Did Google Just Defeat Every Geofence Warrant?

I wrote last week about an oral argument in the Fourth Circuit involving geofence warrants.  Geofence warrants are warrants to obtain the location data that Google users let Google collect if they opt in to Google’s location history service, which about a third of Google users do.  Geofence warrants have been possible because, if you opt in, Google keeps a copy of the location history.  And records are kept can be compelled, at least if the legal process is valid.

All of which makes this Google announcement from yesterday of great interest. Google will no longer keep location history even for the users who opted in to have it turned on.  Instead, the location history will only be kept on the user’s phone.

The Timeline feature in Maps helps you remember places you’ve been and is powered by a setting called Location History. If you’re among the subset of users who have chosen to turn Location History on (it’s off by default), soon your Timeline will be saved right on your device — giving you even more control over your data. Just like before, you can delete all or part of your information at any time or disable the setting entirely.

If you’re getting a new phone or are worried about losing your existing one, you can always choose to back up your data to the cloud so it doesn’t get lost. We’ll automatically encrypt your backed-up data so no one can read it, including Google.

Additionally, when you first turn on Location History, the auto-delete control will be set to three months by default, which means that any data older than that will be automatically deleted. Previously this option was set to 18 months. If you want to save memories to your Timeline for a longer period, don’t worry — you can always choose to extend the period or turn off auto-delete controls altogether.

These changes will gradually roll out through the next year on Android and iOS, and you’ll receive a notification when this update comes to your account.

Unless I’m missing something, this will entirely defeat geofence warrants— which, I would speculate, was probably the point of Google’s policy change.  If Google doesn’t keep the records, Google will have no records to turn over.  If the government comes to Google with a court order for geofence data, Google will just say, sorry, we don’t keep that stuff anymore.

My very tentative sense, from a public policy standpoint, is that this seems like a bit of a bummer.  Geofencing was being used to solve some really serious crimes—like murders, rape, and armed robberies—when there were no known suspects or leads and the case had gone cold.  Having governments be able, with sufficient cause, to go to a court, get a court order, and then obtain potentially responsive location records that could provide a lead to investigate was, on the whole, a good thing.

Of course, that public interest has to be balanced with the public interest in privacy.  But my sense is that geofence warrants have been implemented (and could be implemented in the future) in ways that provide far greater privacy protection than normally exist with warrants.  Every technique raises risks of abuse.  But if you had to look at all the pluses and minuses of different techniques, a court order regime to access geofence records had more pluses and fewer minuses than those records not existing.

It will be interesting to see if we learn why Google made this change.  Google is a private company. It has to answer to its shareholders, not to the public interest. And it’s totally plausible that this was just a sensible business decision.  If Google can provide location history for those who want it without keeping the records, Google presumably benefits by not having to deal with the privacy headaches of responding to geofence warrants.

If this is what drove Google’ decision, it’s an example of a less-appreciated way that the market regulates privacy.  If you’re providing a data service, responding to court orders for user data is not part of your business model. It’s a costly hassle.  And it can only lead to bad press.  So you might look for ways to avoid keeping records, as records never kept are records that cannot be turned over.

As always, stay tuned.

The post Did Google Just Defeat Every Geofence Warrant? appeared first on Reason.com.