Google this week announced changes to the way it collects and stores user location data that might bring an end to geofence warrants.
In a blog published on Electronic Frontier Foundation’s website on Wednesday, EFF’s general counsel Jennifer Lynch gives us the good news that Google is so drastically changing the methods it uses to collect user location data that it just might put the kibosh on law enforcement’s use of geofence warrants going forward — but suggests that we perhaps shouldn’t hold our collective breaths as we wait for that to happen.
Just in case you’re unfamiliar with geofence warrants, I’ll let Ms Lynch explain:
“Geofence warrants require a provider—almost always Google—to search its entire reserve of user location data to identify all users or devices located within a geographic area during a time period specified by law enforcement. These warrants violate the Fourth Amendment because they are not targeted to a particular individual or device, like a typical warrant for digital communications. The only “evidence” supporting a geofence warrant is that a crime occurred in a particular area, and the perpetrator likely carried a cell phone that shared location data with Google. For this reason, they inevitably sweep up potentially hundreds of people who have no connection to the crime under investigation—and could turn each of those people into a suspect.”
These warrants, which Lynch points out should be illegal, are possible because of the massive amount of location data that Google has traditionally collected on people, which it calls “Location History” and stores in a James Bondish-scaled database called “Sensorvault.”
How big a thing are these geofence warrants? According to Google, they make up 25% of all warrants the company receives each year.
The good news is that on Tuesday Uncle Goog (well, actually Google Maps director of process Marlo McGriff did all the talking in a blog) said its changing the way it collects and stores location data, which should make it harder for geofence warrants to be effective.
The changes are threefold:
- Location data will now be stored on a user’s device instead of being held by Google in its cloud.
- All location data will be deleted after three months instead of its current lifespan of at least 18 months.
- When users choose to back up their data to the cloud, Google will “automatically encrypt your backed-up data so no one can read it, including Google.”
Lynch sees this move by Google as potentially a good sign, but says it’s not time to break out the party favors yet.
“All of this is fantastic news for users, and we are cautiously optimistic that this will effectively mean the end of geofence warrants. These warrants are dangerous. They threaten privacy and liberty because they not only provide police with sensitive data on individuals, they could turn innocent people into suspects. Further, they have been used during political protests and threaten free speech and our ability to speak anonymously, without fear of government repercussions…
“However, we are not yet prepared to declare total victory. Google’s collection of users’ location data isn’t limited to just the “Location History” data searched in response to geofence warrants; Google collects additional location information as well. It remains to be seen whether law enforcement will find a way to access these other stores of location data on a mass basis in the future.”
You can read Lynch’s blog post on the potential death of geofence warrants here: Is This the End of Geofence Warrants?
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux