When police suspect a person of a crime, their internet searches are sometimes damning. But in these situations, police already have a suspect, forensically recovering internet history files from their devices to figure out what they searched.
Increasingly, police are working cases the other way around: by using administrative subpoenas and search warrants to compel internet and communications providers to identify anyone matching certain parameters.
One example of these are “tower dumps” – metadata from cell phone tower operators on anyone with a phone connected to a tower at the time of an incident. Civil liberties groups have expressed concern over this practice of collecting non-public data on people not wanted for any crime, calling it a violation of civil rights, and an opportunity for police to arrest or convict the wrong person through a flurry of circumstantial evidence.
A Minnesota bank received a call in January from who they thought was Douglas, their customer, asking to wire transfer $28,500 from a line of credit to another bank. To verify the transaction, the bank relied on a faxed copy of his passport. But it wasn’t him, the passport was fake, and the transfer request was fraudulent.
The Edina Police Department figured out that while searching Google Images for the victim’s name, they found the photo used on the fake passport, and investigators couldn’t find it on Yahoo or Bing. So, they theorized the suspect must have searched Google for the victim’s name while making the fake passport.
Edina Police Detective David Lindman detailed this theory in an application for a search warrant filed in early February, asking the Court to authorize a search warrant for names, email addresses, account information, and IP addresses of anyone who searched variations of the victim’s name over a five-week period of time.
But search warrants require supporting probable cause, not just mere suspicion or theory. For that reason, “anyone-who-accessed” search warrants like Detective Lindman’s can be risky to execute, as evidence could potentially be thrown out in a pretrial motion. Moreover, it’s possible that such a wide net could catch completely routine and non-criminal searches of the victim’s name by neighbors, prospective employers or business associates, journalists, or friends.
Could this type of search warrant be used to wrongly ensnare innocent people? If Google were to provide personal information on anyone who Googled the victim’s name, would Edina Police raid their homes, or would they first do further investigative work? The question is: what comes next? If you bought a pressure cooker on Amazon a month before the Boston bombing, do police get to know about it?
Under a probable cause standard, no way.
But alas, Hennepin County Judge Gary Larson signed Edina’s warrant and Detective Lindman served it about 20 minutes later. Because it’s an active investigation, there’s no way to know yet if Google challenged the warrant for being broad, vague, or unlawful, or if Google even has the data to provide.
Lt. Timothy Olson with the Edina Police Department declined comment, except to say the department would be “reluctant to disclose active case information or specific strategies used during the investigation.”