Google Allegedly Shared Personal Details of Extremist Users with Law Enforcement

Google sign on Google building

Leaked documents indicate that Google has voluntarily sent the personal details of mostly far-right users to a counter-terrorism team in California’s Bay Area, according to a report from the Guardian, which was published following their own investigation. Google reported the accounts to law enforcement but did not always remove them from their platforms.

Sensitive Information Shared with Government Agencies

Google regularly receives requests from government agencies around the world to disclose user information. A variety of laws allows them to do so. However, in an effort to be more transparent, Google decided to share the number and types of requests they receive in their Transparency Report. The tech giant has assured the public that they carefully review each request and in some cases object to producing any information at all.

The Guardian’s report, on the other hand, has revealed that in some cases Google had voluntarily passed on the personal information of users who spread racist and violent ideas or opinions. The information appears to originate from a little-known Google branch called the CyberCrime Investigation Group (CIG). Strangely, not all the information Google has shared was related to terrorist or racist threats. Some details concerned information of users who expressed mental distress or thoughts of self-harm.

In a telephone conversation with the Guardian, the director of the Northern California Intelligence Center (NCRIC), Mike Sena, explained that the Google reports came through a common reporting facility that “the public, law enforcement, and any other organization” can use. He also said that any action “is usually in the form of a welfare check”.

Inconsistencies Between Reports and Actions

Reported accounts include a user who wondered “whether he should do the same thing” as the gunmen who committed multiple murders in El Paso and Dayton. In other comments, the same user also discussed making explosives. Another user said he wanted to know the name of the Asian doctor who released the coronavirus, so he could “shoot his daughter in the face”.

Google passed on user’s real names, street addresses, Gmail and recovery email addresses, detailed subscriber information, and, in some cases copies of the user’s comments on platforms like YouTube, as well as the time and IP addresses of recent logins. It is unclear what data was released voluntarily, or in response to warrants, subpoenas or other requests.

While Google did report extremist’s accounts, they were by no means consistent in their approach. It would have been logical, for example, if they had also removed extremist users from their platforms. In some cases, it seemed that Google simply had passed on information without taking any action themselves. One user, for example, still has two Gmail accounts, despite making comments that clearly break Google’s guidelines and terms of service.

The BlueLeaks Trove

The Guardian’s report is based on documents from a large collection of leaked files, dubbed the BlueLeaks trove. The trove was hacked by someone connected to Anonymous and released by the activist group DDoSecrets on Friday 19 June, 2020. Juneteenth is a holiday in the US, which is also known as Freedom Day, Emancipation Day or Liberation Day. The day commemorates the end of slavery. The hack came amid widespread protests against police brutality and racism following the death of George Floyd whilst being arrested by the Minneapolis police.

The 269 GB data trove includes thousands of official documents, memos and financial information from over 200 state, local and federal agencies, as well as over a million emails, audio, video and intelligence files from multiple fusion centers. Fusion centers are state-owned centers designed for law enforcement agencies to exchange threat-related information.

Among the documents are several emails that show how Facebook, Twitter, TikTok, Reddit, and Tumblr, among others, share information with law enforcement agencies. German authorities seized a server used by DDoSecrets at the request of US authorities. The investigation is ongoing.

IT communication specialist
Sandra has many years of experience in the IT and tech sector as a communication specialist. She's also been co-director of a company specializing in IT, editorial services and communications project management. For she follows relevant cybercrime and online privacy developments.