Tech | Visa | Scholarship/School | Info Place

‘Reverse’ searches: The sneaky way police use tech companies to get your private data

with goals To identify criminal suspects, U.S. police departments are increasingly relying on controversial surveillance practices, requesting vast troves of user data from technology companies.

So-called “reverse” searches allow law enforcement and federal agencies to force big tech companies like Google to hand over information from their vast stores of user data. The orders are not unique to Google — any company with access to user data could be forced to hand it over — but the search giant has become one of the biggest recipients of police requests for access to its databases of user information.

For example, authorities could require tech companies to hand over information about everyone who was in a specific place at a specific time, or who searched for specific keywords or queries, based on their phone’s location. Thanks to a recently disclosed court order, authorities show they have access to the identifying information of everyone who watched certain YouTube videos.

Reverse searches effectively cast a digital dragnet over tech companies’ user data stores to capture the information police are looking for.

Civil liberties advocates argue that such court-approved orders are overbroad and unconstitutional because they could also force companies to turn over information about completely innocent people who have no connection to alleged crimes. Critics worry these court orders could allow police to prosecute people based on where they go or what they search for on the internet.

So far, even the courts have been unable to agree on whether the orders are constitutional, which could lead to a legal challenge before the U.S. Supreme Court.

Meanwhile, federal investigators are already pushing the controversial legal practice further. In a recent case, prosecutors asked Google to hand over information on everyone who accessed certain YouTube videos in an effort to track down alleged money launderers.

Prosecutors want Google to “provide records and information related to Google accounts or IP addresses that access YouTube videos for a period of one week, January 1, 2023,” according to a recently unsealed search request filed last year in Kentucky federal court. Until January 8, 2023.”

As part of the secret deal, the alleged money launderer shared a YouTube link with investigators, who sent back two more YouTube links, the search app said. TechCrunch has seen the three videos, which are not related to money laundering and received a total of about 27,000 views when searching for the app. Still, prosecutors are seeking an order forcing Google to share information about everyone who watched the three YouTube videos during that week, possibly in an effort to narrow the list of individuals to the top suspect who prosecutors believe visited part or all of the website. Three videos.

This particular court order is easier for law enforcement to obtain than a traditional search warrant because it seeks access to connection logs about who accessed the video, as opposed to the higher-standard search warrants that courts can use to require tech companies to turn over content. People’s private messages.

A federal court in Kentucky approved the search warrant under seal and banned its public release for one year. Google was barred from disclosing the request until a court order expired last month. Forbes first reported the existence of the court order.

It’s unclear whether Google complied with the order, and a Google spokesperson declined to disclose any information when asked by TechCrunch.

Riana Pfefferkorn, a research scholar at Stanford University’s Internet Observatory, said it’s a “perfect example” of what civil liberties advocates have long criticized such court orders because they allow police to obtain people’s intrusive information.

“The government is essentially forcing YouTube to become a honeypot for the federal government, trapping criminal suspects by triangulating who watched the video in question during a specific time period,” Pfefferkorn said of the recent order targeting YouTube users. ” But by asking for information from everyone who watched any of the three videos, the investigation could also involve dozens or hundreds of other people not suspected of wrongdoing, much like a geo-targeted reverse search warrant.”

Asking for numbers to find a needle in a haystack

Reverse searches of court orders and search warrants are largely a problem of Google’s own making, in part because the tech giant has long collected vast amounts of user data, such as browsing history, web searches, and even granular location data. Realizing that tech giants had vast troves of users’ location data and search queries, law enforcement began to successfully persuade courts to grant broader access to tech company databases, not just individual users.

Court-authorized search warrants allow police to request information from technology or phone companies about people investigators believe are involved in crimes that have occurred or are about to occur. But rather than looking for a suspect through a needle in a haystack, police are increasingly asking for large haystacks — even those that include the personal information of innocent people — to sift through clues.

Using the same technology used to request information that identifies anyone who watches a YouTube video, law enforcement can also ask Google to turn over data that identifies every person at a specific place and time or every user who searches the Internet for a specific query.

Geofencing warrants, as they are known, allow police to draw a shape on a map around a crime scene or point of interest and request a trove of location data from anyone in Google’s database whose phone was in that area at some point in time.

Police can also use so-called “keyword search” warrants, which identify each user who searches for a keyword or search term over a period of time, often to find clues that lead a suspect to research their potential crime in advance.

This is all because Google stores granular location data and search queries of billions of people around the world.

Law enforcement may defend surveillance collection technology because of its uncanny ability to catch even the most elusive criminal suspects. But many innocent people are mistakenly caught in the dragnet of these investigations – and in some cases criminal suspects – simply because they possess phone data that appears to place them close to the scene of an alleged crime.

While Google’s practice of collecting as much user data as possible makes the company a prime target and recipient of reverse search warrants, it’s not the only one subject to these controversial court orders. Any tech company, large or small, that stores readable user data could be forced to turn it over to law enforcement. Microsoft, Snap, Uber and Yahoo (the parent company of TechCrunch) have all received reverse orders targeting user data.

Some companies choose not to store user data, others encrypt it so that it cannot be accessed by anyone but the user. This prevents companies from handing over data they don’t have or have access to, especially when laws change day after day, such as when the U.S. Supreme Court struck down the constitutional right to abortion.

Google, for its part, is slowly ending its ability to respond to geofencing authorizations, specifically by moving where it stores user location data. Google will soon start storing location data directly on users’ devices, rather than centralizing large numbers of users’ precise location histories on its servers so that police would have to obtain the data directly from the device owners. Still, Google has so far kept its doors open to taking search orders seeking information about users’ search queries and browsing history.

But as Google and other companies learned the hard way, the only way for a company to avoid leaking customer data is to not own it in the first place.

#Reverse #searches #sneaky #police #tech #companies #private #data

Leave a Reply

Your email address will not be published. Required fields are marked *