Thursday, December 16, 2010

Court Rebuffs Obama on Warrantless Cell-Site Tracking

Archive for the ‘Surveillance’ Category

Court Rebuffs Obama on Warrantless Cell-Site Tracking

A federal appeals court on Wednesday rejected the Obama administration’s contention that the government is never required to get a court warrant to obtain cell-site information that mobile-phone carriers retain on their customers.

The decision by the 3rd U.S. Circuit Court of Appeals is one in a string of court decisions boosting Americans’ privacy (.pdf) in the digital age — rulings the government fought against. The most significant and recent decision came Tuesday, when a different federal appeals court said for the first time the government must obtain a court warrant for an internet service provider to grant the authorities access to a suspect’s e-mail.

The case that concluded Wednesday concerns historical cell-site location information, which carriers usually retain for about 18 months. The data identifies the cell tower the customer was connected to at the beginning of a call and at the end of the call — and is often used in criminal prosecutions and investigations.

Continue Reading “Court Rebuffs Obama on Warrantless Cell-Site Tracking” »

Warrant Needed to Get Your E-Mail, Appeals Court Says

The government must obtain a court warrant to require internet service providers to turn over stored e-mail to the authorities, a federal appeals court ruled Tuesday.

The decision by the 6th U.S. Circuit Court of Appeals was the first time an appellate court said Americans had that Fourth Amendment protection.

“The government may not compel a commercial ISP to turn over the contents of a subscriber’s e-mails without first obtaining a warrant based on probable cause” (.pdf), the appeals court ruled. The decision — one stop short of the Supreme Court — covers Kentucky, Michigan, Ohio and Tennessee.

Kevin Bankston, a privacy attorney with the Electronic Frontier Foundation, applauded the decision.

“I expect e-mail providers across the country will comply with this,” he said in a telephone interview.

The legal brouhaha centered on Steven Warshak, founder of an Ohio herbal-supplement company that marketed male-enhancement tablets. As part of a fraud investigation, the government obtained thousands of his e-mails from his ISP without a warrant.

He appealed his 25-year conviction on those and other grounds, and the circuit court tossed his sentence on issues unrelated to the court’s language concerning e-mail privacy.

At issue in Warshak’s e-mail flap was a 1986 law that allows the government to obtain a suspect’s e-mail from an internet service provider or webmail provider without a probable-cause warrant, once it’s been stored for 180 days or more. The appeals court said Tuesday that this part of the Stored Communications Act is unconstitutional.

Continue Reading “Warrant Needed to Get Your E-Mail, Appeals Court Says” »

Video Barbie in FBI Cross Hairs

A Barbie doll tricked out with a video camera concealed in her necklace could be used by predators to create child pornography, warns the FBI in a recent cybercrime alert.

In the alert, mistakenly released to the press, the FBI expressed concern that the toy’s camera, which can capture 30 minutes of video and rivals a Canon 7D in quality (see above), could be used to lure children and surreptitiously film child pornography. Barbie and other dolls have been used in the past by sexual predators to attract victims.

According to ABC News, which obtained a copy of the memo, the FBI appears to have opened an investigation into the doll.

Mattel, the maker of Barbie Video Girl, noted in a statement that the FBI didn’t say it knew of any cases where the Barbie camera had been used for such nefarious purposes.

But a sheriff’s spokesman told ABC News that the FBI alert will be helpful for drawing attention to investigators collecting evidence at a crime scene.

“When we’re doing a search warrant looking for media that a child pornographer may have used, we’re gonna have to put Barbie on the list just like any other cameras [and] computers,” said Sgt. John Urquhart from the King County Sheriff’s Department in Washington state.

Feds Warrantlessly Tracking Americans’ Credit Cards in Real Time

Federal law enforcement agencies have been tracking Americans in real-time using credit cards, loyalty cards and travel reservations without getting a court order, a new document released under a government sunshine request shows.

The document, obtained by security researcher Christopher Soghoian, explains how so-called “Hotwatch” orders allow for real-time tracking of individuals in a criminal investigation via credit card companies, rental car agencies, calling cards, and even grocery store loyalty programs. The revelation sheds a little more light on the Justice Department’s increasing power and willingness to surveil Americans with little to no judicial or Congressional oversight.

For credit cards, agents can get real-time information on a person’s purchases by writing their own subpoena, followed up by a order from a judge that the surveillance not be disclosed. Agents can also go the traditional route — going to a judge, proving probable cause and getting a search warrant — which means the target will eventually be notified they were spied on.

The document suggests that the normal practice is to ask for all historical records on an account or individual from a credit card company, since getting stored records is generally legally easy. Then the agent sends a request for “Any and all records and information relating directly or indirectly to any and all ongoing and future transactions or events relating to any and all of the following person(s), entitities, account numbers, addresses and other matters…” That gets them a live feed of transaction data.

Continue Reading “Feds Warrantlessly Tracking Americans’ Credit Cards in Real Time” »

Air Travelers Opting Out of Opting Out

A grassroots opt-out protest planned at airports around the country appears to have fizzled, as early reports indicate that most travelers on Wednesday were opting out of opting out of fully body scans.

The protest, called by groups such as WeWontFly.com, encouraged airline passengers to opt out of X-ray scanners and to register their disapproval of new TSA procedures for conducting physical pat-downs — the required alternative for those who opt out of the scanners. Protesters were also expected to appear at 27 airports to pass out flyers reading, “You have the right to say, ‘No radiation strip search! No groping of genitals!’ Say, ‘I opt out.’”

But at the American Airlines terminal at San Francisco International Airport security checkpoints were orderly and fast Wednesday, and no protesters were in evidence.

Passengers in one checkpoint queue were directed randomly to pass through either a standard metal detector or a ProVision millimeter wave body scanner. In a second queue, the type of screening depended on which conveyor belt the traveler lined up at: The right one went through a body scan, the left, with rare exception, put passengers through the metal detector.

Threat Level observed 30 passengers submit to the ProVision scan without obvious protest or a single opt-out, though screeners diverted one woman headed for the the naked scanner into the metal detector instead, likely because of the small dog she was carrying in her arms.

Full-body scanners are currently being used in these 68 airports, according to the TSA. Some passengers and civil liberties groups have criticized the TSA for using the scanners, citing privacy and radiation concerns. They’ve also called the pat-downs — which involve TSA agents using open hands and fingers to search genital and chest areas — invasive and humiliating.

The protest was called for Wednesday, the day before the Thanksgiving holiday and traditionally one of the busiest air travel days of the year. About 1.6 million people were expected to fly over the holiday, according to the American Automobile Association. The TSA had urged passengers not to participate in the protest, since it would slow security lines considerably if numerous passengers refused to go through the scanners, causing delays and chaos for all passengers.

But it appears those fears went unrealized as airports around the country reported no security delays and indicated few passengers were opting out of the scanners.

Continue Reading “Air Travelers Opting Out of Opting Out” »

Another Hacker’s Laptop, Cellphones Searched at Border

moxie-marlinspike

A well-known and respected computer-security researcher was detained for several hours Wednesday night by border agents who searched his laptop and cellphones before returning them to him.

The researcher, who goes by the hacker handle Moxie Marlinspike, was met by two U.S. Customs and Border Protection agents at the door of his plane when he arrived at JFK airport on a Jet Blue flight from the Dominican Republic. The agents escorted him to a detention room where they held him for 4 1/2 hours, he says. During that time, a forensic investigator arrived and seized Marlinspike’s laptop and two cellphones, and asked for his passwords to access his devices.

Marlinspike refused, and the devices were later returned to him.

“I can’t trust any of these devices now,” says Marlinspike, who prefers not to divulge his legal name. “They could have modified the hardware or installed new keyboard firmware.”

Marlinspike gained attention last year at the Black Hat security conference in Las Vegas when he revealed a serious vulnerability in how internet browsers verify digital security certificates. The flaw would let a hacker create a fake website for Bank of America or some other legitimate business, obtain a fake digital certificate and trick a browser into thinking the fake site was the legitimate one, allowing the hacker to conduct a phishing attack against unsuspecting users who entered their bank credentials into the fake site. He released two free tools that would help an attacker conduct such an attack.

Three months later, PayPal froze his account with $500 in it because the company objected to the use of its logo on his website, where visitors could download the free tools. A PayPal representative said at the time that the company did not allow PayPal “to be used in the sale or dissemination of tools which have the sole purpose to attack customers and illegally obtain individual customer information.”

The border search comes on the heels of two similar incidents targeting other white hat hackers. In July, security researcher Jake Appelbaum was intercepted at a New Jersey airport and detained. And earlier this month, MIT researcher David House had his laptop seized when he deplaned at Chicago’s O’Hare Airport on his way back from Mexico.

Under the “border search exception” of United States criminal law, international travelers can be searched without a warrant as they enter the United States. Under the Obama administration, law enforcement agents have aggressively used this power to search travelers’ laptops, sometimes copying the hard drive before returning the computer to its owner. Courts have ruled that such laptop searches can take place even in the absence of any reasonable suspicion of wrongdoing.

Continue Reading “Another Hacker’s Laptop, Cellphones Searched at Border” »

Group Demands Immediate Halt of Full-Body Airport Scanners

A leading privacy group is urging a federal appeals court to suspend the government’s program of introducing full-body imaging machines at airports across the country.

The Transportation Security Administration began deploying 450 of them in March to dozens of airports nationwide.

“The suspicionless search of all airport travelers in this most invasive way violates the reasonableness standard contained in the Fourth Amendment,” Marc Rotenberg, executive director of the Electronic Privacy Information Center, said Tuesday. He said the devices, costing $1 billion, were designed “to store and record and transmit the unfiltered image of the naked human body. ”

The government is expected to respond next month to the U.S. Court of Appeals for the District of Columbia Circuit.

A test image shown to reporters at Logan International this spring “showed the blurry outline of a female volunteer,” The Associated Press reported at the time. “None of her clothing was visible, nor were her genitals, but the broad contours of her chest and buttocks were. Her face also was blurred.”

The constitutional challenge aside, EPIC also charges that the Department of Homeland Security, in rolling out the devices, violated a host of bureaucratic policies requiring public review, including the Administrative Procedures Act.

Continue Reading “Group Demands Immediate Halt of Full-Body Airport Scanners” »

Feds Let Google Off With Warning for Wi-Fi–Sniffing Cars

Federal regulators on Wednesday closed their investigation into Google’s collection of Wi-Fi traffic, without imposing any sanctions on the company.

Google discovered earlier this year, after inquiries from German data authorities, that it had been eavesdropping on open Wi-Fi networks from its Street View mapping cars, which had been equipped with Wi-Fi–sniffing hardware to record the names and MAC addresses of routers to improve Google services. In some cases, Google vacuumed in full e-mails as well as unsecured passwords.

While the company quickly admitted that it had made a mistake and temporarily grounded its fleet of mapping vehicles, the company faced a number of investigations around the world, as well as class-action lawsuits, some of which continue.

But, on Wednesday, the Federal Trade Commission told the search giant it was closing its investigation (.pdf) without assessing any penalties. It noted: “Google has recently announced improvements to its internal processes to address some of the concerns raised above, including appointing a director of privacy for engineering and product management, adding core privacy training for key employees, and incorporating a formal privacy review process into the design phases of new initiatives.”

Google said its cars were supposed to collect only the names of and identifying information from Wi-Fi routers, which it uses as an ad-hoc GPS system to localize searches for mobile users. The company said it inadvertently captured internet traffic as well, but never looked at it. While it has apologized for the collection, Google is arguing in court that Wi-Fi sniffing is not illegal.

Continue Reading “Feds Let Google Off With Warning for Wi-Fi–Sniffing Cars” »

School District Pays $610,000 to Settle Webcam Spying Lawsuits

A suburban Philadelphia school district is agreeing to pay $610,000 to settle two lawsuits brought by students who were victims of a webcam spying scandal in which high school-issued laptops secretly snapped thousands of pictures of pupils.

The agreed payout by the Lower Merion School District comes two months after federal authorities announced they would not prosecute administrators.

Prosecutors and the FBI opened an inquiry following a February privacy lawsuit accusing administrators of spying on students with webcams on the 2,300 district-issued MacBooks. The lawyers who filed lawsuits on behalf of two students acquired evidence in pretrial proceedings showing that the district secretly snapped thousands of webcam images of students, including pictures of youths at home, in bed or even “partially dressed.”

Continue Reading “School District Pays $610,000 to Settle Webcam Spying Lawsuits” »

Caught Spying on Student, FBI Demands GPS Tracker Back

A California student got a visit from the FBI this week after he found a secret GPS tracking device on his car, and a friend posted photos of it online. The post prompted wide speculation about whether the device was real, whether the young Arab-American was being targeted in a terrorism investigation and what the authorities would do.

It took just 48 hours to find out: The device was real, the student was being secretly tracked and the FBI wanted its expensive device back, the student told Wired.com in an interview Wednesday.

The answer came when half-a-dozen FBI agents and police officers appeared at Yasir Afifi’s apartment complex in Santa Clara, California, on Tuesday demanding he return the device.

Afifi, a 20-year-old U.S.-born citizen, cooperated willingly and said he’d done nothing to merit attention from authorities. Comments the agents made during their visit suggested he’d been under FBI surveillance for three to six months.

An FBI spokesman wouldn’t acknowledge that the device belonged to the agency or that agents appeared at Afifi’s house.

“I can’t really tell you much about it, because it’s still an ongoing investigation,” said spokesman Pete Lee, who works in the agency’s San Francisco headquarters.

Afifi, the son of an Islamic-American community leader who died a year ago in Egypt, is one of only a few people known to have found a government-tracking device on their vehicle.

His discovery comes in the wake of a recent ruling by the 9th U.S. Circuit Court of Appeals saying it’s legal for law enforcement to secretly place a tracking device on a suspect’s car without getting a warrant, even if the car is parked in a private driveway.

Brian Alseth from the American Civil Liberties Union in Washington state contacted Afifi after seeing pictures of the tracking device posted online and told him the ACLU had been waiting for a case like this to challenge the ruling.

“This is the kind of thing we like to throw lawyers at,” Afifi said Alseth told him.

“It seems very frightening that the FBI have placed a surveillance-tracking device on the car of a 20-year-old American citizen who has done nothing more than being half-Egyptian,” Alseth told Wired.com.

Afifi, a business marketing student at Mission College in Santa Clara, discovered the device last Sunday when he took his car to a local garage for an oil change. When a mechanic at Ali’s Auto Care raised his Ford Lincoln LS on hydraulic lifts, Afifi saw a wire sticking out near the right rear wheel and exhaust.

Garage owner Mazher Khan confirmed for Wired.com that he also saw it. A closer inspection showed it connected to a battery pack and transmitter, which were attached to the car with a magnet. Khan asked Afifi if he wanted the device removed and when Afifi said yes, Khan pulled it easily from the car’s chassis.

“I wouldn’t have noticed it if there wasn’t a wire sticking out,” Afifi said.

Later that day, a friend of Afifi’s named Khaled posted pictures of the device at Reddit, asking if anyone knew what it was and if it meant the FBI “is after us.” (Reddit is owned by CondeNast Digital, which also owns Wired.com).

“My plan was to just put the device on another car or in a lake,” Khaled wrote, “but when you come home to 2 stoned off-their-asses people who are hearing things in the device and convinced it’s a bomb you just gotta be sure.”

A reader quickly identified it as an Orion Guardian ST820 tracking device made by an electronics company called Cobham, which sells the device only to law enforcement.

No one was available at Cobham to answer Wired.com’s questions, but a former FBI agent who looked at the pictures confirmed it was a tracking device.

The former agent, who asked not to be named, said the device was an older model of tracking equipment that had long ago been replaced by devices that don’t require batteries. Batteries die and need to be replaced if surveillance is ongoing so newer devices are placed in the engine compartment and hardwired to the car’s battery so they don’t run out of juice. He was surprised this one was so easily found.

“It has to be able to be removed but also stay in place and not be seen,” he said. “There’s always the possibility that the car will end up at a body shop or auto mechanic, so it has to be hidden well. It’s very rare when the guys find them.”

He said he was certain that agents who installed it would have obtained a 30-day warrant for its use.

Afifi considered selling the device on Craigslist before the FBI showed up. He was in his apartment Tuesday afternoon when a roommate told him “two sneaky-looking people” were near his car. Afifi, already heading out for an appointment, encountered a man and woman looking at his vehicle outside. The man asked if Afifi knew his registration tag was expired. When Afifi asked if it bothered him, the man just smiled. Afifi got into his car and headed for the parking lot exit when two SUVs pulled up with flashing lights carrying four police officers in bullet-proof vests.

The agent who initially spoke with Afifi identified himself then as Vincent and told Afifi, “We’re here to recover the device you found on your vehicle. It’s federal property. It’s an expensive piece, and we need it right now.”

Afifi asked, “Are you the guys that put it there?” and the agent replied, “Yeah, I put it there.” He told Afifi, “We’re going to make this much more difficult for you if you don’t cooperate.”

No comments:

BLOG ARCHIVE