CAT | legal
The ACLU just posted an article about a recent federal magistrate judge’s ruling. It is a somewhat bizarre case.
The DEA had an arrest warrant for a doctor suspected selling prescription pain killer drugs for cash. They then requested a court order to obtain his real time location information from his cell provider.
The judge went along, but then published a 30 page opinion stating that no order or warrant should have been required for the location information because the suspect had no expectation of location privacy. If he wanted privacy, all he had to have done is to turn off his phone (which would have prevented the collection of the information at all, not just established his expectation).
So, if this line of reasoning is picked up and becomes precedent, it is clear than anyone on the run needs to keep their phone off and / or use burner phones paid for with cash.
My concern is that, if there is no expectation of privacy, is there anything preventing government entities from requesting location information on whole populations without any probable cause or court order.
While I think that the use of location information in this case was completely appropriate, I would sleep better if there was the check and balance of the need for a court order before getting it.
This is another situation where technology has run ahead of the law. The Fourth Amendment was written in a time where information was in tangible form, and the only time it was generally in the hands of third parties, was when it was in the mail. Therefor search of mail in transit was specially protected.
Today, cloud and telecommunication providers serve much the same purpose as the US Postal Service, and are used in similar ways. It is high time that the same protection extended to snail mail be applied to the new high tech communications infrastructures we use today.
It has long been known in security circles that many printers embed nearly invisible watermarks in all printed documents which uniquely identify the printer used.
SpringyLeaks reports that a recent FOIA request revealed the names of printer companies who embed such markings and have worked with law enforcement to identify the printers used in various cases.
The article also suggest that these watermarks can be used to aid reconstruction of shredded documents.
Courthouse News Service reports that a virginia judge has ruled Facebook “Likes” are not protected speech.
The case was related to employees of the Hampton VA sheriff’s office who “Liked” the current sheriff’s opponent in the last election. After he was re-elected, he fired many of the people who had supported his opponent.
The judge ruled that posts on Facebook would have been protected, but not simple Likes.
While I am encouraged to see the recently announced Consumer Privacy Bill of Rights, it is no reason to become complacent about your privacy.
First, the Consumer Privacy Bill of Rights is a set of fairly general statements. It is unclear if or when we would see real enforcement.
Second, it will be very difficult to enforce this against non-US services, and it is almost impossible for a user to know if some or all of a website she is visiting is being provided by a non-US company.
Third, it is very difficult to tell if the policies are being violated. Unless the website uses the information directly and immediately it is very hard to tie the use of information back to the source of the information. If it is being silently collected, you really can’t tell.
While such policies and statements of principle are a good thing, and one hopes that most major websites will get on board with them, if you actually want to ensure your privacy, you need to take matters into your own hands.
Block cookies, clear out old cookies, and hide your IP address with tools like Anonymizer Universal.
The FBI in conjunction with the Bureau of Justice Assistance and Joint Regional Intelligence Center have produced a number of fliers to help the public identify possible terrorists. While some of the points have merit, it is very likely that this will generate an extremely high proportion of false alerts based on perfectly reasonable and legal behaviors.
A big red flag for me were the fliers for cyber cafes and electronics stores. These suggest that the use of privacy protecting services, like Anonymizer, should be deemed suspicious. They also call out Encryption, VoIP, and communicating through video games.
In almost all of the fliers they suggest that wanting to pay cash (legal tender for all debts public and private) is suspicious.
Thanks to Public Intelligence for pulling together PDFs of the documents.