So-called “keyword warrants” allow authorities to slurp up the Google user data and IP addresses of anyone who so much as types a suspicious term into a search engine. While a handful of such warrants surfaced in the media in the past several years, Forbes reported on Monday about what it described as one of the “most contentious” warrants.
As part of a 2019 investigation into the trafficking and sexual abuse of a young Wisconsin woman who claimed she’d been kidnapped, federal authorities ordered Google to serve up detailed private information regarding anyone who’d searched for information about her – including her name, two separate spellings of her mother’s name, and her address – across a 16-day period, Forbes reported, citing a warrant that was “accidentally unsealed” in September. The warrant, which since then was sealed again, revealed that Google dutifully served up the information in mid-2020, including the Google accounts and IP addresses of the users who conducted the offending searches.
Amid their fishing expedition, the authorities also sought “CookieIDs” belonging to the users who made the searches – identifiers used to group all searches made by one computer in a certain time period, which would identify the queries as being made by a single individual even if the person wasn’t logged into Google at the time.
As far as what terms might be considered suspicious, it seems the sky’s the limit. In a 2018 case cited by the publication, authorities that were probing a series of bombings in Austin requested the Google account info and IP addresses of anyone who searched not only for various addresses linked to the attacks but also “terms associated with bomb-making,” including more than half a dozen variations on the terms “pipe bomb” and “PVC bomb,” over a two month period. Such search orders were served to Microsoft and Yahoo as well.
One of the best known examples of a “keyword warrant” remains an effort to track down an arsonist believed to have deliberately intimidated a witness in the R. Kelly trial. Authorities demanded Google turn over a list of IP addresses linked to searches for the victim’s address and found a goldmine. A subsequent separate warrant issued for the suspected arsonist’s account revealed that he also searched such incriminating terms as “where can i buy a .50 custom machine gun” and “countries that don’t have extradition with the United States.”
Forbes likened the warrants to “effectively fishing expeditions” similar to geofencing warrants, the infamous digital dragnets often used to nab protesters – and anyone who was in the wrong place at the wrong time – after the actual protest is long over, by picking up signals from their phones.
The American Civil Liberties Union’s cybersecurity and surveillance counsel Jennifer Granick have pointed to the dangers menacing even the most innocent internet users should “keyword warrants” become the norm in policing. “This is a virtual dragnet through the public’s interests, beliefs, opinions, values and friendships, akin to mind reading powered by the Google time machine,” Granick told Forbes, noting that “this never-before-possible technique threatens First Amendment interests and will inevitably sweep up innocent people.”
It doesn’t take much imagination to envision how a well-known case – the disappearance-turned-murder of Florida woman Gabby Petito, for example – might draw in hundreds of thousands of searches from a particular time period and area.
The government’s sloppy handling of victims’ privacy risks doing more harm than good. Forbes would never have learned about the Wisconsin keyword warrant case had the Justice Department not left its own warrant unsealed online for anyone to stumble across. Adding insult to injury, the minor victim’s name, Facebook profile, address, and phone number were all published in the document before it was sealed again, according to Forbes.The investigation into the case is currently underway.
Think your friends would be interested? Share this story!
© 2021, paradox. All rights reserved.