Cops use Google to obtain data about mobile devices near crime scenes

North Carolina police are investigating crimes by using area-based search warrants to force Google to hand over data about all mobile devices near crime scenes.

Cops use Google to obtain data about mobile devices near crime scenes
Thinkstock

Police in North Carolina are attempting to use tech “as a hack for their job” by obtaining warrants to force Google to hand over unique data from all mobile devices within acres of a crime scene.

WRAL out of Raleigh, North Carolina, reported on a recurring tactic that the cops there are employing: using Google as an investigative tool to reveal the identity of every mobile user within areas, which includes both homes and businesses. It’s happened at least four times.

When investigating crimes, Raleigh-Durham cops are not searching for phones that connected to a specific cell tower, but for phones that were within a specific geo-locational area. And that doesn’t imply a small area; during a homicide investigation, the cops asked Google to provide data for anyone within a 17-acre area. Another demanded Google hand over user data from the day of a shooting and the day before; the area defined in that warrant included “dozens” of apartment units near St. Augustine’s University.

The police are not just interested in Google handing over account IDs tied to Android devices; a Raleigh Police Department spokeswoman told WRAL that the area-based warrants also included “any device running location-enabled Google apps.” They got the idea after learning about a similar search warrant the State Bureau of Investigation obtained in Orange County.

The Wake County North Carolina district attorney, Lorrin Freeman, suggested the right balance between helping the cops investigate and protecting people’s Fourth Amendment rights was being used.

“We’re not getting text messages or emails or phone calls without having to go through a different process and having additional information that might lead us to a specific individual,” Freeman said.

A warrant demanded Google hand over anonymized numerical identifiers and time-stamped location coordinates for every device that passed through the area. WRAL reported, “Detectives wrote that they’d narrow down that list and send it back to the company, demanding ‘contextual data points with points of travel outside of the geographical area’ during an expanded timeframe. Another review would further cull the list, which police would use to request user names, birth dates and other identifying information of the phones' owners.”

Legal and privacy professionals weigh in on the area-based warrants

Various legal and privacy pros chimed in about these area-based warrant phishing expeditions, most believing the warrants didn’t establish probable cause. Thousands of innocent people are affected, while the cops are just hoping to find someone to later investigate.

EFF attorney Stephanie Lacambra called the search warrants “deficient.” She added:

“To just say, ‘Criminals commit crimes, and we know that most people have cell phones,’ that should not be enough to get the geo-location on anyone that happened to be in the vicinity of a particular incident during a particular time,” Lacambra said.

Without that probable cause, she said, the department is “trying to use technology as a hack for their job.”

Raleigh defense attorney Steven Saad says this practice could potentially erode constitutional protections.

“If you know a crime was committed in an area and you have no information on a suspect, would you allow for them to go through every house in the neighborhood?” Saad said. “Of course not.”

Google told WRAL that it pushes back against overly broad warrants, but it would not comment on if it pushed back against the warrants issued by the Raleigh-Durham police.

Out of the four area-based search warrants, which would have swept up the data of thousands of innocent mobile device users, WRAL reported that they resulted in only one arrest.

Copyright © 2018 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline