To Prosecute A Single Bombing Suspect, FBI Demands Identifying Info On Thousands Of YouTube Viewers

Legal Issues

from the general-warrants-are-back,-baby! dept

We waved goodbye to general warrants with the Fourth Amendment back in 1791. Now, thanks to tech companies collecting tons of info on site visitors and the FBI’s apparent inability to craft a narrow warrant, it’s the late 1700s all over again!

With a wealth of information a subpoena or warrant away, law enforcement is asking for everything and promising to sort it all out properly. This hasn’t worked as well in practice as it has in theory. Investigators looking for evidence of one crime have found others to charge defendants with simply by sifting through the digital haystacks they’re able to acquire with a single piece of paper.

In other cases, investigators have decided everyone is a suspect and that the massive amount of data obtained with this dubious legal theory will somehow point them to the real criminals. That’s the theory behind law enforcement’s “reverse” searches: ones where they demand all cell site location info from everyone connecting to certain cell towers before paring down the list of suspects from “everyone” to “everyone in certain locations at certain times.”

A warrant requested by the FBI related to a bombing in New York last year is operating under this same premise. The search warrant ostensibly seeks to obtain information about defendant Victor Kingsley’s YouTube viewing habits. Kingsley is facing federal charges for killing a New York City landlord with a handmade bomb. Kingsley was allegedly targeting a police officer who he thought lived at that address as revenge for his arrest by that officer three years earlier.

According to the affidavit [PDF], searches of Kingsley’s computers revealed a slew of searches for bomb making materials and instructions. Many of these searches took him to YouTube videos. With this information, you’d think the feds would have plenty of evidentiary ammo to bring to court that would infer Kingsley intended to make a bomb. The FBI also recovered evidence on online purchases of items used in making explosives.

With this already in hand, it’s hard to understand why the FBI is looking for more info. But what’s harder to understand is why it’s seeking more info in this particular manner.

The affidavit correctly points out Google collects a ton of info on YouTube viewers, whether or not they create a YouTube account. It also points out most viewers have accounts because without one, their actions (upvoting, downvoting, playlists, etc.) are severely restricted. It then details a long list of information the FBI believes Google can produce when served with a warrant (which also includes physical addresses, billing info, phone numbers, etc.).

As part of its business model, Google also collects a variety of data on YouTube videos. This includes information for each time a video was watched; the comments and shares of a video; the demographics of viewers; and the sources of traffic to the videos (i.e., the source webpages and links that a viewer used to land on the video).

Further, Google typically retains certain transactional information about the creation and use of each account on their systems. This information can include the date on which the account was created, the length of service, records of log-in session) times and durations, the types of service utilized, the status of the account (including whether the account is inactive or closed), the methods used to connect to the account (such as logging into the account via Google’s website), and other log files that reflect usage of the account. In addition, Google often has records of the Internet Protocol address (“IP address”) used to register the account and the IP addresses associated with particular log-ins to the account. Because every device that connects to the Internet must use an IP address, address information can help to identify which computers or other devices were used to access the account.

In addition, Google collects device-specific information (such as a user’s hardware model, operating system version, unique device identifiers, and mobile network information including phone number), which it may associate with a user’s Google account. Google states that it may also collect and process information about a user?s location, based on information including IP address, GPS, and other sensors that may, for example, provide Google with information on nearby devices, Wi-Fi access points and cell towers.

Now, the FBI has device identifying info, IP addresses, and other information gleaned from the devices and accounts already searched/subpoenaed that could tie certain YouTube/Google activity to Victor Kingsley. But it inserts none of that here to limit the search. Instead, it asks for all of this info for every visit to a list of YouTube URLs.

This is only the first page of its YouTube URL demands. [Click thru for a bigger version.]

The obvious problem is these videos could have been viewed by thousands of viewers completely unrelated to the case. (Not to mention the fact that the first URL will never resolve…) And yet, the FBI agent thinks it’s OK to demand a long list of identifying info, along with location/cell tower data on each of these viewers from Google. Supposedly, this is being done to sort the righteous from the wicked… or whatever.

As explained herein, information stored in connection with a YouTube video and Google account may provide crucial evidence of the “who, what, why, when, where, and how” of the criminal conduct under investigation, thus enabling the United States to establish and prove each element or alternatively, to exclude the innocent from further suspicion.

That’s not how warrants work. This is like demanding Amazon turn over account info, location data, etc. on everyone who’s ever viewed a page for items that can be used to create bombs. And this request is being made despite the fact the government already has plenty of identifying info it could use to narrow the request.

If Google chooses to hand this over, it’s not a question of if the government will get tons of data on innocent YouTube visitors. It’s only a question of how much. It appears every URL targeted by this warrant has already been neutralized by Google. Typing in these URLs will either bring you to a deleted video or a dead page that feeds you absolutely zero information. (This is likely meant to keep users from adding to the data pile the FBI wants Google to produce.)

Here’s just one of the URLs targeted, as it appears at the Internet Archive:

It’s a Science Channel video titled “Building a Starship.” As of its archive date (August 6, 2016), it had 222,000 views.

Here’s how that URL looks now:

So, for just a single URL, there are at least 222,000 “suspects” the FBI wants Google to hand over info on. Then it will apparently work its exculpatory magic, travelling backwards by process of elimination to data linked to accounts owned by Victor Kingsley, matching YouTube visits with identifying info the FBI already has on hand.

This isn’t a fishing expedition. This is dynamite tossed into a stock pond with the FBI promising to kick any surviving fish back into the water following the explosion. Somehow, this warrant was approved by Magistrate Judge Lisa Bloom and handed over to FBI Agent Lawrence Schmutz to forward to Google.

Hopefully, Google’s fighting this request. The affidavit goes long on the evidence the FBI has already obtained to be used against Kingsley before throwing it all out to demand Google hand over as much as it can on as many YouTube viewers as possible. This is shoddy work. And it definitely appears to be unconstitutional. A warrant is the Fourth Amendment-approved gateway for unreasonable searches. But there’s a limit to how unreasonable a search can be, even with a warrant.

If this is challenged by Google, it seems unlikely to withstand further scrutiny. It’s a general warrant seeking to rummage through numerous people’s belongings that happened to be housed at Google. Warrants aren’t supposed to be used to separate the innocent from the guilty. That’s not probable cause for a search. Probable cause may lead to the discovery of exculpatory evidence but that isn’t its purpose. It’s there to find evidence to use against a suspect using a search predicated on information the government swears in front a judge supports its need to perform an invasive search. The government has no probable cause to seek the info of YouTube viewers not directly accused of this crime. And it has no excuse to perform a search this way when it has plenty of information on hand that could have narrowed this request significantly before presenting it to Google.

Filed Under: 4th amendment, doj, fbi, general warrants, search, victor kingsley, youtube
Companies: google, youtube