FBI asks Google for help finding criminals

How would you prepare to rob a bank? You’d scope out the location, suss out the quietest times, and use clothing to conceal your identity. But would you leave your phone at home? Judging by news that surfaced last week, you probably should – at least if it has Google’s software on it.

The Verge reports that FBI agents issued the search and advertising giant with a warrant in November 2018, seeking its help with a bank robbery the month before.

The robbery took place at 9:02am on 13 October 2018 at the Great Midwest Bank in Hartland, Wisconsin. Two robbers entered the building, one of them waving a handgun and forcing staff to the floor. He filled a plastic bag with cash and demanded the key to the vault. He took three drawers of cash from the vault, and then both robbers left the building by the back door. The whole thing took just seven minutes.

Investigators, hitting a brick wall, turned to Google. The search warrant said:

Google collects and retains location data from Android-enabled mobile devices when a Google account user has enabled Google location services. The company uses this information for location-based advertising and location-based search results. This information is derived from GPS data cell site/cell tower information, and Wi-Fi access points.

It added:

It is probable that the unknown suspects of this investigation had cellular telephones which utilized either Google’s Android or Apple OIS [sic] operating systems.

This is what’s known as a reverse location search warrant.

Phones running Google software with Location History turned on regularly check in with the company’s servers and log where the phone’s user is. Law enforcement officials can request a list of all accounts accessed in the vicinity at the time of the crime. Google provides these only as anonymous IDs, but that might still be enough to find anonymous IDs that look suspicious. They can then request the personal information related to those IDs.

It’s a practice that has been growing as police turn to technology to find perpetrators. It relies on data that Google holds in Sensorvault, a vast database that stores location data provided by its applications.

Requests of this type don’t guarantee an arrest. The criminals may not have used Android phones, or Google apps on their other devices – if they had devices on them at all. Or, they may have turned off Location History on their Google accounts, which prevents Google from logging their locations.

The question is, should the cops be able to request this information, and should Google give it to them? The problem isn’t that the FBI might catch two criminals. The danger is that a misinterpretation of the data could point investigators to the wrong person. The data only highlights the location of the device used to access an account, and that doesn’t always mean the location of the account holder.

In one case, police arrested Arizona resident Jorge Molina for murder based, in part, on a reverse location warrant. They had to release him a week later after witnesses confirmed that he was elsewhere during the murder. Investigators later noticed that at one point his account was registered on multiple devices, and that his former stepfather had access to one of these devices.