An arson attack in Colorado had detectives stumped. The way they solved the case could put everyone at risk.
- https://web.archive.org/save/https%3A%2F%2Fwww.wired.com%2Fstory%2Ffind-my-iphone-arson-case%2F
- https://ghostarchive.org/search?term=https%3A%2F%2Fwww.wired.com%2Fstory%2Ffind-my-iphone-arson-case%2F
- https://archive.today/?run=1&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Ffind-my-iphone-arson-case%2F
According to court documents, the company uses a staged process when responding to reverse keyword warrants to protect user privacy: First, it provides an anonymized list of matching searches, and if law enforcement concludes that any of those results are relevant, Google will identify the users’ IP addresses if prompted by the warrant to do so. DPD’s warrant had gone too far in asking for protected user information right away, and it took another failed warrant 20 days later and two calls with Google’s outside legal counsel before the detectives came up with language the search giant would accept.
Finally, the day before Thanksgiving 2020, Sonnendecker received a list of 61 devices and associated IP addresses that had searched for the house in the weeks before the fire. Five of those IP addresses were in Colorado, and three of them had searched for the Truckee Street house multiple times, including for details of its interior.
In early December, DPD served another warrant to Google for those five users’ subscriber information, including their names and email addresses. One turned out to be a relative of the Diols; another belonged to a delivery service. But there was one surname they recognized—a name that also appeared on the list of 33 T-Mobile subscribers they’d identified earlier in the investigation as being in the vicinity of the fire.
Another warrant to Google yielded the three teens’ search histories since early July. In the days before the fire, Siebert searched for retailer “Party City.” On Party City’s website, Baker spotted masks similar to those worn by the three perpetrators.
In June 2022, just when it seemed like the prosecution could finally proceed, Seymour’s lawyers dropped a bombshell. They filed a motion to suppress all evidence arising from the reverse keyword search warrant that DPD had served to Google—the key piece of information that had led detectives to Bui and his friends.
After a five-month wait that Sandoval remembers as “gut-wrenching,” the court finally ruled in October 2023. In a majority verdict, four judges decided the reverse keyword search warrant was legal—potentially opening the door to wider use in Colorado and beyond.
Google is a threat actor, if you are stupid enough to be using it to commit felonies… I don’t care if they snitch on your idiot ass.
This has nothing to do with privacy per se beyond teaching you that Google is a threat actor. Act like it.
I’m glad they were caught, and I think it was the right decision in this situation, but the case sets an interesting precedent.
It’s the Vimes doctrine: if they can do it for a good reason, they can do it for a bad reason.
The facts of the case seem to prove that these “haystack warrants” strike a good balance between privacy and safety.
There were only a handful of people searching for the victim address before the crime, and none of them got dragged into the investigation.
Similarly, while the tower dump warrant included lots of innocent folks, a little common sense from the detectives avoided a dragnet.
I’m glad others are optimistic for this, I feel like I’m often not militantly pro privacy enough (certain automated image recognition of CSAM by Google and Apple is fine by me)
The phrase “a little common sense from the detectives” is what makes more worried for the future of this precedent, however. I don’t want to have to rely on LEO common sense to not have my privacy invaded
This seems like the right stance. Just because it wasn’t abused this time doesn’t mean it doesn’t have the potential for it or is a balanced/good approach.
There are many many other cases that used tower warrants. IDK if it usually turns into a fiasco.
