How would you prepare to rob a bank? You’d scope out the location, suss out the quietest times, and use clothing to conceal your identity. But would you leave your phone at home? Judging by news that surfaced last week, you probably should – at least if it has Google’s software on it.
The Verge reports that FBI agents issued the search and advertising giant with a warrant in November 2018, seeking its help with a bank robbery the month before.
The robbery took place at 9:02am on 13 October 2018 at the Great Midwest Bank in Hartland, Wisconsin. Two robbers entered the building, one of them waving a handgun and forcing staff to the floor. He filled a plastic bag with cash and demanded the key to the vault. He took three drawers of cash from the vault, and then both robbers left the building by the back door. The whole thing took just seven minutes.
Investigators, hitting a brick wall, turned to Google. The search warrant said:
Google collects and retains location data from Android-enabled mobile devices when a Google account user has enabled Google location services. The company uses this information for location-based advertising and location-based search results. This information is derived from GPS data cell site/cell tower information, and Wi-Fi access points.
It added:
It is probable that the unknown suspects of this investigation had cellular telephones which utilized either Google’s Android or Apple OIS [sic] operating systems.
This is what’s known as a reverse location search warrant.
Phones running Google software with Location History turned on regularly check in with the company’s servers and log where the phone’s user is. Law enforcement officials can request a list of all accounts accessed in the vicinity at the time of the crime. Google provides these only as anonymous IDs, but that might still be enough to find anonymous IDs that look suspicious. They can then request the personal information related to those IDs.
It’s a practice that has been growing as police turn to technology to find perpetrators. It relies on data that Google holds in Sensorvault, a vast database that stores location data provided by its applications.
Requests of this type don’t guarantee an arrest. The criminals may not have used Android phones, or Google apps on their other devices – if they had devices on them at all. Or, they may have turned off Location History on their Google accounts, which prevents Google from logging their locations.
The question is, should the cops be able to request this information, and should Google give it to them? The problem isn’t that the FBI might catch two criminals. The danger is that a misinterpretation of the data could point investigators to the wrong person. The data only highlights the location of the device used to access an account, and that doesn’t always mean the location of the account holder.
In one case, police arrested Arizona resident Jorge Molina for murder based, in part, on a reverse location warrant. They had to release him a week later after witnesses confirmed that he was elsewhere during the murder. Investigators later noticed that at one point his account was registered on multiple devices, and that his former stepfather had access to one of these devices.
Simon McAllister
At least they’re asking (before they issue warrants). Although most likely only because we are in a post-Snowden era.
Cross referencing information must be (and always should have been) part of their process.
Mahhn
When is a duck a duck? yep.
First sentence in this story: https://nakedsecurity.sophos.com/2019/08/30/sophisticated-iphone-hacking-went-unnoticed-for-over-two-years/ “Imagine that an iPhone could be turned into a surveillance tool”
MT
“The question is, should the cops be able to request this information, and should Google give it to them? The problem isn’t that the FBI might catch two criminals. The danger is that a misinterpretation of the data could point investigators to the wrong person.”
Whether the person actually committed the offence is an issue for the courts, not the FBI. Chances are they won’t be charging the person on the basis of location data alone.
Mahhn
Your a bit late to the system on this. (if the link doesn’t post – goog provides over 30k – closer to 60, per year) https://transparencyreport.google.com/user-data/overview?t=table&user_requests_report_period=series:requests,accounts;authority:US;time:&lu=user_requests_report_period
Nobody_Holme
If evidence says my movement pattern matches the known pattern of a bank robber or a murderer, i’m Entirely okay with being arrested on goog data alone, because i’m a viable suspect. I, too, would be released a week later as i’ve never been either of those things, but I would also never be mad about it.
I also don’t have an android and location permissions on my iPhone are something I check often, but there are apps that I allow to track me as part of delivering their service how I want it.
If nothing else, i’m Likely to have seen the actual criminal…
Ashamed but not wrong.
You say you don’t mind being arrested and released a week later. Have you been arrested? I was wrongly last year. Even though I didn’t get charged – eventually that is, It was degrading. They have my finger prints and mug shot – which cannot be undone, and the arrest stays on your record – guilty or NOT! The Judicial system is not a friendly to innocent people, it’s disgusting.