Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Tuesday March 21 2017, @06:21PM   Printer-friendly
from the not-that-Gary-Larson dept.

Police in a small suburban town of 50,000 people just outside Minneapolis, Minnesota, have won a court order requiring Google to determine who has used its search engine to look up the name of a local financial fraud victim.

The court order demanding such a massive search is perhaps the most expansive one we've seen unconnected to the US national security apparatus and, if carried out, could set an Orwellian precedent in a bid by the Edina Police Department to solve a wire-fraud crime worth less than $30,000.

Investigators are focusing their probe on an online photo of someone with the same name of a local financial fraud victim. The image turned up on a fake passport used to trick a credit union to fraudulently transfer $28,500 out of an Edina man's account, police said. The bogus passport was faxed to the credit union using a spoofed phone number to mimic the victim's phone, according to the warrant application. (To protect the victim's privacy, Ars is not publishing his name that was listed throughout the warrant signed February 1 by Hennepin County Senior Judge Gary Larson.)

The warrant demands Google to help police determine who searched for variations of the victim's name between December 1 of last year through January 7, 2017. A Google search, the warrant application says, reveals the photo used on the bogus passport. The image was not rendered on Yahoo or Bing, according to the documents. The warrant commands Google to divulge "any/all user or subscriber information"—including e-mail addresses, payment information, MAC addresses, social security numbers, dates of birth, and IP addresses—of anybody who conducted a search for the victim's name.

Source: ArsTechnica


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by DannyB on Tuesday March 21 2017, @09:12PM (1 child)

    by DannyB (5839) Subscriber Badge on Tuesday March 21 2017, @09:12PM (#482400) Journal

    If Google has other information associated with a person / IP address / browser cookies / etc that performed a search, why shouldn't those be disclosed?

    Presumably, if you can trust law enforcement, this information will be used in an investigation to locate the perpetrator of a crime. And used for no other purpose.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 5, Insightful) by AthanasiusKircher on Tuesday March 21 2017, @10:02PM

    by AthanasiusKircher (5291) on Tuesday March 21 2017, @10:02PM (#482425) Journal

    First, let me say in general that I agree a warrant is justified here, and I don't see a problem handing over some search data. But...

    If Google has other information associated with a person / IP address / browser cookies / etc that performed a search, why shouldn't those be disclosed?

    I suppose it depends on the scope. They specify searches over a 5-week period, which is a good limitation. If that results in 10 suspects, great. If that results in personal data from 10,000 people being given to the police in bulk, is it still justified?

    Presumably, if you can trust law enforcement, this information will be used in an investigation to locate the perpetrator of a crime. And used for no other purpose.

    It's disturbing enough that Google might have this much information in the first place. But even if you trust law enforcement to "do the right thing" with the data, isn't it potentially a major security risk to give out that amount of personal data? Even if you trust your police department, they could accidentally do all sorts of things with this data, or it could accidentally fall into the wrong hands.

    My inclination is that a warrant like this can't be a "fishing expedition," to use a classic legal term. Get Google to tell the police how many such searches it had first -- if it's a very small number, the scope of the warrant is probably justified. If it's 10,000 people, the police should be required to narrow down that search a bit more, perhaps by being given a smaller subset of data on the searches first. Or, have Google cooperate with police to search the data directly, which can narrow down the focus and just give the police a smaller number of records that are likely more relevant.

    I'm pretty sure if the police walked into a bank with a warrant and said, "Give us a print-out of all financial transactions for this 5-week period for 10,000 customers meeting criteria X," there'd be some legal backlash. Yes, it's just "customer data," but it's sensitive and I don't think it should be handed over in bulk to law enforcement without justification. If your warrant narrows the scope to a reasonable number of suspects, then maybe you get more than a list of names or whatever. (And maybe the 5-week time limitation will be sufficiently narrow, but that's unclear until you actually know what Google turns up.)