
FBI examined Google records to see if anyone had knowledge of Guccifer persona - DyslexicAtheist
https://twitter.com/kpoulsen/status/1255585290380443648
======
analyte123
Everybody’s worst nightmares when it comes to surveillance keep coming true.
I’ve started to suspect the “I got nothing to hide” attitude that many privacy
advocates criticize is at some level a defense mechanism for the realization
that you’re completely owned and completely powerless. In other words, they
know that if they really sat down and thought about what was in their Google
searches, DNS lookups, or credit card purchases they would be very disturbed,
so they choose not to think about it to maintain sanity. People are smarter
than we give them credit for.

Because many on HN know and consciously recognize the facts here, my question
would be: how do you all cope with surveillance?

~~~
cmroanirgo
As an Aussie it's becoming increasingly clear that my wish to run my own
servers in order to maintain some semblance of privacy is quite likely going
to become a massive liability to my freedom, if the current state of affairs
continues much longer. To be clear, by hosting a website I'm liable to
"authorities" wanting to access everything anyway. By using a website in this
increasingly fascist world, it becomes increasingly likely that my
websites/mail servers will look "interesting", simply because I'm not "toeing
the line"

~~~
microcolonel
> _To be clear, by hosting a website I 'm liable to "authorities" wanting to
> access everything anyway_

In America at least, a search of this nature has to be very narrow in order to
be valid, even the secret ones.

~~~
simple_phrases
Court orders are a last resort. Often, law enforcement will just ask providers
to kindly share the information they want access to, and the providers comply.
No warrants needed.

~~~
microcolonel
Sure, but asking politely is hardly the mark of tyranny, and has nothing to do
with the sort of scenario I'm replying on.

~~~
wtracy
"Oh, your new office building looks nice. Did your construction firm get all
the necessary permits? Are you sure? All of them? Oh, and I see you have a lot
of new employees. A lot of them. I bet it would tie up your HR department for
quite a while if the INS came by and requested documentation that all those
employees are authorized to work in the US, wouldn't it?

"Anyway, I've come to ask whether you could do a favor for us."

~~~
bostik
"Say, that's a nice business you have there. It'd be a shame if anything
happened to it."

And it's the organised crime that is associated with mafia tactics...

------
mike_d
The most likely explanation here is that Google was conducting its own
investigation into Russian disinformation and discovered the suspicious search
queries. They then turned the anonymous query records over to the FBI with the
understanding that they would then generate the necessary court order to
request Google de-anonymize them. That is why the second sentence explicitly
says "records from Google."

I've done this dance before. It is the cleanest way to turn over evidence of a
crime that is discovered in a private investigation.

------
donmcronald
Here’s the scary part to me. They say they identified searches from certain
networks and make it sound like those were the ONLY searches for those terms.
However, it seems obvious they took his IP address, went through his search
history, picked relevant terms, and presented it like they started by finding
out who searched for specific terms.

I call bullshit. There’s no way he’s the only one that searched for those
terms in that time period, right?

~~~
mike_d
At the time the terms likely did not have statistically significant search
volume. I'm not going to say he was the only one, but the other three might
have been people who then corrected their search from "dcleaks" to "dc voltage
leak" or something.

If you search for "[government agency] mailing address" three days before they
receive anthrax in the mail, it isn't a slam dunk case. But if it was also
mailed from your zip code, you had placed 6 phone calls to that agency in the
prior month, etc. it makes you a pretty damn good candidate.

~~~
donmcronald
What was the search volume? That’s relevant and they should have to list it.

~~~
mike_d
I don't know. But everything the FBI got from Google was also given to the
defense. If it was a popular set of terms, the defense would have raised that
argument.

~~~
srtjstjsj
It wouldn't be popular if they also filtered it to a suspect's geoip range or
other qualifiers.

------
ColanR
Wow. Quote:

> But I can’t think of a prior case where the feds unambiguously acknowledged
> using Google search logs this way: to, apparently, zero in on people who
> searched the wrong word at the wrong time.

~~~
darawk
They're not actually using it to zero in on someone, though. What they're
doing is using it to build a case against someone they already suspect: Roger
Stone.

~~~
RandomBacon
Today, sure. Tomorrow, it may be what OP said.

~~~
mike_d
Today, federal police randomly snatch protesters off the streets in to
unmarked vans. Tomorrow, who knows...

You can always make a slippery slope argument, but it doesn't make it
reasonable.

~~~
srtjstjsj
I can't imagine what you are trying to insinuate.

What's the difference between a trend and a slippery slope?

~~~
darawk
All changes are trends. Assuming that the trend will extrapolate to its
logical extreme without supporting evidence is unreasonable, however.

------
ed25519FUUU
This reminds me of reading “Abraham Lincoln, vampire hunter” where they used
his real correspondence to make it look convincing like he was some kind of
American vampire hunter. It was amazing.

The reality is that when you have unrestricted access to anyone’s life, you
can make them a criminal, whether by framing or surreptitiously surveillance.
There’s a reason why a principle of our legal system is that you must first
have _reasonable_ suspicion of a crime before you investigate.

------
angel_j
There is a glaring legal disconnect with popular web services, where they are
not responsible for the content you post, yet the content does not really
belong to you, for if it did belong to you, the service would have no right to
give it up to police, that information being your property. This double
standard allows tech giants to profit precisely at the expense of our
fundamental rights. For further proof, ask yourself why they can arbitrarilly
censor users despite claiming no responsibility for that content, because
"they can do what they want with their platform". It is one or the other: they
act like tbey own and are responsible for content, but without the legal
ramifications of that reaponsibility.

------
ed25519FUUU
Can someone answer whether this includes deleted search histories? I
specifically go through and delete my search history. I’ve never searched
anything illegal to my knowledge. But according to this you never know what
will be illegal in the future.

~~~
tbodt
It does. Deleting your search history disassociates it from your Google
account, but it is still associated with the first 24 bits of your IP address
(this is considered anonymized because there are usually many different people
who use IPs in that range.)

~~~
donmcronald
Anonymous enough that it doesn’t prove you’re innocent, but specific enough
for the FBI to use it to identify you. Awesome! /s

------
stickfigure
Can someone ELI5 this for me and explain why I should/shouldn't be outraged
about it? Neither the link nor the existing commentary seems to help.

~~~
lma21
Don't bother (or maybe bother if you really want to get into both "US politics
vs. Roger Stone" or "FBI/Google vs privacy of the individual")

------
ummonk
I mean you can see from Google Trends that a ton of searches for Guccifer were
happening in that time period:
[https://trends.google.com/trends/explore?date=today%205-y&ge...](https://trends.google.com/trends/explore?date=today%205-y&geo=US&q=guccifer)

------
benmmurphy
I suspect these IP address ranges are used for Mobile data as well so probably
shared between multiple users. I recognised the TMO IP because I've used TMO
4G proxies that have IP addresses in a similar range. It should disturb you
that someone in Florida may have searched for 'wrong' terms and then that was
used as justification to investigate another person in Florida who happened to
share the same IP range as the wrong searcher.

------
crashbunny
This is why switching from google to duckduckgo isn't as effective as
switching to a search engine based in europe.

------
sneak
Sigh.

“Don’t be evil” presumes a lot when there are organizations that have machine
guns and legal jurisdiction over you, and a public, decades-long track record
of doing evil.

~~~
jlarocco
TBH, I think this is the wrong situation to trot out "Don't be evil."

Law enforcement has _always_ been able to subpoena this type of information.
From phone companies, credit card companies, ISPs, etc. If Google wants to
legally operate in the United States then they don't have any choice but to
comply.

The bigger issue, IMO, is that nobody has any idea who else has access to this
information. Google can share this information with anybody. It's entirely on
good faith that people trust them not to.

~~~
analyte123
Here’s what non-evil thing to do with this information is: don’t collect it.
If you collect, don’t store it. If you store it, try to de-identify it.

~~~
cromwellian
And when the government finds out that they can't conduct investigations,
they'll just pass regulations that require collection of data.

Take private owner gun sales. You have to collect the information of the
person you're selling it to. You can't _not collect it_ , and if you take the
attitude that you won't, you yourself can be held criminally liable.

If we had cryptoanarchy -- unbreakable encryption, with everything on device,
anonymous, and any server services using some future form of fully homomorphic
encryption, and with financial transactions done with pseudo-anonymous
cryptocoin, you'd find this to be a very unstable situation, and most world
governments, even European governments, would quickly pass laws to require the
ability to track identity, de-anonymize, and subpoena logs.

There is no way any of the Western democracies are going to move to a system
where all records of activity are ephemeral and un-subpoenable.

~~~
sjy
You’re right – but at least when the government passes regulations that
require collection of data, there is a public debate and a public record of
precisely what must be collected and why.

