A Minnesota judge recently signed a search warrant ordering Google, Inc. to hand over personal information on anyone who searched a specific name, a decision that could set an alarming precedent that would render the fourth amendment virtually ineffective with regard to online privacy.
According to the application for the warrant, filed by Detective David Lindland of the Edina Police Department, authorities are trying to locate an individual who used a fake passport to trick a credit union into transferring $28,000 out of an Edina man’s account. Police say the passport image showed up in a Google search but was not available on Yahoo or Bing. The warrant does not mention whether or not they searched Ask.com, DuckDuckGo, Ixquick, or any other of the many search engines available to the public.
The warrant, signed by Hennepin County Senior Judge Gary Larson, demands Google disclose any and all information on any person who searched the victim’s name from December 1st, 2016, to January 7th, 2017. According to the warrant:
“The user/subscriber information [is] to include, but not limited to: name(s), address(es), telephone number(s), date(s) of birth, social security numbers, email addresses, payment information, account information, IP addresses, and MAC addresses of the person(s) who requested/completed the search.”
The documents indicate Google was first served with an administrative subpoena requesting the information, which it promptly rejected. A spokesperson for Google responded to questions about the case in an email to The Register, saying, “We aren’t able to comment on specific cases, but we will always push back when we receive excessively broad requests for data about our users.”
A criminal defense staff attorney for the Electronic Frontier Foundation, Stephanie Lacambra, commented on the unprecedented scope of the warrant:
“As a former public defender for over a decade, I can say that this kind of warrant appears both unusual, in that it was approved in the first place without first establishing as a threshold matter that the suspect perpetrator used Google to obtain the photo used in the fraudulent passport in the first place, and overbroad, in that it calls for a dragnet production of the private information of all querents who searched a particular name within a five week time frame without any further limiting factors.”