable.

Leave a Reply

Your email address will not be published. Required fields are marked *