Data harvested by Google on the location of its users is being used by police to find new leads in cases that have gone cold.
Law enforcement agents in the US have been trawling information taken from the search giant’s Sensorvault database to help them in criminal cases.
This information is meant to be used to target ads to individual users as well as to check how well such targeted ads are working.
Experts are concerned over this new type of digital ‘dragnet’, where people are considered suspects by virtue of being in the wrong place at the wrong time.
Police make a general request through the courts to get their hands on data for a specific location, known as geo-fencing, during a set period of time.
Once they have narrowed down the results to devices they believe could actually be relevant to the case, Google then gives them the names of their owners.
Police say they won’t act on location details alone when making an arrest, but the practice has already seen innocent people detained for crimes they didn’t commit.
The technique is currently only being used in the US, as Google is based in the country and subjects to its laws.
The US has Mutual Legal Assistance Treaties (MLATs) with more than 60 countries around the world, including the UK, setting out rules on cooperation between nations’ law enforcement agencies.
This can involve a long and complicated process and there has been increasing pressure for tech firms to provide quicker access to their data internationally.
The case of 13-year-old Lucy McHugh found stabbed to death in 2018 after leaving her house in Southampton has added pressure to these calls.
Facebook refused to handover the password to the prime suspect in the case’s account.
Scroll down for video
Data harvested by Google on the location of its users is being used by police to find new leads in cases that have gone cold. Law enforcement agents have been trawling information taken from the search giant’s Sensorvault database to help them in criminal cases (stock image)
HOW DOES A POLICE LOCATION DATA REQUEST WORK?
Police in the US can make a general request through the courts to get Google to provide data for a specific location, known as geo-fencing.
This is a record of all of the devices that were active in a specific area during a given period of time.
Law enforcement officials narrow down this list of active devices to gadgets they believe could actually be relevant to the case.
That includes those belonging to witnesses to a crime or potential suspects.
Google then gives them the names of the owners of this smaller list of devices.
Red flags over the practice were raised in an in-depth report for the New York Times.
Google’s database, dubbed Sensorvault, contains records of the locations of hundreds of millions of smartphone and other devices around the world.
Law enforcement officials have been requesting access to records stored in the Sensorvault to identify devices that were active in an area at the time a crime was committed.
To do so, they must apply for a court order granting them access to the data with the intention of finding witnesses and possible suspects.
The information provided is anonymous, but police can use other details in a case to narrow down their selection to handsets and other gadgets they believe may be relevant to the case.
Google will then reveal more specific data about its owner, including their name.
‘We vigorously protect the privacy of our users while supporting the important work of law enforcement,’ Richard Salgado, Google’s director of law enforcement and information security, said in a statement.
‘We have created a new process for these specific requests designed to honor our legal obligations while narrowing the scope of data disclosed and only producing information that identifies specific users where legally required.’
Experts are concerned over this new type of digital ‘dragnet’, where people are considered suspects by virtue of being in the wrong place at the wrong time. A dragnet is a coordinated attempt by enforcement to try and catch a criminal (file photo)
WHAT IS A POLICE DRAGNET?
A dragnet is a coordinated attempt by enforcement to try and catch a criminal.
The term refers to the practice used by fishermen to ensnare marine animals in a body of water.
A police dragnet can be made up of a physical presence, such as when a city block is closed off after a crime, or when protesters are ‘kettled’ following the outbreak of violence.
More recently, DNA ‘dragnetting’ has seen police ask to volunteer blood or saliva samples to aid in investigations where genetic evidence has been collected from a crime scene but no known suspect has been identified.
Data dragnetting is a new approach that uses information gathered by companies and others on people’s digital lives to the same effect.
Requests for access to Sensorvault data by US police forces have increased dramatically in the past six months, the report warns, with 180 requests received by Google in just one week.
Police already request information from tech firms to help them in their investigations but experts are particularly concerned about the use of Sensorvault.
The NYT spoke to one man who has already been arrested for a crime he was later exonerated of, after his location data landed him on law enforcement’s radar.
Jorge Molina’s smartphone was linked to a location where a man had been shot nine months earlier.
The shots were fired from a car similar to the one owned by Mr Molina, who was arrested and spent a week in jail.
It later emerged that his mother’s ex-boyfriend, who often borrowed his car, had committed the crime.
This is not the first time that Google has faced criticism for its use of tracking data.
In August 2018, researchers from Princeton University revealed that the firm stores users’ location data even after they’ve turned ‘Location History’ off.
Despite the setting purportedly preventing data collection, researchers discovered Google had kept records of Dr Gunes Acar Acar’s train commute on two trips to New York and visits to the High Line park, Chelsea Market, Hell’s Kitchen, Central Park and Harlem.
Police say they won’t act on Google location details alone when making an arrest, but the practice has already seen innocent people detained for crimes they didn’t commit (stock image)
Researchers then plotted the locations on a map. They found that Google keeps track of your current location each time you open Google Maps.
The daily weather updates on Android phones also provided another way to track movement.
There has also been increased pressure on firms like Google to give police around the world that are investigating crimes information on their users.
MLATs set out how countries will work together to provide information about crimes that are being investigated.
However, this can be a long and complicated procedure and some experts believe the system needs reform.
In April 2017, the European Union announced proposed laws to force technology companies such as Google, Microsoft and Facebook to hand over users’ data to European law enforcement officials even when it is stored on servers outside the bloc.
The law would allow European prosecutors to force companies to turn over data such as emails, text messages and pictures stored online in another country, within 10 days or as little as six hours in urgent cases.
The European Union executive says the proposed law, which would apply to data stored inside and outside the bloc, is necessary because current legal procedures between countries to obtain such electronic evidence can drag on for months.
The case of 13-year-old Lucy McHugh (left) found stabbed to death in 2018 after leaving her house in Southampton has added pressure to these calls. Facebook refused to handover the password to the account of the prime suspect in the case – Stephen Nicholson, 24, (right)
More recently, the mother of murdered schoolgirl Lucy McHugh condemned Facebook in September 2018 over its failure to hand over the prime suspect’s password.
Stacey White accused the social media giant of denying her justice after police were forced to apply to American judges for a court order demanding that it hand over the information.
Detectives investigating 13-year-old Lucy’s murder were desperate to access Facebook accounts belonging to tattoo artist Stephen Nicholson, who was jailed for 14 months for refusing to reveal his password to police.
Because Facebook is based in America, officers from Hampshire Police were forced to apply to the US justice department for the password.
HOW CAN YOU FIND AND DELETE WHERE GOOGLE KNOWS YOU’VE BEEN?
Even if you have ‘Location History’ off, Google often stores your precise location.
Here’s how to delete those markers and some best-effort practices that keep your location as private as possible.
But there’s no panacea, because simply connecting to the internet on any device flags an IP address that can be geographically mapped.
Smartphones also connect to cell towers, so your carrier knows your general location at all times.
To disable tracking on any device
Fire up your browser and go to myactivity.google.com. You’ll need to be logged into Google.
On the upper left drop-down menu, go to ‘Activity Controls.’ Turn off both ‘Web & App Activity’ and ‘Location History.’
That should prevent precise location markers from being stored to your Google account.
Google will warn you that some of its services won’t work as well with these settings off.
In particular, neither the Google Assistant, a digital concierge, nor the Google Home smart speaker will be particularly useful.
If you use Google Maps, adjust your location setting to ‘While Using’ the app. This will prevent the app from accessing your location when it’s not active.
Go to Settings Privacy Location Services and from there select Google Maps to make the adjustment.
In the Safari web browser, consider using a search engine other than Google.
Under Settings Safari Search Engine, you can find other options like Bing or DuckDuckGo.
You can turn location off while browsing by going to Settings Privacy Location Services Safari Websites, and turn this to ‘Never.’
This still won’t prevent advertisers from knowing your rough location based on IP address on any website.
You can also turn Location Services off to the device almost completely from Settings Privacy Location Services.
Both Google Maps and Apple Maps will still work, but they won’t know where you are on the map and won’t be able to give you directions.
Emergency responders will still be able to find you if the need arises.
Under the main settings icon click on ‘Security & location.’ Scroll down to the ‘Privacy’ heading. Tap ‘Location.’ You can toggle it off for the entire device.
Use ‘App-level permissions’ to turn off access to various apps.
Unlike the iPhone, there is no setting for ‘While Using.’
You cannot turn off Google Play services, which supplies your location to other apps if you leave that service on.
Sign in as a ‘guest’ on your Android device by swiping down from top and tapping the downward-facing cursor, then again on the torso icon.
Be aware of which services you sign in on, like Chrome. You can also change search engines even in Chrome.
To delete past location tracking on any device
On the page myactivity.google.com, look for any entry that has a location pin icon beside the word ‘details.’
Clicking on that pops up a window that includes a link that sometimes says ‘From your current location.’
Clicking on it will open Google Maps, which will display where you were at the time.
You can delete it from this popup by clicking on the navigation icon with the three stacked dots and then ‘Delete.’
Some items will be grouped in unexpected places, such as topic names, google.com, Search, or Maps.
You have to delete them item by item. You can wholesale delete all items in date ranges or by service, but will end up taking out more than just location markers.