I wrote last week about an oral argument in the Fourth Circuit involving geofence warrants. Geofence warrants are warrants to obtain the location data that Google users let Google collect if they opt in to Google’s location history service, which about a third of Google users do. Geofence warrants have been possible because, if you opt in, Google keeps a copy of the location history. And records are kept can be compelled, at least if the legal process is valid.
All of which makes this Google announcement from yesterday of great interest. Google will no longer keep location history even for the users who opted in to have it turned on. Instead, the location history will only be kept on the user’s phone.
Unless I’m missing something, this will entirely defeat geofence warrants— which, I would speculate, was probably the point of Google’s policy change. If Google doesn’t keep the records, Google will have no records to turn over. If the government comes to Google with a court order for geofence data, Google will just say, sorry, we don’t keep that stuff anymore.
My very tentative sense, from a public policy standpoint, is that this seems like a bit of a bummer. Geofencing was being used to solve some really serious crimes—like murders, rape, and armed robberies—when there were no known suspects or leads and the case had gone cold. Having governments be able, with sufficient cause, to go to a court, get a court order, and then obtain potentially responsive location records that could provide a lead to investigate was, on the whole, a good thing.
Of course, that public interest has to be balanced with the public interest in privacy. But my sense is that geofence warrants have been implemented (and could be implemented in the future) in ways that provide far greater privacy protection than normally exist with warrants. Every technique raises risks of abuse. But if you had to look at all the pluses and minuses of different techniques, a court order regime to access geofence records had more pluses and fewer minuses than those records not existing.
It will be interesting to see if we learn why Google made this change. Google is a private company. It has to answer to its shareholders, not to the public interest. And it’s totally plausible that this was just a sensible business decision. If Google can provide location history for those who want it without keeping the records, Google presumably benefits by not having to deal with the privacy headaches of responding to geofence warrants.
If this is what drove Google’ decision, it’s an example of a less-appreciated way that the market regulates privacy. If you’re providing a data service, responding to court orders for user data is not part of your business model. It’s a costly hassle. And it can only lead to bad press. So you might look for ways to avoid keeping records, as records never kept are records that cannot be turned over.
As always, stay tuned.