Bombshell court documents have revealed how US authorities compel YouTube to cough up extensive identifying information on users viewing particular content, and/or anyone who has accessed certain video URLs during a certain time period. The contents show that major streaming platforms have surreptitiously been transformed into a vast dragnet, and innocent private citizens can become suspects in criminal investigations by simply viewing videos online. The potential for these powers to be grossly abused is obvious, and vast.

The documents are a pair of 2703(d) court orders. US authorities hit Google with a sweeping demand for user data, which an East Kentucky judge ruled was legitimate, as there were “reasonable grounds to believe that the records…sought are relevant and material to an ongoing criminal investigation.” The probe was launched due to an anonymous individual offering to convert cryptocurrency into US dollars via mail, in apparent breach of money laundering laws.

US undercover agents posing as bitcoin sellers conducted “multiple” transactions with the individual. In one instance, they claimed their bitcoin “originated from the proceeds of drug sales.” During these exchanges, the individual sent their customers links to YouTube videos, and agents did the same in response. As such, officials demanded Google turn over a wealth of information on anyone and everyone who viewed these clips January 1st - January 8th 2023. 

This included their names, home, business, email and IP addresses, phone records, device information, online payment records, user activity records, and much, much more. The videos in question were completely innocuous, and had in one case been watched tens of thousands of times, meaning even just a weekly snapshot of who viewed the clips could’ve resulted in hundreds of innocent citizens’ personal information being unilaterally handed over to investigators. 

Related News

Contrasting melodies at the UN General Assembly

US engagement with Mali junta exposes double standards

‘Geofence Warrants’

This was a textbook fishing expedition, theoretically prohibited under the US constitution’s fourth amendment, which protects citizens from “unreasonable searches and seizures by the government”. That the East Kentucky judge not only signed off on the demand for Google to hand over the information, but a corresponding gag order prohibiting the tech giant from disclosing the order’s existence to anyone publicly or privately for a year following its execution, strongly suggests US judicial sympathies lie with the government in such cases.

There were a variety of means by which US authorities could’ve easily avoided turning publicly accessible video content into a honeypot. For example, uploading a clip, setting it to private, and sharing the link with their target exclusively. This would in fact have been far more effective at identifying the individual than the approach adopted, which tends to suggest that unearthing mounds of information on unsuspecting YouTube users without their knowledge or consent, and without Google being able to resist the demand, was the explicit objective.

There’s no way this was an isolated incident, either. Since Google’s inception, it has been a go-to resource for Western law enforcement, security, and intelligence agencies, particularly when a serious crime has been committed, but authorities have no suspects. In the US, “geofence warrants” have become disturbingly common. Officials demand Google provides information on anyone who was present in a specific area during a certain timeframe, then start drilling down until they find a potential suspect.

Given geofence warrants are often applied to high-traffic areas, including businesses, apartment complexes, schools, or churches, the prospect of innocent people who live and work in, or for one reason or another frequent, a site that becomes a crime scene being wrongly tapped as suspects in criminal investigations is absolutely certain. This is precisely what happened in December 2018, when Phoenix, Arizona police jailed a man on the grounds his phone location data placed him at the site of a shooting nine months earlier.

Mercifully, he was released after just a week, after cops learned that his car was regularly used by his mother’s ex-boyfriend, the actual culprit. In a less heinous but barely less disturbing incident, judges in San Francisco signed off on a geofence warrant that, due to a typo in court submissions, covered a two-mile-long stretch of the city. Police resultantly accessed sensitive information about people present in a wide variety of state and public buildings, and the residents of private homes.

How many other mistakes have been made by Western authorities in the thousands of data requests they submit to Google annually is an open question. But it shouldn’t be.