privacy

Auto Added by WPeMatico

Apple’s App Tracking Transparency feature has arrived — here’s what you need to know

The latest version of Apple’s mobile operating system — iOS 14.5 — is launching today, and with it comes a much-discussed new privacy feature called App Tracking Transparency.

The feature was first announced nearly a year ago, although the company delayed the launch to give developers more time to prepare. Since then, support for the feature has already gone live in iOS and some apps have already adopted it (for example, I’ve seen tracking requests from Duolingo and Venmo), but now Apple says it will actually start enforcing the new rules.

That means iPhone owners will start seeing many more privacy prompts as they continue using their regular apps, each one asking for permission to “track your activity across other companies’ apps and websites.” Every app that requests tracking permission will also show up in a Tracking menu within your broader iOS Privacy settings, allowing you to toggle tracking on and off any time — for individual apps, or for all of them.

What does turning tracking on or off actually do? If you say no to tracking, the app will no longer be able to use Apple’s IDFA identifier to share data about your activity with data brokers and other third parties for ad-targeting purposes. It also means the app can no longer use other identifiers (like hashed email addresses) to track you, although it may be more challenging for Apple to actually enforce that part of the policy.

Apple App Tracking Transparency

Image Credits: Apple

There’s been intense debate around App Tracking Transparency in the lead up to its launch. The pro-ATT side is pretty easy to explain: There’s a tremendous amount of personal information and activity that’s being collected about consumers without their consent (as Apple outlined in a report called A Day in the Life of Your Data), and this gives us a simple way to control that sharing.

However, Facebook has argued that by dealing a serious blow to ad targeting, Apple is also hurting small businesses that depend on targeting to affordable, effective ad campaigns.

The social network even took out ads in The New York Times, The Wall Street Journal and The Washington Post declaring that it’s “standing up to Apple for small businesses everywhere.” (The Electronic Frontier Foundation dismissed the campaign as “a laughable attempt from Facebook to distract you from its poor track record of anticompetitive behavior and privacy issues as it tries to derail pro-privacy changes from Apple that are bad for Facebook’s business.”)

Others have suggested that these changes could do “existential” damage to some developers and advertisers, while also benefiting Apple’s bottom line.

The full impact will depend, in part, on how many people choose to opt out of tracking. It’s hard to imagine many normal iPhone owners saying yes when these prompts start to appear — especially since developers are not allowed to restrict any features based on who opts into or out of tracking. However, mobile attribution company AppsFlyer says that early data suggests that opt-in rates could be as high as 39%.

Powered by WPeMatico

With $30M extension, BigID boosts Series D to $100M at $1.25B valuation

When we last heard from BigID at the end of 2020, the company was announcing a $70 million Series D at a $1 billion valuation. Today, it announced a $30 million extension on that deal valuing the company at $1.25 billion just four months later.

This chunk of money comes from private equity firm Advent International, and brings the total raised to more than $200 million across four rounds, according to the company. The late-stage startup is attracting all of this capital by building a security and privacy platform. When I spoke to CEO Dimitri Sirota in September 2019 at the time of the $50 million Series C, he described the company’s direction this way:

We’ve separated the product into some constituent parts. While it’s still sold as a broad-based [privacy and security] solution, it’s much more of a platform now in the sense that there’s a core set of capabilities that we heard over and over that customers want.

Sirota says he has been putting the money to work, and as the economy improves he is seeing more traction for the product set. “Since December, we’ve added employees as we’ve seen broader economic recovery and increased demand. In tandem, we have been busy building a whole host of new products and offerings that we will announce over the coming weeks that will be transformational for BigID,” he said.

He also said that as with previous rounds, he didn’t go looking for the additional money, but decided to take advantage of the new funds at a higher valuation with a firm that he believes can add value overall. What’s more, the funds should allow the company to expand in ways it might have held off on.

“It was important to us that this wouldn’t be a distraction and that we could balance any funding without the need to over-capitalize, which is becoming a bigger issue in today’s environment. In the end, we took what we thought could bring forward some additional product modules and add a sales team focused on smaller commercial accounts,” Sirota said.

Ashwin Krishnan, a principal on Advent’s technology team in New York, says that BigID was clearly aligned with two trends his firm has been following. That includes the explosion of data being collected and the increasing focus on managing and securing that data with the goal of ultimately using it to make better decisions.

“When we met with Dimitri and the BigID team, we immediately knew we had found a company with a powerful platform that solves the most challenging problem at the center of these trends and the data question,” Krishnan said.

Past investors in the company include Boldstart Ventures, Bessemer Venture Partners and Tiger Global. Strategic investors include Comcast Ventures, Salesforce Ventures and SAP.io.

 

Powered by WPeMatico

How startups can ensure CCPA and GDPR compliance in 2021

Data is the most valuable asset for any business in 2021. If your business is online and collecting customer personal information, your business is dealing in data, which means data privacy compliance regulations will apply to everyone — no matter the company’s size.

Small startups might not think the world’s strictest data privacy laws — the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR) — apply to them, but it’s important to enact best data management practices before a legal situation arises.

Data compliance is not only critical to a company’s daily functions; if done wrong or not done at all, it can be quite costly for companies of all sizes.

For example, failing to comply with the GDPR can result in legal fines of €20 million or 4% of annual revenue. Under the CCPA, fines can also escalate quickly, to the tune of $2,500 to $7,500 per person whose data is exposed during a data breach.

If the data of 1,000 customers is compromised in a cybersecurity incident, that would add up to $7.5 million. The company can also be sued in class action claims or suffer reputational damage, resulting in lost business costs.

It is also important to recognize some benefits of good data management. If a company takes a proactive approach to data privacy, it may mitigate the impact of a data breach, which the government can take into consideration when assessing legal fines. In addition, companies can benefit from business insights, reduced storage costs and increased employee productivity, which can all make a big impact on the company’s bottom line.

Challenges of data compliance for startups

Data compliance is not only critical to a company’s daily functions; if done wrong or not done at all, it can be quite costly for companies of all sizes. For example, Vodafone Spain was recently fined $9.72 million under GDPR data protection failures, and enforcement trackers show schools, associations, municipalities, homeowners associations and more are also receiving fines.

GDPR regulators have issued $332.4 million in fines since the law was enacted almost two years ago and are being more aggressive with enforcement. While California’s attorney general started CCPA enforcement on July 1, 2020, the newly passed California Privacy Rights Act (CPRA) only recently created a state agency to more effectively enforce compliance for any company storing information of residents in California, a major hub of U.S. startups.

That is why in this age, data privacy compliance is key to a successful business. Unfortunately, many startups are at a disadvantage for many reasons, including:

  • Fewer resources and smaller teams — This means there are no designated data privacy officers, privacy attorneys or legal counsel dedicated to data privacy issues.
  • Lack of planning — This might be characterized by being unable to handle data privacy information requests (DSARs, or “data subject access requests”) to help fulfill the customer’s data rights or not having an overall program in place to deal with major data breaches, forcing a reactive instead of a proactive response, which can be time-consuming, slow and expensive.

Powered by WPeMatico

Microsoft goes all in on healthcare with $19.7B Nuance acquisition

When Microsoft announced it was acquiring Nuance Communications this morning for $19.7 billion, you could be excused for doing a Monday morning double take at the hefty price tag.

That’s surely a lot of money for a company on a $1.4 billion run rate, but Microsoft, which has already partnered with the speech-to-text market leader on several products over the last couple of years, saw a company firmly embedded in healthcare and decided to go all in.

And $20 billion is certainly all in, even for a company the size of Microsoft. But 2020 forced us to change the way we do business, from restaurants to retailers to doctors. In fact, the pandemic in particular changed the way we interact with our medical providers. We learned very quickly that you don’t have to drive to an office, wait in waiting room, then in an exam room, all to see the doctor for a few minutes.

Instead, we can get on the line, have a quick chat and be on our way. It won’t work for every condition, of course — there will always be times the physician needs to see you — but for many meetings such as reviewing test results or for talk therapy, telehealth could suffice.

Microsoft CEO Satya Nadella says that Nuance is at the center of this shift, especially with its use of cloud and artificial intelligence, and that’s why the company was willing to pay the amount it did to get it.

“AI is technology’s most important priority, and healthcare is its most urgent application. Together, with our partner ecosystem, we will put advanced AI solutions into the hands of professionals everywhere to drive better decision-making and create more meaningful connections, as we accelerate growth of Microsoft Cloud in Healthcare and Nuance,” Nadella said in a post announcing the deal.

Holger Mueller, an analyst at Constellation Research, says that may be so, but he believes that Microsoft missed the boat with Cortana and this is about helping the company catch up on a crucial technology. “Nuance will be not only give Microsoft technology help in regards to neural network-based speech recognition, but also a massive improvement from vertical capabilities, call center functionality and the MSFT IP position in speech,” he said.

Microsoft sees this deal doubling what was already a considerable total addressable market to nearly $500 billion. While TAMs always tend to run high, that is still a substantial number.

It also fits with Gartner data, which found that by 2022, 75% of healthcare organizations will have a formal cloud strategy in place. The AI component only adds to that number and Nuance brings 10,000 existing customers to Microsoft, including some of the biggest healthcare organizations in the world.

Brent Leary, founder and principal analyst at CRM Essentials, says the deal could provide Microsoft with a ton of health data to help feed the underlying machine learning models and make them more accurate over time.

“There is going be a ton of health data being captured by the interactions coming through telemedicine interactions, and this could create a whole new level of health intelligence,” Leary told me.

That of course could drive a lot of privacy concerns where health data is involved, and it will be up to Microsoft, which just experienced a major breach on its Exchange email server products last month, to assure the public that their sensitive health data is being protected.

Leary says that ensuring data privacy is going to be absolutely key to the success of the deal. “The potential this move has is pretty powerful, but it will only be realized if the data and insights that could come from it are protected and secure — not only protected from hackers but also from unethical use. Either could derail what could be a game-changing move,” he said.

Microsoft also seemed to recognize that when it wrote, “Nuance and Microsoft will deepen their existing commitments to the extended partner ecosystem, as well as the highest standards of data privacy, security and compliance.”

Kate Leggett, an analyst at Forrester Research, thinks healthcare could be just the first step and once Nuance is in the fold, it could go much deeper than that.

“However, the benefit of this acquisition does not stop [with healthcare]. Nuance also offers market-leading customer engagement technologies, with deep expertise and focus in verticals such as financial services. As MSFT evolves their industry editions into other verticals, this acquisition will pay off for other industries. MSFT may also choose to fill in the gaps within their Dynamics solution with Nuance’s customer engagement technologies,” Leggett said.

We are clearly on the edge of a sea change when it comes to how we interact with our medical providers in the future. COVID pushed medicine deeper into the digital realm in 2020 out of simple necessity. It wasn’t safe to go into the office unless absolutely necessary.

The Nuance acquisition, which is expected to close some time later this year, could help Microsoft shift deeper into the market. It could even bring Teams into it as a meeting tool, but it’s all going to depend on the trust level people have with this approach, and it will be up to the company to make sure that both healthcare providers and the people they serve have that.

Powered by WPeMatico

Apple shares more details about its imminent App Tracking Transparency feature

Apple is sharing more details today about its upcoming App Tracking Transparency feature, which will allow users to control, on an app-by-app level, whether their data is shared for ad-targeting purposes.

In a sense, anyone using the current version of iOS can see App Tracking Transparency in action, since iOS already includes a Tracking menu in the Privacy settings, and some apps have already started asking users for permission to track them.

But when iOS 14.5 (currently in developer beta) is released to the general public sometime in early spring, Apple will actually start enforcing its new rules, meaning that iPhone users will probably start seeing a lot more requests. Those requests will appear at various points during the usage of an app, but they’ll all carry a standardized message asking whether the app can “track your activity across other companies’ apps and websites,” followed by a customized explanation from the developer.

Once an app has asked for this permission, it will also show up in the Tracking menu, where users can toggle app tracking on and off at any time. They also can enable app tracking across all apps or opt out of these requests entirely with a single toggle.

One point worth emphasizing — something already stated on Apple’s developer website but not entirely clear in media reports (including our own) — is that these rules aren’t limited to the IDFA identifier. Yes, IDFA is what Apple controls directly, but a company spokesperson said that when a user opts out of tracking, Apple will also expect developers to stop using any other identifiers (such as hashed email addresses) to track users for ad targeting purposes, and not to share that information with data brokers.

This does not, however, stop developers from tracking users across multiple apps if all those apps are operated by a single company.

The Apple spokesperson also said that Apple’s own apps will abide by these rules — you won’t see any requests from Apple, however, since it doesn’t track users across third-party apps for ad targeting purposes. (As previously noted, there’s a separate Personalized Ads option that determines whether Apple can use its own first-party data to target ads.)

Facebook has been particularly vocal in criticizing the change, arguing that this will hurt small businesses who use targeting to run effective ad campaigns, and that the change benefits Apple’s bottom line.

Apple has pushed back against criticism in privacy-focused speeches, as well as in a report called A Day in the Life of Your Data, which lays out how users are actually tracked and targeted. In fact, the report has just been updated with more information about ad auctions, ad attribution and Apple’s own advertising products — SKAdNetwork, which tracks app installs after ads are viewed, and Private Click Measurement, which tracks how ads drive users to websites (but uses on-device data processing).

Powered by WPeMatico

Signal tests payments in the UK using MobileCoin

Encrypted chat app Signal is adding payments to the services it provides, a long-expected move and one the company is taking its time on. A U.K.-only beta program will allow users to trade the cryptocurrency MobileCoin quickly, easily, and most importantly, privately.

If you’re in the U.K., or have some way to appear to be, you’ll notice a new Signal Payments feature in the app when you update. All you need to do to use it is link a MobileCoin wallet after you buy some on the cryptocurrency exchange FTX, the only one that lists it right now.

Once you link up, you’ll be able to instantly send MOB to anyone else with a linked wallet, pretty much as easily as you’d send a chat. (No word on when the beta will expand to other countries or currencies.)

Just as Signal doesn’t have any kind of access to the messages you send or calls you make, your payments are totally private. MobileCoin, which Signal has been working with for a couple years now, was built from the ground up for speed and privacy, using a zero-knowledge proof system and other innovations to make it as easy as Venmo but as secure as … well, Signal. You can read more about their approach in this paper (PDF).

MobileCoin just snagged a little over $11 million in funding last month as rumors swirled that this integration was nearing readiness. Further whispers propelled the value of MOB into the stratosphere as well, nice for those holding it but not for people who want to use it to pay someone back for a meal. All of a sudden you’ve given your friend a Benjamin (or perhaps now, in the U.K., a Turing) for no good reason, or that the sandwich has depreciated precipitously since lunchtime.

There’s no reason you have to hold the currency, of course, but swapping it for stable or fiat currencies every time seems a chore. Speaking to Wired, Signal co-founder Moxie Marlinspike envisioned an automatic trade-out system, though he is rarely so free with information like that if it is something under active development.

While there is some risk that getting involved with cryptocurrency, with the field’s mixed reputation, may dilute or pollute the goodwill Signal has developed as a secure and disinterested service provider, the team there seems to think it’s inevitable. After all, if popular payment services are being monitored the same way your email and social media are, perhaps we ought to nip this one in the bud and go end-to-end encrypted as quickly as possible.

Powered by WPeMatico

Ketch raises $23M to automate privacy and data compliance

Ketch, a startup aiming to help businesses navigate the increasingly complex world of online privacy regulation and data compliance, is announcing that it has raised $23 million in Series A funding.

The company is also officially coming out of stealth. I actually wrote about Ketch’s free PrivacyGrader tool last year, but now it’s revealing the broader vision, as well as the products that businesses will actually be paying for.

The startup was founded by CEO Tom Chavez and CTO Vivek Vaidya. The pair previously founded Krux, a data management platform acquired by Salesforce in 2016, and Vaidya told me that Ketch is the answer to a question that they’d begun to ask themselves: “What kind of infrastructure can we build that will make our former selves better?”

Chavez said that Ketch is designed to help businesses automate the process of remaining compliant with data regulations, wherever their visitors and customers are. He suggested that with geographically specific regulations like Europe’s GDPR in place, there’s a temptation to comply globally with the most stringent rules, but that’s not necessary or desirable.

“It’s possible to use data to grow and to comply with the regulations,” Chavez said. “One of our customers turned off digital marketing completely in order to comply. This has got to stop […] They are a very responsible customer, but they didn’t know there are tools to navigate this complexity.”

Ketch orchestration screenshot

Image Credits: Ketch

The pair also suggested that things are even more complex than you might think, because true compliance means going beyond the “Hollywood façade” of a privacy banner — it requires actually implementing a customer’s requests across multiple platforms. For example, Vaidya said that when someone unsubscribes to your email list, there’s “a complex workflow that needs to be executed to ensure that the email is not going to continue … and make sure the customer’s choices are respected in a timely manner.”

After all, Chavez noted, if a customer tells you, “I want to delete my data,” and yet they keep getting marketing emails or targeted ads, they’re not going to be satisfied if you say, “Well, I’ve handled that in the four walls of my own business, that’s an issue with my marketing and email partners.”

Chavez also said that Ketch isn’t designed to replace any of a business’ existing marketing and customer data tools, but rather to “allow our customers to configure how they want to comply vis-à-vis what jurisdiction they’re operating in.” For example, the funding announcement includes a statement from Patreon’s legal counsel Priya Sanger describing Ketch as “an easily configurable consent management and orchestration system that was able to be deployed internationally” that “required minimal engineering time to integrate into our systems.”

As for the Series A, it comes from CRV, super{set} (the startup studio founded by Chavez and Vaidya), Ridge Ventures, Acrew Capital and Silicon Valley Bank. CRV’s Izhar Armony and Acrew’s Theresia Gouw are joining Ketch’s board of directors.

And if you’d like to learn more about the product, Ketch is hosting a webinar at 11am Pacific today.

Powered by WPeMatico

OneTrust adds ethics to its privacy platform with Convercent acquisition

OneTrust, a late stage privacy platform startup, announced it was adding ethics and compliance to the mix this morning by acquiring Convercent, a company that was built to help build more ethical organizations. The companies did not share the purchase price.

OneTrust just raised $300 million on a fat $5.1 billion valuation at the end of last year, and it’s putting that money to work with this acquisition. Alan Dabbiere, co-chairman at OneTrust sees this acquisition as a way to add a missing component to his company’s growing platform of services.

“Integrating Convercent instantly brings a proven ethics and compliance technology, team, and customer base into the OneTrust, further aligning the Chief Ethics & Compliance Officer strategy alongside privacy, data governance, third-party risk, GRC (governance, risk and compliance), and ESG (environmental, social and governance) to build trust as a competitive advantage,” he said.

Convercent brings 750 customers and 150 employees to the OneTrust team along with its ethics system, which includes a way for employees to report ethical violations to the company and a tool for managing disclosures.

Convercent can also use data to help surface bad behavior before it’s been reported. As CEO Patrick Quinlan explained in a 2018 TechCrunch article:

“Sometimes you have this interactive code of conduct, where there’s a new vice president in a region and suddenly page views on the sexual harassment section of the Code of Conduct have increased 200% in the 90 days after he started. That’s easy, right? There’s a reason that’s happening, and our system will actually tell you what’s happening.”

Quinlan wrote in a company blog post announcing the deal that joining forces with OneTrust will give it the resources to expand its vision.

“As a part of OneTrust, we’ll be combining forces with the leader across privacy, security, data governance, third-party risk, GRC, ESG—and now—ethics and compliance. Our customers will now be able to build centralized programs across these workstreams to make trust a competitive differentiator,” Quinlan wrote.

Convercent was founded in 2012 and has raised over $100 million, according to Pitchbook data. OneTrust was founded in 2016. It has over 8000 customers and 150 employees and has raised $710 million, according to the company.

Powered by WPeMatico

DataGrail snares $30M Series B to help deal with privacy regulations

DataGrail, a startup that helps customers understand where their data lives in order to help comply with a growing body of privacy regulations, announced a $30 million Series B today.

Felicis Ventures led the round with help from Basis Set Ventures, Operator Collective and previous investors. One of the interesting aspects of this round was the participation from several strategic investors including HubSpot, Okta and Next47, the venture firm backed by Siemens. The company has now raised over $39 million, according to Crunchbase data.

That investor interest could stem from the fact that DataGrail helps organizations find data by building connectors to popular applications and then helps ensure that they are in compliance with customer privacy regulations such as GDPR, CCPA and similar laws.

“DataGrail [is really] the first integrated solution with over 900 integrations (up from 180 in 2019) to different apps and infrastructure platforms that allow the product to detect when new apps or new infrastructure platforms are added, and then also perform automated data discovery across those applications,” company CEO and co-founder Daniel Barber explained to me. This helps users find customer data wherever it lives and enables them to comply with legal requirements to manage and protect that data.

Victoria Treyger, general partner at lead investors Felicis Ventures says that one of the things that attracted her to DataGrail was that she had to help implement GDPR regulations at a previous venture and felt the pain first hand. She said that her firm tends to look for startups in large markets where the product or service being offered is a critical need, rather an option, and she believes that DataGrail is an example of that.

“I really liked the fact that privacy management is such a hard problem, and it is not optional. As a business, you have to manage privacy requests, which you may do manually or you may do it with a solution like DataGrail,” Treyger told me.

HubSpot’s Andrew Lindsay, who is SVP of corporate and business development, says his company is both a customer and an investor because DataGrail is helping HubSpot customers navigate the complexity of privacy regulation. “DataGrail’s unique ecosystem approach, where they are integrating with key Saas and business applications is an easy way for many of our joint customers to protect their customers’ privacy,” Lindsay said.

The company has 40 employees today with plans to grow to 90 or 100 by the end of this year. It’s worth noting that Treyger is joining the Board, which already has 3 other women. That shows shows a commitment to gender diversity at the board level that is not typical for startups.

Powered by WPeMatico

Minneapolis police used geofence warrant at George Floyd protests

Police in Minneapolis obtained a search warrant ordering Google to turn over sets of account data on vandals accused of sparking violence in the wake of the police killing of George Floyd last year, TechCrunch has learned.

The death of Floyd, a Black man killed by a white police officer in May 2020, prompted thousands to peacefully protest across the city. But violence soon erupted, which police say began with a masked man seen in a viral video using an umbrella to smash windows of an auto-parts store in south Minneapolis. The AutoZone store was the first among dozens of buildings across the city set on fire in the days following.

The search warrant compelled Google to provide police with the account data on anyone who was “within the geographical region” of the AutoZone store when the violence began on May 27, two days after Floyd’s death.

These so-called geofence warrants — or reverse-location warrants — are frequently directed at Google in large part because the search and advertising giant collects and stores vast databases of geolocation data on billions of account holders who have “location history” turned on. Geofence warrants allow police to cast a digital dragnet over a crime scene and ask tech companies for records on anyone who entered a geographic area at a particular time. But critics say these warrants are unconstitutional as they also gather the account information on innocent passers-by.

TechCrunch learned of the search warrant from Minneapolis resident Said Abdullahi, who received an email from Google stating that his account information was subject to the warrant, and would be given to the police.

But Abdullahi said he had no part in the violence and was only in the area to video the protests when the violence began at the AutoZone store.

The warrant said police sought “anonymized” account data from Google on any phone or device that was close to the AutoZone store and the parking lot between 5:20pm and 5:40pm (CST) on May 27, where dozens of the people in the area had gathered.

When reached, Minneapolis police spokesperson John Elder, citing an ongoing investigation, would not answer specific questions about the warrant, including for what reason the warrant was issued.

According to a police affidavit, police said the protests had been relatively peaceful until the afternoon of May 27, when a masked umbrella-wielding man began smashing the windows of the AutoZone store, located across the street from a Minneapolis police precinct where hundreds of protesters had gathered. Several videos show protesters confronting the masked man.

Police said they spent significant resources on trying to identify the so-called “Umbrella Man,” who they say was the catalyst for widespread violence across the city.

“This was the first fire that set off a string of fires and looting throughout the precinct and the rest of the city,” the affidavit read. At least two people were killed in the unrest. (Erika Christensen, a Minneapolis police investigator who filed the affidavit, was not made available for an interview.)

Police accuse the Umbrella Man of creating an “atmosphere of hostility and tension” whose sole aim was to “incite violence.” (TechCrunch is not linking to the affidavit as the police would not say if the suspect had been charged with a crime.) The affidavit also links the suspect to a white supremacist group called the Aryan Cowboys, and to an incident weeks later where a Muslim woman was harassed.

Multiple videos of the protests around the time listed on the warrant appear to line up with the window-smashing incident. Other videos of the scene at the time of the warrant show hundreds of other people in the vicinity. Police were positioned on rooftops and used tear gas and rubber bullets to control the crowds.

Law enforcement across the U.S. are increasingly relying on geofence warrants to solve crimes where a suspect is not known. Police have defended the use of these warrants because they can help identify potential suspects who entered a certain geographic region where a crime was committed. The warrants typically ask for “anonymized information,” but allow police to go back and narrow their requests on potential suspects of interest.

When allowed by law, Google notifies account holders of when law enforcement demands access to the user’s data. According to a court filing in 2019, Google said the number of geofence warrants it received went up by 1,500% between 2017 and 2018, and more than 500% between 2018 and 2019, but has yet to provide a specific number of warrants

Google reportedly received over 180 geofence warrants in a single week in 2019. When asked about more recent figures, a Google spokesperson declined to comment on the record.

Read more on TechCrunch

Civil liberties groups have criticized the use of dragnet search warrants. The American Civil Liberties Union said that geofence warrants “circumvent constitutional checks on police surveillance.” One district court in Virginia said geofence warrants violated the constitution because the majority of individuals whose data is collected will have “nothing whatsoever” to do with the crimes under investigation.

Reports in the past year have implicated people whose only connection to a crime is simply being nearby.

NBC News reported the case of one Gainesville, Fla. resident, who was told by Google that his account information would be given to police investigating a burglary. But the resident was able to prove that he had no connection to the burglary, thanks to an app on his phone that tracked his activity.

In 2019, Google gave federal agents investigating several arson attacks in Milwaukee, Wis. close to 1,500 user records in response to geofence warrant, thought to be one of the largest grabs of account data to date.

But lawmakers are beginning to push back. New York state lawmakers introduced a bill last year that would, if passed, ban geofence warrants across the state, citing the risk of police targeting protesters. Rep. Kelly Armstrong (R-ND) grilled Google chief executive Sundar Pichai at a House Judiciary subcommittee hearing last year. “People would be terrified to know that law enforcement could grab general warrants and get everyone’s information everywhere,” said Armstrong.

Abdullahi told TechCrunch that he had several videos documenting the protests on the day and that he has retained a lawyer to try to prevent Google from giving his account information to Minneapolis police.

“Police assumed everybody in that area that day is guilty,” he said. “If one person did something criminal, [the police] should not go after the whole block of people,” he said.


Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents with SecureDrop.

Powered by WPeMatico