Just because law enforcement asks for it doesn't mean Google has it. They might just ask for it because many companies actually do keep that data, but Google provides in its privacy policy some fairly strong guarantees on data deletion. The documentation at https://policies.google.com/technologies/retention?hl=en is a good read to get an idea of what is kept and for how long.

Disclaimer: I work at Google, some of my work relates to privacy infrastructure, but I don't speak for the company.

This is the correct answer. Often times warrants ask for the moon and stars. You can only hand over what you actually have.

That is a waste of or an invalid warrant then, as the correct response to a warrant for something you don't have isn't everything you do have, but the null set.

That's still problematic though, because with clever orchestration of multiple warrants, you essentially figure out the "shape" of hidden information anyway, until you can get the request just right.

The idea though is that a judge should get tired of signing warrants for the same person by that point though, as it should not be an automatic process, and should only be being done on a case by case basis as evidence or procedure requires.

In theory at least.

A warrant for all the data you have about a person activity in 2019 is perfectly covered by giving only December data if that is all you have. A warrant obviously needs to be a bit larger in scope than needed, at the very least by requiring data that is relevant to the data you are interested in.

Because you can sell targeted ad space for a lot more money.

Also they allow people to opt out of tracking, which is probably how they kept the govt off their backs thus far. But of course few people are aware and savvy enough to opt out of systems which allow it, which is why many want to change organ donation to an opt-out system rather than opt-in for example.

To the extent that Google has any of that data, they have it because the user wanted them to retain it. You probably never read your old email drafts, but people would be upset if Google deleted it without them saying to do so.

Everything Google knows about you is available for you to retrieve, delete, and often even change. You totally can selectively edit your location history. It's not a forensic log because that's not the utility users get from it. The fact that courts want to use it as a forensic log is their own damn problem.

Because their business model relies on your personal data?

The question is not why Google has your data, it's why you chose to continue using Google despite the awareness of such a scenario happening. As someone else commented, this article should be circulated far and wide, and people need to be educated on privacy friendly alternatives like ProtonMail.

Lastly, the courts and law enforcement are a problem if they knowingly overreach their limits. Protections against unlawful search and seizure and right to privacy are guaranteed by the Constitution

The 4th Amendment SPECIFICALLY stops unreasonable searches stating the exception is with a warrant asking for specific things. They had such a warrant in this case.

Just because you hate Google doesn't mean that the warrant is invalid or the search is unreasonable here.

Jussie may have committed a crime. They have the right to investigate.

It also specifies that the warrant must be specific in describing the list of things to be turned over, and specifically prohibits overly broad warrants without cause.

Never mind that that Amendment technically has nada to do with this, because technically speaking, 4th Amendment for the person in question stopped applying due to Third Party Doctrine.

This is purely a procedural issue between Google and the government.

Read that and take it in for a minute. You're only as secure in information about yourself as you can say that you alone are the chief facilitator of your day-to-day activity, and that where you aren't, those who are hold government to the proper standard of access.

Furthermore, I"m fairly sure that Google has far more detailed information hoovered up with regards to everyday people than they wish to go on the public record as having. If this were a fishing expedition, and they handed over replication tracks for 2 months for instance. That would become verified public knowledge that they collect that information, and store it in queryable form.

Google is acting very shrewdly to disclose as little about their true data collection capabilities as possible. Likely because of the backlash that would occur if people were aware of just what they were sitting on.

There was a Jeffrey Deaver book that somewhat touched on the dangers of sitting on reams of correlable data, even if measures were in place to ensure none could be written down or physically exfiltrated from the building. The Broken Window I believe it was.

Either way, it should disturb everyone that the government has essentially got a one-stop-shop for just about all the detail about what you're thinking about, all enabled thanks to the requisite tracking for ad targeting.

Heck, If I had more spare time, I'd start building my own search indexer. The balance between personal privacy and government access to reams of metadata about your every day life can't be reconciled with Third Party Doctrine. Period.

Unfortunately ending their data collection is not as simple as leaving Gmail. For example they have Google maps, analytics, recaptcha and the contents of emails sent from friends to your protonmail account.

> Protections against unlawful search and seizure and right to privacy are guaranteed by the Constitution

US courts have pretty consistently ruled that you don't have much expectation of privacy for material you handed over to someone else. To the extent that its usually available with just an administrative subpoena.

Skipping all forms of due process is probably a step too far-- but a direct court order? After all, if Google can commercially exploit your data including handing it over to partners-- why should a court order result in less access?

They could at least encrypt it, storing the key in the user’s devices.

That damages the user-friendliness of their offering, because users with that configuration are always one misplaced key away from losing everything with no way for Google to recover it for them (and yes, users will absolutely blame the company for this failure mode, and companies that do not offer this failure mode tend to succeed in the marketplace).

since the option is not available, we ll never know if users prefer it

Systems providing such services exist; they aren't as popular.

https://tresorit.com/, for example, may be a useful litmus test to monitor for this use case. They've had to implement soft deletion because "The option to recover files has been among the top feature requests we’ve heard from our users and customers" (https://tresorit.com/blog/file-restore-launch/).

See my original statement; they're offering an easy-to-use system, and handing out foot-guns to users is the opposite of that goal. "Should" implies a forcing function that doesn't exist.

There are foot-gun manufacturers if people want an alternative.

I read in a Chinese programmer forum that they just mark it as deleted when you delete photos,it seems to be a common practice, not sure about google.

It is common practice.

It's not how it works at Google.

However, Google creates cold backups of "hot data" that last for much longer than deleted data. Depending on the breadth of a warrant, data that was "hot deleted" and removed from servers could still be available on cold backups of the system made before the data was deleted. Unless we have evidence that deletion of hot data implies Google has a method to swiftly and reliably knock out that data in all its cold backups (including offsites).

This is, hypothetically, possible if they encrypt all data on-disk with a per-data-item key and the key itself is never backed up; if deletion deletes the hot key, the cold backups are now just noise and it doesn't matter if Google deletes them.

Probably or provably?