Google Sensorvault - How It Works & Tracking Phones

[straycat19]

NOTE: I have included two articles here since they are related.  At the end of each article is the link to it.

 

Google’s Sensorvault Is a Boon for Law Enforcement. This Is How It Works.

Investigators have been tapping into the tech giant’s enormous cache of location information in an effort to solve crimes. Here’s what this database is and what it does.

 

Law enforcement officials across the country have been seeking information from a Google database called Sensorvault — a trove of detailed location records involving at least hundreds of millions of devices worldwide, The New York Times found.

 

Though the new technique can identify suspects near crimes, it runs the risk of sweeping up innocent bystanders, highlighting the impact that companies’ mass collection of data can have on people’s lives.

 

Why does Google have this data?

 

The Sensorvault database is connected to a Google service called Location History. The feature, begun in 2009, involves Android and Apple devices.

Location History is not on by default. Google prompts users to enable it when they are setting up certain services — traffic alerts in Google Maps, for example, or group images tied to location in Google Photos.

 

If you have Location History turned on, Google will collect your data as long as you are signed in to your account and have location-enabled Google apps on your phone. The company can collect the data even when you are not using your apps, if your phone settings allow that.

 

Google says it uses the data to target ads and measure how effective they are — checking, for instance, when people go into an advertiser’s store. The company also uses the information in an aggregated, anonymized form to figure out when stores are busy and to provide traffic estimates. And those who enable Location History can see a timeline of their activities and get recommendations based on where they have been. Google says it does not sell or share the data with advertisers or other companies.

 

Does Google collect other forms of location data?

 

Yes. Google can also gather location information when you conduct searches or use Google apps that have location enabled. If you are signed in, this data is associated with your account.

 

The Associated Press reported last year that this data, called Web & App Activity, is collected even if you do not have Location History turned on. It is kept in a different database from Sensorvault, Google says.

 

To see some of the information in your Location History, you can look at your timeline. This map of your travels does not include all of your Sensorvault data, however.

 

Raw location data from mobile devices can be messy and sometimes incorrect. But computers can make good guesses about your likely path, and about which locations are most important. This is what you see on your timeline. To review all of your Location History, you can download your data from Google. To do that, go to Takeout.Google.com and select Location History. You can follow a similar procedure to download your Web & App Activity on that page.

 

Your Location History data will appear in computer code. If you can’t read code, you can select the “JSON” format and put the file into a text editor to see what it looks like.

 

Can I disable the data collection?

 

Yes. The process varies depending on whether you are on a phone or computer. In its Help Center, Google provides instructions on disabling or deleting Location History and Web & App Activity.

 

How is law enforcement using the data?

 

For years, police detectives have given Google warrants seeking location data tied to specific users’ accounts.

 

But the new warrants, often called “geofence” requests, instead specify an area near a crime. Google looks in Sensorvault for any devices that were there at the right time and provides that information to the police.

 

Google first labels the devices with anonymous ID numbers, and detectives look at locations and movement patterns to see if any appear relevant to the crime. Once they narrow the field to a few devices, Google reveals information such as names and email addresses.

 

Article

 

 

Tracking Phones

 

When detectives in a Phoenix suburb arrested a warehouse worker in a murder investigation last December, they credited a new technique with breaking open the case after other leads went cold.

 

The police told the suspect, Jorge Molina, they had data tracking his phone to the site where a man was shot nine months earlier. They had made the discovery after obtaining a search warrant that required Google to provide information on all devices it recorded near the killing, potentially capturing the whereabouts of anyone in the area.

 

Investigators also had other circumstantial evidence, including security video of someone firing a gun from a white Honda Civic, the same model that Mr. Molina owned, though they could not see the license plate or attacker.

 

But after he spent nearly a week in jail, the case against Mr. Molina fell apart as investigators learned new information and released him. Last month, the police arrested another man: his mother’s ex-boyfriend, who had sometimes used Mr. Molina’s car.

 

The warrants, which draw on an enormous Google database employees call Sensorvault, turn the business of tracking cellphone users’ locations into a digital dragnet for law enforcement. In an era of ubiquitous data gathering by tech companies, it is just the latest example of how personal information — where you go, who your friends are, what you read, eat and watch, and when you do it — is being used for purposes many people never expected. As privacy concerns have mounted among consumers, policymakers and regulators, tech companies have come under intensifying scrutiny over their data collection practices.

 

The Arizona case demonstrates the promise and perils of the new investigative technique, whose use has risen sharply in the past six months, according to Google employees familiar with the requests. It can help solve crimes. But it can also snare innocent people.

 

Technology companies have for years responded to court orders for specific users’ information. The new warrants go further, suggesting possible suspects and witnesses in the absence of other clues. Often, Google employees said, the company responds to a single warrant with location information on dozens or hundreds of devices.

 

Law enforcement officials described the method as exciting, but cautioned that it was just one tool.

 

“It doesn’t pop out the answer like a ticker tape, saying this guy’s guilty,” said Gary Ernsdorff, a senior prosecutor in Washington State who has worked on several cases involving these warrants. Potential suspects must still be fully investigated, he added. “We’re not going to charge anybody just because Google said they were there.”

It is unclear how often these search requests have led to arrests or convictions, because many of the investigations are still open and judges frequently seal the warrants. The practice was first used by federal agents in 2016, according to Google employees, and first publicly reported last year in North Carolina. It has since spread to local departments across the country, including in California, Florida, Minnesota and Washington. This year, one Google employee said, the company received as many as 180 requests in one week. Google declined to confirm precise numbers.

The technique illustrates a phenomenon privacy advocates have long referred to as the “if you build it, they will come” principle — anytime a technology company creates a system that could be used in surveillance, law enforcement inevitably comes knocking. Sensorvault, according to Google employees, includes detailed location records involving at least hundreds of millions of devices worldwide and dating back nearly a decade.

 

The new orders, sometimes called “geofence” warrants, specify an area and a time period, and Google gathers information from Sensorvault about the devices that were there. It labels them with anonymous ID numbers, and detectives look at locations and movement patterns to see if any appear relevant to the crime. Once they narrow the field to a few devices they think belong to suspects or witnesses, Google reveals the users’ names and other information.

 

‘‘There are privacy concerns that we all have with our phones being tracked — and when those kinds of issues are relevant in a criminal case, that should give everybody serious pause,” said Catherine Turner, a Minnesota defense lawyer who is handling a case involving the technique.

 

Investigators who spoke with The New York Times said they had not sent geofence warrants to companies other than Google, and Apple said it did not have the ability to perform those searches. Google would not provide details on Sensorvault, but Aaron Edens, an intelligence analyst with the sheriff’s office in San Mateo County, Calif., who has examined data from hundreds of phones, said most Android devices and some iPhones he had seen had this data available from Google.

 

In a statement, Richard Salgado, Google’s director of law enforcement and information security, said that the company tried to “vigorously protect the privacy of our users while supporting the important work of law enforcement.” He added that it handed over identifying information only “where legally required.”

 

Mr. Molina, 24, said he was shocked when the police told him they suspected him of murder, and he was surprised at their ability to arrest him based largely on data.

“I just kept thinking, You’re innocent, so you’re going to get out,” he said, but he added that he worried that it could take months or years to be exonerated. “I was scared,” he said.

 

A Novel Approach

Detectives have used the warrants for help with robberies, sexual assaults, arsons and murders. Last year, federal agents requested the data to investigate a string of bombings around Austin, Tex.

 

Uncharted Legal Territory

The practice raises novel legal issues, according to Orin Kerr, a law professor at the University of Southern California and an expert on criminal law in the digital age.

One concern: the privacy of innocent people scooped up in these searches. Several law enforcement officials said the information remained sealed in their jurisdictions but not in every state.

 

In Minnesota, for example, the name of an innocent man was released to a local journalist after it became part of the police record. Investigators had his information because he was within 170 feet of a burglary. Reached by a reporter, the man said he was surprised about the release of his data and thought he might have appeared because he was a cabdriver. “I drive everywhere,” he said.

 

These searches also raise constitutional questions. The Fourth Amendment says a warrant must request a limited search and establish probable cause that evidence related to a crime will be found.

 

Warrants reviewed by The Times frequently established probable cause by explaining that most Americans owned cellphones and that Google held location data on many of these phones. The areas they targeted ranged from single buildings to multiple blocks, and most sought data over a few hours. In the Austin case, warrants covered several dozen houses around each bombing location, for times ranging from 12 hours to a week. It wasn’t clear whether Google responded to all the requests, and multiple officials said they had seen the company push back on broad searches.

 

Last year, the Supreme Court ruled that a warrant was required for historical data about a person’s cellphone location over weeks, but the court has not ruled on anything like geofence searches, including a technique that pulls information on all phones registered to a cell tower.

 

Google’s legal staff decided even before the 2018 ruling that the company would require warrants for location inquiries, and it crafted the procedure that first reveals only anonymous data.

 

“Normally we think of the judiciary as being the overseer, but as the technology has gotten more complex, courts have had a harder and harder time playing that role,” said Jennifer Granick, surveillance and cybersecurity counsel at the American Civil Liberties Union. “We’re depending on companies to be the intermediary between people and the government.”

 

In several cases reviewed by The Times, a judge approved the entire procedure in a single warrant, relying on investigators’ assurances that they would seek data for only the most relevant devices. Google responds to those orders, but Mr. Kerr said it was unclear whether multistep warrants should pass legal muster.

 

Some jurisdictions require investigators to return to a judge and obtain a second warrant before getting identifying information. With another warrant, investigators can obtain more extensive data, including months of location patterns and even emails.

 

Mixed Results
 

Investigators in Arizona have never publicly disclosed a likely motive in the killing of Joseph Knight, the crime for which Mr. Molina was arrested. In a court document, they described Mr. Knight, a 29-year-old aircraft repair company employee, as having no known history of drug use or gang activity.

 

Detectives sent the geofence warrant to Google soon after the murder and received data from four devices months later. One device, a phone Google said was linked to Mr. Molina’s account, appeared to follow the path of the gunman’s car as seen on video. His carrier also said the phone was associated with a tower in roughly the same area, and his Google history showed a search about local shootings the day after the attack.

 

After his arrest, Mr. Molina told officers that Marcos Gaeta, his mother’s ex-boyfriend, had sometimes taken his car. The Times found a traffic ticket showing that Mr. Gaeta, 38, had driven that car without a license. Mr. Gaeta also had a lengthy criminal record.

 

While Mr. Molina was in jail, a friend told his public defender, Jack Litwak, that she was with him at his home about the time of the shooting, and she and others provided texts and Uber receipts to bolster his case. His home, where he lives with his mother and three siblings, is about two miles from the murder scene.

 

Mr. Litwak said his investigation found that Mr. Molina had sometimes signed in to other people’s phones to check his Google account. That could lead someone to appear in two places at once, though it was not clear whether that happened in this case.

 

Mr. Gaeta was arrested in California on an Arizona warrant. He was then charged in a separate California homicide from 2016. Officials said that case would probably delay his extradition to Arizona.

 

A police spokesman said “new information came to light” after Mr. Molina’s arrest, but the department would not comment further.

 

Months after his release, Mr. Molina was having trouble getting back on his feet. After being arrested at work, a Macy’s warehouse, he lost his job. His car was impounded for investigation and then repossessed.

 

The investigators “had good intentions” in using the technique, Mr. Litwak said. But, he added, “they’re hyping it up to be this new DNA type of forensic evidence, and it’s just not.”

 

Article

[mp68terr]

Sounds like more reasons to avoid google services, and use alternatives if necessary.

[Matrix]

Also here and here