I'm trying to see what the big deal is here (relax, I'll explain).
Police are not asking for the entire search history of everyone in the town, then combing through it to see what they've searched for. Rather, police are asking Google who, in a narrow amount of time, searched for the name of a relatively unknown person who had $28K stolen from him.
Is this really that different from police asking for security camera footage from a convenience store after a robbery? In either case, obviously innocent bystanders will be quickly eliminated from the list of possible suspects. Any remaining suspect(s) will still need to be (1) charged, (2) have a judge allow the evidence in court, and (3) convicted on the basis of evidence beyond reasonable doubt by a jury of their peers.
Unfortunately, I think obvious invasions of privacy (e.g., PRISM) have made folks very jumpy about any electronic evidence collection, which I don't think is warranted.
EDIT: Thanks to guelo for pointing out that this was an unsuccessful attempt at wire fraud, so the victim (fortunately) retained the $28K. I missed that previously.
> Is this really that different from police asking for security camera footage from a convenience store after a robbery.
The crux of the debate is whether Google is a quasi public place, like a convenience store, or something private, like your closet.
I think legally, Google is no different than any other business. Following the appropriate process, police can ask a convenience store to search their sales records to see who bought something on a particular date. They can ask a credit card company about someone's purchases on a particular date.
On the other hand, people disclose information to Google that they don't disclose to their convenience store clerk. That information is even more intimate than what people disclose to a credit card company. Someone's searches can reveal the deepest darkest things about them.
On the other other hand, Google as a service is not really one of trust. It's not like a bank that provides a safe deposit box and promises to not look inside (and is usually legally barred from doing so). Google rummages through your personal information for its own profit. Twenty years ago, if you had asked people: "If you had a service that data mined the information you gave it for advertising purposes, where potentially dozens of engineers and operators have access to that information--would you consider that a trusted and private system?" They would have said "no."
They are required to keep records that brick and mortar businesses do not.
They have a de-facto monopoly as the largest search provider for the general populace. They are a public resource that is a requirement for many of us to use in our day to day lives.
Google in this instance is more like a library card catalog that keeps records of all of the things people search for.
This is the same as asking a library for all people who looked for books on dogs.
Google not only has adults that search for things. They have grade school children in their datasets.
If you are OK with this request, are you OK with the subsequent request to facebook that says "give me the social network tree for all of the people within this dataset"? we're looking for a woman who knows one of the people that searched for Douglass on Google within the Edina area. And then the final query to AT&T, "we need the phone records for all of the households on this list of women who are within 3 links to people who searched for Douglass in the Edina area"?
This is an overly broad search with no particular limit and no logical connection to the crime. The police don't know for certain that the thief arrived at the image used via a google search, let alone a google search for someone's first name. They don't know for certain that the thief was in the Edina area. They don't know for certain that the thief was in the Edina area when searching.
The American Library Association guidelines provide disclosure of records in response to a valid court order. Also, since your Library hypothetical trades on the special position of libraries In our society, it should be noted that libraries don't profit by rummaging through the books you read to advertise to you.
> The American Library Association guidelines provide disclosure of records in response to a valid court order
You are overstating there by a long shot. The guidelines are more along the lines of "if you have completely failed at making the police go away in any of the previous 72 steps, then you must comply, but hopefully you read our other guidelines that tell you it's a good idea to not create any records and if you must, to dispose of them frequently."
Many have a policy of destroying records immediately after books are returned unless you request otherwise (eg to be able to see your borrowing history in your account.)
Good question, and I'd be curious to know...but I'm not really sure.
My sense of most libraries doing that is more anecdotal than quantitative. Mostly just what I've heard from librarians and my experiences signing up for library cards various places that had some sort of relevant T&C clause or opt-in process.
> it should be noted that libraries don't profit by rummaging through the books you read to advertise to you.
They do present/display/advertise their most popular books. They track and fine you if you keep a book too long. They determine how much a book has been checked out and track usage at an analytics level to determine if the book should be taken out of circulation.
Maybe search engines should have a special status like libraries enjoy, but it's worth noting the centuries it took for public libraries to become a municipal requirement.
> Legally Google is different...
They are required to keep records that brick and mortar businesses do not.
> They have a de-facto monopoly as the largest search provider for the general populace.
> They are a public resource that is a requirement for many of us to use in our day to day lives.
Wait, what? Has the "defacto monopoly" been legally established? They're a "public resource?" Please cite the legal meaning of "public resource" and where it was established through legislation or judicial action that Google is one?
Forgive me for quoting you. You started with "Legally Google is different" so I assumed you wanted to talk law or legislation.
Also, I don't recall comparing Google to smaller organizations.
I may be oversensitive, but when I hear terms like "They are a public resource" I assume you mean that they should therefore be regulated by the government and paid for with tax money.
Punting on arguing for or against Google being a monopoly or utility, I will say there are a large number of people who trust Google. There are many, many ways that trust can be violated. As my coworker might say, they have a rather large attack surface.
Once regulated by the government, there is an even larger attack surface, as we in the USA have learned over the years, most notably with the recent Wikileaks dump.
2. Google is a telecommunications services provider, is DuckDuckGo a telecommunications services provider?
Those are two major categories that require data logging and retention in the U.S., and there are a lot of countries that have their own data logging and retention laws. Google because of it's size has active business presence in more countries and would therefore ensure itself to be compliant with local laws with more vigor than a significantly smaller company, especially one that was more focused on search. Google has it's hands in a lot of different kinds of businesses, many of which have already been targeted for logging and retention laws somewhere in the world.
The fact that Google owns an ISP is irrelevant to its search business. Not only are they unrelated, they are legally isolated in different corporations.
This seems a bit different though, the police are asking Google for a list of people who searched for a specific term, they aren't asking for the entire search history of those people. In that way I think the potential for revealing personal secrets is much more limited than it appears in the headline.
In this case it seems entirely reasonable as you say.
However. Let me straw man a bit here.
In the case of, say, someone being murdered with "a 16 inch double ender" at a themed orgy... Well, let's just ask google for anyone who has searched for an appropriately inclusive set of terms in the past 3 months. It's logical that someone who gets flagged in this data set could be the culprit right?
Gosh I sure hope none of the data gets leaked or misused in any way by the fine upstanding people who get access to it.
Isn't this why judges look at search warrants? It seems like a judge concerned with privacy would look at the warrant to decide if it was reasonably minimal - to find the murderer without making too much collateral damage.
It's a case of balancing two rights - the right to privacy, and the right to life, to not be murdered. An absolutist stance on one would damage the other, and so we give judges the power to make decisions.
The whole point of having judges is to have upstanding and reasonable people we trust for this purpose, so we don't have to explicitly deliberate about every edge case before it happens.
That's not a logical assumption. Three months is a long time and you have applied no geographic limitation. Sure, if the situation was different it would be ...different. That's not much of an argument though. Also, you would really only be identifying orgy attendees.
And yeah, I don't trust the police with my data but I am reassured by the limited time and geography in their request.
Oh man you just reminded me of the Will Arnett skit from Human Giant. The one where Aziz Ansari "disguises" himself as Mary Kate Olsen to sneak into a party.
> People might think of it as a trusted, private service
I think the problem is a little worse. Most people don't think about it in the first place, so the reason this question becomes interesting is that for most people it's a question they never asked themselves.
The answer is clear and obvious already based on the current legal framework, but it's news- and ask-worthy because for many people it's the first exposure to it.
That rummaging, though, is extremely restricted from the perspective of traditional privacy concerns -- it's not like someone at Google gets to look up what John Q. Smith searched for on this day. The analogy would be more like, "would you consider it private if a robot could look at each safe deposit box and add a special flyer to the ones with gloves in them, and then only in special circumstances does anyone get to look at anonymized box/flyer pairings to see if the robot did it right?"
The team members, as part of their responsibilities for
troubleshooting technical issues related to the site and
Google’s products, have access to users’ accounts.
Apparently Barksdale exceeded this authorized access to
spy on a group of specific people he’d met.
Another former site reliability engineer told Gawker that
Google gives such engineers unfettered access and “does
not closely monitor SREs to detect improper access to
customers’ accounts, because SREs are generally considered
highly experienced engineers who can be trusted.”
> potentially dozens of engineers and operators have access to that information
For that you have to break Google's security. I (and other colleagues) actually felt safer about Google's stewardship of that information when we got to learn how it worked from inside, than before joining.
(I work for Google, but not on security, and don't speak for the company).
All but the most IP-sensitive code at Google is visible to all Googlers, yes. And being able to tell what code is being executed by what machines in production is required for ops and reliability reasons in any big company anyway. But most important of all, it doesn't make sense to make what's arguably the best private security team write your defenses, to then not use them.
Your google search history is more like a storage locker than a closet. You don't own it, but you can open it whenever you want and the managers assure you they will only open it under exceptional circumstances.
You still have to trust the managers, since they're the only party with another key. If you don't trust them, you're free to take any legal steps to anonymize yourself when accessing the storage locker.
The problem seems to be that any additional layer of privacy or anonymity is only available to those who opt into it or go out of their way to implement it.
I am well aware of that page but to use a more extreme analogy... that's like believing a black mailer actually deleted the evidence once you paid them. The best you can do is hope they are telling the truth.
There is no way of knowing that the information is actually deleted except trusting them.
When I used to work at Google, making sure things people deleted were completely removed was something people took very seriously. With caches and backups deletions wouldn't be immediately effective everywhere, but it was very important that things people had deleted were, within weeks, really fully gone.
No offense to you, but why should I trust you or Google that what you say is true? I can have my neighbors pinky swear that they won't break into my house, but I still choose to lock my door every day.
You lock your doors because you don't trust your _neighbors_? That's madness.
Companies often face legal requirements that your data is truly gone, e.g. see the European Union's Data Protection Directive. So it's not just a pinky swear -- there is some legal force behind it. (Which happens to be true for the neighbor situation as well, so you really don't need to get pinky swears from everyone.)
I don't lock my door because there's a lot of people around that I don't trust. My neighbors are some of them. I don't know half of them by name. Why should I trust them?
> Companies often face legal requirements that your data is truly gone, e.g. see the European Union's Data Protection Directive.
Maybe that's part of the difference. In the US you have to keep records of stuff. At my company, we have to keep records for ~7 years, IIRC.
Unfortunately in the US it is the opposite. The government often forces you (or at least tries to force you) to not delete it incase they want it later. Especially if you are an Internet Service Provider.
Are there cases of warrants being issued to search the contents of every locker of a storage facility looking for a single locker that might contain relevant evidence to a fairly low level attempted fraud?
1) Whoever does own the storage locker can consent to search (or be compelled to allow search through legal process), and you can't complain because you don't have a property interest in it.
2) Google is like a storage locker where the managers rifle through the contents and tell you what crap you might want to buy based on what you keep in your locker.
> Twenty years ago, if you had asked people: "If you had a service that data mined the information you gave it for advertising purposes, where potentially dozens of engineers and operators have access to that information--would you consider that a trusted and private system?" They would have said "no."
With the upside that every product is free and said service have never used such information malevolently? That's a resounding 'yes'.
I think this crux you explain is one of a search engine's biggest assets: Trust. If you can't trust a search engine to not be able to keep your searches private, you're not going to use them. Google will fight this one hard, I assure you.
I expect them to challenge court orders that likely will not be upheld if appealed.
Imagine a municipal court judge in west virginia demanded google hand over all data and source code they hold to a third party. They would, and should, fight this order in a higher court since this is massive overreach on the part of the judge.
But the OP explains why that's already a lost cause.
Google's entire business revolves around looking at people's searches, email, web browsing history, etc. and providing that information to advertisers. It's not private at all.
Facebook records everything you type, even if you never post it or send it as a message. People largely don't know [enough to|or] care. People care a lot when a sex toy app tracks app usage, even though every app does this.
The issue I see with this specific case is the dragnet nature of it -- they're tracking everything all the time, and now they're giving that info to anyone who asks. If you thought that the consequences of falsely condemning someone to the death penalty were dire, I see this as that but against everyone in the country.
This is exactly what is wrong with dragnet surveillance.
So say they get 1 name, and that name happens to be you. I'm sure you had a perfectly good reason to google that name, no matter how obscure it was, and it happens to be a day and a bit before the money was taken (which, btw according to TFA it wasn't).
No matter how you spin it, you will look suspicious. Maybe you'll even admit to doing it when you didn't, maybe you'll be offered a plea if you confess.
Case closed, crime solved, right?
Or rather not, because it is you and you'd never do such a thing?
A similar thing happened here in NL. A number of burglaries in a region that was only accessible via a single bridge, and that bridge had a camera on it.
Correlate the license plates crossing the bridge with the nights of the burglaries and only one car was left.
So that had to be the person that did it. Which, in fact it was! Still, the judge threw out the evidence because it was gathered without specific intent to confirm, not discover that such a person existed, and in theory anybody that crossed that bridge suddenly became a suspect in the case until they could be ruled out.
So +1 for clever thinking, -100 for botching a case where there might have been a legitimate way of obtaining this information.
Total surveillance means very little crime, but as a society we should push back against that because it also means that we are enabling an element of government that already has a lot of power over our lives.
It's worth the occasional $28K loss (presumably to insurance companies) in order to safeguard the rights of the rest of us.
Oh, and that's besides the potential for a Joe Job, where you would go to someone else's computer that you access in a coffee shop or some other place where you can get momentary access to someone's computer (co worker, whatever) and then google the name of the person you intend to hit causing them loss of their job and potentially much more.
This is the same problem encountered with genetic databases, government run or run by businesses like 23&Me[0].
> “Your relative’s DNA could turn you into a suspect,” warns Wired, writing about a case from earlier this year, in which New Orleans filmmaker Michael Usry became a suspect in an unsolved murder case after cops did a familial genetic search using semen collected in 1996. The cops searched an Ancestry.com database and got a familial match to a saliva sample Usry’s father had given years earlier. Usry was ultimately determined to be innocent and the Electronic Frontier Foundation called it a “wild goose chase” that demonstrated “the very real threats to privacy and civil liberties posed by law enforcement access to private genetic databases.”
"Detectives persuaded a magistrate judge to sign a search warrant ordering Usry to provide his DNA for comparison"
"His DNA, Hoffman wrote, did not match the semen from the scene of Dodge’s murder."
This sounds a lot like he was forced to prove his innocence, rather than the judiciary being forced to prove his guilt.
The judiciary cannot force you to prove your innocence. But it can force you to provide evidence, which the state may then be able to use to prove your guilt.
Everybody has a duty to cooperate with litigation. Even third party witnesses who are not "on trial" can be compelled to take testify about what they saw or heard.
Writs subpoena (court orders to testify or produce documents) had been part of the English legal system for almost 400 years at the time the Constitution was written. So when the Framers wrote that no one "shall be compelled in any [1] criminal case [2] to be a witness [3] against himself," that's what they meant. Had they intended to limit courts' subpoena power in civil cases, as to non-testimonial conduct, or as to testimony against other people, they would have said so.
You're making a lot of assumptions here though. Is wire fraud just an unsolvable crime? Is all crime on the internet unsolvable because the police cannot gather any evidence at all?
I agree that privacy is more important than security but I think you are going a little too far with this comment. Sure, the police should be careful with this evidence and it doesn't prove any wrongdoing but I don't see how it's unreasonable for police to ask who searched for a specific term at a specific time in a specific place.
If the police had a tap in place at that time and they caught the data in flight (good luck with that btw) then good for them. If there was no suspect this is just another fishing operation and those should be very strongly discouraged.
Note that they do not even know for sure that the suspect googled the name of the victim, they are assuming that.
And that in a case where the fraud failed, so this is not even a crime that succeeded. I think this lowers the bar for dragnet style after-the-fact fishing expeditions to the point where you might as well hand over your search history in real time just in case you commit a crime at some point in the future.
I'm sure some LE would see that as the holy grail, but me, I prefer they actually do their digging with someone specific in mind rather than to declare us all suspects to a crime simply because we happen to live in a certain city and google a certain name.
The way I read the article the police are asking for people who searched for a name that they have found is associated with pictures that were used in the attempted fraud. It sounds to me like they have done their digging and want to know who searched these terms to do further investigation.
Where do you get the proof they knew the searches took place at all? What if someone used 'Bing' or 'Scroogle' or 'DuckDuckGo' (or in a bind: Yahoo!), or already knew the person?
I don't have any proof that they know or even that they suspect they happened. Do you have proof that the police didn't make these same requests to other search engines? If this information exists it may help the police find the scammer and they don't seem to be overreaching to me.
> Do you have proof that the police didn't make these same requests to other search engines?
That would make it worse not better.
> If this information exists it may help the police find the scammer and they don't seem to be overreaching to me.
Yes, that's clear. But I'd rather they found the scammer first and then petitioned google or whoever they feel might have relevant information with a targeted request. Instead they now will use this information to generate a suspect which is the wrong way around.
Ok, that's a great point. You're concerned with the effectiveness of the evidence in a later trial. You cited a good example of how this could backfire on the police.
Having said that I am concerned with the alarmist tone this article takes and the clickbait nature of the headline. The police are not doing what the article makes it sound like they are doing. This kind of thing undermines the fair criticism of police evidence collection and a productive conversation about privacy.
It's a personal value judgment whether you think the camel's nose is a problem. The facts remain, however, since once the police get this list, they're going to ask for more search queries from the people on the list, because it's easier to create a defendant that way.
Wait a second. You can't look at camera footage that was taken near the vicinity of a crime in order to try to discover who the criminal was? I am highly suspicious of your story.
It wasn't in the vicinity, there was a 50 km or so distance between the two.
The bridge is one of very few points where you can cross from the Southern part of the Netherlands into the Northern part ( https://www.google.nl/maps/@52.6106721,5.6448216,16z?hl=en ), and has cameras on it making it an ideal choke point for ~30% of the North-South traffic in NL.
The burglaries were all in Friesland, quite a bit further North and the thieves iirc came from Amsterdam all the way to the North to hit wealthy looking solitary houses (of which there are quite a few in the North and almost none near Amsterdam where the population density is a lot higher).
So I can totally see why the police figured that this would work and it did.
Anyway, I can't readily find a citation but I recall the case clearly because there was a lot of uproar here that the thieves were set free when it was 100% clear that they were guilty based on how they were discovered.
But all my queries regarding 'ketelbrug, vrijspraak, inbrekers' do not return anything useful.
Think about the evidence in Bayesian terms. What does knowing that someone searched an unusual name (or crossed a particular bridge) do to the odds that that person committed the crime? Probably a lot!
So why does the intent of the investigator, to confirm versus discover, matter? If evidence is highly probative, and doesn't infringe on anyone's property rights, what's wrong with it? There's no right not to have the government find out you did something wrong...
I am in drug discovery, and over the last few days I searched for an opiate that hasn't been scheduled yet. The class of compounds that this compound belongs to was investigated 30 - 40 years back, they never made it into the clinic, but you begin encountering them on the streets because the DOJ hasn't prohibited them yet. I am also in an academic environment, and it has happened before that researchers diverted university resources for their own profit. In a previous workplace they fired a grad student over this, in the lab next to mine. I am under no illusions that I have already attracted suspicion from NSA/FBI/CIA/whatnot.
The suspicion is something what I could do wholly without.
The thing is, suspicion is a function not of you being innocent or guilty, but of the knowledge and mental model law enforcement has, so far, of what happened. To prevent suspicion before they get to learn you're innocent, you probably have to eliminate their ability to catch the guilty whatsoever.
Oh, in that case we don't even need parallel construction anymore. Why bother, if it doesn't matter how you got your evidence then any evidence is good.
Just use whatever dragnet method you already have in place and phone it in. Subpoena google for all searches done in all cities and go round up the folks whose searches match the names of the victims.
I'm sure your going to get a fantastic conviction rate.
A society like that already existed: It was called East Germany and petty crime there was nearly non-existent. What crime there was was mostly corruption and went unpunished (who will watch the watchers).
Former East Germans seem to prefer the society they have right now.
> So why does the intent of the investigator, to confirm versus discover, matter?
Well you could argue then that they should be allowed to look at everything because if they do they could discover any number of crimes by looking at all communications.
Here's the thing. Lets' say hypothetically there is a crime committed at a high school. Are people generally ok with the police opening every single school locker to see who is a potential suspect for that one crime?
And what if while doing so they discover evidence of another crime? Is that ok and usable? If it is then we get to a point where it's conceivable that the police will then use any reason to say there is a crime to which they need to open school lockers knowing that they will almost certainly find evidence of some crime in one of them.
>> Are people generally ok with the police opening every single school locker...?
>>And what if while doing so they discover evidence of another crime? Is that ok and usable?...
Yes, yes, and yes. Police can open any (or all) locker(s) they want for any purpose, though generally they ask for permission from the school administration first, and they can and do use any evidence discovered. Pick your favorite BS legal handwaving, I think it's usually "the lockers belong to the school, and by its good grace allows[/forces] the students to use them"
Bayesian statistics says the opposite. By looking at the history of an entire city, you're giving yourself a highly uninformative prior. This means that it's very difficult to actually draw conclusions from the results. You have to reduce your population size first, and then perform your "test" (looking at search history) on the subset of the population who actually has a reasonable chance of committing the crime even without the search evidence.
It depends on how probative the specific evidence is. If you had a database of everyone's DNA, and wanted to figure out whose blood was on the murder weapon. Your prior is highly uninformative, but the DNA evidence is so highly probative that the resulting identification is probably quite reliable.
> There's no right not to have the government find out you did something wrong...
Did you think this one through? Law is a lagging indicator of what society thinks is acceptable. That works in both directions: sometimes things are legal that shouldn't be, but also things are illegal that should be. Beware a lopsided bias, or you get a ratchet to a totalitarian society.
> No matter how you spin it, you will look suspicious Case closed, crime solved, right?
Oh, come on. The police are looking for a list of persons of interest to start with.
If someone disappears, their spouse gets put on the list of persons of interest. So do the last people seen with them. For each one, the police see if there is a case to be made, or if they know anything that could help, and then move on.
Right. They're fishing because they need leads. It's not a complaint about the police doing their job, but that the method in which it is being done automatically casts suspicion on the people found. Investigators feel clever for thinking "No one but the perp, within reason, could've ever searched for these terms in this time." But that just begs the question.
Because the natural consequence of this "experiment" is to cast all subjects in doubt, you must have a methodology that actually selects for the criminal instead of just correlating really strongly. It's the same problem as the social sciences. Except this one comes with legal consequences.
> Investigators feel clever for thinking "No one but the perp, within reason, could've ever searched for these terms in this time."
Luckily, people are convicted when a judge or jury is convinced that the evidence points at them being guilty beyond any reasonable doubt. Not when an investigator feels clever.
~95% of all convictions derive from plea bargains, and a not-insignificant portion (2-8%) of those are estimated to be innocent.[1]
So, we have a system where an investigator can indeed "feel clever," produce a defendant based on sketchy evidence, who then pleads out for any number of reasons. Neither judge nor jury ever hears what the evidence is in these cases. Ta da: the immaculate conviction.
> If someone disappears, their spouse gets put on the list of persons of interest.
That's because there is a relationship and historically the occasional spouse has been implicated in the murder of their other half.
> So do the last people seen with them.
Proximity means they might be witnesses, not immediately suspects.
> For each one, the police see if there is a case to be made, or if they known anything that could help, and then move on.
Yes. But they don't place everybody that was in a 10 mile radius around the crime scene on their list of suspects because they spoke the name of the victim out loud in the three weeks preceding the crime. And that's roughly the level this is at.
> The police are looking for a list of persons of interest to start with.
Then maybe they should ask Google "of this list of people, did any of them search for this person?". Not "give us the list of the entire town's search history, we'll narrow it down to a few people and then totally just throw the rest of this very fascinating data out, pinky-swear".
I've been searching myself silly for the last couple of hours but can't find a thing. I will ask a lawyer friend of mine tomorrow who is much more adept at finding old cases than I am. Given the amount of hoopla over this I figured it should be trivial to dig up a news link but even the internet is not 'rot proof'.
Is the water getting warm in here or is it just me?
-Mr Frog
The police are not your friend. In pursuit of the $28k, which I'd hate to have stolen from me, they will callously and casually wreck the lives of anybody this search turns up, especially for any poor, or "immigrant looking" people.
Recovering drug addict who's just gotten their life back on track after coming out of prison who's managed to get a stable job, who happened to Google the name of some guy a passenger told him a story about while driving for Uber (in the evenings to make some money on the side)?
This sounds like a very targeted request for information. Sure, police attention is not something anyone should seek out but I don't see how this is different than any other established investigative technique.
You have constructed an entirely fictional example to make your point but you have not cited an actual example of the police overstepping their bounds with this type of search. Sorry, that's not compelling to me.
I don't completely disagree with you but this doesn't make a convincing case against this type of request to me.
> This sounds like a very targeted request for information.
To me it sounds like the exact opposite. A targeted request would look like this:
We'd like the search history for ip address 212.55.12.23 between Sept. 16 2016 1 am and Sept. 21 2016 9 am related to 'name'.
That's a specific request. The present one is a fishing expedition where the police is not confirming something they already know but are looking for someone they theorize might exist.
What I mean is that this is much more targeted than the headline makes it sound. At first glance the police department wants access to the entire search history of everyone in some town. In reality they are asking for something much more specific than that.
I wasn't responding to the headline, but to the article. The headline is inaccurate, but that is not something that should surprise any of us.
The 'much more specific' is that they theorize that such a search query must exist. If they had a suspect they would have raided that persons computer, if the computer was encrypted or erased they they could have used google's search data + the IP address they already had to confirm (not discover) that such a search had indeed been made which would serve as corroborating evidence absent the search history on the computer.
Essentially the police is looking for something that they hope exists and will implicate someone who is currently not on their radar and who could very well be innocent.
This case is one of the ones I have studied in a bit more detail:
We had a case in Germany some time ago where police caught a child porn seller and wanted to find the buyers.
The reaction in the usual circles was predictable: "All credit card users in Germany are under suspicion! Everyone is investigated!". Even lawyers close to certain political parties participated in that disinformation campaign.
What did the court order actually allow?
SELECT * FROM transactions WHERE recipient==$seller
The credit card company was ordered to give a list of people to the police who got charged a specific amount of money(!) by the known seller.
But since the database engine touches every record in the database it "logically" follows that everybody was searched...
A child-porn seller self-evidently deals in illegal material. What if they deal in other, non-child-porn material?
Cocaine? Ecstasy? Marijuana? Legal marijuana, in some jurisdictions? Fake/non-prescription Viagra? Hard-core/niche porn (e.g. watersports, which could be considered illegal in the UK [1], but is legal in a number of other countries)?
Is it justified, that everyone involved in non-child-porn (and potentially legal) purchases, is caught up in the same dragnet?
This is the inevitable result of overly-broad fishing expeditions.
>But since the database engine touches every record in the database it "logically" follows that everybody was searched...
Not sure why "logically" is in quotes, because it is both technically and logically true that they were searched.
If it is illegal for a person to manually parse thru the private information (i.e. financial transactions, search history) of millions of innocent people, then why should it be legal when a person uses a more automated (and thus more dangerous) means to do so?
A better analogy will be someone trying to rob a bank with a grey hoody and the police reviewing tapes of people closets to see everyone who bought a grey hoody.
1. You're giving police full access to tapes of everyone's closets.
2. Grey hoodies are common and this therefore feels like massive overkill.
More realistic, for the purposes of torturing analogies further, would be the police asking for a list of all people who bought a particular and rare style of designer hat from a particular designer store on the day someone was seen committing a crime while wearing an obviously brand new one.
What's being handed to the police is smaller, less revealing and much more targeted than "footage of everyone's closets".
Both examples should be equally unacceptable. When you're asking for "a list of all people who X" it's a fishing expedition not a targeted investigation of a few suspects. It doesn't matter how many rows the SELECT returns.
Giving a list of a small number of people who bought a hat, limited by location and time
and
Giving full video footage of everyones wardrobes (!!)
Are equally unacceptable. Unacceptable, sure, that's a difference of opinion but full video footage of everyones wardrobes is not the same as a small list of names.
Perhaps a similar thing would be if there was a well-executed break-in somewhere, would it be reasonable to ask for a list of people who took out the plans to that building from the local planning office recently?
> When you're asking for "a list of all people who X" it's a fishing expedition not a targeted investigation of a few suspects.
By this logic, any CCTV footage should also be thrown out because it's "a list of all people who were in location X at time Y".
I propose further bending the analogy to make it more correct:
>a particular and rare style
should be "a particular style", since we don't know how prevalent the image is in places that aren't major image search engines, or for other search terms within those engines.
>from a particular designer store
should be "from a specific location of a particular global discount store"
>on the day someone was seen committing a crime while wearing an obviously brand new one.
on the Tuesday before someone was seen committing a crime while wearing one. (images, once acquired, last forever; there's nothing saying the image was acquired in the time window of the subpoena)
I'm not sure I understand your changes. We're talking about searching for a relatively unknown person, so I'd assume we're talking about a rare search term. This is not like asking for who searched about "wire fraud".
> >from a particular designer store should be "from a specific location of a particular global discount store"
Sure, fair enough, my point was simply that it was a rare thing and pretty identifiable.
> (images, once acquired, last forever; there's nothing saying the image was acquired in the time window of the subpoena)
Not even, the correct analogy would be to view all the CCTV cameras in the city, no matter who owned them, on that day to see who was wearing a particular shade of grey hoody.
Why would the cameras have to be in closets? If the hoodie is in your closet then you aren't wearing it so it means nothing. If you are seen wearing the same clothes as a suspect in a crime in a nearby location at the same time then I think that's a reasonable way to narrow down a list of suspects.
Are phone calls not also done in the safety of your own home? Can police request call records? Google does not exist inside your house, neither does the internet. No reasonable person could believe that they do.
No. A better analogy would be someone trying to rob a bank wearing a George grey hoody and the cops asking Walmart for records on who bought grey hoodies in that style.
I'm not sure why you're looking in the proverbial closets – aren't you rather looking at all the tapes maintained in stores to see who bought a grey hoody?
That's a compelling argument, do you think a Google search for a person's name (or maybe any term) is similar to calling a phone number? If the police asked the phone company for the name of everyone who called (555) 867-5309 on a given date or time I don't think that sounds unreasonable.
A procedural request for static information is very different than an intentional action to create interaction with another person.
Also, in this case, the warrant asks for (to adapt your analogy) the numbers of anyone who called such phone:
-only during a small time window, when in reality it doesn't matter when the query happened
-from a phone only in town, when in reality the scammer could have called (google searched) from amywhere
-also assumes the caller was the end user of the dialogue, and that the dialogue was relevant to the crime
(images can be traded and downloaded from places other than GIS)
I think a more correct analogy is to say that a crime happened to a certain phone number, and now a warrant exists to find everyone in town who looked at that page in their phone book in a certain time range.
We don't know what other investigation the police have done. By limiting it to a geographic area I can at least imagine they have done some other investigation to narrow it down to that area. I don't know this but I do think it is promising that the police are narrowing their search to a specific time and area, that seems like something that should happen in an investigation.
I don't think that is a more correct analogy because as I read it the police are asking for people who searched for pictures that were used in the fraud.
The term doesn't sound like it was for the victim it was for some supporting material to attempt the fraud. "Douglas" (the search term/phone number) is not the victim.
You do make a good point about the page in the phone book, that is something I had not considered.
>as I read it the police are asking for people who searched for pictures that were used in the fraud.
Yes. This is the crux of why I'm uncomfortable with the court order. If the police don't have the criminal and files in custody, there's no way for them to know how the criminal got the image. If they do, how the criminal got the image is immaterial, since google image search is a legal way to obtain images. Maybe they got it from a source before Google indexed it for search. Maybe they got it from a file directory at work, or from someone else's computer, etc. Or from GIS, which is the only thing the police are searching. Without more information than is presented in the article, all the police will be able to definitively say is "These IPs from our region are a small subset of the people who had access to this image."
I'm harping on this thread a bit, both because I think the subpoena won't result in meaningful information, and because no judge should have given de jure authority to such a poorly thought out request which breaches privacy. Long-term, the victim of this case might be everyone affected by the legal precedent of granting broad, unnecessary subpoenas for private information. That kind of cost is well over the $28k the victim lost.
Is this really that different from police asking for security camera footage from a convenience store after a robbery?
Yes. Because it's much more like asking for the footage from every camera in (large) area for "guys wearing baseball caps." The distinction is that the reach of the search has been expanded from an individual suspected of harboring the data (or in your example, from a single convenience store) to a much larger class of individuals.
Or in other words, from a targeted subpoena to a full-scale dragnet.
You make a compelling point, but the convenience store analogy is slightly different in that the footage is likely direct evidence of a crime, making it easy to identify the culprit.
Whereas a Google search is entirely circumstancial. Now ideally our justice system would work as you describe, but there's still a risk of an innocent person being charged.
> Police are not asking for the entire search history of everyone in the town, then combing through it to see what they've searched for. Rather, police are asking Google who, in a narrow amount of time, searched for the name of a relatively unknown person who had $28K stolen from him.
Where would you draw the line?
Suppose they don't find what they're looking for in that request. Would you be okay with them expanding the time little by little? Perhaps adding other search terms? What about for other crimes? Other services (Facebook, Bing, Yahoo!, etc...)?
Wouldn't capable prosecutors for future cases simply use this as precedent and expand the parameters little by little?
There is no clear line to draw after you cross this line.
> Other services (Facebook, Bing, Yahoo!, etc...)?
Actually when you read the actual news[1] and not the clickbait rehashed version that has been posted to HN you'll learn why it only targets google:
The Edina Police Department figured out that while
searching Google Images for the victim’s name, they
found the photo used on the fake passport, and
investigators couldn’t find it on Yahoo or Bing.
So, they theorized the suspect must have searched
Google for the victim’s name while making the fake
passport.
The judge is who would be responsible for drawing this line. I would think they would get pretty tired of signing warrant after warrant that was slightly broader than the last.
What if the police asked for the names of everyone who discussed using cannabis in their email exchanges? Would you really argue that in states where cannabis use was illegal that it would be perfectly okay to do this, collect just the names of people who had used mentioned cannabis in email and then visit their homes to question them further about this?
I'm pretty surprised how many people on HN seem to find this acceptable when this is clearly a form of dragnet surveillance.
> In either case, obviously innocent bystanders will be quickly eliminated from the list of possible suspects.
This is a big assumption that may or may not hold in practice. I'd argue that it's more productive to work towards it becoming universal than fighting this kind of request... Or maybe both, because, why does Google has all this information anyway?
I partially agree with you here. I see two big problems, none of them being spying or judicial overreach.
>"Is this really that different from police asking for security camera footage from a convenience store after a robbery?"
Yes it is different, what I do in the privacy of my own home is not comparable to a security camera in a public place or a security camera in a grocery store. In the latter I do not have a reasonable expectation of privacy as I am in a public space.
>"In either case, obviously innocent bystanders will be quickly eliminated from the list of possible suspects."
How do you know this? What if during such a dragnet they see something completely unrelated that they find "interesting"?
Also the granularity of GEO-IP information is notoriously unreliable, I don't believe you could limit the scope of a such a request to a particular suburb as the article mentions.
In public I have no reasonable expectation of privacy, I know that as a citizen and (reluctantly) accept that. Expectations are different on the Internet.
If Google search history was considered public information, they wouldn't need a warrant at all. The fact that they need a warrant confirms that this was an otherwise private communication.
>In this case, a third party would be provided evidence.
It's a pretty common thing for a completely unrelated store's surveillance cameras to have footage of a robbery of another store. That's why police ask every store in the area when one is robbed.
Depends on jurisdiction, but I think over here, the store owners give it routinely, firstly because it is in their best interests (to catch criminals in the area) and secondly, because if they wouldn't, a judge would anyway give the order.
The judge would give the order after ascertaining that the video was relevant to catching the criminal, and specific enough that it only included the time period when the criminal would have been likely to be captured and no longer, and that no unnecessary camera angles or other information be included in the order.
There is a difference between shop owners volunteering camera information and this case. This is closer to all shop owners in town being ordered to turn over the personal information of everyone who bought a shovel, because they found a body that had been buried.
>The judge would give the order after ascertaining that the video was relevant to catching the criminal, and specific enough that it only included the time period when the criminal would have been likely to be captured
Isn't that literally what is happening here? The police are asking Google who looked for this very specific thing in this very specific area at this very specific time period.
I know this is a tired argument by now but argument by analogy is generally terrible a raven isn't like a writing desk and your google history isn't like convenience store footage.
If we skip the obvious step of proving that unalike things are in fact unalike we can address things as they are and examine them truthfully.
In an ideal world your privacy ought not to be invaded by the authorities unless there is a reasonably good expectation that violating your privacy in particular will produce evidence relevant to the case at hand, that there is no narrower means to address the same cause, and that there is real harm in not doing so.
Obviously the way these concerns intersect is complex but we ought also to attend to the poorly thought out idea that we can justify invading everyone's privacy on the argument that surely SOMEONE is guilty because this line of reasoning would be so fantastically prone to abuse that we should have no privacy at all if we go this route.
In this case there isn't even reason to believe that any evidence should turn up even if we violate everyone's privacy, the logical alternative is real police work, and the potential consequences of letting a low level dirty bag slip away for a while are inconsequential.
The vast majority of us give away more personal data to search engines and ISPs than we ever gave to our local libraries it just seems that this data doesn't have the same protection not because such a rule wouldn't be socially useful but because the law hasn't adapted to modern times and search engines and isps don't have the tradition of social responsibility that libraries do.
In the context of all of the above it seems puzzling to me that you are advocating for a position that is so bad for nearly everyone. If we allow fishing expeditions in the name of expediency I very much doubt this will be end of the matter.
Please reconsider your positions or at least provide a better justification for same.
And here the problem: somebody did search for that name and ended up in that report. That person did not commit wire fraud but some other minor crime. And that person will get in trouble too - the evidence will be allowed in the court but the detectives will get on him and find something else. Typical fishing expedition.
It sets a precedent and the danger is that it becomes standard practice for anything they want to use it for. An attempted fraud that didn't succeed isn't exactly a high bench mark is it?
It's like the police saying that they solved a historical crime because they happened to obtain DNA from someone who committed some other random misdemeanour. So let's just take everyone's DNA and solve a bunch of other crimes too.
Your argument is no better than: I have nothing to hide.
One name, Snowden.
He has criminal charges for releasing all these informations about the NSA.
Now in the following scenario if the NSA knew that one of their employees was about to release all that to the public and all they knew about was a flight number he booked to leave the country.
Do you think that in that scenario it's not a big deal if they got Google to provide them the names of everyone that searched that flight?
Imagine the search term was, say, an unusual fetish or an uncommon medical condition or an uncommon religious or political belief. I would have real problems with giving police the power to demand these sorts of things.
One big deal is that google keeps this data and police/DAs have in the past used even flimsier evidence as part of cases that sent innocent people to prison. So another reason to use DDG.
so this is more like the police asking 7-11 for the security footage of anyone who bought a red bull, loaf of bread and six pack of beer in the city over the past month. If this request was made it would be insane for 7-11 to have to go through their footage and figure it out. Why should it be any different because google could do it more quickly? It is not google's job to find suspects for a case it is the police's job to find suspects
>Is this really that different from police asking for security camera footage from a convenience store after a robbery?
This is closer to police asking for all security camera footage from all stores in town which sell a product that may or may not have been used in a particular crime. How do police know the image was procured firsthand from google? How do police know the google search was executed from within town? How do police know the image was procured in the given date range?
You propose that the obviously innocent users will quickly be removed from the suspect pool after police investigate them. This may be true. I posit that it is unacceptable for the list to exist under these circumstances, because a warrant for information that users have a reasonable expectation of privacy should be specific enough that no innocent people should be affected.
I say "reasonable expectation of privacy" here to mean that laypeople expect no tracking, and educated users expect information to be contained entirely in advertising businesses and their partners (google et al.). At no point does a user reasonably expect that, as a matter of course, their search history will be tied to them and presented to law enforcement.
I strongly disagree that providing total transparency to law enforcement and trusting them to look only into the matter at hand, and dismiss and destroy all information relevant to the matter at hand, is the best course from a government perspective. Privacy advocates cry shrilly about big brother, but the end result of this policy is too close to call it anything else. Abrogation of a citizen's reasonable expectation of privacy should be undertaken only when absolutely necessary, and if the procured information leads nowhere pertinent to the investigation at hand, it should be destroyed.
With the information I have, this particular case does not meet the constraints necessary for such a broad warrant to have merit (or be issued).
>Unfortunately, I think obvious invasions of privacy (e.g., PRISM) have made folks very jumpy about any electronic evidence collection, which I don't think is warranted.
This opinion makes sense from your point of view, but it may not hold up when you consider the matter from a "what is the role of government in this situation?" standpoint. The government was created, fundamentally, to uphold and guarantee the rights of citizens.
I would be much more comfortable with your statement if it read more along the lines of "...electronic evidence collection, which I don't think is warranted, but I understand that other people can reasonably care more about privacy than I do."
Which is why I use ddg.gg (DuckDuckGo). They don't track you.
People are starting to wake up to the implications of a world without privacy. I carry around Snowden's quote on my phone and repeat it verbatim when people say they have nothing to hide:
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say".
Do not be discouraged. Just keep educating people one-by-one and we will win this fight. We have to, otherwise our ancestors who fought and died for freedom and liberty will have done so in vain.
true, but with google you have a choice. ISP's are generally granted monopolies and most people don't have a choice. Google only hands over data when mandated by courts or government. ISP's are looking to actively share and sell your information.
While I agree that Google is likely more trustworthy, I think it is naive to think Google does not sell your information; that's how they make money, right?
that is not how they make money. They make money by showing people ads. All they allow you as a user to do is specify attributes you're targeting and the people that view these ads ... match those attributes as best as possible
That bill opens up to ISP's what website's ( like google ) hav e been doing for years. If no one is safe because of that bill, then no one is safe already. VPN'ing around your ISP is about the same level of difficulty as setting your default search engine to not be google.
TFA is about Google being ordered to share information to police, by a (currently) legal court order.
There's no call for [sic] in your quotation of GP.
GP said Google doesn't share personal information with anyone. That's not true. The article shows them sharing it with someone. The point isn't pedantic when one of their competitors, DuckDuckGo, literally can't--court order or not.
My use of sic erat scriptum means I'm quoting GP, grammatical errors and all. This point, in contrast to the previous one, is pedantic :). (One doesn't share information to someone, but with them. "Google doesn't sell your personal information to, nor share it with, anyone" or "Google doesn't sell or share your personal information" are more correct.)
They claim they don't track you. I use DDG for at least 1/3 of my searches (and have to add !g to the rest because I don't get the results I need).
Still, it's important to note DDG runs on AWS, so Amazon still has access to the entire underlying infrastructure. If served an NSL, Amazon could track all traffic going to/from DDG. In theory, they could also grab the SSL certs from those servers and decrypt SSL traffic as well.
I am one of those who also like/use DDG. My only fear is "collaboration with Yahoo to enhance blah blah.."
in that sense I don't know (and don't care to learn) the details and whether in the end of the day Yahoo gets a copy of every-thing searched on DDG with the extra info (IP, MAC, browser fingerprint, etc.)
as for the "one at a time" I am totally wih you on this but I think it's a losing war.. WAY TOO many people don't see past their screen into what happens on the bits&bytes exiting their phones/laptops
DDG originally detailed the extent to which this collaboration existed. They described a DDG-owned and operated server that is accessible only to DDG, but which was required to have a yahoo.com domain in order to use services of Yahoo.
Now, I cannot find this information on their website. Perhaps they got rid of that collaboration (now that Verizon owns Yahoo)?
I either use DuckDuckGo or if it doesn't return relevant results, I use Google in private mode. Private mode obviously doesn't help much (they can easily connect me to my Google Account), but Google does have the years of development behind it.
Yeah, you're right. But frankly, I don't care what people think about me. If what I am saying is true, they can think I am crazy, but (hopefully) the words will stick in the minds of some, and in time those words will be proven right.
Of course, there is also a risk that sometimes I am wrong. There are things that I believed to be true that were not, and I've gone back and told people so. Pursuing truth and being transparent about my mistakes and missteps builds trust.
People may not like me, and I'm fine with that. I would rather have their respect than their admiration. If they do not respect me, then I will do them the courtesy of keeping my opinions to myself. I don't waste my breath on cynics.
Definitely all about expressing opinions in exactly that manner, it's just quotes that grind my gears. The way you described it, I pictured you grabbing your phone, quoting Snowden and dropping the mic :) Quotes always seem like an appeal to authority, are usually taken out of context and rarely say anything truly useful.
Good point, although in this instance of "argumentum ad verecundiam" Snowden has the credibility and has stated a common objection in such a succinct way that I think it bears repeating provided it is stated accurately.
Appealing to authority can be a fallacious way to reason, however it can also be done correctly, and is a powerful way to influence people. I love your visual of phone/quote/mic drop - that'd definitely be the wrong way to do it :)
The police aren't asking for a city's searches. They're asking for anyone, anywhere, who searched Google for 'Douglas ? ?' in a 5 week period. The article this one links to explains this much better.
Google isn't the only search engine on the internet, but the police claim they were unable to find the information in Yahoo or Bing results. They suspect it must have come from a Google search, because that's where they were able to find the same information. The judge felt this provided probable cause to permit the search on Google.
This article is bad. It appears to be written by a layperson who doesn't understand law or how the internet works. And it pours on the hyperbole to excite emotions.
The citypages link on HN is fake news. It misrepresents and mischaracterizes the events reported on the tonywebster link.
"Cops figure if they could just find out who in that affluent suburb has Googled that name, they'd narrow their suspect list right down."
This is fabricated tripe. The cops are not looking specifically in the victim's suburb. The person who wrote the citypages article is being a complete imbecile. His heart might be in the right place, but he's got his facts all wrong. The warrant pertains to information on anyone, anywhere on the entire planet who might have accessed Google's servers and searched for that name between Dec 1 and Jan 7.
It's not mistakes, it's clickbait title and false information. You want to make a distinction based on author's intention, but whether it is intentional or due to incompentence fact is this citypages article got it wrong and got debunked in the ars technica article[1]:
language in the warrant[2] that says "located in city or
township of Edina, County of Hennepin, State of Minnesota"
is standard, pro forma language that is often contained in
the county's warrants. That language, he said, does not
mean that the warrant is demanding that Google solely
disclose who within the city's 15 square miles searched
for the victim's name, as some have reported.)
Not really. The point is the police are trying to solve a case of attempted fraud by asking Google for all searches for a particular name within a particular time period, based on the fact that searching for that name in Google Images comes up with the images used on the fake passport. The story is reporting that they're asking specifically for searches made by people in a particular city, but that detail is pretty incidental to the story itself.
And again, please stop calling this "fake news" just because it contains a mistake. I've already explained that this is not at all what that phrase means.
IMO there's a difference between fake news and opionated news. Fake news is stories like Ted Cruz's father being involved in the assassination of John F. Kennedy. There's nothing factually true in the story itself. This is an article that reports true facts and tries to subvert them to serve an agenda. Almost all mainstream media outlets do this to varying degrees. But that doesn't make this article fake news. Clickbaity title and opionated reporting != fake news.
Reality: Cops provide weak probable cause for warrant, judge gives rubber stamp. They might catch a criminal if their hunch is right and Google doesn't push back due to the expense of the inquiry.
Fake news: Cops are raiding the search history of the citizens of Edina! Privacy rights are in great peril! Porn viewing habits might even be exposed!
That's more than erroneous. That's fabrication. Complete falsehood. It is not a real story. It has no basis in reality. Clickbait title. Mainly designed to drive traffic for ad revenue. It's the very definition of fake news.
They did not ask for "whole city's Google searches", they asked for the identity of the "person who searched for a specific search string", which is not the same thing!
Suggested new title: "Edina police ask for identity of person who searched for specific name, and a judge says yes"
Edit: I find it rather amusing that the cops found the image used in the fake passport on google images, but decided to request google searches for the name instead of access logs for the image on the actual server.
I'm not too outraged over this one. They're asking who in a specific city googled a specific name during a specific timeframe. This is how you find out who your suspects are. I understand it's a razor thin line between "normal police work" and "dragnet surveillance" but this time I think it's the former.
Curious: if anyone thinks it is bad for Google to give the police information, do you think it's bad for Google to have the information in the first place?
Another way to think about this is: when (not if, but when) Google gives a government information in some time in the future, would that change your behavior now?
I'm not 100% sure about this particular instance, but, in general, it's fine for companies to have information that's not fine for the police to ask for.
Substitute Google for any sort of dating website, and it's clear that such a website would have a tonne of data it needs as part of its day-to-day operation that the police should never have access to at such a wide scale.
The problem with Google and Facebook is they lack context. Let's say you doing a search for school on Islamic State. How do they know the difference between you and a member of this terrorist organization?
Isn't that exactly what the court system is for? I've never heard of anyone being charged with terrorism merely for googling IS, and I suspect any judge would throw out a case like that in a heartbeat.
> But that's a result of the evaluation of prospects at trial, so the protections that apply at trial directly influence that.
That would be nice, but it's not true. Prosecutors use the threat of trial to get innocent people to accept plea deals out of fear of being found guilty anyway and facing the full penalties of the charges.
You're assuming good faith from prosecutors, you shouldn't; they only care about winning cases, not justice. The justice system is not your friend and is not out to ensure justice is done. The justice system is for those who can afford lawyers, it does its best to fuck anyone who can't.
No, I'm not. Access to and competence of defense counsel is actually more relevant to the degree of effect that the available adversarial process has on the outcome of plea deals that avoid (some part of) that process, but even with imperfect access to and competence of counsel the fact that some share of cases do go to trial and prosecutors can't certainly predict in advance which cases will be in that set means that the protections in the adversarial process create incentives that influence behavior in the process that precedes arrest and charging.
(This contrasts sharply with, e.g., the foreign intelligence surveillance warrant process, where the warrants do not feed into an adversarial process even in principle, and thus there is far less constraint on government misconduct even with a judicial warrant process.
Prosecutors know who they can bully unfairly and have the discretion to back down if they make a mistake. If what would fly in court were any real behavior influencer, they wouldn't bully people into plea deals that were unjust just because they can. Most people do not have access to competent council and prosecutors know it, and they know the fear of being found guilty will get even innocent people to accept a plea; if you don't have money, the justice system isn't for you.
My Gmail box is for mailing lists, and putting up on things like my HN profile, for random people to get in contact. Personal correspondence goes to an address on a host I control.
>Curious: if anyone thinks it is bad for Google to give the police information, do you think it's bad for Google to have the information in the first place?
Yes. Having such comprehensive information stored in centralized databases on billions of users is extremely dangerous.
It's like when armies in WWI marched in straight rank and file against machine gun fire because they didn't yet know the capabilities of new technology. Though this is much more subtle.
I.e. the OPM hack => black mail on everyone with a US security clearance.
Anyone who can gain access to this information (via hacking, social engineering, or court order) potentially has total control over the identities of their targets.
The end-game of Google (and Facebook, etc.) is to feed on everything everything you think, do, and say so they can predict and influence your beliefs and what you purchase. Of course, law enforcement wants a piece of the cake as well to be able to control and predict the behavior of the population. Break free from the hive mind. Disconnect yourself from the spying apparatus.
>> police want to know who has searched for a particular name [douglas] used as part of that fraud
This is a super click-bait headline. Sounds like Police got the search history of everyone in the city. The reality, which is quickly explained in the article, is nothing like that. They have a list of people in the city who searched for a pretty specific term and it sounds like Google does the digging and gives them a list of names.
Whether that's a problem or not is still up for debate but that headline is ridiculous.
The inside joke about Edina is that it stands for "Every Day I Need Attention"; it's mostly old money, old-ways of doing things. For example: Up until a few years ago, they outlawed happy hour (as a state, we recently approved liquor sales on Sunday; odd, I know) and no, I'm not kidding.
Having said, this doesn't surprise me at all. Not that a judge approved it, but that Edina of all places requested it.
Mac addresses? Under what scenario does any provider (ISP even) end up with your mac address? (Am I missing something here that I don't know about?)
Understand that your router has your mac address and in theory your ISP could end up with it by getting it there if they wanted to but don't know of cases where they legally actually do this or have any need for the info. True?
I guess, if for whatever reason Google had a MAC address of say a Chromebook in some other unrelated database. And the serial of that Chromebook was associated with your account. It's a stretch, and you have to wonder if Google would even go that far.
The other scenario I thought about was the unique browser footprint. Info in server logs that is very specific to someone's machine and the way they have it setup (screen size, os, browser and a host of other info). In certain cases the probability becomes highly likely that it can be linked to another log where your identity is known because the same footprint (not sure if that's the correct word) is in that other log.
I had this thought too - my MAC address is not likely something google have access to (not in the normal operation of a network as it's stripped at the next hop)
This may sound silly to you all but I have recently given up paying for internet at my house as an experiment due to the prevalence of free public wifi nearly everywhere. I'm about 9 months into having cancelled my internet/cable entirely and it is working out well for me. I have only ever been very mildly inconvenienced by it.
Things like this make me never want to go back in all honestly, I save quite a bit of money with basically no downside (unless you count buying very very slightly more coffee than I otherwise might). Since I don't use google logins, disable tracking/cookies, and also change my mac address semi-regularly this seems like an adequate solution without going full on Tor/NoScript all the time(which I would prefer but the inconvenience cost becomes too great).
If this is allowed to legally stand, I am going to have to think long and hard about ever subscribing to an ISP or creating a google account ever again.
Google is legally obligated to provide that information. They can fight the subpoena's merit in court if they wish, but right now, the requesting police and the issuing judge are the problem.
Police are NOT requesting "whole city's Google Searches" - they are requesting the Whole WORLD's Google searches (if you will) for a specific search string (actually a variation of strings).
Realistically complying will get them a bunch of IP addresses. Lets say they get 100 IP addresses; then what?
Track down and investigate every one of them? For what? How do you go from IP address to potential suspect in Bank Fraud?
Apparently now rather than having a suspect and then going to Google for that specific suspect's records is no longer the in thing. These lazy coppers want Google's help to even develop a suspect...very very close to a fishing expedition.
How does this kind of clickbait which is false get promoted to HN front page ?
Specially when the source is given in the posted article and is the actual original source[1] and has no clickbait nor lies. Also this story is covered by ars technica[2] and a copy of the warrant is available online[3].
The best solution for avoiding government surveillance overreach continues to be for nobody to store the data. A service provider can't be forced to disclose information it doesn't have.
I recommend duckduckgo.com for those bothered by this: "We don’t store your personal information. Ever. Our privacy policy is simple: we don’t collect or share any of your personal information."
This was unclear from the article...but from what I understand the police want info on anyone who searched a specific term on google for a specific image from geo-location/IP in that city a week before the crime took place ?
1. What if the criminal didn't use Google?
2. What if the criminal did use Google but used a VPN or Tor or a Proxy?
This article is a piece of crap and is plain wrong.
Police asked for a warrant for anyone anywhere over a 5 weeks period who search for the name that leads to the picture used in the fake passport that you can find on google but not yahoo or bing.
If I understood the article correctly, the title is misleading.
The cops were not granted an entire raw database of all google searches by person. Instead, they were granted "'any/all user or subscriber information' of anyone in Edina who'd looked up that name between December 1, 2016, and January 7" which is IMHO a much less serious breach of privacy.
You could retort that collecting these users' "name(s), address(es), telephone number(s), dates of birth, social security numbers, email addresses, payment information, account information, IP addresses, and MAC addresses" is a serious breach of privacy, but I believe those are all available to law enforcement (save the internet-specific info).
You are quite right, and it's a shame people are downmodding you.
For some reason there is this belief that anything you do electronically should be immune to warrants, and warrants should only apply to physical documents.
Just read the comments and see, it's really astonishing.
It was the same thing with that phone the FBI was hacking, [some] people had a deep-seated belief that because it was encrypted the FBI should not be permitted to hack it!
(Some people had other issues with it, but they were a minority - most simply felt the FBI should not be allowed to try to hack a phone.)
If a bike was stolen from a street, the police do not have the right to enter and search every home on that street to see if you committed the crime. We already have the legal framework for these kinds of questions in meatspace. The courts are treating it differently because its on a computer, the same way companies are getting patents for unpatentable processes as long as they do it on the internet
Except that's a terrible analogy. A better analogy is the police are asking all the landlords to check their security cameras for someone carrying a bicycle.
Can you clarify what you mean by "all this"? Because as far as I can tell all they are asking for is the identity of the person who searched for a specific word.
Unless you are prosecuted by accident, news papers write about you and charges are dropped. You apply for a job, someone googles you and reply with "Thank you for your time. Unfortunately..."
I don't think we can assume more information increases the likelihood of false accusations. It certainly can for any given situation, but it can certainly greatly reduce the risk by identifying the real perpetrator.
If I were on trial when I was innocent, I'd really appreciate having this information available.
Though if there was empirical data to suggest that it was more risky, I could be convinced.
Because innocent people getting swept up by the legal system is potentially disastrous for those people, particularly if they are people of color. Take the Kalief Browder case as an example: http://www.newyorker.com/magazine/2014/10/06/before-the-law
However, injustices happen all over the world in varying degrees. It's important to figure out the balance of damage done / good done. If one out of 100 million people is wrongly convicted each year due to these practices, but 1 out of 50 million is rightly convicted each year, then this tool net good (even though innocent people have convicted.) This is just a simple view though, it's up to society to balance this equation (but that means not having a puritist and irrationally stubborn point).
What is the prevalence of accidental conviction due to the police having access to your limited private information?
Apart from gigantig societal issues around chilling effects and free speech related issues.
Whenever you cast a wide net you must either do significant statistical modelling or disqualify the actual results of the warrant from being considered as evidence. Ie you can not both use the results to filter the suspects _and_ use it as evidence without knowing exactly what you are doing from a statistical point of view. As badly understood statistics generally are, the required level of rigor is unlikely to be achieved.
Have you? The concept was "pre-crime" which is stopping crimes before they happened - not investigating crimes that have already conclusively been committed. Additionally, upon finding the system in use was faulty it was dismantled and everyone affected by it given a pardon.
Not saying the slippery slope argument is invalid, but the use of Minority Report is better kept to arguments where the intent is to use "big data" to predict and prevent crimes - not for when crimes have been committed and the intent is to figure out who did it.
theoretical question: what if google will say that they do not know how to get this specific information out of their data? how can anyone prove if its true without full access to google infrastructure? will the police confiscate all their servers?
Wait a second - I thought a year ago I had an email from Google telling me this is last chance to opt out of them collecting my search queries. I remember clicking and google page told me thanks we won't collect your searches.
I wonder what principles a judge in the U.S. justice system? Is it only constitution?
Can people somehow adjust what makes a judge? (speaking of competency in privacy matters)
You can appear to delete your Google account records from there. I wouldn't trust any company that cooperates with the NSA and State Department to actually ever delete anything the government could find useful.
I remember seeing something like this online. I think it was murderpedia.org ?
Details are a bit fuzzy and might be wrong. In the 90's someone murdered a person or two. Somehow the cops asked the local ISP for anyone making constant searches of the case. They traced it back to the murderer.
I was kind of wrong on the details, was in 2002 and they asked Microsoft.
"Instead, agents simply tapped into the wealth of information that Microsoft Corp. and other Internet companies keep on people who visit their Web sites and use their services."
This title is so inaccurate it should be changed. Asking who in a city searched for a term is not the same as asking for a whole city's Google searches.
I actually disagree. Answering the question requires searching through each and every person's Google searches. So it's the equivalent of going door-to-door and searching every house for the one with the item.
The government is not getting access to (nor asking for) all queries. The government is getting access to information identifying who searched for a term. Google's query may include all search terms but Google obviously already has that data anyways.
This is equivalent to asking FedEx who in a given city was shipped something from a specific address. Sure when FedEx does a search it may technically search over all shipments from any address, but the government isn't getting access to that information. Hardly equivalent to door-to-door searches of every house.
> This is equivalent to asking FedEx who in a given city was shipped something from a specific address.
It is neither equivalent to nor even really analogous to it. It's more like asking a retailer that keeps such records for a list of every purchaser of a specific product.
Which, just to be clear, is something law enforcement will do in some circumstances already.
Agreed that's a much better analogy. In this case the "retailer" already maintains such records. The government isn't even asking for the list of all purchases by all individuals, just the name of who purchased a particular item.
Sure in the course of getting the answer to that question the retailer may sift through the records of all purchases, but this is data they already have.
This is hardly something to be outraged about. Title implies something much different.
I totally agree with switching to DDG and ceasing all Google activity.
However, this is fear-mongering, slippery-slope-fallacy-ridden sensationalism. They targeted a specific name. The judge isn't going much further than that.
I get it - the police are potentially violating innocent peoples' privacy.
But for some reason, what this judge did doesn't overly bother this Google-hater / privacy defender. Maybe it's because the article is written for the National Inquirer.
Inflammatory partisan comments are bad for HN to begin with, and when they're also unsubstantive swipes, that's definitely something you shouldn't post. Consider the crap it provoked below.
"I'm going to open up our libel laws so when they write purposely negative and horrible and false articles, we can sue them and win lots of money. We're going to open up those libel laws. So when The New York Times writes a hit piece which is a total disgrace or when The Washington Post, which is there for other reasons, writes a hit piece, we can sue them and win money instead of having no chance of winning because they're totally protected."
Why shouldn't the New York Times be held accountable?
Stop running with fake news and non-stories to push an agenda. Major news organization should be compelled to print the facts and instead go on a constant witch hunt (eg Maddow's non-story about Trump's taxes). They are trying to undermine the administration of the president of the united states. This should not be taken lightly.
And despite (maybe in spite of) the constant aggression towards potus and his administration, the people trust Trump more than the media.
And just because someone has a small blog, they still shouldn't make up stories.
Remember this?
Melania Trump settles defamation claim against blogger
You mean make up stories like that Obama was born in Kenya? Or that Democrats ran a child sex ring in a DC pizza joint? Or that a terrorist attack occured in Bowling Green?
Also, any sentence starting with "major news organizations should be compelled to print" is, uh, pretty much the definition of non-free speech.
Come on. I expect more than that level of illogic on this forum, even from Trump apologists.
No, it is pathetic that you are unaware of Trump's exclusion of major news sources from coverage, baseless attacks on the credibility of sourced articles, and explicit statements that he desires to go after news organizations for unfavorable reporting using libel laws. Especially in the light of his recent slander against Obama regarding wiretapping.
If you have your eyes closed in denial, then there is nothing I can do for you. The fact that you consider my statement "ridiculous" or "hysterical" just goes to show how utterly deluded you are about the activities and hypocrisy that he's actually engaged in. Trump has absolutely no interest in defending free speech, only his speech.
> baseless attacks on the credibility of sourced articles
I'm sure potus gets it wrong firing from hip so often, but I don't know to which articles you're referring. These news outlets are on full attack against this administration. Just look at positive vs negative news coverage.
> Only 3 percent of the reports about Trump that aired on NBC and CBS were positive, while 43 percent were negative and 54 percent were neutral.
I think we need to get over the idea of privacy. It's not technologically, politically or legally feasible to expect that anything you do on the internet can or should be kept from the authorities.
Big data is such an incredible tool for crime prevention. Minority Report is not a dystopian vision: it's a blueprint for a more just society.
If every "private" email, video conference and search is available for inspection and cross reference, we can end anti-social behaviour as we know it and achieve the kind of peace and harmony that only come from full accountability.
Crime thrives in dark corners. A surveillance society is a searing searchlight to expose and eradicate the the rot.
The question is: what comes next? If you bought a pressure cooker on Amazon a month before the Boston bombing, do police get to know about it?"
Absolutely. That is valuable information for an investigate. That doesn't mean everyone who bought a pressure cooked should be locked up, but that information can be used in conjunction with other information to narrow down a list of suspects. Legitimate buyers have nothing to fear and terrorists get caught.
> Minority Report is not a dystopian vision: it's a blueprint for a more just society.
Yeah arresting people for crimes they have yet to commit doesn't sound more just to me.
> Crime thrives in dark corners. A surveillance society is a searing searchlight to expose and eradicate the the rot.
Crime thrives when people have no other options. Providing economic opportunities for everyone reduces crime far more than mass surveillance ever will.
The entire moral quandary behind minority report could be avoided simply by having police monitor people, and if they are actually about to commit murder---prevent it and arrest them for attempted murder.
The reason they didn't do that was simply because it's a movie, and movies work better if instead of picking a compromise point between our society and some future ideal---you just pick the future ideal that will seem crazy to people.
It's like Logan's Run (movie) where the issue isn't just that you kill everyone over 30 to save resources, but that you lie and pretend no one can physically live past 30 and everyone gets reincarnated. They inserted the moral quandary to make the story interesting.
If the only moral quandary you see with Minority Report is that they do the arrests before the crimes happen then I sincerely hope you're never in a position to guide public policy on anything really.
Is this missing a /s? If every single piece of data related to you is stored and accessible by the government then it only takes a change in the political winds to turn you from a model citizen to an enemy of the state. You even reference Minority Report where half of the movie was the main character being framed for a crime.
Beyond that, if we really did want to make wide spread data collection a part of society it should be a constitutional change in the US at least. The 4th amendment protects against unreasonable searches. Proposing that everyone gets searched all the time is just a way for the government to weasel their way around that restriction. Doing so just degrades the rule of law which has a host of problems.
The only way I could possibly see being ok with everyones information being available all the time is if warrants were for specific information, for example looking for people who bought pressure cookers before the boston bombing, and any evidence found in this dragnet that pointed to other crimes could _never_ be used in any other case. That would at least prevent fishing expeditions from the government
> It's not technologically, politically or legally feasible to expect that anything you do on the internet can or should be kept from the authorities
Which authorities? Just because you are comfortable with the authorities there where you are or the authorities you have today, doesn't mean you should be comfortable with the authorities here or the authorities you may have tomorrow
> we can end anti-social behaviour as we know it and achieve the kind of peace and harmony that only come from full accountability
Who is we? Who is going to read, interpret and correctly act on this information? Only a total boot heal would write something like this. Your faith in authority is misplaced.
> Crime thrives in dark corners. A surveillance society is a searing searchlight to expose and eradicate the the rot.
You know what else thrives in dark corners? Dissent. A searchlight can wilt a flower just as much as it can expose rot
> Legitimate buyers have nothing to fear and terrorists get caught
There are exactly two people that want to blow up a marathon with a pressure cooker bomb. Two. The planet was only able to produce 22 people who want to fly planes into buildings in over 80 years of commercial aviation. Even then, that was only possible because of an anomaly of state sponsorship. Terrorism is such a tiny problem as to not even deserve mention.
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."
"I can't wait to be judged by a panel with a single, global understanding of correctness, morality, and justice which can account for everyone's beliefs and completely understand what is right and wrong. There is right, and there is wrong. And we must seek to eradicate wrong, for we know what is right. And if you disagree with us, you are wrong."
Resist. Do not let the shills tell you what to believe in.
The problem is how "the rot" is defined. And having an exhaustive database or algorithm that can quickly eliminate whatever "rot" the system has defined is what makes Minority Report dystopian.
Police are not asking for the entire search history of everyone in the town, then combing through it to see what they've searched for. Rather, police are asking Google who, in a narrow amount of time, searched for the name of a relatively unknown person who had $28K stolen from him.
Is this really that different from police asking for security camera footage from a convenience store after a robbery? In either case, obviously innocent bystanders will be quickly eliminated from the list of possible suspects. Any remaining suspect(s) will still need to be (1) charged, (2) have a judge allow the evidence in court, and (3) convicted on the basis of evidence beyond reasonable doubt by a jury of their peers.
Unfortunately, I think obvious invasions of privacy (e.g., PRISM) have made folks very jumpy about any electronic evidence collection, which I don't think is warranted.
EDIT: Thanks to guelo for pointing out that this was an unsuccessful attempt at wire fraud, so the victim (fortunately) retained the $28K. I missed that previously.