CELL PHONE BUGS
(RT) Google chairman and CEO Eric Schmidt came out to defend tracking technology in smartphones arguing the technology will ultimately enrich and benefit the lives of consumers.
Recent debates regarding privacy have surfaced following the discovery of tracking files native to Apple’s iPhone and Google’s Android mobile operating system.
“Today, you’re phone knows who you are, where you are, where you’re going, to some degree, because it can see your path. And with that and with your permission, it’s possible for software and software developers to predict where you’re going to go, to suggest people you should meet, to suggest activities and so forth,” he said. “So ultimately what happens is the mobile phone does what it does best, which is remember everything and make suggestions.”
Allowing your phone to know you, follow you and help you will allow users to enjoy their social experience more, he contended. The experience of will become increasingly personal and more fulfilling.
“The computer will suggest things that you might be interested in,” Schmidt said. “Since I’m a history buff, if I’m walking down here in the street, it will tell me the history of the area or it will tell me about something that I might be interested in.”
Many privacy advocates have become increasingly worried about tracking software in smartphone’s which record s and remembers a users movements. Both Apple and Google have contended that the programs are designed to aid the phone’s user – not track. Some remain are skeptical given Schmidt’s past remarks on privacy.
“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place,” he once infamously stated.
“People have the right to know who is getting their information and how information is shared and used,” said US Senator Al Franken, who recently held a Senate hearing on the matter. “I still have serious doubts those rights are being respected in law or in practice. This is an urgent issue.”
Apple has issued a software update to alter tracking storage information and Google’s tracking software is currently an opt-in program. Nevertheless privacy advocates, including Franken, argue more must be done.
He contends that tracking data puts users at risk and could endanger – not benefit – their lives and more must be done to protect their privacy.
(Ryan Radia) The smartphone is arguably one of the most empowering and revolutionary technologies of the modern era. By putting the processing power of a personal computer and the speed of a broadband connection into a device that fits in a pocket, smartphones have revolutionized how we communicate, travel, learn, game, shop, and more.
Yet smartphones have an oft-overlooked downside: when they end up in the wrong hands, they offer overreaching agents of the state, thieves, hackers, and other wrongdoers an unparalleled avenue for uncovering and abusing the volumes of sensitive personal information we increasingly store on our mobile phones.
Over on Ars Technica, I have a long feature story that examines the constitutional and technical issues surrounding police searches of mobile phones:
Last week, California’s Supreme Court reached a controversial 5-2 decision in People v. Diaz (PDF), holding that police officers may lawfully search mobile phones found on arrested individuals’ persons without first obtaining a search warrant. The court reasoned that mobile phones, like cigarette packs and wallets, fall under the search incident to arrest exception to the Fourth Amendment to the Constitution.
California’s opinion in Diaz is the latest of several recent court rulings upholding warrantless searches of mobile phones incident to arrest. While this precedent is troubling for civil liberties, it’s not a death knell for mobile phone privacy. If you follow a few basic guidelines, you can protect your mobile device from unreasonable search and seizure, even in the event of arrest. In this article, we will discuss the rationale for allowing police to conduct warrantless searches of arrestees, your right to remain silent during police interrogation, and the state of mobile phone security.
(ACLU) A few weeks ago, we wrote about United States v. Maynard, a decision from the U.S. Court of Appeals for the District of Columbia Circuit requiring the government to obtain a warrant when it uses a GPS tracking device to monitor someone’s movements.
Last Friday, Judge James Orenstein in the Eastern District of New York recognized that Maynard‘s reasoning also applies when the government tries to retrace a person’s whereabouts using historical cell phone location information stored by cell phone carriers. Judge Orenstein rejected each possible factual difference between GPS vehicle tracking and historical cell phone tracking, and concluded that cell phone tracking is just as intrusive to Americans’ reasonable expectations of privacy in the details of their everyday lives as GPS tracking.
We believe that Judge Orenstein got it exactly right. In coming to the decision, the court’s opinion noted:
a growing recognition, at least in some courts, that technology has progressed to the point where a person who wishes to partake in the social, cultural, and political affairs of our society has no realistic choice but to expose to others, if not to the public as a whole, a broad range of conduct and communications that would previously have been deemed unquestionably private.
Concluding that “[t]he Fourth Amendment cannot properly be read to impose on our populace the dilemma of either ceding to the state any meaningful claim to personal privacy or effectively withdrawing from a technologically maturing society,” the court denied the government’s application for almost two months’ worth of historical cell phone location information that it had sought to access just by showing that it was “relevant and material to an ongoing criminal investigation” — a standard far short of a warrant required by the Fourth Amendment.
The same issue regarding the constitutionality of warrantless access to historical cell site location is currently pending in the 3rd Circuit, where the ACLU submitted a friend-of-the-court brief (PDF) with the ACLU Foundation of Pennsylvania, the Electronic Frontier Foundation, and the Center for Democracy and Technology. The 3rd Circuit will be the first appellate court to decide this question, and we hope that it, like Judge Orenstein, will understand the necessity for Fourth Amendment protections against invasive technology like cell phone tracking that has the potential to eviscerate our notions of privacy.
(Bloomberg) Traders’ mobile-telephone calls may be taped in an effort to stamp out insider trading, according to proposals from the U.K. financial regulator.
Cell phones used for business shouldn’t be exempt from rules requiring banks and brokerages to record employees’ calls, that the Financial Services Authority can listen to later, under proposals the agency said may take effect as soon as next year. Around 22,000 phones would be covered, the FSA said.
“Some would say that it is about time that mobile-phone technology should catch up with the procedures for other communication types,” said Tony Woodcock, a lawyer at London- based Stephenson Harwood. “But it does mean that determined miscreants will find other means such as private mobiles, or others’ mobiles, to effect the trading more clandestinely.”
The U.S. insider-trading case against Galleon Group LLC’s chief executive officer, Raj Rajaratnam, was brought using evidence in part from mobile-phone conversations the government got permission to wiretap.
The FSA is increasing efforts to stamp out insider trading after criticism from lawmakers that it wasn’t doing enough. It won a jail sentence against a former trader last week for the crime, which carries a maximum sentence of seven years, and this week filed charges in another case against a former banker.
Companies should make sure employees don’t use private phones or e-mail for business to circumvent the recording, the FSA said. Banks would have the option of banning employees from using mobiles for business use, the regulator said.
“Removing the exemption will provide an additional source of contemporaneous voice conversations and electronic communication evidence,” the FSA said today. “This can also help us to counter market abuse, one of our key priorities.”
The FSA started to cold-call traders to interview them under caution two years ago about possible insider trading, a strategy that fell prey to hoax calls.
The regulator had never filed a case of insider trading before 2008. It has since won all three of the cases it has brought, with another against two former mergers and acquisitions lawyers and an ex-financial officer scheduled to begin next month.
FSA Chief Executive Officer Hector Sants said yesterday that insider trading remains “unacceptably high.” Suspicious trades, which can indicate insider trading, have risen in the face of increased FSA activity. They occurred before 29.3 percent of takeovers in 2008, up from 28.7 percent in 2007, and 23.7 percent in 2005, according to FSA data.
(CNET) Two years ago, when the FBI was stymied by a band of armed robbers known as the “Scarecrow Bandits” that had robbed more than 20 Texas banks, it came up with a novel method of locating the thieves.
FBI agents obtained logs from mobile phone companies corresponding to what their cellular towers had recorded at the time of a dozen different bank robberies in the Dallas area. The voluminous records showed that two phones had made calls around the time of all 12 heists, and that those phones belonged to men named Tony Hewitt and Corey Duffey. A jury eventually convicted the duo of multiple bank robbery and weapons charges.
Even though police are tapping into the locations of mobile phones thousands of times a year, the legal ground rules remain unclear, and federal privacy laws written a generation ago are ambiguous at best. On Friday, the first federal appeals court to consider the topic will hear oral arguments (PDF) in a case that could establish new standards for locating wireless devices.
In that case, the Obama administration has argued that warrantless tracking is permitted because Americans enjoy no “reasonable expectation of privacy” in their–or at least their cell phones’–whereabouts. U.S. Department of Justice lawyers say that “a customer’s Fourth Amendment rights are not violated when the phone company reveals to the government its own records” that show where a mobile device placed and received calls.
Those claims have alarmed the ACLU and other civil liberties groups, which have opposed the Justice Department’s request and plan to tell the U.S. Third Circuit Court of Appeals in Philadelphia that Americans’ privacy deserves more protection and judicial oversight than what the administration has proposed.
“This is a critical question for privacy in the 21st century,” says Kevin Bankston, an attorney at the Electronic Frontier Foundation who will be arguing on Friday. “If the courts do side with the government, that means that everywhere we go, in the real world and online, will be an open book to the government unprotected by the Fourth Amendment.”
Not long ago, the concept of tracking cell phones would have been the stuff of spy movies. In 1998’s “Enemy of the State,” Gene Hackman warned that the National Security Agency has “been in bed with the entire telecommunications industry since the ’40s–they’ve infected everything.” After a decade of appearances in “24” and “Live Free or Die Hard,” location-tracking has become such a trope that it was satirized in a scene with Seth Rogen from “Pineapple Express” (2008).
Once a Hollywood plot, now ‘commonplace’
Whether state and federal police have been paying attention to Hollywood, or whether it was the other way around, cell phone tracking has become a regular feature in criminal investigations. It comes in two forms: police obtaining retrospective data kept by mobile providers for their own billing purposes that may not be very detailed, or prospective data that reveals the minute-by-minute location of a handset or mobile device.
Gidari says that the Third Circuit case could have a significant impact on police investigations within the court’s jurisdiction, namely Delaware, New Jersey, and Pennsylvania; it could be persuasive beyond those states. But, he cautions, “if the privacy groups win, the case won’t be over. It will certainly be appealed.”
CNET was the first to report on prospective tracking in a 2005 news article. In a subsequent Arizona case, agents from the Drug Enforcement Administration tracked a tractor trailer with a drug shipment through a GPS-equipped Nextel phone owned by the suspect. Texas DEA agents have used cell site information in real time to locate a Chrysler 300M driving from Rio Grande City to a ranch about 50 miles away. Verizon Wireless and T-Mobile logs showing the location of mobile phones at the time calls became evidence in a Los Angeles murder trial.
And a mobile phone’s fleeting connection with a remote cell tower operated by Edge Wireless is what led searchers to the family of the late James Kim, a CNET employee who died in the Oregon wilderness in 2006 after leaving a snowbound car to seek help.
The way tracking works is simple: mobile phones are miniature radio transmitters and receivers. A cellular tower knows the general direction of a mobile phone (many cell sites have three antennas pointing in different directions), and if the phone is talking to multiple towers, triangulation yields a rough location fix. With this method, accuracy depends in part on the density of cell sites.
The Federal Communications Commission’s “Enhanced 911” (E911) requirements allowed rough estimates to be transformed into precise coordinates. Wireless carriers using CDMA networks, such as Verizon Wireless and Sprint Nextel, tend to use embedded GPS technology to fulfill E911 requirements. AT&T and T-Mobile comply with E911 regulations using network-based technology that computes a phone’s location using signal analysis and triangulation between towers.
T-Mobile, for instance, uses a GSM technology called Uplink Time Difference of Arrival, or U-TDOA, which calculates a position based on precisely how long it takes signals to reach towers. A company called TruePosition, which provides U-TDOA services to T-Mobile, boasts of “accuracy to under 50 meters” that’s available “for start-of-call, midcall, or when idle.”
A 2008 court order to T-Mobile in a criminal investigation of a marriage fraud scheme, which was originally sealed and later made public, says: “T-Mobile shall disclose at such intervals and times as directed by (the Department of Homeland Security), latitude and longitude data that establishes the approximate positions of the Subject Wireless Telephone, by unobtrusively initiating a signal on its network that will enable it to determine the locations of the Subject Wireless Telephone.”
‘No reasonable expectation of privacy’
In the case that’s before the Third Circuit on Friday, the Bureau of Alcohol, Tobacco, Firearms and Explosives, or ATF, said it needed historical (meaning stored, not future) phone location information because a set of suspects “use their wireless telephones to arrange meetings and transactions in furtherance of their drug trafficking activities.”
U.S. Magistrate Judge Lisa Lenihan in Pennsylvania denied the Justice Department’s attempt to obtain stored location data without a search warrant; prosecutors had invoked a different legal procedure. Lenihan’s ruling, in effect, would require police to obtain a search warrant based on probable cause–a more privacy-protective standard.
Lenihan’s opinion (PDF)–which, in an unusual show of solidarity, was signed by four other magistrate judges–noted that location information can reveal sensitive information such as health treatments, financial difficulties, marital counseling, and extra-marital affairs.
In its appeal to the Third Circuit, the Justice Department claims that Lenihan’s opinion “contains, and relies upon, numerous errors” and should be overruled. In addition to a search warrant not being necessary, prosecutors said, because location “records provide only a very general indication of a user’s whereabouts at certain times in the past, the requested cell-site records do not implicate a Fourth Amendment privacy interest.”
The Obama administration is not alone in making this argument. U.S. District Judge William Pauley, a Clinton appointee in New York, wrote in a 2009 opinion that a defendant in a drug trafficking case, Jose Navas, “did not have a legitimate expectation of privacy in the cell phone” location. That’s because Navas only used the cell phone “on public thoroughfares en route from California to New York” and “if Navas intended to keep the cell phone’s location private, he simply could have turned it off.”
(Most cases have involved the ground rules for tracking cell phone users prospectively, and judges have disagreed over what legal rules apply. Only a minority has sided with the Justice Department, however.)
Cellular providers tend not to retain moment-by-moment logs of when each mobile device contacts the tower, in part because there’s no business reason to store the data, and in part because the storage costs would be prohibitive. They do, however, keep records of what tower is in use when a call is initiated or answered–and those records are generally stored for six months to a year, depending on the company.
Verizon Wireless keeps “phone records including cell site location for 12 months,” Drew Arena, Verizon’s vice president and associate general counsel for law enforcement compliance, said at a federal task force meeting in Washington, D.C. last week. Arena said the company keeps “phone bills without cell site location for seven years,” and stores SMS text messages for only a very brief time.
Gidari, the Seattle attorney, said that wireless carriers have recently extended how long they store this information. “Prior to a year or two ago when location-based services became more common, if it were 30 days it would be surprising,” he said.
The ACLU, EFF, the Center for Democracy and Technology, and University of San Francisco law professor Susan Freiwald argue that the wording of the federal privacy law in question allows judges to require the level of proof required for a search warrant “before authorizing the disclosure of particularly novel or invasive types of information.” In addition, they say, Americans do not “knowingly expose their location information and thereby surrender Fourth Amendment protection whenever they turn on or use their cell phones.”
“The biggest issue at stake is whether or not courts are going to accept the government’s minimal view of what is protected by the Fourth Amendment,” says EFF’s Bankston. “The government is arguing that based on precedents from the 1970s, any record held by a third party about us, no matter how invasively collected, is not protected by the Fourth Amendment.”
Update 10:37 a.m. PT: A source inside the U.S. Attorney’s Office for the northern district of Texas, which prosecuted the Scarecrow Bandits mentioned in the above article, tells me that this was the first and the only time that the FBI has used the location-data-mining technique to nab bank robbers. It’s also worth noting that the leader of this gang, Corey Duffey, was sentenced last month to 354 years (not months, but years) in prison. Another member is facing 140 years in prison.