DOJ argues its legal to track Americans cell phones even while they're turned off.
The Obama administration will tell federal judges in New Orleans today that warrantless tracking of the location of Americans' mobile devices is perfectly legal.
Federal prosecutors are planning to argue that they should be able to obtain stored records revealing the minute-by-minute movements of mobile users over a 60-day period -- in this case, T-Mobile and MetroPCS customers -- without having to ask a judge to approve a warrant first.
The case highlights how valuable location data is for police, especially when it's tied to devices that millions of people carry with them almost all the time. Records kept by wireless carriers can hint at or reveal medical treatments, political associations, religious convictions, and even whether someone is cheating on his or her spouse.
"It's at a point now where the public awareness about this specific issue is growing," says Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation who will be arguing the pro-privacy side before the Fifth Circuit Court of Appeals this morning.
Today's oral arguments are remarkably timely: on Sunday, California Gov. Jerry Brown, a Democrat, vetoed (PDF) a bill that would have required law enforcement to obtain location warrants. And last week, Rep. Zoe Lofgren, a Democrat representing Silicon Valley, introduced pro-warrant federal legislation.
CNET disclosed the Justice Department's warrantless tracking requests in 2005. More than seven years later, the legal landscape remains unsettled, with two other appeals courts taking differentapproaches, and plenty of lower courts disagreeing. Meanwhile, a coalition of tech companies and advocacy groups including AT&T, Facebook, and Google has been all but begging Congress to update the law to require warrants.
The Justice Department declined to respond to questions from CNET yesterday. James Baker, the associate deputy attorney general, previously told Congress that requiring warrants before police could obtain location data from mobile providers would hinder "the government's ability to obtain important information in investigations of serious crimes."
In a legal brief (PDF) filed before the Fifth Circuit in February, the Justice Department says its position "is consistent with the Fourth Amendment because a customer has no privacy interest in cell-site records, which are business records created and stored by a cell phone provider in its ordinary course of business." It wants location data collected even if the mobile device isn't being used. (The Fourth Amendment prohibits "unreasonable" searches and seizures.)
Lending a boost to arguments made by the EFF and the ACLU -- and, in separate briefs, the Electronic Privacy Information Center and law professor Susan Freiwald -- is a recent ruling by the U.S. Supreme Court on GPS tracking. The January opinion, written by Justice Antonin Scalia, said that the customary law enforcement practice of installing physical GPS bugs on a car for 28 days was a "physical intrusion" and trespass that triggered the Fourth Amendment.
http://news.cnet.com/8301-13578_3-57524109-38/justice-dept-to-defend-warrantless-cell-phone-tracking/
PlaceRaider: The military smartphone malware designed to steal your life.
Robert Templeman at the Naval Surface Warfare Center in Crane, Indiana, and a few pals at Indiana University reveal an entirely new class of ‘visual malware’ capable of recording and reconstructing a user’s environment in 3D. This then allows the theft of virtual objects such as financial information, data on computer screens and identity-related information.
Templeman and co call their visual malware PlaceRaider and have created it as an app capable of running in the background of any smartphone using the Android 2.3 operating system.
http://arxiv.org/pdf/1209.5982.pdf
Their idea is that the malware would be embedded in a camera app that the user would download and run, a process that would give the malware the permissions it needs to take photos and send them.
PlaceRaider then runs in the background taking photos at random while recording the time, location and orientation of the phone. (The malware mutes the phone as the photos are taken to hide the shutter sound, which would otherwise alert the user.)
The malware then performs some simple image filtering to get rid of blurred or dark images taken inside a pocket for example, and sends the rest to a central server. Here they are reconstructed into a 3D model of the user’s space, using additional details such as the orientation and location of the camera.
A malicious user can then browse this space looking for objects worth stealing and sensitive data such as credit card details, identity data or calender details that reveal when the user might be away.
They go on to point out various ways that the operating systems could be made more secure. Perhaps the simplest would be to ensure that the shutter sound cannot be muted, so that the user is always aware when the camera is taking a picture.
However that wouldn't prevent the use of video to record data in silence. Templeman and co avoid this because of the huge amount of data it would produce but it's not hard to imagine that this would be less of a problem in the near future.
The message is clear--this kind of malware is a clear and present danger. It's only a matter of time before this game of cat and mouse becomes more serious.
http://www.technologyreview.com/view/429394/placeraider-the-military-smartphone-malware/
New software uses smartphone camera for spying.
Researchers from the U.S. Naval Surface Warfare Center have developed malicious software that can remotely seize control of the camera on an infected smartphone and employ it to spy on the phone’s user.
The malware, dubbed “PlaceRaider,” “allows remote hackers to reconstruct rich, three-dimensional models of the smartphone owner’s personal indoor spaces through completely opportunistic use of the camera,” the researchers said in a study published last week.
The program uses images from the camera and positional information from the smartphone’s gyroscopic and other sensors to map spaces the phone’s user spends a lot of time in, such as a home or office.
“Remote burglars” could use these three-dimensional models to “study the environment carefully and steal virtual objects [visible to the camera] … such as as financial documents or information on computer monitors,” the researchers reported.
The program they developed for research purposes easily could be disguised by a malicious user as an app — the programs that run on smartphones — and unwittingly downloaded by victims, according to the study, which first was reported by the newsblog ThreatPost.
Because users often do not realize that a smartphone is basically a small computer, and because there are few security products available, smartphones are considered highly vulnerable to hackers.
http://www.washingtontimes.com/news/2012/oct/2/new-software-uses-smartphone-camera-spying/
DOJ’s warrantless spying increased 600 percent in decade.
The Justice Department use of warrantless internet and telephone surveillance methods known as pen register and trap-and-trace has exploded in the last decade, according to government documents the American Civil Liberties obtained via a Freedom of Information Act claim.
Pen registers obtain, in real time, non-content information of outbound telephone and internet communications, such as phone numbers dialed, and the sender and recipient (and sometimes subject line) of an e-mail message. A trap-and-trace acquires the same information, but for inbound communications to a target. No probable-cause warrant is needed to obtain the data. Judges are required to sign off on these orders when the authorities say the information is relevant to an investigation.
In 2001, the DoJ issued only 5,683 reported “original orders.” (.pdf) Fast forward to 2011, the latest year for which data is available, the number skyrocketed to 37,616 — a more than sixfold increase. Though these can be used to track e-mail, the vast majority are used to get information on mobile phone users’ phone calls and texts.
AT&T, the nation’s second-largest mobile carrier, told Congress that it had received 63,100 subpoenas — no judicial oversight required — for customer information in 2007. That more than doubled to 131,400 last year. By contrast, AT&T reported 36,900 court orders for subscriber data in 2007. That number grew to 49,700 court orders last year, a weak growth rate compared to the doubling of subpoenas in the same period.
http://www.wired.com/threatlevel/2012/09/warrantless-surveillance-stats/