back to article Judge issues search warrant for anyone who Googled a victim's name

A judge in Minnesota, America, has granted cops a search warrant to direct Google to provide personal details about anyone searching for a specific name. Tony Webster, who describes himself as a web engineer, public records researcher, and policy nerd, published a portion of the warrant out of concern that administrative …

  1. Anonymous Coward
    Anonymous Coward

    What numpty uses Google when planning crimes? It's all about duduckgo or yandex over tor.

    1. Anonymous Coward
      Anonymous Coward

      Have no fear, there's plenty of numpties out there.

      1. Anonymous Coward
        Anonymous Coward

        Plenty of numpties indeed

        They voted and got 'the Donald' elected as President didn't they?

        Mind you we may come to regret how we voted just as much. Only time will tell.

        Can we stop the planet I wanna get off {until 2021 at least}

        1. Ron Guilmette

          Re: Plenty of numpties indeed

          "I don't feel safe in this world no more.

          I don't want to die in a nuclear war.

          I wanna sail away to a distant shore,

          and make like an ape-man."

          -- The Kinks (circa 1970)

          (I've been thinking about this old song a lot lately.)

          1. Swarthy

            Re: Plenty of numpties indeed

            I've been thinking about a lot of the old counter-culture/protest songs. The Clash's Know Your Rights(All three of 'em) and Guns of Brixton, One Tin Soldier, etc. And I'm seeing a lot of similarities between now and then. - I guess we just don't learn.

    2. Anonymous Coward
      Facepalm

      Yes, because criminal stealing someone's identity to write a bogus check are known for their technical competence, overall intelligence, and putting a lot of thought into their crime to be sure they don't get caught.

    3. Bob Vistakin
      Holmes

      Even Chrome in Guest mode isn't a bad start - it leaves zero tracks and starts as a totally blank user hitting the web for the first time ever. Right off the bat the only strength of argument is the IP address used.

    4. Anonymous Coward
      Joke

      > What numpty uses Google when planning crimes? It's all about duduckgo or yandex over tor.

      It's part of a cunning plan by the cops. They know full well that the originating IP address of any searcher is likely to be registered to a local coffee shop but... hey - they've all got to be checked out and they might as well stop for donuts at the same time.

      1. Anonymous Coward
        Anonymous Coward

        And once they know the coffee shop, date and time they've got CCTV coverage of the miscreant. All they need to do then is work out which of the customers is the actual miscreant. Assuming the shop is a major chain that uses CCTV.

        That is assuming they actually went to a coffee shop. Someone trying a crude fake passport scam isn't being very clever, calculating or patient. Of they were in a coffee shop at the time that's probably because they wanted a coffee, not because they were looking for anonymity...

    5. Anonymous Coward
      Anonymous Coward

      The request is certainly potentially broad, however is it unreasonably so? Can anyone suggest a more concise request that would achieve the same?

      Likely they will get a few dozen hits - how do they filter them down? Request the search history of all of them? Again very broad. If you are not guilty should you care?

      1. jake Silver badge

        "If you are not guilty should you care?"

        Yes you should, AC. Unless you're all for the concept of having a plate-glass window to the outside world installed in your shower. You're not guilty of anything whilst showering, right?

  2. Adam 1

    you heard it hear first

    You better not Google Barbara Streisand or you are ..... hang on, there's a knock at the site I'll be back in a minu....

    1. Adam 1

      Re: you heard it hear first

      "here". It's Friday....

    2. Velv
      Headmaster

      Re: you heard it hear first

      If you google "Barbara Streisand" you'll just get a message saying "Showing results forBarbra Streisand. Search instead for Barbara Streisand" (Google emphasis, not mine)

      1. Adam 1

        Re: you heard it hear first

        Just looking out for you dude. Whatever you do, don't click the "did you mean?" hyperlink!

  3. Sgt_Oddball

    but what if..

    Hey have a name like Dave Gorman? There's at least 52 of them about...

    I also know my own name is rare but there's at least 5 that live within 50 miles of me(one owns a fish and chip restaurant that I keep meaning to try out).

    1. Anonymous Coward
      Anonymous Coward

      Re: but what if..

      I'm in the mood for some fish and chip myself, but first I'm going to capture every criminal in the world, ever. BRB

      *searches google using term "list all criminals of Earth from 7000000BC through 30000AD"*

      That should do the trick!

      *waits for list*

    2. MrT

      Re: but what if..

      I also know my own name is rare but there's at least 5 that live within 50 miles of me(one owns a fish and chip restaurant that I keep meaning to try out).

      Ah, so you are really Sgt. Elvis Presley? ;-)

      1. Sgt_Oddball

        Re: but what if..

        More like the family name is concentrated in Yorkshire (as in there's less outside than in. Happens when you can track the name back to one individual).

    3. Anonymous Coward Silver badge
      Paris Hilton

      Re: but what if..

      You think that's bad? There's loads of "Anonymous Coward"s around here.

      1. John G Imrie

        Re: but what if..

        What do you mean loads, I thought you where all the same person :-)

        1. Chemical Bob
          Boffin

          Re: @John G Imrie

          The Anonymous Cowards are all different. All the commentards with unique names are really just me in disguise.

    4. Anonymous Coward
      Anonymous Coward

      Re: but what if..

      My real name is so generic the Wikipedia disambiguation page is about three pages long. Personally I love it, there's no chance of anyone googling me.

    5. Anonymous Coward
      Anonymous Coward

      Re: but what if..

      It's not a rare name if 5 of you live withing 50 miles? Sounds like a crowd to me.

      There is only one of me alive and the only other person with my name is dead. At least according to Google. Pretty much as I expected.

      I have no idea where Google came up with all those pictures they listed. None of me. ;-) A few of them have my first name or my last name. Lots of the rest are totally off the wall. Like how picture of Donald Trump made the short list I do not know.

      My respect for Google search just dropped way down.

  4. adam 40 Silver badge

    I think we should be told...

    what is the name we aren't supposed to google?

    if we all started googling it the judge would be busy from now 'till kingdom come.

    1. John Robson Silver badge

      Re: I think we should be told...

      My first thought too, but there is a limitation of the time of query - so we'd need to have done it in the past :(

      Spoilsports with their narrow warrant ;)

    2. Robert Carnegie Silver badge
      Joke

      Rick Astley.

      What do you mean, "so over"? I don't see why I should ever give you, him, it, up.

  5. Pen-y-gors

    Judge Gary Larson?

    Is a judge who seems to have stolen the identity of a well-known cartoonist the best person to hear this case?

  6. Oh Homer
    Facepalm

    Dear Judge Larson

    You may be shocked to discover that Teh Internets are international, and Google has hundreds of millions of users making billions of searches per day, so your shortlist of "suspects" now includes everyone from Billy Joe Bob in Bear Creek to Gupta in Mumbai.

    Happy hunting.

  7. Mark 85

    A bit of an overreach here but.....

    While this is way beyond overreach for information, I am pleased the local cops are trying. Most places they just take the report of fraud, etc. and say "Oh.. the Internet.. tough." and go back to their coffee and donuts as they know it's pretty impossible... well maybe not for the NSA, FBI, CIA, et al.

    Which it just hit me... why didn't they hit the NSA for this? I'm sure they have the info.

    1. Mark 85

      Re: A bit of an overreach here but.....

      In light of the updated info in the article on this.... so it's not world-wide but only for that particular city is interesting to say the least. Sounds like the cops have an idea who did it and it's not someone out of country or even out of state which in itself seems unusual after most other reported incidents of this point to someone in eastern Europe or in Asia.

      I think popcorn is in order and comfy chair to see how this plays out.

      1. gnasher729 Silver badge

        Re: A bit of an overreach here but.....

        I don't think the cops have an idea who did it, but I would expect that very few people do a google search for my name (once you exclude me being curious what google will return in such a search), or for any other not very important person. So this search should only affect very few people.

    2. Tom Paine

      Re: A bit of an overreach here but.....

      Which it just hit me... why didn't they hit the NSA for this? I'm sure they have the info.

      Because NSA take is only used for national security purposes.

      1. Alumoi Silver badge

        Re: A bit of an overreach here but.....

        Because NSA take is only used for national security purposes.

        You mean like industrial espionage, political dirty secrets and stuff like that?

      2. Toni the terrible Bronze badge
        Happy

        Re: A bit of an overreach here but.....

        Gods you are hilarious, the NSA only using their take for Nat Sec? that is a good one

  8. Lt.Kije

    Fishing?

    I don't see the problem with this.

    It is a clearly defined search for a specific case.

    They may not get a usable result, but it's a good start, and they (should) have the sent-from fax number.

    Good on the cops for taking it on.

    1. a_yank_lurker

      Re: Fishing?

      @Lt.Kije - The problem is your average US bench warming shyster ...er judge barely understands how to turn on a computer. Thus there is a tendency to sign overly broad warrants for computer searches. When it is pointed out the incompetent they tend to have a hissy fit because someone dared to point the emperor has no clothes.

    2. Paul Woodhouse

      Re: Fishing?

      This was actually my first thoughts here too...

  9. dan1980

    "Google may not cooperate, however. The internet king has an interest in fending off overreaching governments and police to avoid becoming an on-demand data dispensary."

    Is that why?

    I think not. Of course, handing over data all the time takes away from their business and is an unwelcome distraction. BUT, I think the main reason they want these requests to stop is that if courts can order such data to be handed over, then the only protection that people have is for Google not to have the data in the first place.

    That is the only real protection against having governments and law enforcement agencies (not to mention criminals) hoovering up your data - don't have it there in the first place.

    If they were serious about protecting their users and customers then they would not store anything that wasn't necessary and would anonymise everything possible.

    But of course Google want to collect that data and want to make sure it is identifiable, as much as possible.

  10. The curmudgeonly one

    Google - really?

    There are people still using plain google searches? How very last century.

    startpage.com people. Or duckduckgo.com if you must.

  11. jake Silver badge

    The law is not only an ass ...

    ... it also traditionally has issues with keeping up with technology.

    Google & other in-the-spotlight companies could use their influence to teach. They could call themselves, oh, I don't know, maybe "friends of the court"?

  12. Stevie

    Bah!

    Wait, what?

    Didn't Gary Larson draw the surrealist satirical cartoon The Far Side?

    I think I see what's going on here.

    1. Anonymous Coward
      Anonymous Coward

      Re: Bah!

      I think you mean Baaaa or Moooooo if it's Gary Larson

  13. Anonymous Coward
    Anonymous Coward

    Wait! What? They have our MAC Addresses?

    "name(s), address(es), telephone number(s), dates of birth, social security numbers, email addresses, payment information, account information, IP addresses, and MAC addresses of the person(s) who requested/completed the search."

    And how is Google going to get my MAC address? That's either a goof up or very, very, unsettling.

    1. WolfFan

      Re: Wait! What? They have our MAC Addresses?

      "name(s), address(es), telephone number(s), dates of birth, social security numbers, email addresses, payment information, account information, IP addresses, and MAC addresses of the person(s) who requested/completed the search."

      And how is Google going to get my MAC address? That's either a goof up or very, very, unsettling.

      have a look at https://www.whatismybrowser.com/ and note that they can see inside your local network and pick up your local IP.

      If Google etc. really wants to know your MAC address, they know it.

      1. Hugh McIntyre

        Re: Wait! What? They have our MAC Addresses?

        Nope, don't see the local LAN IP address here from https://www.whatismybrowser.com/. Only the public DHCP IP address on the ISP WAN.

        Some of the other info it displays clearly depends on JavaScript, so there may be more info visible with Javascript. Stack Overflow also claims that ActiveX on IE may give the MAC address (not an issue for those not using IE). TBH I'm slightly impressed the warrant knew to ask for the MAC address, but this is probably boilerplate request language from other computer warrants. For example, Google does not have payment info for most of us, I hope, but boilerplate ISP warrant language might ask ISPs for MAC addresses.

        1. Aristotles slow and dimwitted horse

          Re: Wait! What? They have our MAC Addresses?

          Agreed. Your PC spills out a lot of browser information, but at worst (if you value your privacy anyway) all they should be able to get is WAN IP and DNS locale.

          I prefer these sites : https://whoer.net/#extended or www.ipleak.net

          Mine? Well all they'd get from me is a dislocated IP address located in, errr... well... that would be telling wouldn't it ;-)

        2. Anonymous Coward
          Anonymous Coward

          Re: Wait! What? They have our MAC Addresses?

          iOS no internal IP shown here.

      2. Anonymous Coward
        Anonymous Coward

        Re: Wait! What? They have our MAC Addresses?

        You can blame WebRTC for leaking your internal network IP address - isn't progress wonderful? Easy enough to disable in Firefox ("about:config”, set “media.peerconnection.enabled” to false) if you don't need it for peer-to-peer conferencing.

      3. rmacd

        Re: Wait! What? They have our MAC Addresses?

        Incorrect. IP != MAC, end of. Unless it's done out of band there is no way they're getting MAC of source / return.

        Run wireshark and take a look for yourself, note all traffic to / from your gateway will have a source / dest MAC corresponding to your GW HWADDR / MAC.

      4. Tom Paine

        Re: Wait! What? They have our MAC Addresses?

        have a look at https://www.whatismybrowser.com/ and note that they can see inside your local network and pick up your local IP.

        Wrong. Javascript can see local IPs but not MAC addresses, which is why the link you posted (whilst very interesting) doesn't include it.

        1. WolfFan

          Re: Wait! What? They have our MAC Addresses?

          Apparently it's WebRTC not JavaScript. WebRTC has some serious security holes.

          Also, according to the site, WebRTC can be used to allow nmap to run, with interesting results. Including MAC addresses if you really want them.

      5. Anonymous Coward
        Anonymous Coward

        Re: Wait! What? They have our MAC Addresses?

        @WolfFan - Local IP addresses, not as surprising (although even that is a bad browser security leak). But when the packets are routed; i.e. they leave your local network, whether they are NAT'd or not, they loose your MAC address and gain the MAC address of the router. And so on for each of many hops. Many of those hops are very unlikely to be Ethernet at all and have no concept of MAC address at all.

        So for Google or any other website to even see your MAC address, they have either hacked your machine, browser, or network. Or your browser is leaking information very badly. Discovery of any of that would be pretty newsworthy.

        Except for sometimes IPv6. No surprise there. Sigh...

        If Google really is doing any of that it would be a major concern. I don't think they are - Occam's razor: the Edina police are probably just a bit thin on their Layer-2 vs. Layer-3 networking background.

      6. This post has been deleted by its author

    2. Pen-y-gors

      Re: Wait! What? They have our MAC Addresses?

      Just tried whoer.net, and definitely no MAC address. IP address says I'm in Rejkjavik - oops must have 'accidentaly' turned my VPN on, silly me.

      But the fact that I'm using UK DNS may be a bit of a give-away. Time to switch those as well I think, as well as preferred language.

      Although why I need to be completely Anonymous to comment on El Reg I'm not sure. Paranoid? Moi?

    3. Number6

      Re: Wait! What? They have our MAC Addresses?

      It wouldn't give me any information because I have javascript disabled by default. I enabled it for the site out of curiosity and so now it knowns my VPN endpoint address and the IP address assigned by the VPN too. Interestingly they claim to be able to get the IP addresses of all interfaces but if they have, they didn't tell me about it. Definitely doesn't tell me my MAC address though, but that could be because a VPN link doesn't really have one.

      1. adam 40 Silver badge
        Holmes

        Re: Wait! What? They have our MAC Addresses?

        This applies to:

        a) if you are on a public WiFi, surfing

        b) you are at home and google has done a driveby of your WiFi hotspot. It has the MAC address of that.

  14. John Brown (no body) Silver badge

    Who is the victim?

    From reading the story, the credit union is the victim here, not the person named on the account. They accepted instructions from someone pretending to be someone who had an account. Their processes did not verify that persons identity properly. They should have already replaced the the money back into the account and hopefully be looking at what went wrong with their processes.

    1. Velv
      Boffin

      Re: Who is the victim?

      As far as the article goes the victim is irrelevant. A person has used a fake identity to commit a crime, this is about tracking the criminal, not remedying directly about remedying the crime. It is those tracking methods, the forensics if you like, that are being questioned.

  15. Anonymous Coward
    Anonymous Coward

    Edina, Minnesota

    Cheeses Christ!

  16. Anon
    Holmes

    Searching for the facts

    I suppose the phone number at the top of the fax could have been faked, or be a local library number.

  17. M7S

    Reasonable course of action

    Recently there have been lots of comments about law enforcement authorities of one kind or another, often based in the USA applying extraterritoriality or just demanding information without judicial oversight.

    In this instance both these issues appear not to be relevant, and the police are making a not unreasonable enquiry, but still copping some flak. In the old days if someone were to, for example, burn down a building, it would not be unreasonable for the police to enquire of the local library if someone had recently checked out "Mrs. Miggins' Guide to Arson and Animal Husbandry for Beginners". Good old fashioned police work I think it used to be called.

    If this search turns up any evidence, I would be very surprised (although I am aware that the legal systems in some states can be strange to us Brits) if this lead to a conviction without at least some further proof. It might however raise a reasonable cause to make further enquiries relating to one or more people. If it turns out that the search was by the local "soup kitchen" service because the person had applied to be a volunteer, this would then hopefully be looked at, seen to be a coincidence and dismissed, allowing the police to concentrate their resources somewhere hopefully more fruitful.

    As for the amount of tech info, if the link comes back to a phone which suspect X says "this is mine, no-one else uses it" this could help prove a case. if it turns out to be a shared PC in a student house left unsecured then of course its a bit trickier for the police, but again not an unreasonable request.

  18. Dabooka
    FAIL

    'Searches of Bing and Yahoo did not produce results'

    Well, duh.

  19. Tom Paine

    The trouble with the Edina police...

    ...everyone they arrest is a Patsy.

    DYSWIDT?!??

    1. John Brown (no body) Silver badge

      Re: The trouble with the Edina police...

      Oh, well played sir!

  20. Anonymous Coward
    Anonymous Coward

    And so slurp mission-creep begins

    I'd laugh if the perp actually used Startpage or DuckDuckGo instead, and they nail this on some poor internet idiot that was too curious for his/her own good.

  21. Bloodbeastterror

    "Gary Larson is a former Minnesota Fourth Judicial District judge for Hennepin County, Minnesota. He was appointed to this position in 1985 and was elected to full terms in 1986, 1992, 1998 and 2004. He is currently assigned to the Criminal and Civil divisions. He retired in June of 2011."

    Is a retired judge allowed to issue orders...?

    1. Anonymous Coward
      Anonymous Coward

      Maybe someone in the Edina police borrowed the identity of a retired judge to use when submitting their dodgy warrant - oh the irony...

      1. Justicesays

        Obilgitary

        "Far Side" link

        https://www.amazon.co.uk/Complete-Far-Side-Gary-Larson/dp/1449460046/ref=asap_bc?ie=UTF8 *

        [*]

        Gary is not a fan of his pictures on the internet, but there is a funny judge cartoon in there somewhere.

    2. tom dial Silver badge

      Retired judges often are called to temporary service to help work through backlogs.

  22. Crazy Operations Guy

    "to avoid becoming an on-demand data dispensary."

    Or, you know, they could stop collecting every little detail about their users (and even non-users) that they can... Can't be compelled to give information you don't have.

  23. tom dial Silver badge

    Edina is a close in suburb (about 4 miles from the center) of Minneapolis, a fairly large city across the Mississippi River from Saint Paul. It probably is not, as some commenters seemed to infer, a backwoods hayseed village.

    The reason for the local police to ask for the warrant they did seems a bit mysterious unless they already have a suspect in mind and are after corroboration, although in that case, the generality of the search request is mysterious. The obvious target for a search warrant is not Google, but the Bank of America, which allegedly received the fraudulent transfer. BoA is legally required to know who owned the account into which the transfer was deposited and Spire Credit Union would have been in position to provide the BoA account number to which they transferred the money.

    The transferring credit union would be one of the injured parties, if not the only ones. The Bank of America, which reportedly received the fraudulent transfer, is a national corporation based in a different state, and the credit union likely is nationally chartered and in any cases claims its accounts are insured by the National Credit Union Administration, an agency of the US government. The transfer, if as described, violated a variety of federal laws and the investigating agency probably should be the FBI.

    1. gnasher729 Silver badge

      "The obvious target for a search warrant is not Google, but the Bank of America, which allegedly received the fraudulent transfer. "

      If you read the article, the fraudster sent a message to the bank with a photocopy of the victim's passport - which was faked, with a photo that was not the victim but looked quite similar, and which turned up when you googled for the victim's name.

      So it is most likely that the criminal got the wrong photo by googling for the victim's name. And if the victim is some unimportant person, then most likely very few people did that search. A very good way to find the identity of the perpetrator.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like