Try to imagine a police officer in the pre-internet era serving a search warrant on the phone company, wanting the names of everyone who looked up a certain number. What would have seemed ludicrous at the time is now feasible, and one judge believes Google should turn over the personal information for anyone who used the search engine to look up a victim’s name.
The Minneapolis Star Tribune reports that the warrant, which was granted in February, aims to find anyone who searched for the name (or variations thereof) of an Edina, MN, resident who may have been the victim of identity theft.
The warrant was issued related to an investigation in which the resident was allegedly the victim of an attempted identity and credit theft.
According to the application for the search warrant [PDF], which was first uncovered by records researcher Tony Webster, two SPIRE Credit Union account holders reported that $28,500 had been stolen from a line of credit associated with one of their accounts. The funds were allegedly transferred from the line of credit to the couple’s savings account, and then wire transferred to an account at another bank.
In order to access the funds, investigators determined the suspect provided the credit union with electronic confirmation of the account holder’s name, date of birth, and Social Security number.
Additionally, the schemer faxed a copy of a forged U.S. passport with a photo that looked like the victim. Authorities say that when they Googled the victim’s name the photo appeared in results.
Because of this, investigators believe the suspect used Google to create the passport and carry out the theft. However, when the Hennepin County Administrative Subpoena was sent to Google requesting subscriber information for anyone who had performed a search of the victim’s name, the company rejected the request.
The application goes on to say that if the warrant is approved, investigators can use the information to assist with identifying/confirming suspect(s).
The resulting search warrant seeks to require Google to provide authorities not only with the names and IP addresses of those users who searched for the resident, but also information that Google probably doesn’t have, like Social Security numbers, payment information.
After all, Google’s search engine can be used by anyone without logging into a Google-connected account. Even those who are registered with Gmail or YouTube may have used completely false information to create those accounts, as they are largely free to use.
The warrant covers a month-long period of time from Dec. 1, 2016 to Jan. 7, 2017.
While it’s nice to know that authorities are doing all they can to find the fraudsters, privacy experts are raising concerns about the broad nature of the warrant and search, calling it a slippery slope.
“This kind of warrant is cause for concern because it’s closer to these dragnet searches that the Fourth Amendment is designed to prevent,” William McGeveran, a law professor at the University of Minnesota, tells the Star Tribune, noting that if standards to obtain such a broad warrant aren’t strong, it could become problematic in the future.
A lawyer with the Electronic Frontier Foundation, a digital rights nonprofit based in San Francisco, tells the Star Tribune that the evidence collected through the search warrant might not stand up to muster if it goes to court, and that Google could also challenge the warrant.