Skip to content
Naked Security Naked Security

Police ask Google for location data to narrow suspect lists

Police intend to use location data from Google to work out which devices were being used near the scene of crimes.

Police in North Carolina have hit on a simple if potentially controversial way to firm up suspect lists – use location data from Google to work out which devices were being used near the scene of crimes.
According to WRAL, police in Raleigh used warrants in at least four recent investigations to make the search giant reveal the IDs of every device within certain map locations.
Based on one or a combination of GPS, Wi-Fi and cellular location data, police were first given a list of anonymised time-stamped identifiers corresponding to every device within the map coordinates they were interested in.
From an example warrant, this area of interest was as small as 150 metres from specific GPS coordinates, covering two narrow time ranges of around an hour each.
Once police could see the location of each device, a second pass then focused on specific IDs, asking for additional data on their movements outside the initial search area.
Finally, police asked Google to supply the names and addresses tying the devices they were interested in to their real owners.
Google, it seems, is a common denominator because even when a device is not running Android, it is still very likely to be using Google services, for example the Gmail or Maps apps.

Stopping Android from reporting location data is also not as easy as some assume with a report last year finding that even when location services were turned off, SIM chips removed, and all apps de-installed from a device, Google can still triangulate that device’s location from cell tower data.
Innovative it might be, but news of the police technique has sharply divided opinion. WRAL explains:

City and county officials say the practice is a natural evolution of criminal investigative techniques.

Which sounds reasonable given that the examples documented by WRAL related to serious crimes, including two murders, a sexual assault and a possible case of arson. It doesn’t appear this was being used lightly.
However, legal experts have major reservations:

They’re concerned about the potential to snag innocent users, many of whom might not know just how closely the company tracks their every move.

The problem is that while treating device location data as evidence sounds logical, the inferences that can be drawn from it are fraught with danger.
The obvious limitation is proving that a device’s registered owner was the one using it at the time and location police are interested in. There are numerous instances where that might not be the case, including theft or a deliberate attempt to implicate an innocent person.
It’s not that this data is not of legitimate interest, but how it might change the nature of police investigations should the technique become common practice.
It’s already standard for police to ask for text and phone call data for named suspects. This turns that on its head in an important way. WRAL quotes Raleigh defense attorney Steven Saad:

This is almost the opposite technique, where they get a search warrant in the hopes of finding somebody later to follow or investigate.

Put another way, if location data is requested while building a case based on a variety of evidence, that might be legitimate. The danger is that this data becomes the incriminating evidence from which the case is built.


Why should something like this scare people or be a problem, technology similar to this was just used to help catch and stop the Austin, Texas serial bomber.


Say someone needs a scapegoat or wants to frame you. They take your phone (or sim card), commit a crime, return it.
Try and prove you weren’t there. Everyone will doubt you, but you can call us.


The same could be done with, say, a driver’s license or other identification left at a crime scene. Or as another example, a stolen car used to aid in a crime or even perpetrate the crime (such as a hit-and-run case) and then returned.


This isn’t the same thing as what happened in Austin. That went the way it was supposed to – law enforcement had a valid suspect and obtained cellular data to find him. This article is the other way around, where law enforcement doesn’t know who they want, so they go after everybody. If we never had police and prosecutorial misconduct it probably wouldn’t matter, but history is full of cases where the wrong person was convicted because of lazy/incompetent police work.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!