MATT O’BRIEN and MICHAEL LIEDTKE, AP Technology Writers
When U.S. law enforcement officials need to cast a wide net for information, they’re increasingly turning to the vast digital ponds of personal data created by Big Tech companies via the devices and online services that have hooked billions of people around the world.
Data compiled by four of the biggest tech companies shows that law enforcement requests for user information — phone calls, emails, texts, photos, shopping histories, driving routes and more — have more than tripled in the U.S. since 2015. Police are also increasingly savvy about covering their tracks so as not to alert suspects of their interest.
That’s the backdrop for recent revelations that the Trump-era U.S. Justice Department sought data from Apple, Microsoft and Google about members of Congress, their aides and news reporters in leak investigations — then pursued court orders that blocked those companies from informing their targets.
In just the first half of 2020 — the most recent data available — Apple, Google, Facebook and Microsoft together fielded more than 112,000 data requests from local, state and federal officials. The companies agreed to hand over some data in 85% of those cases. Facebook, including its Instagram service, accounted for the largest number of disclosures.
Consider Newport, Rhode Island, a coastal city of 24,000 residents that attracts a flood of summer tourists. Fewer than 100 officers patrol the city — but they make multiple requests a week for online data from tech companies.
That’s because most crimes – from larceny and financial scams to a recent fatal house party stabbing at a vacation rental booked online – can be at least partly traced on the internet. Tech providers, especially social media platforms, offer a “treasure trove of information” that can help solve them, said Lt. Robert Salter, a supervising police detective in Newport.
“Everything happens on Facebook,” Salter said. “The amount of information you can get from people’s conversations online — it’s insane.”
As ordinary people have become increasingly dependent on Big Tech services to help manage their lives, American law enforcement officials have grown far more savvy about technology than they were five or six years ago, said Cindy Cohn, executive director of the Electronic Frontier Foundation, a digital rights group.
That’s created what Cohn calls “the golden age of government surveillance.” Not only has it become far easier for police to trace the online trails left by suspects, they can also frequently hide their requests by obtaining gag orders from judges and magistrates. Those orders block Big Tech companies from notifying the target of a subpoena or warrant of law enforcement’s interest in their information — contrary to the companies’ stated policies.
Of course, there’s often a reason for such secrecy, said Andrew Pak, a former federal prosecutor. It helps prevent investigations getting sidetracked because someone learns about it, he said —”the target, perhaps, or someone close to it.”
Longstanding opposition to such gag orders has recently resurfaced in the wake of the Trump-era orders. Apple in 2018 shared phone and account data generated by two Democratic members of the House Intelligence Committee, but the politicians didn’t find out until May, once a series of gag orders expired.
Microsoft also shared data about a congressional aide and had to wait more than two years before telling that person. Brad Smith, Microsoft’s president, last week called for an end to the overuse of secret gag orders, arguing in a Washington Post opinion piece that “prosecutors too often are exploiting technology to abuse our fundamental freedoms.”
Critics like Cohn have called for revision of U.S. surveillance laws drawn up years ago when the police and prosecutors typically had to deliver warrants to the home of the person being targeted for searches. Now that most personal information is kept in the equivalent of vast digital storehouses controlled by Big Tech companies, such searches can proceed in secret.
“Our surveillance laws are really based on the idea that if something is really important, we store it at home, and that doesn’t pass the giggle test these days,” Cohn said. “It’s just not true.”
Many tech companies are quick to point out that the majority of the information they are forced to share is considered “non-content” data. But that can include useful details such as the basic personal details you supply when you register for an account, or the metadata that shows if and when you called or messaged someone, though not what you said to them.
Law enforcement can also ask tech companies to preserve any data generated by a particular user, which prevents the target from deleting it. Doing so doesn’t require a search warrant or any judicial oversight, said Armin Tadayon, a cybersecurity associate at advisory firm the Brunswick Group.
If police later find reasonable grounds for conducting a search, they can return with a warrant and seize the preserved data. If not, the provider deletes the copies and “the user likely never finds out,” Tadayon said.
In Newport, getting a search warrant for richer online data isn’t that difficult. Salter said it requires a quick trip to a nearby courthouse to seek a judge’s approval; some judges are also available after hours for emergency requests. And if a judge finds there is probable cause to search through online data, tech companies almost always comply.
“Most of the companies do play ball,” Salter said. “We can speak with people, get questions answered. They’re usually pretty helpful.”
Nearly all big tech companies — from Amazon to rental sites like Airbnb, ride-hailing services like Uber and Lyft and service providers like Verizon — now have teams to respond to such requests and regularly publish reports about how much they disclosed. Many say they work to narrow overly broad requests and reject those that aren’t legally valid.
Some of the most dramatic increases in requests have been to tech companies that cater to younger people. As the messaging app Snapchat has grown in popularity, so have government requests for its data. Snap, the company behind the app, fielded nearly 17,000 data requests in the first six months of 2020, compared to 762 in the same period of 2015.
Salter said the fact that we’re all doing so much online means police detectives need to stay tech-savvy. But training courses for how to file such requests aren’t hard to find.
For those worried about the growing volume of online data sought by law enforcement, Salter said: “Don’t commit crimes and don’t use your computer and phones to do it.”
“Judges are not going to sign off on something if we don’t have probable cause to go forward,” he said. “We’re not going to look at people’s information without having something to go on.”
But Cohn said more tech companies should be using encryption technology to make all personal information, including metadata, virtually impossible to decipher without a user key to unlock it.
Until then, she said, police can short circuit constitutional protections against unreasonable searches “by just going to the company instead of coming directly to us.”
Liedtke reported from San Ramon, California.