Google Kills the Geofence Capability that Will Show ~30,000 Trump Supporters Swarmed the Capitol on Trump’s Orders

At Trump’s trial, prosecutors will use Google Location data to show how Trump’s mobs responded to his order to march to the Capitol by doing just that: swarming the Capitol. That data will show that roughly a quarter of the people at the Ellipse, around 30,000 people, entered the restricted grounds outside the Capitol, committing at least trespassing on Trump’s instruction, of which 11,500 would be identified by their Google Location data.

Jack Smith’s prosecutors revealed that they will do this on Monday in an expert notice filing.

On Wednesday, Google announced that it will soon change the way Google Location works to make such analysis impossible in the future.

If you’re among the subset of users who have chosen to turn Location History on (it’s off by default), soon your Timeline will be saved right on your device — giving you even more control over your data. Just like before, you can delete all or part of your information at any time or disable the setting entirely.

If you’re getting a new phone or are worried about losing your existing one, you can always choose to back up your data to the cloud so it doesn’t get lost. We’ll automatically encrypt your backed-up data so no one can read it, including Google.

Additionally, when you first turn on Location History, the auto-delete control will be set to three months by default, which means that any data older than that will be automatically deleted. Previously this option was set to 18 months. If you want to save memories to your Timeline for a longer period, don’t worry — you can always choose to extend the period or turn off auto-delete controls altogether.

These changes will gradually roll out through the next year on Android and iOS, and you’ll receive a notification when this update comes to your account.

Orin Kerr first identified the significance of the change to surveillance capabilities: that it will make Google geofence warrants all but impossible. Forbes confirmed that Google is making the change with the intent of making it impossible to respond to geofence warrants.

But they missed one aspect of the timing. The announcement — of a change Google is implementing prospectively, a change that will take a year to implement — came days after prosecutors revealed they had obtained a Google warrant showing the movement of people from the Ellipse to the Capitol.

Expert 1

Expert 1 has knowledge, skill, experience, training, and education beyond the ordinary lay person regarding the interpretation and visual representation of geographic location data. The Government expects that Expert 1 will testify about his/her use of ArcGIS (Geographic Information Systems) software to create a map of the Google location history data produced in response to a search warrant. Specifically, Expert 1 plotted the location history data for Google accounts and devices associated with individuals who moved, on January 6, 2021, from an area at or near the Ellipse to an area encompassing the United States Capitol building. His/her testimony will describe and explain the resulting graphical representations of that data, and it will aid the jury in understanding the movements of individuals toward the Capitol area during and after the defendant’s speech at the Ellipse. [my emphasis]

We had known that the FBI used Google geofence warrants — which identify all the people using Google Location services in a given geographic area — to identify individual January 6 suspects.

Challenges to the geofence — first by trespasser David Rhine and then by cop-sprayer Isreal Easterday — revealed that the FBI had gotten two geofence warrants (and had done three sets of de-anonymization of the data obtained): the first, on January 13, 2021, for just the Capitol building itself, and then the second, for the entire restricted area outside the Capitol, on May 21, 2021.

The warrant described in Tuesday’s expert notice must be a third warrant, one building off the May 2021 one. Perhaps the FBI asked Google for all the selectors found in the May 2021 warrant (who, with the important exception of journalists, were either victims, first responders, or trespassers), that also showed up in a geofence at the Ellipse while Trump was speaking.

There would be no need to de-anonymize these selectors. Those of investigative interest for their own actions at the Capitol would have been de-anonymized with one of the earlier warrants. This warrant is about capturing the effect of Trump’s speech, measuring how many people who attended the speech itself — Trump claims 120,000 did so — then moved to the Capitol.

Of those who moved, only a third or less would trigger the geofence (and fewer among Apple users). But it would include most of the 11,500 people who had already been identified and de-anoymized. altogether, that’s consistent with 30,000 people being at the Capitol.

Trump is claiming that just 1% of those who heard his incitement went on to join the insurrection. This expert witness will show it’s closer to a quarter of the total.

There were, undoubtedly, a range of reasons why Google made the decision to end its ability to respond to geofence requests. As Forbes noted, the Fourth Circuit also heard the government’s appeal of Okello Chatrie’s successful challenge of a geofence this week. Early next year the DC Circuit will review Rhine’s appeal of its use with him. The Easterday challenge made it clear that Google geofences work best on Android devices — meaning Google was making it easier for law enforcement to investigate its customers over Apple’s.

But Google announced this decision — of prospective changes — months ahead of the time when a geofence will be used to prove the crimes of Donald Trump.

It’s likely at least partly an attempt to pre-empt the blowback that is bound to result.

Update: To clarify some responses I’m getting to this. Killing the geofence capability won’t affect the evidence against Trump at all. Prosecutors already got the warrant and did the analysis on the results. This will only prospectively make Google geofence warrants impossible, and not even immediately.

Easterday challenge

une 30, 2023: Motion to CompelDeclaration

August 22, 2023: Opposition Motion to Compel

September 26, 2023: Motion to Suppress Geofence

October 10, 2023: Opposition Motion to Suppress

October 17, 2023: Reply Motion to Suppress

October 26, 2023: Guilty Verdict

November 25, 2023: Supplement Opposition Motion to Suppress

image_print
51 replies
  1. EW Moderation Team says:

    A reminder to all new and existing community members participating in comments:
    — We have been moving to a new minimum standard to support community security over the last year. Usernames should be unique and a minimum of a minimum of 8 letters.

    — We do not require a valid, working email, but you must use the same email address each time you publish a comment here. **Single use disposable email addresses do not meet this standard.**

    — If you have been commenting here but have less than 1000 comments published and been participating less than 10 years as of last October 2022, you must update your username to match the new standard.

    Thank you.

    • HanTran says:

      Rayne: I surely don’t have 1000 comments but I do go back to the FDL days. Although I am quite fond of my user name (it commemorates my late father’s small trucking business) I will change it if need be. Not sure how to do that, when I go to login (which I have never previously done) it asks for password which I don’t have. When I click on “lost my password” it leads to a “get new password” page and clicking on that produces a 404. Sorry to bother you with this.

      • Rayne says:

        Just salt your username with an extra letter or number — simply overtype the existing username in the field if you haven’t cleared your browser’s cache and are using autocomplete.

        Very sorry but you do not have 1000 comments and will not be grandfathered. You may consider this a nuisance but this simple change is easier than forcing everyone to use a password.

        With a name like Han Tran/HanTran, you are lucky you have not already had someone spoofing your identity since Tran is the second most common surname in Vietnam and Han is one of the most common surnames in more than one Asian culture.

        • HanTran1 says:

          Funny about the Han cause , although I am male, my first name is Kim, born in 52 and apparently a relative fighting in Korea sent back a letter saying there must be a typo because there were so many Kims there. So I added the 1, thanks all, wonderful work you do, happy holidays.

  2. David F. Snyder says:

    While in general Google has been overly snoopy wrt its customers, secure facilities such as the Capitol building need to be able protect themselves. Still, Google long ago promised to not be evil (that didn’t last long); the private sector has been getting away with abuse of personal information for too long I don’t expect J6 repeaters to be making this self-tracking mistake again.

    • Troutwaxer says:

      “Don’t Be Evil.” Ah, C’mon, you have to give them proper credit – they did keep two-thirds of their promise!

      • Rayne says:

        That was never an external promise to users but an intra-company motto incorporated in Google’s early code of conduct.

        This displays as much misunderstanding and distortion as your (cough) hint to use DuckDuckGo which had a relationship with Russian Yandex that DDG never fully explained to its users.

        Folks need to wise up and learn how to shut off location services, turn on airplane mode under certain circumstances, turn off their phone in others, and use a Faraday bag when needed, because Google isn’t the only company tracking users. It’s as if everyone has forgotten what was learned from Accuweather.

        • giorgino says:

          Rayne, can you share any info about DDG and Yandex that you find suspicious? Bruce Schneier recommends DDG for privacy, and he’s a well known cryptographer and security expert. Thanks for anything you can provide!

        • Rayne says:

          Go to DDG’s Wikipedia page and search for the term “Yandex.” https://en.wikipedia.org/wiki/DuckDuckGo#History

          DDG users should have been paying attention because DDG used to tout their “partnership” with Yandex on DDG’s page — that’s when I stopped using it, could see RIGHT FUCKING THERE ON THEIR SITE they were working with a Russian search engine and there was ZERO explanation how that worked. Do I have a screenshot of that? No — at the time I didn’t think it would continue to be a goddamned thing, thought DDG users were smart enough to figure out this was a problem (just like using Opera browser and its VPN were a problem once a Chinese company bought it).

          Now ask your self how DDG — a private company which isn’t required to share any proprietary information with the public — operates, what’s its business model, knowing that search engines aren’t fueled on vapor. Search engines sell ads or access. Knowing that, how does DDG finance operations and ostensibly make a profit by funneling search traffic to/through “partner” search engines. I don’t have that information and that’s why I do not use DDG. At least Google is a publicly-traded corporation, has obligations in financial reporting, and enough current and former employees willing to discuss what’s going on under the hood (like someone has even in this thread).

          Info sec/comp sci/IT guys aren’t always B-school guys or natsec guys. You can take Schneier’s advice if you want, but DDG is a sealed black box and I don’t recommend sealed black boxes.

        • Troutwaxer says:

          You mean this? Direct copy from Wikipedia as of about 6:10 pm tonight:

          “On March 1, 2022, in response to the 2022 Russian invasion of Ukraine, DuckDuckGo paused its partnership with Yandex Search.[53] On March 9, 2022, Weinberg said in a tweet that DuckDuckGo will down-rank sites associated with Russian disinformation, a move which some users criticized as censorship and a violation of the search engine’s commitment to “unbiased search.” DuckDuckGo has defended itself from the criticism, saying that “The primary utility of a search engine is to provide access to accurate information. Disinformation sites that deliberately put out false information to intentionally mislead people directly cut against that utility.”[54][55][56]”

          Whether Duckduckgo is up to some kind of shitty spy stuff isn’t something I’m competent to discuss, but I’d have to agree with Rayne that Duckduckgo is not perfectly transparent, nor is it to be trusted much more than Google. (My other basis for recommending Duckduckgo is that it has not yet become enshittified.) In the world of a monetized, surveillance-oriented internet, every public recommendation Rayne or I could make is essentially a bandaid. From the customer’s POV the only thing one can choose is who one would like to be f****d by, but some entities do try to provide reasonable amounts of lube.

          Leaving aside my own preferences, for really good advice about privacy anyone reading this should go to the Free Software Foundation’s website, read their privacy recommendations and follow them. For extra points use Linux as your desktop and regularly run some of the Linux security tools, then fix the weaknesses they identify.

          For double-extra points run your own VPN if you have the technical chops.

          The really important thing is to understand that the modern Internet is designed to pay for itself by selling your information to someone, in some form, (mainly but not exclusively advertisers) and I’d agree 100% with Rayne that the devil is in the details of who/how. The only way to protect yourself is to have a clear understanding of how that works.

          I should also note, in Rayne’s favor, that the security issues faced by emptywheel.net and the people who run the site are in an entirely different league than what the rest of us are dealing with. From an IT professional’s standpoint Rayne’s “paranoia” is entirely justified given the security needs.

        • Rayne says:

          My other basis for recommending Duckduckgo is that it has not yet become enshittified” — that’s an opinion. The lack of transparency about operation about both DDG’s interaction with Yandex and other search engines as well as its business model are invisible forms of enshittification, in my own opinion. DDG has claimed it doesn’t save search records, but users don’t know if the way in which search results are processed/served means that the partners may obtain the search records.

          On top of that, do we really even know with absolutely certain who owns DDG given that it is a privately-held business? We don’t know who owns X any longer, only which entities were the financiers at time the sale closed. We don’t know much about what’s going on inside the business except when what it chooses to disclose, like the “pause” placed on Yandex search content (has the “pause” ended?).

          As for the threat matrix this site must consider: it includes the privacy and security of community members.

        • Rayne says:

          Don’t hold your breath. I’m not doing one. I’m sure Canadians who had money in a funding round over a decade ago are interested but I simply don’t want to bother with this when I have so many other potential infosec/natsec topics on which I could focus my energy. *waves around at the wall of flames*

        • RipNoLonger says:

          I second giorgino’s request to get more information about DDG(DuckDuckGo)’s connections to Yandex (Russian based.) I do know that there are some “agreements” with Bing (and perhaps Google) to get feeds.

          I’ve always wondered about DDG’s model since it seems to be a free service that promotes privacy. Usually when I see terms such as that I am immediately suspicious as to who is the real beneficiary.

        • Eschscholzia says:

          I suggest a simple search (using any search engine) for “duckduckgo yandex”, or DuckDuckGo in general.
          There’s several layers or stories, not just what information is and is not private, but also what the business model of DuckDuckGo is, and the adoption of DDG as a “free speech” search engine that didn’t block misinformation by a substantial fraction of the right wing, and their subsequent outrage when DDG blocked feeds from Russia’s Yandex in response to the 2022 invasion of Ukraine. It’s murky and complicated.

          I recommend everyone go to Rayne’s link about AccuWeather. It is about another company with an obscured business model selling location data even from users who explicitly opted out. But it has a direct implication for the effects of Google’s change to no longer store GNSS (GPS) coordinates in a database that could be used for geofencing. AccuWeather clarified that opting out only meant that they didn’t sell GNSS location information, they still collected and sold cell tower pinging information, which is datetime + location, albeit location to 100s of meters (more precise with shorter-range 5G).

          My understanding is that it is much harder for cell phone systems to not collect IDs of devices pinging each of their towers, so the Google GNSS Geofence can be replaced by a coarser spatial search of cell tower data obtained from cell companies, which was done before GNSS and apps like google maps provided a more powerful alternative.

        • Kenneth Almquist says:

          DuckDuckGo claims its business model is to make money from advertisements, which are delivered through the Microsoft Advertising network. Advertisements are chosen based on search terms. If you search for “mutual funds” on DuckDuckGo, your results will be preceding by advertisements from mutual fund companies. If you then search for “paperclip maximizer” you won’t get any advertisements, presumably because no advertiser is interested in that search term.

          It appears that DuckDuckGo does not have a giant web crawler like Google; instead they partner with other search engines (like Bing and Yandex) to provide results. This doesn’t mean that these partners can track DuckDuckGo users, because the partners don’t know who entered a particular query.

          Now, I suppose it is possible that DuckDuckGo is lying about its operations, but if so it’s managed to operate for something like 15 years without being caught.

      • P’villain says:

        Similar to the Devil convincing people he doesn’t exist, it has always seemed to me that the perfect slogan for a company committed to evil would be, “Don’t be evil.”

      • synergies says:

        Things I’ll never forget. Early in it’s incarnation, “Don’t be Evil” the con, there was a convenient article in the back pages of the Los Angeles Times about how Google had “taught” all the radio stations how to play all their commercials at the same time. Google was new & that was innovative except if you’re old and have an old car, now. If I go through the tabs and it’s all commercials, think rush hour, I turn the radio off. In nowadays post Covid speeding, “that’s probably a good idea : )“ Oh for AI… to be continued…

        • Susan D Einbinder says:

          Listen to 88.5 FM – a public station at CSU Northridge. The DJs talk a lot and ask for donations all the time, but they have barely any commercials and play ‘adult rock’, including new stuff. And thanks for explaining why there are always commercials on at the same time on 11 of the 12 set stations on my car’s FM radio (that’s nuts).

        • ColdFusion says:

          I noticed this and figured those stations were all owned by the same company. It was always obvious to me, if the commercials are on at the same time everywhere, nobody will bother switching stations. I reasoned this as a kid.

  3. RobertS721 says:

    This change is consistent with the larger trend in the industry towards privacy. Google wants to use Android phones to sell ads, but they don’t need to keep a users location history in order to do that.

  4. Troutwaxer says:

    This is short-term bad, long-term good. And yes, I understand that this won’t affect the evidence about the Capitol riot.

  5. Nathan Williams says:

    For what it’s worth, this has been in the works for years. I worked at Google until Jan 2023, and several projects I was interested in while there were cancelled because they were essentially analysis tools built on top of stored location timelines, and it had been announced that stored location timelines were going away.

    If anything, I’m surprised that they’re actually going through with it.

      • Tech Support says:

        The hypothesis floated in the main post (losing to Apple amongst privacy-conscious consumers) is far more likely than executives magically developing a conscience.

        • CoffaeBreak says:

          I agree. This is to fend off the blowback that using a Google application can be used against you in a court of law. I doubt most at Google really care about how this will hurt insurrectionists. It is a business decision.

    • emptywheel says:

      Yeah obviously this decision didn’t happen Wednesday.

      But my suspicion is that the timing of the ANNOUNCEMENT was meant to minimize blowback in April.

  6. cruxdaemon says:

    Jan 6 investigation notwithstanding, this is an unalloyed good thing. Google keeping this data on-device and/or encrypted on the cloud means the government needs an individualized probable cause and needs a warrant for that individual’s devices to get this kind of private information. This sort of geofence data could be vulnerable to prosecutors who seem to love going after women who need maternity-related medical care, for example. It’s much better for Google to remove their own ability to be responsive to such 3rd-party subpoenas.

    • ColdFusion says:

      I’m sure they’ll have your location data in other places, just not *this* one… Maybe the whole “store your location on your device” will be accessible to them with a new api. “Look, we don’t store it! The user does and they decide what we can access”

  7. T. Dobbs says:

    I read just this morning (can’t find the email), that Google eliminating location tracking was to help protect women traveling for abortion services.

    [Welcome back to emptywheel. Please choose and use a unique username with a minimum of 8 letters. **As noted in the first comment of this thread** we are moving to a new minimum standard to support community security. Thanks. /~Rayne]

  8. Matt Foley says:

    Which cell is Hostetter in? I want to send him thoughts and prayers to make myself feel holy and virtuous.

  9. SVFranklinS says:

    A couple days ago, I read in a link through Mastadon (probably connected to Cory Doctorow at pluralistic.net, but it wasn’t his site itself and can’t find it today) that this had to be read carefully – Google is giving you a local cache of location data, which you control, but it’s a duplicate – they still collect your information anyway, and you don’t control THAT data at all.

    Giving you the illusion that you control this data, but in fact, they still collect it and pool it and sell it.

    No idea how far that goes (the devil is in the details), but I expect if they collect it, they can be served a warrant as well.

      • Rayne says:

        SVFranklinS’s claim has nothing to do with Mastodon as a social media platform; they simply can’t recall with specificity who cited this change but believes it to be Cory Doctorow.

        Here’s an excerpt from Ars Technica’s December 13 report which I retrieved via Mastodon:

        Google’s big new location data change is a new, duplicate data store that will live exclusively on your device. Google’s new blog post says data for the long-running Google Maps Timeline feature will now “be saved right on your device—giving you even more control over your data.” That’s right, one of the world’s biggest Internet data companies advocates for local storage of your location data.

        The company continues, “If you’re getting a new phone or are worried about losing your existing one, you can always choose to back up your data to the cloud so it doesn’t get lost. We’ll automatically encrypt your backed-up data so no one can read it, including Google.” Users will apparently have lots of control over this new locally stored data, with Google saying, “Soon, you’ll be able to see all your recent activity on Maps… in one central place, and easily delete your searches, directions, visits, and shares with just a few taps. The ability to delete place-related activity from Maps starts rolling out on Android and iOS in the coming weeks.”

        Emphasis mine.

        • CJCJCJCJ says:

          Amadeo’s Ars piece was … to put it very politely, extremely heavy on speculation … and has been extensively updated between when it came out on the 13th and today.

        • Rayne says:

          Would you like to back the fuck up and consider what drove the production of that excerpt and link?

          The problem was a claim made without a supporting link. Link provided – and I was being generous because you’ll note I’ve called out a couple other community members for not providing support for claims over the last 24 hours.

        • SVFranklinS says:

          That looks like the article that was posted and linked; Thanks for finding it.
          I see it is also updated to be something of a muddle now, in that it is not so sure of its initial assertion about there being two separate datasets.
          But the article seems unrelated to the fact someone quoted it in a Mastodon post, and I happened to see it there. I expect one could find this article a number of ways.

  10. Eschscholzia says:

    As for the 3rd warrant, does anyone know the relevant district’s rulings on subpoena vs warrant and specificity of the request? Given the ~30K device IDs definitely located within the Capitol geofence at least once, could the FBI just ask for the previous 4 or 5 hours of location information on all of those specific devices positively associated with the crime of being inside the restricted area? Or would this have to be another warrant with a specific compound query for Google to return only those deviceIDs identified in the first 2 queries of the Capitol geofence with locations in an Ellipse geofence in the hours before?

    Either query identifies those that moved from the rally to the Capitol and when they moved, which is what matters for Trump’s case. But I’m thinking about the possibility that his defense might want to emphasize the thousands of devices in the Capitol geofence that were not at the Ellipse rally, or had left it before Trump spoke? If so, the broader query of where those offending devices were for the hour or 2 before entering the geofence would also identify where the devices inside the Capitol geofence came from: Metro stations & other transportation sites, or were there specific staging areas?

    Either way, I wouldn’t do the query and analyses in ArcGIS (Pro), but I might use it for some wonderful visualizations (even temporal, showing times when pulses of devices headed toward the Capitol). I’m kinda curious who Expert 1 is. The FBI and many other agencies have lots of GS-7 & 9 GIS staff who could do that spatial analysis & visualization, but I don’t see a GS 7 or 9 testifying.

  11. Fenix Rising says:

    Updating username from Fenix to Fenix Rising. 🤞this is acceptable

    Appreciate the opportunity to contribute although I definitely consider the expertise & experience of most contributors here to be well above of my comfort zone.

    Very glad to read the Google geofence changes will not usurp the Govt’s ability to use it in Jan 6 prosecutions. Privacy concerns are understandably a sensitive subject however considering the gravity of what happened on Jan 6 it is of utmost importance to use what information is available to secure the conviction of Trump.

    [Thanks for updating your username to meet the 8 letter minimum. Please avoid using emojis as they are not searchable here. /~Rayne]

Comments are closed.