Possibly the worst mass invasion of internet privacy ever
In January, a bank in Edina, Minnesota, received a request for a $28,500 wire transfer from someone claiming to be local resident Douglas Junker. Though bolstered with a faked picture of a passport, the request later turned out to be fraudulent, and local cops were reportedly stymied on how to catch the thief.
Until, that is, they came up with a novel idea: Hoping to find out how the fraudster got the picture, Edina Police Detective David Lindman applied for a search warrant to obtain the names, email addresses, account information and IP addresses of everyone in the entire town of 50,000 who had searched for any variation of the victim’s name between Dec. 1, 2016, and Jan. 7, 2017.
+ Also on Network World: EFF: Congress considers making it illegal to protect consumer privacy online +
Wow, obvious police overreach, right? Google search histories are hardly public information, and stripping privacy from an entire city to try and nab a small-time swindler would surely be casting too wide a net to be acceptable to a judge, right?
On Feb. 1, 2017, Hennepin County Judge Gary Larson granted a search warrant for “any/all user or subscriber information” of anyone in Edina who searched for the “Douglas Junker” from Dec. 1, 2016, and Jan. 7, 2017. The request asks for “name(s), address(es), telephone number(s), dates of birth, Social Security numbers, email addresses, payment information, account information, IP addresses, and MAC addresses of the person(s) who requested/completed the search.”
Privacy experts freak out
Understandably, the internet is up in arms over this obvious over-reach. Defense attorneys called the implications “frightening,” and they warned the information could become public after the investigation was completed. One local journalist warned that the warrant could stretch beyond Medina residents. Stephanie Lacambra, an attorney for the Electronic Frontier Foundation, was “skeptical of this warrant’s ability to survive constitutional scrutiny,” while her colleague Andrew Crocker tweeted, “Holy shit. Case name should be In re Minnesota Unconstitutional General Warrant…”
Also in that vein, Teresa Nelson, interim executive director of the ACLU of Minnesota, reportedly said the warrant is “breathtakingly broad,” while law professor Robert Kahn at the University of St. Thomas, called it “a scary slippery slope.”
Warrant normalizes requests for private information
Google reportedly says it plans to fight the expansive warrant, and it’s not entirely clear whether the search company could supply that information even if it wanted to. But here’s the thing—even if this warrant doesn’t actually get the information it asks for, the mere act of asking helps to normalize these kinds of outrageous requests.
Whatever happens with this incredibly broad warrant, the next one likely will raise fewer eyebrows and be more likely to succeed. And that’s could be true even for far more controversial—but not necessarily illegal—search terms that could have real effects on innocent people swept up in an obvious invasion of privacy.