Technology

No Probable Cause Required for Cops To Access User Data From Popular Apps

Only three states require police to obtain a warrant before requesting private user data from companies.

|

The home security company Ring's budding relationship with law enforcement has made people more aware of just how much privacy is sacrificed when they sign up for a lot of tech services.

Ring produces video doorbells that allow consumers to see who is at their front door from their smartphones. Amazon recently purchased Ring in 2018 for $1 billion.

But the customer isn't the only one who can see who's there. Government Technology reports that "under Ring partnerships, police are provided with a special portal that allows them to communicate with and request video from community residents." Police have to ask the owners of the footage for it first. But if the owners refuse to turn it over, the cops can then go to Ring directly.

"The consumer knows what they're getting into," Tony Botti of the Fresno County Sheriff's Office, insisted to Government Technology. "If you're a good upstanding person who is doing things lawfully, nobody has concerns."

Motherboard recently reported that Amazon is encouraging law enforcement to join as many community boards as possible, so that people in the community will be willing to provide the footage directly to the police.

"I think right now people assume they own all their data," says Nila Bala, associate director of criminal justice and civil liberties at the R Street Institute. They "don't realize the reach that private companies and law enforcement have on their information."

The Salt Lake City Police Department recently used Lyft data to try to find missing University of Utah student Mackenzie Lueck. "Police also analyzed Lueck's social media and dating app accounts," The Deseret News reported.

In that case, police used warrants to obtain the information—as is required by Utah law. But Utah, Washington, and California are the only three states that currently require law enforcement to obtain warrants before companies can hand over private data.

At some companies, it is policy to require warrants before giving law enforcement extensive information. But these companies will still offer up users' names, contact information, and IP addresses upon receiving a subpoena. And subpoenas, unlike warrants, don't require that authorities demonstrate probable cause. 

Most of the biggest digital services simply require a subpoena for user data. This includes such popular companies as Lyft, Uber, Venmo, Netflix, Twitter, Instagram, and Facebook.

Uber has reported that it got 1,248 data requests from state governments and 156 from the feds in the first six months of 2017, leading the company to turn over data on more than 3,000 driver and rider accounts. Authorities had warrants for only 231 of these requests. In 839 requests, they relied on a subpoena. 

Snapchat is even more lenient about letting law enforcement snoop on user data. The company says it will give out any data it reasonably believes is needed to "comply with any valid legal process, governmental request, or applicable law, rule, or regulation."

Bala says consumers should take steps to make sure that they are aware of what information they are sharing with the apps they sign up for—and that companies should be more transparent about what kinds of information people are giving them.

And the authorities need to be transparent about how they're treating data they obtain from these companies. "We should demand that our government follow best practices for collecting, storing, and destroying data, during and after investigations," Bala says.