Here’s how police can get your data — even if you aren’t suspected of a crime


If you’ve ever read a privacy policy, you may have noticed a section that says something about how your data will be shared with law enforcement, which means if the police demand it and have the necessary paperwork, they’ll likely get it. But maybe, like most adults, you don’t read privacy policies very carefully if at all.

police_data_board_2.0.jpg, Sep 2021

In that case, you might be surprised to learn how much of your data is in the hands of third parties, how much access law enforcement has to it, how it might be used against you, or what your rights are — if any — to prevent it.

A lot of people might be discovering this now, as cases against them are built with evidence taken from internet services like Facebook and Google. While they left a trail of digital evidence for investigators (and internet detectives) to follow, not all of that data was publicly available. If you read through cases of people charged with crimes relating to the events in Washington on January 6, you’ll find the security agencies also obtained internal records from various social media platforms and mobile phone carriers.

The fact is you don’t have to be suspected or accused of a crime before the police have to go to a company to get data about you. The police are increasingly using tactics like reverse search warrants to grab the data of many people in the hope of finding their suspect among them. You might get swept up in one just because you were in the wrong place at the wrong time or looked up the wrong search term. And you might never know that you got caught in the dragnet.

If you ever think for once that you'll never commit a crime so law enforcement obtaining your data will never be an issue for you, you're wrong.

Your data could be included in a purchase from a data broker. Or it may be scooped up in a digital dragnet, also known as a reverse search warrant, where police request data about a large group of people in the hope of finding their suspect within them.

“These are some of the techniques to discover things that never could have been discovered in the past, and which have the capacity to rope in innocent people,” Granick, of the ACLU, said.

For example In a geofence warrant, law enforcement gets information about all the devices that were in a certain area at a certain time — say, where a crime occurred — then narrows them down and gets account information for the device(s) they think belong to their suspect(s)

For keyword warrants, police may ask a browser for all the IP addresses that searched for a certain term related to their case and then identify a possible suspect from that group.

These situations still represent a legal gray area. While some judges have called them an infringement of individual rights and refused the government’s requests for warrants, others have allowed them. And we’ve seen at least one instance where reverse search warrants have led to the arrest of an innocent person.

In the nutshell, if a company collects and stores your data, then the police can probably get their hands on it. And when it comes to your digital life, there’s a lot of your data held by third parties out there to obtain. So you have to be very careful what you put out there. A facebook post you made some years ago can get you arrested now.