Search and Seizure

Keyword Warrants


Forbes (Thomas Brewster) reports:

The U.S. government is secretly ordering Google to provide data on anyone typing in certain search terms, an accidentally unsealed court document shows. There are fears such "keyword warrants" threaten to implicate innocent Web users in serious crimes and are more common than previously thought.

In 2019, federal investigators in Wisconsin were hunting men they believed had participated in the trafficking and sexual abuse of a minor. She had gone missing that year but had emerged claiming to have been kidnapped and sexually assaulted, according to a search warrant reviewed by Forbes.

In an attempt to chase down the perpetrators, investigators turned to Google, asking the tech giant to provide information on anyone who had searched for the victim's name, two spellings of her mother's name and her address over 16 days across the year. After being asked to provide all relevant Google accounts and IP addresses of those who made the searches, Google responded with data in mid-2020, though the court documents do not reveal how many users had their data sent to the government.

It's a rare example of a so-called keyword warrant …. Before this latest case, only two keyword warrants had been made public. One revealed in 2020 asked for anyone who had searched for the address of an arson victim who was a witness in the government's racketeering case against singer R Kelly. Another, detailed in 2017, revealed that a Minnesota judge signed off on a warrant asking Google to provide information on anyone who searched a fraud victim's name from within the city of Edina, where the crime took place.

This may well be constitutional, much as subpoenaing a potential witness to ask who had asked the witness for information about a crime victim. Like all police powers, it might be abused, but perhaps on balance it's worth keeping. Still, it strikes me as worth thinking about; I hadn't heard about this specific practice before, so I thought I'd mention it.

NEXT: Thursday Open Thread

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. There is one reason I try to avoid associating web searches with my personal information, keeping my cookie count low and not being logged into Google from the same browser I search with. More generally, I try to avoid Google searches when I don’t need them, but the government may well be subpoenaing all the search engines.

    1. So use one that does not keep records on the searches.

      1. I think it is quite likely that the feds have a court order requiring the major search engines to retain query details. A privacy policy protects against commercial exploitation. It does little good against government snooping. There was a recent case out of Switzerland pointing this out.

        1. For these reasons, DuckDuckGo takes the approach to not collect any personal information. The decisions of whether and how to comply with law enforcement requests, whether and how to anonymize data, and how to best protect your information from hackers are out of our hands. Your search history is safe with us because it cannot be tied to you in any way.

      2. Courts won’t hesitate to order services that don’t log to start logging. I’m familiar with one such order in US courts (UMG Recordings v Kurbanov et al, Judge Buchanan in EDVA signed an order to compel preservation of web server data), but the defendant stopped participating rather than appeal it or comply.

        Now that’s the kind of authoritarian overreach “libertarians” like Longtobeenslaved loves.

        1. “Courts won’t hesitate to order services that don’t log to start logging”

          Are you suggesting a court can order XYZSearch Inc. to

          1)”start tracking every search by Fred Smith/from IP addr going forward” or
          2)”start logging ip addr/username/query string for all searches by anyone so the police can in the future search for whatever they can get a warrant for later”

          I know there are laws requiring e.g. financial reporting, but I’d hope such reporting requirements would require legislation (I’d oppose such legislation, too, but at least that’s done out in the open).

        2. It’s an interesting question and I was disappointed it didn’t get explored further.
          Plaintiffs argue that the data they want exists in the server’s memory, and it is consistent with cases from California and New York (especially this one to require its preservation.
          The counterargument is that retention orders require the preservation of records but not the creation of new ones, e.g. if you make notes of conversations an order can prohibit you from destroying them but not force you to start creating them. This argument though runs into the FRCivP 34(a)(1)(A) enumeration of discoverable materials (bold added)

          any designated documents or electronically stored information—including writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations—stored in any medium from which information can be obtained either directly or, if necessary, after translation by the responding party into a reasonably usable form

          Those precedents held that information in the computer’s memory qualified, subject to objections of undue burden in getting it out.

          1. “Plaintiffs argue that the data they want exists in the server’s memory,…”

            That is this, I suppose?:

            “Defendant concedes that the data is created in the normal operation of his websites, exists, and can be preserved with the flip of a switch using built in functionality in his web server software.”

            That sees pretty bogus to me. Yes, the server knows the client IP addr for the duration of the session, and the software can be configured to log the IP addr.

            But that’s like saying “the sound of the phone call exists during the phone call, and you could push ‘record’ on your tape recorder, so you must record all phone calls going forward” or “your security camera video exists in the system while going from the camera to the guard’s display, and you could configure it to record the video, so you must start recording and retaining video”.

            1. Yes, that’s why I think it’s an interesting question. That rule seems to extend the power of the courts, is it within the rulemaking authority granted by 28 USC Chap. 131? I don’t see that this has been effectively argued.
              One law journal article concludes that Bunnell didn’t substantially change the discovery landscape, but I don’t think there is an e-discovery maven among the Conspirators so we may not see any further exploration of this issue here.

    2. And you do that because you’re regularly involved in criminal activity?

      1. “If he has nothing to hide, he has nothing to fear”? Really?

      2. Well, I do that so that for example, when a relative gets diagnosed with prolapsed earlobes I can search for that without being inundated with ads for essential oils to treat prolapsed earlobes.

        Or for that after so if I’m in the market for, say, an LED lantern I can research the and buy the one I want without getting ads for them for the next two months.

        Having everything I ever searched for archived forever offers costs but not benefits to me.

  2. The secrecy bothers me more than anything. David Brin had a book on CCTV cameras a while back, suggesting that the primary fault with so many police CCTV cameras was the usual unaccountability, that too many bored watchers were zooming in on apartment windows, low-cut blouses on pedestrians, etc. The obvious solution was to make all the camera feeds publicly accessible, so bored residents could watch what the watchers were watching. Another was to put publicly accessible CCTV cameras in the watchers’ offices, so the public could see who was misbehaving.

    I don’t see any need for secrecy here; the searches were all in the past, and while individuals might get the idea to erase their browser histories, they had no control over what Google stored. The results of the search warrant would be pretty lousy evidence in a trial and could only be used to point out suspects who warranted (pardon me) further investigation.

    1. A Ab,
      I think the first suggestion (make those CCTV feeds) publicly accessible is an excellent one. No expectation of privacy, so I can’t see any Constitutional issue. And, transparency, as you noted. I think the suggestion about putting special cameras into the watchers’ offices is silly . . . since I have not read the book in question; it’s hard to know if Brin was making a fair dinkum suggestion.

      1. It was “Transparency”, I think, from about 15-20 years ago, and it never came back from a loan so I can’t look it up. He was mainly brainstorming ways to make the watchers watchable. This was when the net was still young and slow, and thousands of cameras might have been too much traffic, whereas 2-3 cameras in the watchers’ office would have been much less load.

  3. “Might be abused”. LOL. If history and past behavior has taught us anything, it’s that the cops will think of new and inventive ways to abuse this.

    1. “might be” means “it is completely certain that . . .”

  4. Huh. It strikes me as something that ought to be pretty clearly unconstitutional. This is far to vague to meet the particularity requirements for a warrant. It’s the worst form of fishing expedition with a virtual guarantee of a high rate of false positives.

    1. Indeed, I wish that Professor Volokh would’ve expanded upon why he thinks it is constitutional.

      How many responses did the keyword warrant get? Whatever that number is, generally only one result is going to have anything whatsoever to do with the case. Mathematically, the strikes me as the exact opposite of being ‘probable’ cause.

      The rest will be people who did absolutely nothing wrong, and may have been looking up someone else entirely. Names are not typically unique.

      1. I think Prof. Kerr, not Prof. Volokh, is the one to consult on this one.

        But I don’t think the problem is lack of specificity; I think the problem is lack of probable cause.

        1. Prof. Kerr has limited his involvement with this blog as it has evolved. He apparently has a written excuse from Katy that says ‘too well to attend.’

    2. I wouldn’t say clearly.

      I mean, before Carpenter, which was what, 5 years ago? it was widely assumed the police could do this without a warrant.

      Now, they might still be able to. But with a warrant, they still can’t? I doubt it.

      Now, granted, you need probable cause, and you can’t just go “anyone in this city who searched X” for a warrant, so I suppose that is clearly bad? But in general this at the very least a grey area.

  5. Yeah, I was listening to an InfoSec podcast run by a few Australians who brought this up, and they gave the impression that they were shocked that people who opposed to this … and I guess that highlights some of the differences between the US and Australia right?

    I totally get the increduilty of foreigners being like, wait, in the US you give up your information to the tech giants just so randoms can sell you ads, but the police going after murderers, that’s too far? To which the response is, yeah that totally makes sense to me. For what I assume are cultural reasons that don’t make sense to people outside the US.

    Tbf, I dont really see an issue with this particular warrant. My issue is you have to draw the line somewhere. Surely someone committing a traffic violation where no one got hurt and then looking up the statute of limitations on that traffic violation is safe right? Like a police officer can’t just go everyone who looked up the statute of limitations is probably concerned about something I want a warrant for that is well well over the line right?

    So where to draw it?

    1. The problem is that once the infrastructure is in place the authorities have empirically shown that they will eventually and inevitably give in to the temptation to abuse it. It never ever stops at terrorists and child murderers. They’re already using it for relatively trivial things in the summary. The only way is to cut off access to these orwellian tools entirely or at least to make it super inconvenient to where they only use it for actual national emergencies. Like in atom bomb emergency not this guy wolfwhistled me on the street emergency they will eventually roll this stuff out for.

    2. I remember an online discussion about the novel _Murder in the Solid State_ (Wil McCarthy, 1996). I figured the guy who sabotaged the system was the hero, but law and order foreigners thought he was the villain.

    3. I want there to be procedural safeguards. And I want those to be genuine safeguards.

      Here, there is a warrant requirement. Which means that a neutral judge has to be convinced. That’s a big deal for me. But, I also want to see evidence that judges are not just rubber-stamping all warrant requests. Maybe it’s unrealistic that we in the public can get this second reassurance. But maybe not. Perhaps warrant judges should be randomly audited…say, 1 out of every 100 or 200 warrants, just to see what sort of documentation was given to that judge, how long the judge looked at the paperwork, what questions–if any–the judge asked the prosecutor or investigator or police officer, etc???

    4. To which the response is, yeah that totally makes sense to me. For what I assume are cultural reasons that don’t make sense to people outside the US.

      Seems pretty obvious to me: in one case, the information is being used for your benefit; in the other, it’s being used to your detriment.

  6. Its always rolled out ‘for the children’ first.

  7. If you can’t grasp the absurdity of this, I pointed out yesterday that 50 years ago the equivalent to this would be a warrant to search the library records of every library user in every library in the entire country.

    Then someone pointed out to me that the FBI got warrants for that as well.

  8. Showing you results for “How to check the internet activity of literally every Google user with a single judicial signature.”
    Click here to search instead for: “How to check the internet activity of literally any Google user with a single judicial signature.”

    Mr. D.

  9. Sounds like an ad for VPN and search services like Duck Duck Go in the making.

Please to post comments