Cops: U.S. law should require logs of your text messages

(CNET)   Silicon Valley firms and privacy groups want Congress to update a 1986-era electronic privacy law. But if a law enforcement idea set to be presented today gets attached, support for the popular proposal would erode.

AT&T, Verizon Wireless, Sprint, and other wireless providers would be required to capture and store Americans’ confidential text messages, according to a proposal that will be presented to a congressional panel today.

The law enforcement proposal would require wireless providers torecord and store customers’ SMS messages — a controversial idea akin to requiring them to surreptitiously record audio of their customers’ phone calls — in case police decide to obtain them at some point in the future.

“Billions of texts are sent every day, and some surely contain key evidence about criminal activity,” Richard Littlehale from the Tennessee Bureau of Investigation will tell Congress, according to a copy (PDF) of his prepared remarks. “In some cases, this means that critical evidence is lost. Text messaging often plays a big role in investigations related to domestic violence, stalking, menacing, drug trafficking, and weapons trafficking.”

Littlehale’s recommendations echo a recommendation that a constellation of law enforcement groups, including the Major Cities Chiefs Police Association, the National District Attorneys’ Association, and the National Sheriffs’ Association, made to Congress in December, which was first reported by CNET.

They had asked that an SMS retention requirement be glued onto any new law designed to update the 1986 Electronic Communications Privacy Act for the cloud computing era — a move that would complicate debate over such a measure and erode support for it among civil libertarians and the technology firms lobbying for a rewrite.

Today’s hearing before a House Judiciary subcommittee chaired by Rep. Jim Sensenbrenner (R-Wisc.) is designed to evaluate how ECPA should be upgraded. CNET reported yesterday that the Justice Department is proposing that any ECPA changes expand government surveillance powers over e-mail messages, Twitter direct messages, and Facebook direct messages in some ways, while limiting it in others. A Google representative is also testifying.

While the SMS retention proposal could open a new front in Capitol Hill politicking over electronic surveillance, the concept of mandatory data retention is hardly new. The Justice Department under President Obama has publicly called for new laws requiring Internet service providers to record data about their customers, and a House panelapproved such a requirement in 2011.

Wireless providers’ current SMS retention policies vary. An internal Justice Department document (PDF) that the ACLU obtained through the Freedom of Information Act shows that, as of 2010, AT&T, T-Mobile, and Sprint did not store the contents of text messages. Verizon did for up to five days, a change from its earlier no-logs-at-all position, and Virgin Mobile kept them for 90 days. The carriers generally kept metadata such as the phone numbers associated with the text for 90 days to 18 months; AT&T was an outlier, keeping it for as long as seven years.

An e-mail message from a detective in the Baltimore County Police Department, leaked by Antisec and reproduced in a 2011 Wired article, says that Verizon keeps “text message content on their servers for 3-5 days.” And: “Sprint stores their text message content going back 12 days and Nextel content for 7 days. AT&T/Cingular do not preserve content at all. Us Cellular: 3-5 days Boost Mobile LLC: 7 days”

During a criminal prosecution of a man for suspected murder of a 6-year-old boy, police in Cranston, R.I., tried to obtain copies of a customer’s text messages from T-Mobile and Verizon. Superior Court Judge Judith Savage said at the time that, although she was “not unfamiliar with cell phones and text messaging,” she “was stunned” to learn that providers had such different policies.

Littlehale also proposed that any attempt to update ECPA include revised “emergency” language that would allow police to demand records from providers without search warrants in some cases.

Chris Calabrese, legislative counsel for the ACLU, says he’s skeptical about expanding emergency access. “Emergency can’t be a magic word,” he says. “Emergencies have to be documented subsequently to a judge the same way we would with a wiretap.”

ORIGINAL ARTICLE HERE

Smartphone Searches, Encryption, and the Constitution

January 20, 2011 by  
Filed under Establishing The Police State

(Ryan Radia)   The smartphone is arguably one of the most empowering and revolutionary technologies of the modern era. By putting the processing power of a personal computer and the speed of a broadband connection into a device that fits in a pocket, smartphones have revolutionized how we communicatetravellearngameshop, and more.

Yet smartphones have an oft-overlooked downside: when they end up in the wrong hands, they offer overreaching agents of the state, thieves, hackers, and other wrongdoers an unparalleled avenue for uncovering and abusing the volumes of sensitive personal information we increasingly store on our mobile phones.

Over on Ars Technica, I have a long feature story that examines the constitutional and technical issues surrounding police searches of mobile phones:

Last week, California’s Supreme Court reached a controversial 5-2 decision in People v. Diaz (PDF)holding that police officers may lawfully search mobile phones found on arrested individuals’ persons without first obtaining a search warrant. The court reasoned that mobile phones, like cigarette packs and wallets, fall under the search incident to arrest exception to the Fourth Amendment to the Constitution.

California’s opinion in Diaz is the latest of several recent court rulings upholding warrantless searches of mobile phones incident to arrest. While this precedent is troubling for civil liberties, it’s not a death knell for mobile phone privacy. If you follow a few basic guidelines, you can protect your mobile device from unreasonable search and seizure, even in the event of arrest. In this article, we will discuss the rationale for allowing police to conduct warrantless searches of arrestees, your right to remain silent during police interrogation, and the state of mobile phone security.

You can read the full essay on Ars Technica here. And while you’re at it, I highly recommend watching this informative YouTube video that explains why it’s not a good idea to talk to police:

YouTube Preview Image

http://www.youtube.com/watch?v=6wXkI4t7nuc&feature=player_embedded

http://www.openmarket.org/2011/01/17/smartphone-searches-encryption-and-the-constitution/

Facebook Is Secretly Building A Phone

September 25, 2010 by  
Filed under Featured Stories, Science

(TECHCRUNCH)   Facebook is building a mobile phone, says a source who has knowledge of the project. Or rather, they’re building the software for the phone and working with a third party to actually build the hardware. Which is exactly what Apple and everyone else does, too.

It was a little less than a year ago that we broke the news that Google was working on a phone of its own – which was eventually revealed as the Nexus One. It was about that time, says out source, that Facebook first became concerned about the increasing power of the iPhone and Android platforms. And that awesome Facebook apps for those phones may not be enough to counter a long term competitive threat.

Specifically, Facebook wants to integrate deeply into the contacts list and other core functions of the phone. It can only do that if it controls the operating system.

Two high level Facebook employees – Joe Hewitt and Matthew Papakipos – are said to be secretly working on the project, which is unknown even to most Facebook staff.

Both have deep operating system experience.

Hewitt helped create the Firefox browser and was working on Parakey before it was acquired by Facebook in 2007. Parakey, which never launched, was described as a “Web-based operating system.” Hewitt also created all of Facebook’s iPhone web apps and then native apps, but finally quit building for the iPhone in disgust late last year. But he knows operating systems and he knows mobile.

Papakipos also has a perfect background for this project. He was leading the Google Chrome OS project until June. He then quit and went to Facebook. Papakipos is considered a rockstar developer, and there are any number of jobs he’d be able to do at Facebook.

But that doesn’t answer the question of why he’d leave the Chrome OS project before it was finished. It would have taken something really interesting to lure him away. Something like a Facebook Phone, for example.

So what might this phone look and feel like? We don’t know yet. When will it be announced? Don’t know. But I’d speculate that it would be a lower end phone, something very affordable, that lets people fully integrate into their Facebook world. You call your friend’s name, not some ancient seven digit code, for example. I’d imagine Facebook wanting these things to get into as many hands as possible, so I’d expect a model at a less than $50 price. Pay your bill with Facebook Credits. Etc.

As for timing, the holiday season is always a good time to launch new products. But that may be too soon.

Or who knows, the whole project might get killed before it sees light. All we know for sure is that Hewitt and Papakipos are working on something very stealthy together. And we have a source that tells us that stealthy thing is a Facebook phone.

We’re also not discounting possible partnerships around this. Spotify was said to be working on a phone with INQ last year based on a shared investor, Li Ka-Shing. It turns out Li Ka-Shing is also a sizeable investor in Facebook. So an INQ/Facebook partnership on a phone certainly wouldn’t be a surprise.

http://techcrunch.com/2010/09/19/facebook-is-secretly-building-a-phone/