By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
Jennifer Lynch, writing for the EFF:
Google announced this week that it will be making several important changes to the way it handles users’ “Location History” data. These changes would appear to make it much more difficult — if not impossible — for Google to provide mass location data in response to a geofence warrant, a change we’ve been asking Google to implement for years.
Geofence warrants require a provider — almost always Google — to search its entire reserve of user location data to identify all users or devices located within a geographic area during a time period specified by law enforcement. These warrants violate the Fourth Amendment because they are not targeted to a particular individual or device, like a typical warrant for digital communications. The only “evidence” supporting a geofence warrant is that a crime occurred in a particular area, and the perpetrator likely carried a cell phone that shared location data with Google. For this reason, they inevitably sweep up potentially hundreds of people who have no connection to the crime under investigation — and could turn each of those people into a suspect.
Google’s announcement, from Marlo McGriff, director of product for Google Maps:
The Timeline feature in Maps helps you remember places you’ve been and is powered by a setting called Location History. If you’re among the subset of users who have chosen to turn Location History on (it’s off by default), soon your Timeline will be saved right on your device — giving you even more control over your data. Just like before, you can delete all or part of your information at any time or disable the setting entirely.
If you’re getting a new phone or are worried about losing your existing one, you can always choose to back up your data to the cloud so it doesn’t get lost. We’ll automatically encrypt your backed-up data so no one can read it, including Google.
The reason these overly broad geofence warrants “almost always” were specific to Google is that Apple never collected location data that could be collected in the aggregate like this. From Apple’s most recent government transparency report (PDF), covering the first half of 2022:
Apple may also receive requests from government agencies seeking customer data related to specific latitude and longitudes coordinates (geofence) for a specified time period. Apple does not have any data to provide in response to geofence requests.
I checked with a source at Apple, and they believe they have never collected or stored geolocation data in a manner that can be linked to groups of individuals in a certain area or areas.
Good on Google, though, for changing this.
★ Monday, 18 December 2023