TAG | location
The ACLU just posted an article about a recent federal magistrate judge’s ruling. It is a somewhat bizarre case.
The DEA had an arrest warrant for a doctor suspected selling prescription pain killer drugs for cash. They then requested a court order to obtain his real time location information from his cell provider.
The judge went along, but then published a 30 page opinion stating that no order or warrant should have been required for the location information because the suspect had no expectation of location privacy. If he wanted privacy, all he had to have done is to turn off his phone (which would have prevented the collection of the information at all, not just established his expectation).
So, if this line of reasoning is picked up and becomes precedent, it is clear than anyone on the run needs to keep their phone off and / or use burner phones paid for with cash.
My concern is that, if there is no expectation of privacy, is there anything preventing government entities from requesting location information on whole populations without any probable cause or court order.
While I think that the use of location information in this case was completely appropriate, I would sleep better if there was the check and balance of the need for a court order before getting it.
This is another situation where technology has run ahead of the law. The Fourth Amendment was written in a time where information was in tangible form, and the only time it was generally in the hands of third parties, was when it was in the mail. Therefor search of mail in transit was specially protected.
Today, cloud and telecommunication providers serve much the same purpose as the US Postal Service, and are used in similar ways. It is high time that the same protection extended to snail mail be applied to the new high tech communications infrastructures we use today.
The House Judiciary Committee is going to be discussing the Electronic Communications Privacy Act. There is a chance that they will strengthen it.
This act was written decades ago, before there were any real cloud solutions. Email was downloaded by your email client, and immediately deleted from the server. They law assumed that any email left on a server more than 180 days had been abandoned, and so no warrant was required for law enforcement to obtain it.
These days, with services like gmail, we tend to keep our email on the servers for years, with no thought that it has been abandoned. Law enforcement is opposing reforms of this law because it would make their work more difficult. Doubtless it would, as does almost any civil liberty.
Earlier this month Zoe Lofgren introduced the Online Communications and Geolocation Protection act, amending ECPA. It would require a warrant to obtain cell phone location information. There is clearly some momentum for reform.
Last week I did an interview on a San Diego news program about issues with many cameras and smart phones in particular embedding very accurate location information in your pictures. If your camera (smart phone or whatever) has GPS, then the EXIF meta data in the picture will contain your location to within about 20 feet. This can be disabled, but is typically on by default.
While this can be useful when you are trying to sort and organize the pictures on your computer, the risk shows up when you start to share the pictures. By combining date and time information in the pictures I can tell if they are recent. If you are on vacation and posting on the road, an attacker can tell that you are away from home and your home probably unguarded. Pictures of your home and family can provide the exact location of your house as well.
The good news is that major sites for sharing pictures like Facebook and Flickr seem to strip out that information from the photos. It is unclear if that is intentional or just a byproduct of how they are processing and displaying the images. In any case, the data is certainly available to the sites themselves.
I strongly encourage everyone to download an EXIF editor to be able to strip this information from pictures before uploading, and to turn off location tracking in their cameras and mobile phone photo applications to prevent the capture of that information in the first place.
The story is about a german politician Malte Spitz who sued to obtain the retained cell tower records for his own phone, then provided them to the newspaper. The newspaper has created a nice map and timeline tool to allow you to play Spitz’s movements over 6 months. The resolution is impressive and should be a real wake up call about the level of detailed information being gathered on us all.
Of course, if the phone company was capturing GPS or WiFi based location information the data would be much more accurate. While GPS would quickly drain the battery, many modern phones have WiFi enabled all the time, so that information would be readily available without any additional impact on the phone’s performance.