Google Receives Geofence Warrants

Sometimes it's hard to tell the corporate surveillance operations from the government ones:

Google reportedly has a database called Sensorvault in which it stores location data for millions of devices going back almost a decade.

The article is about geofence warrants, where the police go to companies like Google and ask for information about every device in a particular geographic area at a particular time. In 2013, we learned from Edward Snowden that the NSA does this worldwide. Its program is called CO-TRAVELLER. The NSA claims it stopped doing that in 2014 -- probably just stopped doing it in the US -- but why should it bother when the government can just get the data from Google.

Both the New York Times and EFF have written about Sensorvault.

Posted on January 28, 2020 at 6:53 AM • 17 Comments

Comments

gordoJanuary 28, 2020 9:45 AM

From the NYT article:

Officers who have used the warrants said they showed promise in finding suspects as well as witnesses who may have been near the crime without realizing it.

There seems to be a potential for abuse, e.g., of purported witness lists for crimes reported to have occurred in the vicinity of constitutionaly protected, peaceble assemblages.

JonKnowsNothingJanuary 28, 2020 10:51 AM

re: Google Sensorvault

iirc Google has been secretly harvesting location data for a number of years even when you have location turned off and turned off for every app. There are lawsuits pending and demands for deleting stolen location data.

It's not much different than the Apple Location Beaming where Off is not Off because they need and require your location for their Ultra Wideband Bluetooth extended distance connections.

Google got away with it a lot longer

re: finding ... witnesses

In the USA interactions with anyone wearing a uniform are very dangerous, besides the possibility of being shot by them.

Anything you say to such a person can and will land you in a pile of dung because IF you say something "wrong or contrary", you are going to jail and court for lying to a police officer.

Even if you say something that "right at that moment" seems to be the truth and then later you remember something "different" or under interrogation and leading questions you say something else, your freedom can be forfeit.

There are numerous cop shows in the US showing snippets of interrogations where the same question is asked many ways. This technique uses psychology of frustration to elicit new responses: I already told you! What more do you want me to say? I just want to go home! Soon enough you get a different narrative.

"If you are buying... I'm selling"

The number of "changed" statements and how they are perceived depends entirely on what the uniformed folks want to hear. This is a global procedure and your ability to remain silent varies by jurisdiction and circumstances.

Best practice is: Say Nothing; but humans are helpful by default and they exploit this and weaponize it.

AlejandroJanuary 28, 2020 12:25 PM

The location data base goes back 10 years. I wonder how much Google charges to process warrants? I suppose we will never know. So much for never selling user data. (I know, it's just a "processing fee".)

As for NSA stopping it in 2014, it's easy to figure that particular plum was simply turned over to FBI ....and the rest of the entire USA LE system. Including Podunk PD.

The states need to get busy passing laws against this and similar scams. Congress has been bought off to turn a blind eye to this kind of exploitation.

Clive RobinsonJanuary 28, 2020 3:13 PM

@ gordo,

With regards the snippit from the article,

    ...they showed promise in finding suspects as well as witnesses...

If you go fishing to put food on the table, do you care it it's a "chub or a trout"?

People should realy understand the point that as far as the police are concerned, a witness is just a name on the suspect list they are building.

If there are no names above yours or you look easy to convict then you are the person they will work to convict even if you are innocent, and they will care not a jot.

That is they will look for evidence to find you guilty not innocent, any evidence they get that says you are potentially innocent will get ignored, lost in the paperwork and unlikely to be disclosed to a defence team. After all,

    Why leave ammunition for the enemy?

It's all wrapped up in a nicety called "confirmation bias" and it is endemic in every police investigation. It's the "I know it's him" or "It has to be him" thought that leads down a slippery slope to the many wrongfull convictions we see.

I've warned about both the use of mobile phone location data for exactly this purpose, and the confirmation bias in investigations a number of times on this blog in the past.

As @Wu Jin Han noted in yesterday's thread[1]

    Stasi colonel Wolfgang Schmidt's forecast[2], "It is the height of naivete to think that once collected this information won't be used... The only way to protect people's privacy is to not allow government to collect their information in the first place."

A valid observation, it is after all from someone who should know, Wolfgang was afterall at the heart of what went on in East Germany under Erich and Margot Honecker. But he is also one of that group who feel no guilt, no remorse and think they should be honoured for the work they did[3] and still call those they abused "criminals".

It raises the question of just how many more their are like him and his colleagues in western government agencies be they IC, LEA or the myriad of "arms length contractors" brought in, not just to make a few ex-government employees and the MIC extreamly wealthy, but also to give those politicians they sponsor via party kickbacks "deniability"...

[1] https://www.schneier.com/blog/archives/2020/01/modern_mass_sur.html#c6804902

[2] Wolgang made some other observations,

http://www.technovelgy.com/ct/Science-Fiction-News.asp?NewsNum=4087

[3] Wolfgang's, grossness and compleat lack of remorse as with his colleagues shows up here,

https://www.independent.co.uk/arts-entertainment/films/features/the-lives-of-others-out-of-the-shadows-430755.html

It is this "we were doing our jobs" mentality of their behavioirs that you find in nearly all who have committed atrocities of one form or another. In the UK we see it with Met Police under cover officers their views are in effect covered by perhaps the scariest sentence I know,

    For the greater good

It is far worse than "Only following orders", because those that are giving the orders are the ones that use it to excuse all.

JonKnowsNothingJanuary 28, 2020 4:31 PM

@Alejandro

re:

The location data base goes back 10 years. I wonder how much Google charges to process warrants? I suppose we will never know.

Generically we know a few details from the Lavabit shutdown.

on August 8, 2013 after the U.S. Federal Government ordered it to turn over its Secure Sockets Layer (SSL) private keys, in order to allow the government to spy on Edward Snowden's email

We know that Ladar Levison offered to provide access to the target account listed on the warrant but the FBI et al insisted on the access to ALL accounts on the server.

He offered to make the required changes for @$2,000 (USD) and $1,500 (USD) periodically to cover the costs of collection. This was rejected and he was fined $5,000 (USD) per day for non-compliance.

The US Govt is required to provide compensation when alterations or changes to the system are needed. All telecoms in the US are required to hold 20+years of telecom logs (CDR call data records). So there are built in portals and access points along the entire Telco path.

Once a large company has "bought in or been brought in or been bought out", a separate department is set up with full access to everything. Mostly staffed by LEOs or LEO contractors with varying degrees of separation of duty, to give cover for any interceptions or intrusions which may have a problematic legal basis. Anything that is more than problematic, is governed by Gag Orders and National Security Letters (NSL). This is how they are setup at Google, Yahoo and other large providers.

The Catch 22:

He [Ladar Levison] also wrote that in addition to being denied a hearing about the warrant to obtain Lavabit's user information, he was held in contempt of court. The appellate court denied his appeal due to no objection, however, he wrote that because there had been no hearing, no objection could have been raised. His contempt of court charge was also upheld on the ground that it was not disputed; similarly, he was unable to dispute the charge because there had been no hearing to do it in.

So, based on the 2013 valuation: 1 account is worth $5,000 USD per day.


ht tps://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act

ht tps://en.wikipedia.org/wiki/Lavabit

(url fractured to prevent autorun)

Clive RobinsonJanuary 28, 2020 4:35 PM

@ All,

A little peace of advice.

For your own sanity get into the habit of not using your phone as a "dog leash" around your neck to others needs, you are not a slave to their egos, grow a set and enjoy the freedom.

Thus you should note,

You are not your phone and your phone won't get upset if you leave it on it's own.

That is it's location does not have to be your location, even part of the time.

Importantly because turning modern phones off is in effect an illusion (soft buttons folks). The chances are at some point some form of application etc will get on your phone just to keep location data as it has value, even if not being transmitted in real time (the same applies to "airctaft mode" etc).

So make yourself less of a target in a safe way rather than a suspicious way,

1, Get into the habit of turning your phone off when you use the likes of "public transport" or walking in the street. Which are the times you are most likely to encounter criminality. Because you won't be tempted to use it, as it won't go off unexpectedly thus making you a target for mugging and the like. If you have one of those RF wallets drop it in as that will reduce the chance of tracking data being kept. The fact you have turned the phone off gets registered with the network provider anyway, hence your habit becomes an established fact of historical depth.

2, When at the office or at home during the day, don't turn the phone off, put it in "silent mode" and lock it in your draw when you go out for lunch etc. As far as I'm aware putting the phone into silent mode does not get sent to the service provider. However the likes of Google, Apple and those who develop Apps, may well get informed. Thus currently you will look like you are at your desk, even though you are doing a little lunchtime activity. Also get into the habit with "meetings" and the like it reduces the chance of "blue-jacking" and it's more modern "built in" (Apple) techniques.

3, Unless putting your phone on charge at night turn it off and leave it in another room not your bedroom (most of us make noises in our more "private moments" that we would rather keep to ourselves).

These all give a level of "deniability by track record". That is you have a "green habit" to avoid wasting the battery[1] etc. Thus holes in tracking data or not having the "dog leash" hanging around your neck 24x365.25 is not seen as a change of behaviour thus "suspicious".

But more important it cuts down your location data a great deal, especially that which can be used by the authorities or your employers or others with potential ill intent towards you. Even if it is just attempts to profit from your secret habit of visiting expensive chocolatiers, loitering outside "Tiffany's" for breakfast or similar totaly harmless but nevertheless private moments.

[1] The life of a modern phone providing it does not get stolen or you sit on it or droo it etc is dictated by "Battery life". As most batteries are chemical they have a finite life based on how many times the chemical bonds are made or broken. Thus the more you use the battery the shorter it's life. Importantly there is a very nonlinear relationship with depth of discharge abd life expectancy especially with lithium batteries[2] that is a life of 10,000 cycles for 10% max discharge drops to maybe a 1000 cycles at 75% discharge. Thus charging your phone and leaving it on the charging cable whilst you use it will give you a much longer battery life, if thr design engineers were doing their job properly.

[2] Lithium batteries also have an issue with temprature especially LiPo's if you charge a cold phone you shorten the life of the battery. If you try charging at the freezing point of water or less, you will take 10-50% of the battery life in one go, so don't do it. That is if you've been out in the cold and come into the warm your phone will still be cold for an hour or so...

Electron 007January 28, 2020 4:58 PM

@Clive Robinson

Get into the habit of turning your phone off when you use the likes of "public transport" or walking in the street. Which are the times you are most likely to encounter criminality. Because you won't be tempted to use it, as it won't go off unexpectedly thus making you a target for mugging and the like.

That is unfortunately good advice. "Mugging" = not only are you robbed, but your very own mug shot ends up on FBI's most wanted list under the Mob's prosecute-the-victim mentality.

We are urged by the authorities to have the phone available to call 911 in emergencies, but that is bad advice. Why would I (or any sane individual) ever want to call 911 under any circumstances?

  1. Police? Why would *I* want to "turn myself in" and "confess" to whatever trumped-up false criminal charges the cops are going to press against me?
  2. Fire? That is either a coerced confession to an arson charge if there is an actual fire involved, or a "mental health" pickup and loss of civil rights for life.
  3. Medical? If I am hurt, again, why would I want to subject myself to further injury at the hands of crooked doctors, possibly to undergo unnecessary amputations or needless crippling or disabling "emergency" surgery for something that might better have healed on its own?

The government requires the ability to locate me (or any subject) at all times through the E911 system embedded in my phone, but their only possible intention is to harm and hurt.

It is absurd to think that an individual in distress (as distinguished from an abstract but adverse perception of "community" or "society") could possibly benefit from a call to emergency 911 premium calling dispatch services.

JonKnowsNothingJanuary 28, 2020 4:59 PM

@Clive Robinson

re:

People should realy understand the point that as far as the police are concerned, a witness is just a name on the suspect list they are building.

Other than building enormous sets of "fake personas" with which to populate any election with a pre-determined outcome, such personas do not actually provide much wealth.

There is the Viral Internet Influencer phenomena but it's rather short lived even if it is a repetitive occurrence and likely generates good revenue via click-streaming but this is self limiting in the end.

Robo Calls, Robo Doctors, Robo Cops et all are forms of human work force displacement but is their ability to generate the vast sums of currency needed to maintain the .001% enough?

Long while back a documentary showed a fully automated dark factory for sugar production. Raw Sugar Cane stalks were dumped into hoppers on one end of the factory and periodically the refined sugar sacks were picked up on the other end. What once had employed a lot of folks now employed none. The sacks of sugar were shipped away. No income was lost to the local human population. A libertarian's dream.

The factory didn't even run 365 because of over production, totally self-defeating in the end.

So what does one do with not just 3 billion images but many many times more than that? We already have accepted practice of virtual dead actors, maybe virtual dead athletes?

Someone must plan on monetizing this lot beyond the puny budgets of city law enforcement agencies where buying a new patrol car 'causes apoplectic fits from Balanced Budget City Councils.

disclosure: I do get a bit of fun being "unkind" to robo-systems when I get stuck in menu trees of stupid design.

vas pupJanuary 28, 2020 6:16 PM

@Drone • January 28, 2020 4:51 PM:
Looks like you're right: transformation from 'don't be evil' to 'pure evil' completed.

Just curious what is corruption force for such transformation:
surveillance capitalism aka '1984' of 21 century in private sector?
Power corrupt, absolute power corrupt absolutely, by the same token money corrupt, big money corrupt absolutely.

JonKnowsNothingJanuary 28, 2020 9:18 PM

@vas pup
re: Google

Just curious what is corruption force for such transformation:

During the explosive days after the exposure of the NSA Global Surveillance by ES and a re-review of all those "anecdotes" over the years that were dismissed so easily as "tin foil hat" views, there was documentary about the involvement of not just Google but every major computer software and hardware manufacturer.

The reference is the NSA slide is the one that shows each company and the year they were fully recruited into the NSA system.

A video showing part of the meeting between the Top Dogs at Google and the NSA and Government Big Wigs at Google HQ, shows very clearly what happened.

It's the same thing that happened when MHayden spent 2 weekends dining with the then Chief FISC Judge Colleen Kollar-Kotelly.

A whole whopping pile of cash flowed into Google. When the Google Guys can be dazzled by cash, you can imagine just how much was set on the table.

Afaik, no one has ever linked Judge Colleen Kollar-Kotelly and her dinner date MHayden to any cash exchange. but it must have been an enticing evening with the charming General.

She at least held out for 2 weekends, which is more than the Google Guys did.


ht tps://en.wikipedia.org/wiki/Colleen_Kollar-Kotelly
Presiding Judge of the United States Foreign Intelligence Surveillance Court, where she served from 2002 to 2009.

ht tps://en.wikipedia.org/wiki/File:Prism_slide_5.jpg

(url fractured to prevent autorun)

Clive RobinsonJanuary 29, 2020 1:29 AM

@ vas pup,

Just curious what is corruption force for such transformation:

For Corps, it's the free market mantra espoused as,

    Money left on the table.

For Politicos it's the lack of tax income to bribe voters with thus,

    We must promise more but pay less.

Which when you consider the following,

1, The Corps deliver data en mass at cents or less an individual.

2, The Cops and judicial process make criminals at $100,000's each.

From a politicians point of view a big chunk of change can be taken away from the Cops if investigations are done on data from Corps. It's why Geof Thiel's Palantir exists, they claim to take all that data mine it and save police forces millions in investigation costs.

For individual cops it means they in effect get set quotas to push X number of crimes into convictions in Y time. With each year X goes up and Y goes down. That's why every witness is a suspect unless they can finger someone else. So guilty untill they prove themselves innocent.

Politicians care not a jot for wrongfull convictions just the conviction rate, because of the "tough on crime" mantra.

There are only three ways to get convictions up for a given cost to the tax payer,

1, Create more criminals.
2, Go for easy convictions.
3, Cut process costs.

Cuts in social spending and reduction in job numbers or jobs that pay living wages does the first on the list.

Locking up the poor, low waged, poorly educated or disabled takes care of the second.

These two politicians have been doing for years along with Gerrymandering and the like.

But now the Big Corps are providing data on everyone who leaks it and most haemorrhage it by the bucket load daily. Your criminal score will be created just like your credit score. You put a list of "witness names in" along with the crime type and victim details and out pops the name of the most likely criminal from their score...

No real need to investigate because "the computer says", and Cops find themselves low waged as data entry clerks or unemployed to keep the first option on the list going.

All of which makes politicians happy, because it won't go wrong on their watch... But doubly so now because the money diverted from Cops to Corps means that their is large "kick back" potential into politicians campaign funds.

After all a US President costs about $1,000,000/day every day of a four year term in visable campaign funds alone these days. So with all those hopefulls three or four times that visable and only the devil knows in "dark money" funding[1]. But each candidate must get to a point where they are "credible" thus they have to spend spend spend on the way up the greasy pole. Nobody has that kind of personal wealth so they are very much dependent on "donations" which means they are "on the hook" not to those citizens who vote for them, but those unseen faces that pay for them... The monies involved are now comfortably in the trillions bracket[1] and are essentially an unfillable pit worse than the defence budget that supports around 9 million people.

Thus those three options will continue to get worse day by day, to ensure money goes the politicians way, with the voters having little or no say...

[1] An overview of how money pays for US politics,

https://www.thoughtco.com/who-funds-political-campaigns-3367629

TatütataJanuary 29, 2020 1:34 AM

We are urged by the authorities to have the phone available to call 911 in emergencies, but that is bad advice. Why would I (or any sane individual) ever want to call 911 under any circumstances?

Not only urged, but imposed, i.e., eCall...

The built-in terminals are theoretically passive, to reduce traffic, and will only register on the network when triggered by an appropriate emergency signal, e.g., the firing of an airbag. But they are always powered on, and continuously scan for the best network and record GPS coordinates, albeit without performing a location update. It is therefore conceivable that some models could maintain a list of visited cells, either locally, or uploaded at some convenient moment.

Mobile network operators, public safety services, car manufacturers, and OEMs conspired to foist this unto the European public. I suspect that the benefits are nowhere near to what was alleged, in any case, less than what a (lower) speed limit would bring. (Speed limits are a deeply taboo subject in Germany. ADAC==NRA...)

parabarbarianJanuary 29, 2020 9:38 AM

Once upon a time the adage was: If you are not paying for the product; you are the product. Google now demonstrates that even if you are paying for the product you are still a product.

I am pretty sure Apple tracks you, too so don't get cocky just because you carry an Iphone everywhere.

randyFebruary 5, 2020 12:28 AM

@Bruce Schneier
but why should it bother when the government can just get the data from Google

And that (the services it provides to US government) is the underlying actual reason for the value of the stock price of Alphabet, Inc.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.