Law enforcement agencies in the United States have been obtaining keyword search warrants requiring Google, Microsoft and Yahoo to produce personally identifiable information about users who searched for a particular term or ‘keyword’ during a specific period of time. How often the courts have approved of keyword warrants is a well guarded secret. But earlier this month the U.S. Department of Justice accidentally unsealed court documents that included one of these rare judicial authorizations raising concerns among Fourth Amendment lawyers and privacy advocates that they are being used by law enforcement more often than previously known.

1. Introduction

A keyword search warrant is one of a growing number of “reverse search warrants” that include geofence warrants and warrants to search the DNA records of genetic genealogy sites that I discussed in previous posts to On The Wire. (here and here) A geofence warrant permits the police to obtain the identity of every Google user in a specific geographical area at a specific time. They may cover locations as large as a neighbourhood or an entire city. Similarly, warrants to search the DNA databases of genealogy sites such as Ancestry.com and GEDMatch compel the companies to search the records of millions of innocent people in the hope of finding one potential target. The three examples of keyword warrants, geofence warrants and warrants to search DNA databases all share one common feature. They authorize the search of everyone in the hope of finding someone.

2. The Forbes Report

In an article titled Exclusive: Government Secretly Orders Google To Identify Anyone Who Searched A Sexual Assault Victim’s Name, Address And Telephone, published by Forbes on October 4, 2021, cybersecurity reporter Thomas Brewster broke the story that, in 2019, Wisconsin police obtained a warrant compelling Google to provide information about anyone who searched the complainant’s name in a sexual assault case. (here) Google was required to provide all relevant accounts and IP addresses. Prior to the Wisconsin case, only two other keyword warrants had become public. In one warrant, revealed in 2020, the police were seeking anyone who searched for the address of an arson victim who was a witness in the high profile prosecution of R. Kelly. The R&B singer and record producer was recently convicted of racketeering and sex trafficking charges. (here) In an earlier case in 2017, a warrant was issued by a judge in Minnesota requiring Google to provide information about anyone who searched a victim’s name in a fraud case.

However, in a post publication update, Mr. Brewster reported that Jennifer Lynch, surveillance litigation director at the Electronic Frontier Foundation, highlighted three other Google keyword warrants obtained by the police in the 2018 investigation into the serial bombings in Austin, Texas, that resulted in the deaths of two people. The warrants issued by the United States District Court for the Western District of Texas, Austin Division, sought the IP addresses and Google account information of individuals who searched terms associated with bomb making and addresses where devices had been detonated. A total of five keyword warrants were issued by the Austin court. There were three affidavits sworn by FBI Special Agent Scott Kibbey in support of applications for the three warrants directed to Google (here, here and here); and, one affidavit in support of proposed warrants directed to Microsoft (here) and Yahoo (here). The affidavits all asserted the same brief statement of facts. I will focus my remaining comments on the Austin investigation.

3. The Austin Bombings Investigation

Although the five affidavits asserted the same statement of facts, the third Google affidavit sworn on March 16, 2018, was moderately more detailed as it was dated later than the other four. The key redacted averments stated that, on March 2, 2018, and March 12, 2018, three explosions occurred at residential premises in Austin, Texas, claiming two lives and resulting in the hospitalization of a third person. (paras. 24, 26 and 28) The preliminary analysis of evidence recovered from the three scenes “indicated that a [XXX] may have been utilized to detonate a pipe bomb.” (paras. 25, 27 and 29) The third explosion occurred at 6706 Galindo Street. According to the hospitalized survivor, “the package containing the explosive device may have had the address ‘6705 Galindo’ written on it.” (para. 28)

The police concluded that “the explosive devices shared commonalities, such as the delivery method, contents of the explosive device, and the manner of detonation.” The investigators believed that “all three explosions are linked and these incidents may be connected.” The preliminary investigation also indicated that the devices were possibly “made with PVC” and “may have been contained in cardboard boxes and included additional items such as nails for means of fragmentation.” (para. 30) Special Agent Kibbey set out the justification for the keyword warrant as follows:

“Based on my investigative experience, and knowledge provided by other law enforcement officers, it is common to utilize search applications such as Google Search and YouTube to research how to assemble and detonate explosive devices. I further believe an individual that utilized the search terms in Attachment A would find web pages and YouTube videos helpful in assembling the explosive devices under investigation. While I believe that a pool of individuals searching for these bomb components or methods during the time frame prior to the explosions at the victim addresses will be limited, the pool of individuals will be minimal if limited to searches originating from Texas. By identifying the users of the Google accounts or IP addresses of the devices that searched Google for these terms and cross-referencing that data with other investigatory steps such as cellular telephone records, a suspect(s) or witness(es) may be identified.” (para. 32)

The third Google warrant, for example, sought information associated with search terms such as pipe bomb, explosion, low explosives and fragmentation. (para. 2) The Microsoft warrant requested information associated with the municipal addresses where the devices were detonated. (para. 1) The Yahoo warrant also sought information associated with specific addresses. (para. 2)

4. The Dangers of Keyword Searches

In a post to VerfBlog titled A Disturbing New Police Tactic Harnesses the Full Tracking Power of ‘Big Tech’ dated October 15, 2020, Albert Fox Cahn and Amanda Humell identified two dangers inherent in the expanding use of reverse search warrants. First, this kind of bulk search harvests the data of innocent individuals with no connection to the crime under investigation. Second, the breadth of the search increases the risk of false positives as innocent people may be targeted by “more invasive secondary surveillance as a result of fitting police’s anticipated pattern.” (here) The use of keyword warrants has therefore caught the critical eye of the American Civil Liberties Association. “Trawling through Google’s search history database enables police to identify people merely based on what they might have been thinking about, for whatever reason, at some point in the past,” said Jennifer Granick, cybersecurity counsel at the ACLU. “This never-before-possible technique threatens First Amendment interests and will inevitably sweep up innocent people, especially if the keyword terms are not unique and the time frame not precise. To make matters worse, police are continually doing this in secret, which insulates the practice from public debate and regulation,” she added. (here)

On December 8, 2020, the New York Civil Liberties Union sent a letter to Google that was cosigned by over sixty other civil society organizations including S.T.O.P – The Surveillance Technology, Amnesty International and the Electronic Frontier Foundation calling on the tech giant to assist in opposing the “alarming growth” in law enforcement searches of its user data. The letter drew specific attention to the use of geofence warrants and keyword warrants. “These blanket warrants,” the NYCLU said, “circumvent constitutional checks on police surveillance, creating a virtual dragnet of our religious practices, political affiliations, sexual orientation, and more.” (here) The letter made reference to United States v. Chatrie where Google filed an amicus curiae brief in 2019 stating that it had “received a 75-fold increase” in requests for geofence warrants from 2017 to 2019. The NYCLU suggested that Google is “uniquely situated to provide oversight of these abusive practices” and called on the company to expand the scope of transparency by providing monthly data on non-traditional court orders including granular information on geofence warrants and keyword warrants. (here and here)

5. Conclusion

The Austin serial bombings unfolded during a span of three weeks and involved the detonation of five package bombs killing two people and injuring five others. On March 21, 2018, Mark Anthony Conditt of Pflugerville, Texas, detonated a device inside his vehicle after being stopped by the police. He was killed in the blast and a police officer was injured. Although law enforcement had obtained Mr. Conditt’s IP address that showed Google searches for information on shipping, the police picked up his trail mainly by dogged detective work and traditional investigative techniques. The bombs used common household products and the police collected sales records from stores where suspicious purchases were made. A large purchase of nails had been made at a Home Depot store in Round Rock, north of Austin. Security camera footage was seized from a FedEx store where Mr. Conditt shipped two explosive devices. The FedEx footage captured a man wearing pink construction gloves sold at Home Depot and the same man was captured by surveillance video at one of the Home Depot locations. (here)

It is not the efficacy of keyword search warrants that is at the core of the controversy. The critical concern is the danger inherent in secretly targeting the innocent – people who have no connection to the crime under investigation. It is obvious that geofence warrants and keyword warrants authorize bulk searches that hoover the data of countless innocent people in the dragnet. The core question, then, is – why are reverse search warrants unconstitutional? A keyword warrant authorizes the search of a crowd to find one person. That is not compliance with the Fourth Amendment to the Constitution of the United States or s. 8 of the Canadian Charter of Rights and Freedoms. Reverse search warrants are unconstitutional because they are not particularized. The affidavits of Special Agent Kibbey in the Austin bombing investigation were classics of their kind – proposed fishing expeditions. The police sought five keyword warrants to search a “pool of individuals” to identify “a suspect(s) or witess(es).” The pool searches failed to fulfill the essential requirements of constitutional validity – they were not specific, narrowly targeted or based on probable cause.