How Big Tech created a data ‘treasure trove’ for police departments

PROVIDENCE, R.I. — When U.S. law enforcement officials need to cast a wide net for information, they’re increasingly turning to the vast digital ponds of personal data created by Big Tech companies via the devices and online services that have hooked billions of people around the world.

Data compiled by four of the biggest tech companies show that law enforcement requests for user information — phone calls, emails, texts, photos, shopping histories, driving routes and more — have more than tripled in the United States since 2015.

Police also are increasingly savvy about covering their tracks to avoid alerting suspects of their interest.

That’s the backdrop for recent revelations that the Trump-era Justice Department sought data from Apple, Microsoft and Google about members of Congress, their aides and news reporters in leak investigations — then pursued court orders that blocked those companies from informing their targets.

In the first half of 2020 — the most recent available data — Apple, Google, Facebook and Microsoft together fielded more than 112,000 data requests from local, state and federal officials.

The companies agreed to hand over some data in 85% of those cases. Facebook, including its Instagram service, accounted for the largest number of disclosures.

For an idea of how this happens, look to Newport, Rhode Island, a coastal city of 24,000 that attracts a flood of summer tourists. Fewer than 100 officers patrol the city — but they make multiple requests a week for online data from tech companies.

That’s because most crimes – from larceny and financial scams to a recent fatal house party stabbing at a vacation rental booked online – can be at least partly traced on the Internet. Tech providers, especially social media platforms, offer a “treasure trove of information” that can help solve them, said Lt. Robert Salter, a supervising police detective in Newport.

“Everything happens on Facebook,” Salter said. “The amount of information you can get from people’s conversations online — it’s insane.”

As ordinary people increasingly have become dependent on Big Tech services to help manage their lives, American law enforcement officials have grown far more savvy about technology than they were five or six years ago, said Cindy Cohn, executive director of the Electronic Frontier Foundation, a digital rights group.

That’s created what Cohn calls “the golden age of government surveillance.” Not only has it become far easier for police to trace the online trails left by suspects, they also can frequently hide their requests by obtaining gag orders from judges and magistrates. Those orders block Big Tech companies from notifying the target of a subpoena or warrant of law enforcement’s interest in their information — contrary to the companies’ stated policies.

Of course, there’s often a reason for such secrecy, said Andrew Pak, a former federal prosecutor. It helps prevent investigations from getting sidetracked because someone learns about it, he said —“the target, perhaps, or someone close to it.”

Longstanding opposition to such gag orders resurfaced in the wake of the Trump-era orders.

In 2018, Apple shared phone and account data generated by two Democratic members of the House Intelligence Committee. But the politicians didn’t find out until May, after a series of gag orders expired.

Swayne B. Hall / AP

Critics including Cohn have called for revision of U.S. surveillance laws drawn up years ago, when the police and prosecutors typically had to deliver warrants to the home of the person being targeted for searches. Now that most personal information is kept in the equivalent of vast digital storehouses controlled by Big Tech companies, such searches can proceed in secret.

“Our surveillance laws are really based on the idea that, if something is really important, we store it at home, and that doesn’t pass the giggle test these days,” Cohn said. “It’s just not true.”

Tech companies point out that the majority of information they are forced to share is considered “non-content” data. But that can include useful details such as the basic personal details you supply when you register for an account or the metadata that shows whether and when you called or messaged someone, though not what you said to them.

Law enforcement also can ask tech companies to preserve any data generated by a particular user, which prevents the target from deleting it. Doing so doesn’t require a search warrant or any judicial oversight, said Armin Tadayon, a cybersecurity associate with advisory firm the Brunswick Group.

If police later find reasonable grounds for conducting a search, they can return with a warrant and seize the preserved data. If not, the provider deletes the copies, and “the user likely never finds out,” Tadayon said.

In Newport, getting a search warrant for richer online data isn’t that difficult. Salter said it requires a quick trip to a courthouse to seek a judge’s approval. Some judges also are available after hours for emergency requests.

If a judge finds there is probable cause to search through online data, tech companies almost always comply.

“Most of the companies do play ball,” Salter said. “We can speak with people, get questions answered. They’re usually pretty helpful.”

Nearly all big tech companies — from Amazon to rental sites like Airbnb, ride-hailing services like Uber and Lyft and service providers like Verizon — now have teams to respond to such requests and regularly publish reports about how much they disclosed. Many say they work to narrow overly broad requests and reject those that aren’t legally valid.

Some of the most dramatic increases in requests have been to tech companies that cater to younger people. As the messaging app Snapchat has grown in popularity, so have government requests for its data. Snap, the company behind the app, fielded nearly 17,000 data requests in the first six months of 2020, compared to 762 in the same period of 2015.

Salter said the fact that we’re all doing so much online means detectives need to stay tech-savvy. But training courses for how to file such requests aren’t hard to find.

For those worried about the growing volume of online data sought by law enforcement, Salter said, “Don’t commit crimes, and don’t use your computer and phones to do it.”

“Judges are not going to sign off on something if we don’t have probable cause to go forward,” he said. “We’re not going to look at people’s information without having something to go on.”

But Cohn said more tech companies should be using encryption technology to make all personal information, including metadata, virtually impossible to decipher without a user key to unlock it.

Until then, she said, police can short-circuit constitutional protections against unreasonable searches “by just going to the company instead of coming directly to us.”