Recently we were asked to look into the situation of a Russian citizen detained in the United States. His colleagues reached out, trying to understand whether they themselves might face similar risks — for example, being unexpectedly detained by the FBI somewhere on a beach in Greece.
But what I actually want to talk about is something else: how U.S. law enforcement agencies use search history as evidence — and how the situation compares to what we see in Russia.
What makes this case particularly interesting is that investigators essentially reconstructed the suspect’s decision-making process based on his search queries and browsing history.
The indictment describes an episode involving the purchase of equipment through a Hong Kong company.
According to investigators, on the day the money transfer was made the suspect carried out the following searches:
Shortly afterwards, the funds were transferred. For prosecutors, this sequence of actions became evidence that the individual was aware he might be violating sanctions rules.
During the bail hearing, prosecutors went even further. The search history also contained queries such as:
Investigators argued that these searches suggested the suspect might be planning to leave the country. This argument was used to support pre-trial detention — which the court ultimately granted.
This case illustrates how modern digital forensics works. Search history here was not used to prove that the crime itself occurred — that was supported by bank records, documents, and communications. Instead, it helped answer a different question: whether the suspect acted knowingly.
Many criminal offenses require proof of intent. And in this case, the most direct evidence turned out to be surprisingly simple: the person had literally Googled the rules he was about to violate.
In fact, this approach is far from new. U.S. investigators have long used search data not only to establish intent but also to identify suspects in criminal cases. There are numerous examples involving so-called “reverse keyword warrants.”
One notable case involved an arson attack in Denver in which five people were killed. Police obtained from Google a list of IP addresses belonging to users who had searched for the address of the burned house within the fifteen days preceding the fire. Google reportedly provided investigators with a spreadsheet containing sixty-one searches performed from eight different accounts.
This information ultimately led investigators to three teenagers, who were later charged with murder and arson.
Personally, I am not aware of cases in Russia similar to the Denver example — where law enforcement analyzes large datasets of search queries related to a specific location, topic, or person. If readers from law enforcement know otherwise, I would be interested to hear about it.
In Russia, search history usually appears as a piece of digital evidence discovered during the forensic examination of a physical device — such as a phone or computer.
However, the situation has begun to evolve. Since autumn 2025, Russia has introduced Article 13.53 of the Code of Administrative Offenses, which establishes liability for intentionally searching for extremist materials online. By December, the first known fine under this provision had already been reported — 3,000 rubles in the city of Kamensk-Uralsky.
In other words, if search history was previously just a digital trace within an investigation, in some situations the act of searching itself may now constitute an offense.
Perhaps the old line from American movies — “anything you say can and will be used against you” — needs an update. In the age of digital traces, it sounds slightly different: “…and anything you Googled can be used against you too.”
