Google will soon allow users to store their location data on their devices rather than Google’s servers, effectively ending a long-standing surveillance practice that allowed police and law enforcement to tap into Google’s vast banks of location data to track down potential criminals.
The use of so-called “geo-protection orders” has exploded in recent years, thanks in part to the ubiquity of smartphones coupled with data-hungry companies like Google that vacuum up and store vast amounts of its users’ location data, which are available by law. enforcement requests.
Police can use geographic protection warrants (also known as reverse location warrants) to demand that Google hand over information about users’ devices in a specific geographic area at a specific time.
But critics say geo-aggression warrants are unconstitutional and inherently overbroad, as those requests often also include information on completely innocent people who were nearby at the time a crime was committed. Even courts cannot agree on whether geo-infringement warrants are legalpossibly setting up an eventual appeal to the US Supreme Court.
Google’s announcement this week it didn’t mention geofence warrants Specifically, only saying that the move to store location data on their devices would give users “more control” over their data. In effect, the move forces police to seek a search warrant to access that device instead of asking Google for the data.
While Google isn’t the only company subject to geographic infringement warrants, Google has been by far the largest collector of sensitive location data and the first to be tapped for it.
The police practice of tapping Google for users’ location data was revealed for the first time in 2019. Google has long relied on its users’ location data to drive its advertising business, which in 2022 alone accounted for about 80% of Google’s annual revenue, roughly $220 billion.
But in reality, this surveillance technique is believed to be much broader. Law enforcement later expanded its demands for location data to other companies. Microsoft and Yahoo (which owns TechCrunch) are known to receive geofence warrants, though neither company has yet disclosed how many requests for user location data they receive.
In recent years, the number of legal cases involving geofence requests has skyrocketed.
Police in Minneapolis used a geographic crime warrant to track down people participating in protests after the police killing of George Floyd. The 2022 overturn of Roe v. Wade raised fears that law enforcement in states where access to abortion care is limited or seeking an abortion is illegal could use geofence warrants to locate those seeking care. Lawmakers then asked Google to stop collecting location data, fearing the information could be used to identify people seeking abortions.
Although the companies have said little about how many geofence warrants they receive, Google, Microsoft and Yahoo last year supported a New York state bill that would ban the use of geofence warrants statewide. The bill failed to pass into law.
Google has not said how many geofence warrants it has received in recent years. Google has released its latest (and only) disclosure of the number of geo-breach orders it received in 2021 after being pressured to reveal the figures following growing criticism of its surveillance practice.
The data showed that Google received 982 geofence warrants in 2018, followed by 8,396 geofence warrants in 2019 and 11,554 geofence warrants in 2020 — or about a quarter of all legal requests received by Google. The disclosure, while limited, offered the first look at the spike in the number of such requests, but Google did not say how often — if at all — the search giant responds to these legal demands for user location data.
The news that Google will soon transfer its users’ location data to their devices has been met with cautious praise.
The Electronic Frontier Foundation, which challenged the constitutionality of geofence orders in court, said in a blog post that “for now, at least, we’ll take this as a victory.” However, the EFF noted that there are other ways Google can hand over sensitive personal data to its users. Law enforcement uses similar legal requirements, called “reverse keyword” warrants, to locate Google accounts that searched for a specific keyword in time, such as before a crime was committed. Google has not said whether it plans to close the loophole that allows police and law enforcement to provide so-called “reverse keyword” warrants for users’ search queries.
It doesn’t mean geofence warrants will disappear overnight. Google still maintains huge data banks of historical locations that the police can tap into at any time, until Google decides it no longer wants to keep them. And while tech companies store vast amounts of user location data, they can also be subject to similar legal requirements.
But there’s hope that Google closing the door on geo-attack warrants — at least in the future — could significantly narrow that surveillance loophole.
In its most recent transparency report in 2022, Apple said it received 13 geo-protection warrants that demanded its customers’ location data, but did not provide data in return. Apple said it “has no data to provide in response to geofence requests” as the data resides on users’ devices, which Apple says it cannot access.
