If you're not familiar with the LEGO scandal, the tl;dw is that this YouTuber Reckless Ben (Ben Schneider) has been investigating a stolen set of LEGO worth ~$100-200k (depending on who you ask) and the local police dept and criminal justice system has been colluding with the criminals (all members of the local Mormon church) to get him to STFU. The long version is, very long. You can check his channel for more.
Previously the local police dept managed to get a warrant to raid Ben's rental home with guns drawn and arrest him, based on what is clearly fabricated evidence. Here they appear to have done it again to get access to his Google account.
The linked video is mirrored on Peertube and timestamped to the relevant section.
Ben does also provide a copy of the subpoena in the video but I cannot vouch for its' validity, and he has used placeholder evidence before, but that's neither here nor there.
Anyway, the part that was relevant to this community was that in the course of their investigation they subpoenaed Google, and Google handed over basically his entire life to them. I'm sure this was very useful in their investigation.
I don't necessarily blame Google here for complying with a subpoena, but the moral of the story is to stop giving Google your data, because everything you say and do can and will be used against you in a court of law, with or without legitimate justification, and the more stuff you give them, the more ammunition you're providing the prosecutor.
This is also not exclusive to Google. Anything not local, self-hosted or encrypted a la Proton can be subpoenaed and the provider will have to comply. It just so happens that Google probably has more information about literally everyone in the world than any other particular entity.
Just as an fyi, if you'd self hosted your services, they would probably subpoena you, and you would be obligated to give them all your data from your own server, and if you'd refus, your be in deep, deep shit
It doesn't matter where you store data, if it's stored, it can be used
"Well boys I sure hope you can get in to this because I lost the password ages ago I remember it was a set of 15 random words with capitals in random spots but just can't remember the order..."
Then your lawyer gets to tell the jury that you complied.
How so? You cannot be forced to accuse yourself. If your self-hosted data is on encrypted hard drives then they can't do anything about it.
Except in the UK where you can be forced to provide decryption keys.
And that’s where good encryption comes into play. At least in the US, (where this case is happening), they can compel you to turn over the encrypted data blob. But they can’t compel you to give them the password to access the data. Because forcing you to give up the password would violate your 5th amendment right to remain silent.
Also, they probably wouldn’t subpoena you and give you a chance to respond; they would just bust your front door down and take your server. You wouldn’t have an opportunity to peacefully turn the data over to them. Only the wealthy get subpoenas. The rest of us get no-knock search warrants, dead pets, (because cops will shoot any dogs that are present when they execute the warrant), and traumatized/injured/killed family members who happened to be home at the time.
they respected the lemon pound cake tho...
That incident reminded me of Kevin Mitnick leaving a box of donuts for the FBI lol.
They’ll just come in and take ALL your PC/server hardware and hold it as evidence. Preferably with a warrant, but if they “fear” that you may destroy evidence, they can seize everything regardless of warrant. If you’re legally ordered to decrypt and refuse to do so, you’ll be held in contempt of court and probably jailed/fined for who knows how long.
You didn't refuse. You forgot the passphrase.
I imagine it'd still be preferable to make them go through you and your lawyer for that info, where you could still have some measure of control.
You’re half right, in that ultimately they can compel you to hand over your data, but there is a higher bar to clear for them to get your personal data stored locally.
For one, they can’t compel you to turn over your data with a subpoena, they’d have to actually go in front of a judge and get a warrant.
Probably wouldn’t be very hard to get from what i can see in this case
It would at least be harder, and have real constitutional ramifications. But yes, ultimately if there’s enough corruption they will get their hands on the data
I think the real takeaway is to not put all your eggs in one basket, so they would need separate subpoenas.
Getting access to just his Google Account could contain Google Voice text messages, voicemails, and call history. Google search history, Google Maps location history, everything in Google Docs, Gmail, YouTube, and probably other stuff I'm forgetting. That's all with a single subpoena, which includes a lot of things irrelevant to the case.
Google doesn't store map data anymore. It is all local.
That's not correct