Web Searches as Evidence in Criminal Cases

Graphic web searches for criminal cases

Google, your Collected Web Search Information and the Law

Our digital forensics group was recently contacted by a defense attorney to review a digital forensic report submitted by law enforcement. The defendant was identified during an investigation utilizing Google web search results that were provided by Google in response to a subpoena. The need from Google was to obtain web searches as evidence in criminal cases in an effort to IDENTIFY the perpetrator. The crime is not the issue here but how law enforcement used Google as a detective tool and the data that Google collects and stores on all of us, which most of us never knew to what extent.

Google’s Data Collection on Us

IT Acceleration’s Digital Forensic Group routinely conducts web and social media investigations as part of civil litigation matters.  The web is a giant repository of content on us.  The research provided below only confirms what should come as no surprise:  that Google collects data about us.  Lots of data over lots of years.  We all know this in the back of our minds but maybe not to the details uncovered here. Your web searches can be used as evidence in criminal cases and even if you’re not involved, your data may come up when law enforcement is investigating. In addition to their web browser ‘Google Chrome’ and search engine ‘Google Search’ (the search engine that Google apps, including Chrome, and many 3rd-party services use to traverse the internet). Google also collects and data mines 3rd-party data and activity to make comprehensive connections that convert seemingly anonymous activity by us into personalized identifications of who we are, what we’re doing and where we are.

The methods Google uses to personally identify you are arguably amazing and complex. We participate in a Big Brother world when it comes to the internet.  You have no choice but to offer out personal information if you use the internet from a computer, or a smartphone, or any smart device.  But many of us are unaware of the passive monitoring and collection of “anonymous” data that Google is able to analyze, supplemented with 3rd-party data, to personally identify you, your habits, your location and your likes.

The “2018 Google Data Collection” report published by Digital Content Next provides significant insight to what and how Google collects data and identifies users.  I’m sure there’s more going on than what’s reported but this data collection report alone is very alarming.

Privacy and Term Agreements

As it pertains to Google, take a moment to review their Privacy and Terms.  Term agreements are on the web and can change at any time making it even more challenging to understand what you signed up for, what changed, and when it changed.  Very few folks read these.  You should.  For example, there was an online photo printing store that was selling certain print booklets very inexpensively.  Upon reading the term agreement, they would own the photos uploaded to their site and could do with them whatever they wanted. No thank you.

Application Settings

The other issue impacting privacy includes application settings that you may have the ability to change in order to potentially “limit” what Google or other apps collect, use and share.  PC Magazine provides a good write-up on locking down your Android phone.  Medium dot com provides tips for the iPhone.

I realize how frustrating this all can be to the passive user of technology.  You need an IT education to deal with some of this.  But we have entered a time when a basic level of technical core-competency is required.  There are many night schools that can help with learning technology including PCs, Macs and Smart Devices.  I strongly suggest to find a class if you feel overwhelmed by all this.  It’s only going to get worse.

Google Compliance to Share Data with Law Enforcement to provide Web Searches as Evidence in Criminal Cases

From investigating regulatory violations to criminal activity, an individual’s web search history can make or break a case. In order to access this information via Google, Google requires either a request from a verified law agency be submitted to their online Law Enforcement Request System (LERS), or be given sufficient reason to believe that the information could save lives; such as in the case of a kidnapping or bomb threat in order to obtain web searches for criminal cases.

Google reports that a LERS request usually takes the form of a subpoena, search warrant, emergency disclosure request, pen register order, wiretap order, preservation request, or other court orders or legal requests when responding to web searches as evidence in criminal cases.

Over a 10-year period, requests have risen 10-fold. View the details of the requests here.


Graph Google LERS Reuests by reporting period

So how often do these various requests get granted?

According to Google’s Transparency Report, between 80 and 90 percent of LERS requests get accepted and receive some kind of data from the requested users account.


Google Graph on LERs responses

With such a high volume of requests being answered, how do you know if your account is included? The short answer: You don’t but your data is available.

Google is under no legal obligation to tell you when they share your account information. Their policy dictates that an email will be sent to the user in question so long as it is not prohibited by the specific request, which in that case the email will be delayed until the gag order period has ended. Their policy also includes a clause that says that they can withhold notifying affected users at their own discretion, when they believe “that notice would be counterproductive or exceptional circumstances exist involving danger of death or serious physical injury to any person.”

Defense Attorney Need

Bear in mind that this Google search is not limited to the use of Google Chrome web searches, as many 3rd-party sites, apps and services use Google Search as a means to present their data, and all this activity becomes Google stored data.

At a high level, this what occurs when law enforcement requests web searches as evidence in criminal cases:
  • Law enforcement issues a subpoena to Google requesting specific search terms to be run against their collected web search data.  This can include unique search strings, names, dates/times and addresses related to a crime or potential crime.
  • Google returns search results to law enforcement that includes IP address(es) that were recorded as the requesting device conducting the search using the above search terms.
  • Law enforcement identifies the Internet Service Provider (ISP) that owns the IP address(es) and issues a subpoena to the ISP(s) to identify the subscriber that was issued the IP address during the relevant time-frame.
  • Subscriber information is then provided to law enforcement from the ISP thus identifying the physical location of where the search was performed.
  • Law enforcement then seizes the computing devices for analysis.

Eavesdropping Phones

We all now know that ads via email or social media are sent to us based on our activity on the internet.  But what about our voice conversations that take place when the phone is near? There are many anecdotal reports of advertisements showing up in email and social media without doing any web searching on the topic but merely having a verbal conversation.  This has happened to me specifically and many of my colleagues.  Why wouldn’t the phones passively listen to us – there’s so much more information marketers can gather about us.  Think about the information you convey with a friend over dinner.  There’s so much more content here than Google could collect from web-based internet activity.

In this Digital Trends article, they describe how phones and TVs can match up via signals transmitted from the TV and the audio captured by the phone.  This then links the TV to your phone thus identifying you are the viewer. Thus the phones are listening without having the be wakened up with a command like ‘Hey Siri”.  So they are listening or perhaps waking up with different commands that we are unaware of.

“Last year the CDT alerted the Federal Trade Commission (FTC) to a technology called SilverPush. It uses audio beacons to track your activities across devices: Your TV emits a tone during a commercial break, a tone that’s inaudible to you, but your phone is listening for it. Now they can link the TV and phone as belonging to the same person.”

“As more smartphones, smart TVs, and smart toys start to listen in on us all the time, it’s going to be very hard for anyone to understand where all the data is flowing, because every company wants to connect to its own cloud service,” says Hong. “This makes it a real hassle, even for experts, to try and understand what’s going on.”
“If you’re going to use these services on your smartphone, understand that it’s not private,” suggests De Mooy. “It’s not a personal assistant or friend, it’s a small tracking device. Social apps are meant to collect data and make it public. Pay attention, watch out for default settings, and take action to protect your privacy.”

We covered some smartphone security tips in an earlier blog that are still relevant today.

Final Word

There are security and privacy many concerns here.

  1. First and foremost, any device can be exploited and possibly comprised without proper security in mind. With that said, ensuring that your devices are current with patches, updates and virus patterns is crucial to safeguard your privacy from these exploits.  Staying clear of public WiFi is also a good idea.  This YOU can control with proper due diligence.
  2. The public is inundated with the language in Terms and Conditions that many folks do not read nor understand them. So, we simply signup without knowledge of any repercussions of what data is collected about us and how it’s used later.  Take the time to review these whenever you signup for a new app or service.
  3. An application’s privacy settings are not very intuitive thus making it difficult for the average user to understand what to change or how. And with each app update comes an opportunity for your settings to revert back to default settings.  Facebook is infamous for this.  It’s a bit of cat-and-mouse game and takes more due diligence on your part to review these settings.
  4. The marketing industry, and the providers that create data for them, have a huge investment to create technologies to identify you and your habits. This collection of data spills over into personal and confidential data being collected about you without regard to what it is and how it could be potentially used, now or in the future.
  5. The issue with phones passively listening does not seem to have been be proved yet but there are certainly circumstances to corroborate that this is going on to some degree. Perhaps it difficult to confirm this is occurring due to a round robin of when phones are listening or they are awakened when certain words/tones are received other than the ‘Hey Google’ or “Hey Siri” or Alexa commands.
  6. There are other search engines to use but let’s face it, Google runs the internet for now and it will be virtually impossible to dethrone the king of search.
Share This