Tweet
URL1=http://www.wired.com/threatlevel/2012/08/warrantless-gps-phone-tracking/
This is an interesting rationalization of why this justice believes use of GPS information from phones as not requiring a warrant.
Using the "scent" metaphor, content that is passed on wireless networks can be legally read and examined by people too. We have no control over what we smell. When we are at any location, whatever smells are in the air, are what we smell. So, when you are in Starbucks and happen to "sniff" a wireless network, grabbing usernames and passwords or other credentials, is this, too acceptable? How invasive can we be to gather such information? Is passive the only method we can legally use?
This would also suggest the google "war driving" and capture of wireless access point content, and location information for each access point is legal, as their receiver is only "sniffing" what is in the air, and the government's view is that is not protected by any privacy restrictions for law enforcement. (A view for this: Either "private" information is protected, or it is not. If we view information a not protected by privacy laws when law enforcement seeks to examine it, then should the same information also not be protected by privacy laws when non-law enforcement citizens also review the same data?
I am not well versed in Cell phone communication. I have read a little bit on data communications on different mobile networks as part of working with kernel drivers for broadband cards for Internet access, but am no expert. Just because I do not know of GPS information being passed as a routine part of phone network communication at Layer 2 does not mean it does not exist. I'll work on the assumption that GPS location information is NOT required a a transmitted part for "normal" cell phone communication with any provider. (GPS Information was not required in cell phones that did not have GPS receivers, so it should not be required now.)
Some applications on modern phones transmit location information with applications like those that use maps.google.com. Use of these kinds of applications do transmit GPS data at Layer 7 as a normal part of operation, and the default is to leave this enabled.
Let's assume that a phone is configured to use no GPS-enabling applications downloaded/installed by the owner, and the owner has disabled the option to allow applications access to GPS information. (Layer 7 and OS permissions.)
Let's also assume the phone does not transmit GPS location information as part of operating on the mobile network. (Layer 2)
Let's also assume most phones have a GPS receiver to compute location, and this information is available to the phone's OS. (Layer 1)
Would this court decision make it legal for Law Enforcement to demand a mobile service provider use any installed software backdoors (for diagnostics, trouble shooting, maintenance loop, etc.) such as Carrier IQ ( URL2=http://www.washingtonpost.com/business/technology/what-is-carrier-iq/2011/12/01/gIQApql1GO_story.html ) to force your phone to transmit its present GPS location information even if:
1) You have configured it to not be used (or)
2) You are not presently using it?
As many of you know, extended use of GPS features with things like "maps.google.com" can be a significant drain on your phone's battery. Also, asking a phone to receive and send data not requested by the owner is a theft of service. It seems to me that this makes it legal for law enforcement to commit "theft of service" by proxy without the strict judicial oversight as required by warrants.
If Law Enforcement are not the ones actually performing the request for location information, but the mobile network provider is performing this check, and this is part of their ToS and contract, is this a legal allowance by proxy?
What about applications that a user chooses to install? Many applications support using GPS data. If the vendor of these applications decides to cooperate with law enforcement, or decides to not legally challenge requests, and instead give-in, is use of their backdoors to pull location information from any user legal, if allowed in the Terms of Service?
If any other citizen attempted to access your computer/phone OS without permission, they would likely risk violating laws like the computer fraud and abuse act.
Considering these, would one branch of the government even consider saying, "no," to a Law Enforcement request of location data from another branch of the government?
URL3=http://www.nytimes.com/2011/05/10/us/10safety.html (May 9, 2011) (Last year)
A thought with this service (as part of news last year) would be to notify smart phone users of emergencies in their area. A cost of signing up for this kind of service could be allowing the federal government to force your phone to transmit its location information. If installation becomes mandatory (like FCC imposed "Emergency Alert System" announcements and tests on broadcast TV) then risks for a long term consequence should be obvious.
URL4=http://slashdot.org/topic/bi/microsoft-and-nypd-pair-for-data-fed-monitoring-system/
In the past, some courts have considered "envelope information" (address of intended recipients and claimed sender) are "free for use without warrant." Many of these cases also claim that the contents of these private messages would be protected.
From this, if GPS location information is transmitted as a normal part of a phone's operation at layer 2, and it is legally considered to be, "envelope information," then it might make sense for the court to find in favor of making this information available to law enforcement without warrant.
Returning to the specific case:
URL5(PDF)=http://www.ca6.uscourts.gov/opinions.pdf/12a0262p-06.pdf
From this description, this is an active request by the carrier, asking the phone to provide its location information. From this description, this is NOT a required or incidental part of Layer2 mobile network communication, as an extra, active step is required to ask the remote device to transmit GPS location data in the ping.
This opens an interesting door. If there is NO reasonable expectation to privacy for active requests for information from a phone, then any ordinary citizen may be able to track anyone else using the same method, and use this in court for other reasons. Maybe demonstration of violation of restraining orders, or for thieves to identify when home owners are not home, or near their home, and how soon they will be back, with proximity alerts.
The concept of "no expectation of privacy" is a double-edged weapon that can be used against everyone, and decreases overall security by exposing previously secret information as legally obtainable and usable in court.
Feel free to comment about security implications, risks to privacy,
Please avoid making this political. Some ideas on how to avoid making things too political, see our evolving thread where we try to identify what is "too political."
Originally posted by URL1
Using the "scent" metaphor, content that is passed on wireless networks can be legally read and examined by people too. We have no control over what we smell. When we are at any location, whatever smells are in the air, are what we smell. So, when you are in Starbucks and happen to "sniff" a wireless network, grabbing usernames and passwords or other credentials, is this, too acceptable? How invasive can we be to gather such information? Is passive the only method we can legally use?
This would also suggest the google "war driving" and capture of wireless access point content, and location information for each access point is legal, as their receiver is only "sniffing" what is in the air, and the government's view is that is not protected by any privacy restrictions for law enforcement. (A view for this: Either "private" information is protected, or it is not. If we view information a not protected by privacy laws when law enforcement seeks to examine it, then should the same information also not be protected by privacy laws when non-law enforcement citizens also review the same data?
I am not well versed in Cell phone communication. I have read a little bit on data communications on different mobile networks as part of working with kernel drivers for broadband cards for Internet access, but am no expert. Just because I do not know of GPS information being passed as a routine part of phone network communication at Layer 2 does not mean it does not exist. I'll work on the assumption that GPS location information is NOT required a a transmitted part for "normal" cell phone communication with any provider. (GPS Information was not required in cell phones that did not have GPS receivers, so it should not be required now.)
Some applications on modern phones transmit location information with applications like those that use maps.google.com. Use of these kinds of applications do transmit GPS data at Layer 7 as a normal part of operation, and the default is to leave this enabled.
Let's assume that a phone is configured to use no GPS-enabling applications downloaded/installed by the owner, and the owner has disabled the option to allow applications access to GPS information. (Layer 7 and OS permissions.)
Let's also assume the phone does not transmit GPS location information as part of operating on the mobile network. (Layer 2)
Let's also assume most phones have a GPS receiver to compute location, and this information is available to the phone's OS. (Layer 1)
Would this court decision make it legal for Law Enforcement to demand a mobile service provider use any installed software backdoors (for diagnostics, trouble shooting, maintenance loop, etc.) such as Carrier IQ ( URL2=http://www.washingtonpost.com/business/technology/what-is-carrier-iq/2011/12/01/gIQApql1GO_story.html ) to force your phone to transmit its present GPS location information even if:
1) You have configured it to not be used (or)
2) You are not presently using it?
As many of you know, extended use of GPS features with things like "maps.google.com" can be a significant drain on your phone's battery. Also, asking a phone to receive and send data not requested by the owner is a theft of service. It seems to me that this makes it legal for law enforcement to commit "theft of service" by proxy without the strict judicial oversight as required by warrants.
If Law Enforcement are not the ones actually performing the request for location information, but the mobile network provider is performing this check, and this is part of their ToS and contract, is this a legal allowance by proxy?
What about applications that a user chooses to install? Many applications support using GPS data. If the vendor of these applications decides to cooperate with law enforcement, or decides to not legally challenge requests, and instead give-in, is use of their backdoors to pull location information from any user legal, if allowed in the Terms of Service?
If any other citizen attempted to access your computer/phone OS without permission, they would likely risk violating laws like the computer fraud and abuse act.
Considering these, would one branch of the government even consider saying, "no," to a Law Enforcement request of location data from another branch of the government?
URL3=http://www.nytimes.com/2011/05/10/us/10safety.html (May 9, 2011) (Last year)
Originally posted by URL3
URL4=http://slashdot.org/topic/bi/microsoft-and-nypd-pair-for-data-fed-monitoring-system/
Originally posted by URL4
From this, if GPS location information is transmitted as a normal part of a phone's operation at layer 2, and it is legally considered to be, "envelope information," then it might make sense for the court to find in favor of making this information available to law enforcement without warrant.
Returning to the specific case:
URL5(PDF)=http://www.ca6.uscourts.gov/opinions.pdf/12a0262p-06.pdf
Originally posted by PDF
Originally posted by PDF
The concept of "no expectation of privacy" is a double-edged weapon that can be used against everyone, and decreases overall security by exposing previously secret information as legally obtainable and usable in court.
Feel free to comment about security implications, risks to privacy,
Please avoid making this political. Some ideas on how to avoid making things too political, see our evolving thread where we try to identify what is "too political."
Comment