Law enforcement officers and investigators at the federal level have increasingly been reliant on Google’s location data tracking, according to a recent report from The New York Times citing Google employees close to the matter. According to the Googlers, the data — stored in a massive database referred to as Sensorvault — has become a subject of increasing interest to officials, with warrants requesting access to the data spiking significantly over the past six months.
More concerning for privacy advocates, the warrants are no longer completely reliant on other clues for a crime that’s under investigation either. Instead, the warrants request location data on users within the area and timeframe in which a crime occurred, forcing Google to hand over dozens or hundreds of users’ tracked data.
Sensorvault, the Googler’s indicate, contains highly-detailed location records stored from hundreds of millions of devices going back almost ten years. While the search giant has not provided a specific number of requests received, the unspecified employees reportedly claim to have seen as many as 180 requests in one week in 2019.
Is the data reliable?
Google employees claim to have been surprised by the appearance of the warrants. Brian McClendon, a developer in a lead position on Google Maps and other location-based services through 2015, refers to the relatively new usage as a “fishing expedition.”
That’s because the database is not actually optimized for the task in question, the Googlers say. So, as a result of the number of requests for information in the database rising so suddenly, employees are having difficulty keeping up with the warrants. It can presently take as much as six months for a warrant to be fulfilled.
That also means the data isn’t necessarily as reliable as law enforcement officials might like, although location data has served as evidence in several high-profile cases.
Nowhere is that better highlighted than a recent case involving Jorge Molina, who was originally arrested for a murder in Arizona that involved a vehicle matching the description of one he owned. Location data served to investigators seemed to show that Mr. Molina had been in the area of the crime around the time it was committed with the data tracking closely with the movement of the vehicle seen in surveillance footage.
Later, witnesses came forward to cement Mr. Molina’s alibi with evidence that he had been with on the night of the crime. It was also revealed that the suspect had logged into other users’ accounts to check his “Google Account” and that his mother’s ex-boyfriend Marcos Gaeta often took his car for his own personal use.
Subsequently, Mr. Molina was released after being held for a week but had lost his job — at a Macy’s warehouse where he was initially arrested — and had his vehicle repossessed.
What does this mean for end users?
For privacy advocates, the increased usage of location data by law enforcement agencies isn’t surprising but is a concern since it isn’t completely accurate and it isn’t just Google that is storing the data in a way that allows for later retrieval.
Google is known to hold onto the data potentially forever, until users delete it, and has taken other steps to ensure that data remains anonymous even to police until suspects are narrowed down. The search giant has also reportedly provided data only within the strict confines of a well-defined warrant, without revealing any information about the users whose data has been sent to investigators. More details are only provided once police narrow down their search to a handful of suspects.
Not only is there no guarantee that’s the same process followed by other companies, however, but the location data can still extend beyond the initial search zone. In effect, law enforcement seems to be able to request further data from a ‘suspect’ device once it has left that area after suspects have been narrowed down.
Courts are still debating about data pooled from cell towers — which will become more accurate with 5G, given the short range of mmWave cells currently being deployed — and have not ruled on the use of geofence-based warrants. Even as lawmakers seem to be increasingly concerned about various internet giants’ practice of collecting and using the personal data of end users, it appears law enforcement officials are far less concerned about privacy.