A cyclist from Florida says that he was targeted by police as the prime suspect in a burglary because the RunKeeper app he used to log his rides via his Android phone showed him passing the crime scene three times on the day a house was broken into.
The first that Zachary McCoy, aged 30 and from Gainesville knew of police interest in him came when he received email notification from Google in January this year that police had requested information about his account, reports NBC News.
“I didn't know what it was about, but I knew the police wanted to get something from me, I was afraid I was going to get charged with something, I don't know what,” he said.
When he checked the reference number against the local police department’s website, he discovered an investigation report about a burglary that had taken place 10 months previously at the home of a 97-year-old woman.
With financial help from his parents McCoy, a restaurant worker, engaged a lawyer, Caleb Ewan, who discovered that four days after the burglary police had obtained a so-called “geofence warrant” against Google.
Such warrants are increasingly being used by law enforcement agencies to identify, via Google, the geolocation of people who were in an area at the time a crime was committed, helping them to identify potential suspects.
McCoy, who lives less than a mile from the location of the burglary, checked the data on his phone and realised he had recorded himself on RunKeeper riding his bike past there three times on the date in question.
“It was a nightmare scenario. I was using an app to see how many miles I rode my bike and now it was putting me at the scene of the crime,” he said. “And I was the lead suspect.”
Since McCoy, a computer science graduate, had always used anonymous accounts online – including the email address linked to his Google account – police referred to him only as a ‘John Doe’, the name used in the US when an individual cannot be identified.
His riding habits had piqued their interest in finding out who he was, which triggered the email to him from Google.
“I didn’t realise that by having location services on that Google was also keeping a log of where I was going,” he said. “I’m sure it’s in their terms of service but I never read through those walls of text, and I don’t think most people do either.
“If you’re innocent, that doesn’t mean you can’t be in the wrong place at the wrong time, like going on a bike ride in which your GPS puts you in a position where police suspect you of a crime you didn’t commit,” McCoy added.
Kenyon filed an application to have the geofence warrant dismissed, arguing, among other things, that it was unconstitutional in that it allowed police to cast a net too widely in seeking to investigate who may have perpetrated a crime.
He contrasted it with a search warrant which would be executed against a suspect who had already been identified.
“This geofence warrant effectively blindly casts a net backwards in time hoping to ensnare a burglar,” he argued. “This concept is akin to the plotline in many a science fiction film featuring a dystopian, fascist government.”
Shortly afterwards, he was contacted by someone working on the case in the state attorney’s office who said that the information he had provided led them to believe McCoy – whose identity was still unkown to them – was the suspected burglar, and the geolocation warrant was withdrawn.
McCoy, looking to fully vindicate his client, visited the detective investigating the case, showing him RunKeeper data going back months of him riding past the same location, before and after the date of the burglary.
“There was no knowing what law enforcement was going to do with that data when they got it behind closed doors,” he said.
“Not that I distrust them, but I wouldn’t trust them not to arrest someone,” he added, highlighting a case in Arizona in which a man was wrongly convicted of murder largely based on geolocation data obtained via such a warrant.
Clearly, the ability of law enforcement and other government agencies to use data and other information in the course of investigating a crime or for other purposes varies depending on jurisdiction, but as in this case it also raises issues of privacy.
In the UK, it is standard practice for police to check a motorists’ mobile phone for voice calls or other activity in the event of a road traffic collision to see whether they were using the device at the time a collision took place.
On the other side of the coin, as we have reported here on road.cc a number of times, criminals often use social media posts, as well as feeds from sites such as Strava, to target owners of high-end bikes, with this tactic suspected to have been employed in a number of burglaries.
road.cc’s online security tips
We’re all for online communities here at road.cc – after all, we are one and the interaction between our own users is one of the things that makes the site what it is – but as the story above shows, there may be people watching who have intentions that go beyond taking exception with your opinion of helmets or Rapha and who’ll give you more than the odd flame to worry about. Here’s some pointers to keeping safe online, with an emphasis on bike security.
If you mainly post online under a pseudonym and never mention your real name in connection with that, you’re already a step ahead. If not, there are a few things you can do to make yourself more secure, both when it comes to your bike and generally.
• Since Facebook accounts tend to be under users’ real names, it’s not difficult for thieves to link that and other information to publicly available address information, so you may want to review your privacy settings to have control over who can see your profile (yes, we know Facebook keeps changing them, but try and keep on top).
• Be very careful about posting images online. We all like to post pictures of our new toys online, but a bit of common sense is needed. A photo of your brand new bike with your house clearly identifiable behind it could attract unwanted attention. You may wish to disable GPS information used by some photo sharing sites.
• The same goes for information you share on sites that track your rides and make the information public. Strava has a feature that enables you to hide the start and finish point of your ride, particularly useful if that happens to be your home. Use it.
• Don’t go into detail online about the specific type of security you have, whether in relation to your bike or your home generally; you’re giving the thieves a chance to prepare by making sure they have the right tools for the job. Likewise talking online about going away for a while, on holiday perhaps, can flag up an unoccupied house to the thieves.
• Even if you don’t post on social media under your real name, be wary about how much information you make public. The less you reveal, the less others know about who you are and where you live. Keep it vague – town or district, fine, the street you live on, think twice.
• It's not just Facebook and Twitter, either that you need to be careful about - even club websites can be trawled by the crooks for information. Site admins may want to consider a private area of the site where members can chat.
• This isn’t specifically online-related, but we know that cyclists are sometimes followed home, the thieves returning later once they know where you live. If, close to your house, there’s somewhere you can go on your bike that someone watching you in a car can’t, go there. Try and vary your route if you can. Or ride a little way past your house then loop back.
Add new comment
15 comments
Whoa! What's happening. Yesterday he was "prime suspect", today he's "hapless cyclist". And "almost landed in jail" rather than the reality of just being told that Google would reveal his real identity to the police. You've been changing things you naughty article writers. And yet you still have Caleb Ewan's as his lawyer!
Methinks he is a bit of a fantasist. The geolocation data would show that he did not spend any time at the location but only passed by. Or he's lying and is the perp.
Other outlets have stated that his data showed him passing the burgled house numerous times on the day of the burglary as part of his regular laps of the neighbourhood - something that many of us do, particularly if there's only one good hill in the vicinity. Quite easy for the police to assume that he was making multiple recces and came back on foot/in a vehicle once he saw the coast was clear. No need to be quite so cynical.
I wonder how they got his name and adresse. Could it be that he logged on to runkeeper app with his google account. Woiuld it be possible to trace him if he had not used google account to log into runkeeper?
Most Android phones have Google Location Services installed, and you sign into Google as part of the phone setup (you need to to use the Play store, for example). Apps that use location data will often get it from the Google service rather than direct from the GPS device on your phone. This provides some benefits like improved accuracy and speed, but also means Google are tracking you everywhere.
https://uk.pcmag.com/how-to/82734/how-to-get-google-to-quit-tracking-you
Has there actually been a case where social media posts or Strava has actually demonstrated to be the cause of high end bikes being stolen? Road.cc keep coming out with the line but I have never seen the evidence.
I think it is more anecdotal rather then definitive proof but multiple cyclists and one Police Force ran stories that it could be happening and check privacy settings.
To me it is the same with any social media stuff that could be a window in what you are doing. For example how many people put a poster up in their window that they are going on holiday? Liken that to facebook, instagram and twitter posts saying that you are going on holiday. Also, whilst there, please also post out your Porn Name which contains memorable infomation.
Was his lawyer really called Caleb Ewan, is he not normally a bit busy in the pro peloton
And who the hell is Kenyon??
Useful info road.cc, thanks.
Was he the perp ?!
I do hope his lawyer cost him a lot of money. Rather than just telling the police "Yes, I'm that particular John Doe. I was in the area because I live in the next street" he adopted a self-centred 'I wasn't robbed so why should I have to help the police in any way' attitude. And will stick with that until the day he's robbed and suddenly wants the police to check everything.
Well even with a lawyer stating facts, they still were treating him as their number one suspect. I'm guessing going into the station could easily have had him arrested, interrogated and then getting a solicitor at even shorter notice and maybe more cost. The only thing going for him is he is white, a different ethnicity and he might not have made it into the station alive.
No. You need to read a bit more thoroughly. The only people using the term 'prime suspect' are McCoy and his lawyer. The police not unreasonably tried to find out was in the area on the day, and in the case of someone deliberately masking their identity, as McCoy was by using an alias, they went through legal channels to find out who that really was. There's no evidence for anything other than that, having confirmed his real identity and address, their only question would have been 'did you see anything or anyone else in the area'.
I'm hoping your last sentence is a joke.