By Matthew Guariglia:
Geofence and reverse keyword warrants are some of the most dangerous, civil-liberties-infringing and reviled tools in law enforcement agencies’ digital toolbox. It turns out that these warrants are so invasive of user privacy that big tech companies like Google, Microsoft, and Yahoo are willing to support banning them. The three tech giants have issued a public statement through a trade organization,“Reform Government Surveillance,” that they will support a bill before the New York State legislature. The Reverse Location Search Prohibition Act, A. 84/ S. 296, would prohibit government use of geofence warrants and reverse warrants, a bill that EFF also supports. Their support is welcome, especially since we’ve been calling on companies like Google, which have a lot of resources and a lot of lawyers, to do more to resist these kinds of government requests.
Under the Fourth Amendment, if police can demonstrate probable cause that searching a particular person or place will reveal evidence of a crime, they can obtain a warrant from a court authorizing a limited search for this evidence. In cases involving digital evidence stored with a tech company, this typically involves sending the warrant to the company and demanding they turn over the suspect’s digital data.
Geofence and reverse keyword warrants completely circumvent the limits set by the Fourth Amendment. If police are investigating a crime–anything from vandalism to arson–they instead submit requests that do not identify a single suspect or particular user account. Instead, with geofence warrants, they draw a box on a map, and compel the company to identify every digital device within that drawn boundary during a given time period. Similarly, with a “keyword” warrant, police compel the company to hand over the identities of anyone who may have searched for a specific term, such as a victim’s name or a particular address where a crime has occurred.
These reverse warrants have serious implications for civil liberties. Their increasingly common use means that anyone whose commute takes them goes by the scene of a crime might suddenly become vulnerable to suspicion, surveillance, and harassment by police. It means that an idle Google search for an address that corresponds to the scene of a robbery could make you a suspect. It also means that with one document, companies would be compelled to turn over identifying information on every phone that appeared in the vicinity of a protest, as happened in Kenosha, Wisconsin during a protest against police violence. And, as EFF has argued in amicus briefs, it violates the Fourth Amendment because it results in an overbroad fishing-expedition against unspecified targets, the majority of whom have no connection to any crime.
In the statement released by the companies, they write that, “This bill, if passed into law, would be the first of its kind to address the increasing use of law enforcement requests that, instead of relying on individual suspicion, request data pertaining to individuals who may have been in a specific vicinity or used a certain search term.” This is an undoubtedly positive step for companies that have a checkered history of being cavalier with users’ data and enabling large-scale government surveillance. But they can do even more than support legislation in one state. Companies can still resist complying with geofence warrants across the country, be much more transparent about the geofence warrants it receives, provide all affected users with notice, and give users meaningful choice and control over their private data.
This article originally appeared at EFF.