Manhattan DA Got Innocent People’s Google Phone Data Through A ‘Reverse Location’ Search Warrant
A Proud Boy kicking a protester outside the Metropolitan Republican Club last year (Shay Horse)
The technique uses a type of search warrant known as a “reverse location” or “geofence” warrant, which gives authorities location information on Google users who have Android phones or use apps, such as Google Maps.
From this bucket of data, law enforcement then try to figure out which phones may be tied to suspects or possible witnesses.
The use of this surveillance technique has not been confirmed in New York City until now. An investigator for the Manhattan DA revealed it during testimony last week in a case involving a politically-charged assault from last year.
The defendants are members of the Proud Boys, a group of pro-Trump rightwing extremists who allegedly beat up four leftist protesters, believed to be associated with Antifa, outside an Upper East Side event last October. The four protesters refused to cooperate with police, and authorities were unable to identify them.
As part of their attempt, prosecutors sent Google a warrant for phone records near the conflict, as the Times reported last week.
In further testimony, the investigator confirmed that the warrant was a reverse location search warrant, according to a transcript provided to WNYC by the Manhattan DA’s office.
Court records show that this dragnet data request captured the location data of multiple people who were put under law enforcement scrutiny, even though they had nothing to do with the crimes under investigation.
According to the investigator’s testimony, authorities were looking for location records from “Google’s Android platform and Google-based apps, such as Google Maps, [that] utilize location service[s].” The warrant requested records from multiple sites, including where the conflict broke out on 82nd Street and other locations where participants in the clash may have been that evening.
The tech company forwarded an “anonymized list” of “Google device IDs” based on their request. Investigators then cross referenced spreadsheets of Google users at various locations, attempting to find “multiple appearances of those same anonymous numbers.”
Authorities said they eventually learned enough about several of the accounts to determine the individuals were innocent.
“We received approximately two or three records back from them that met our specific search criteria,” Investigator Schoenfeld said. “Through follow-up investigation, we were able to determine that we did not believe that the individuals who were the account holders here were involved in this incident in any way.”
The Manhattan DA’s Office declined to comment on how the data was used. But in Minnesota, police have said that after selecting “anonymous” users of interest from Google’s bulk records, they then get another warrant to make the company hand over the name of the cell phone owner.
Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project at the Urban Justice Center, said the case illustrates what privacy advocates have long feared.
“When we sign up for Google, we shouldn’t be signing away our core constitutional rights,” he said. “When law enforcement uses these sort of digital dragnets they often will get it wrong, and innocent people will be swept up in the mix.”
In a city as dense as New York, such digital sweeps could gather data on thousands of innocent cell phone users, noted Jerome Greco, a staff attorney in the Legal Aid Society’s Digital Forensics Unit.
“That’s like saying, we suspect that somebody hid a gun in an apartment in a building, so we’re going to search everybody in the building, even though we know only one apartment actually has this,” he said. He argued law enforcement warrants should be more focused.
Google declined to comment on the case or how it responds to such law enforcement requests. In an email, Apple told WNYC that it does not track the geolocation of devices and thus does not have the ability to identify all Apple devices near a given location and time.
Despite the expansive warrant and other surveillance techniques, authorities said at trial that they were ultimately unable to identify the leftist protesters. Greco argued the case illustrates how bulk surveillance techniques are more likely to affect those least expecting them.
“Because the general public is unaware of the significance of their data, or is unaware that its being taken at all, they are much more likely to be caught up in one of these dragnets,” he said. “Rather than somebody who is aware of the importance of it, and is intending on committing a crime.”