Data harvested by Google on the location of its users is being used by police to find new leads in cases that have gone cold.
Law enforcement agents in the US have been trawling information taken from the search giant’s Sensorvault database to help them in criminal cases.
This information is meant to be used to target ads to individual users as well as to check how well such targeted ads are working.
Experts are concerned over this new type of digital ‘dragnet’, where people are considered suspects by virtue of being in the wrong place at the wrong time.
Police make a general request through the courts to get their hands on data for a specific location, known as geo-fencing, during a set period of time.
Once they have narrowed down the results to devices they believe could actually be relevant to the case, Google then gives them the names of their owners.
Police say they won’t act on location details alone when making an arrest, but the practice has already seen innocent people detained for crimes they didn’t commit.
The technique is currently only being used in the US, as Google is based in the country and subjects to its laws.
The US has Mutual Legal Assistance Treaties (MLATs) with more than 60 countries around the world, including the UK, setting out rules on cooperation between nations’ law enforcement agencies.
This can involve a long and complicated process and there has been increasing pressure for tech firms to provide quicker access to their data internationally.
The case of 13-year-old Lucy McHugh found stabbed to death in 2018 after leaving her house in Southampton has added pressure to these calls.
Facebook refused to handover the password to the prime suspect in the case’s account.
Data harvested by Google on the location of its users is being used by police to find new leads in cases that have gone cold. Law enforcement agents have been trawling information taken from the search giant’s Sensorvault database to help them in criminal cases (stock image)
Red flags over the practice were raised in an in-depth report for the New York Times.
Google’s database, dubbed Sensorvault, contains records of the locations of hundreds of millions of smartphone and other devices around the world.
Law enforcement officials have been requesting access to records stored in the Sensorvault to identify devices that were active in an area at the time a crime was committed.
To do so, they must apply for a court order granting them access to the data with the intention of finding witnesses and possible suspects.
The information provided is anonymous, but police can use other details in a case to narrow down their selection to handsets and other gadgets they believe may be relevant to the case.
Google will then reveal more specific data about its owner, including their name.
‘We vigorously protect the privacy of our users while supporting the important work of law enforcement,’ Richard Salgado, Google’s director of law enforcement and information security, said in a statement.
‘We have created a new process for these specific requests designed to honor our legal obligations while narrowing the scope of data disclosed and only producing information that identifies specific users where legally required.’
Experts are concerned over this new type of digital ‘dragnet’, where people are considered suspects by virtue of being in the wrong place at the wrong time. A dragnet is a coordinated attempt by enforcement to try and catch a criminal (file photo)
Requests for access to Sensorvault data by US police forces have increased dramatically in the past six months, the report warns, with 180 requests received by Google in just one week.
Police already request information from tech firms to help them in their investigations but experts are particularly concerned about the use of Sensorvault.
The NYT spoke to one man who has already been arrested for a crime he was later exonerated of, after his location data landed him on law enforcement’s radar.
Jorge Molina’s smartphone was linked to a location where a man had been shot nine months earlier.
The shots were fired from a car similar to the one owned by Mr Molina, who was arrested and spent a week in jail.
It later emerged that his mother’s ex-boyfriend, who often borrowed his car, had committed the crime.
This is not the first time that Google has faced criticism for its use of tracking data.
In August 2018, researchers from Princeton University revealed that the firm stores users’ location data even after they’ve turned ‘Location History’ off.
Despite the setting purportedly preventing data collection, researchers discovered Google had kept records of Dr Gunes Acar Acar’s train commute on two trips to New York and visits to the High Line park, Chelsea Market, Hell’s Kitchen, Central Park and Harlem.
Police say they won’t act on Google location details alone when making an arrest, but the practice has already seen innocent people detained for crimes they didn’t commit (stock image)
Researchers then plotted the locations on a map. They found that Google keeps track of your current location each time you open Google Maps.
The daily weather updates on Android phones also provided another way to track movement.
There has also been increased pressure on firms like Google to give police around the world that are investigating crimes information on their users.
MLATs set out how countries will work together to provide information about crimes that are being investigated.
However, this can be a long and complicated procedure and some experts believe the system needs reform.
In April 2017, the European Union announced proposed laws to force technology companies such as Google, Microsoft and Facebook to hand over users’ data to European law enforcement officials even when it is stored on servers outside the bloc.
The law would allow European prosecutors to force companies to turn over data such as emails, text messages and pictures stored online in another country, within 10 days or as little as six hours in urgent cases.
The European Union executive says the proposed law, which would apply to data stored inside and outside the bloc, is necessary because current legal procedures between countries to obtain such electronic evidence can drag on for months.
The case of 13-year-old Lucy McHugh (left) found stabbed to death in 2018 after leaving her house in Southampton has added pressure to these calls. Facebook refused to handover the password to the account of the prime suspect in the case – Stephen Nicholson, 24, (right)
More recently, the mother of murdered schoolgirl Lucy McHugh condemned Facebook in September 2018 over its failure to hand over the prime suspect’s password.
Stacey White accused the social media giant of denying her justice after police were forced to apply to American judges for a court order demanding that it hand over the information.
Detectives investigating 13-year-old Lucy’s murder were desperate to access Facebook accounts belonging to tattoo artist Stephen Nicholson, who was jailed for 14 months for refusing to reveal his password to police.
Because Facebook is based in America, officers from Hampshire Police were forced to apply to the US justice department for the password.