What is most distasteful to me is that both the vendor and the police try hard to hide the fact that they are using it. Why hide it if it’s legal? Odds are because they don’t want to be a squeaky wheel that gets greased.
Circumventing a warrant is not legal and if challenged in court, would be overturned.
The goal is to use illegal means, but not have evidence of that illegal means in court.
This is what has been described as "parallel construction". A quaint turn of phrase for when the police use criminal practices to prosecute "criminals".
Welcome to the future
Edit: Please forgive American English phrasing.
[This practice is described as...]
Cell site simulators such as Stingray were challenged in court and rather than explain how they work the evidence was withdrawn. Perhaps they aren't reliable. Gunshot triangulation systems like ShotSpotter aren't reliable either. This tool may be in the same boat.
My interpretation was that LEOs who use Stingrays were required to sign NDAs and the company as well as one of the three-letter-agencies that facilitated them didn’t want the information in public court records.
It’s possible that there is something unconstitutional going on. It’s possible that having the technical specs in court would allow foreign terrorists (for example) to understand how they are being caught.
Whatever it is, it seems incompatible with a democratic republic government. But the democratically elected representatives don’t seem interested in reigning it in.
Stingrays won't be able to give exact location but can determine who's cellphone is in the surrounding area and the signal strength of that phone. If you know who that IMSI belongs to, you could setup the Stingray to alert when the IMSI is near. Then you can drive around checking signal strength and send out an officer with a portable unit to literally go door to door checking for where the signal is strongest. Is it legal? Who knows. Cops can drive around with license plate readers automatically looking for certain plates or just cataloging them. Is a nearby phone being tricked into broadcasting it's IMSI similar to recording a publicly visible license plate? That's for the courts to decide. Cops can do parallel reconstruction where they set aside illegally obtained evidence and build up a new chain of legal investigation that arrives at the same conclusion. I suspect that cops aren't willing to gamble on their Stingray-obtained evidence being constitutional so the easiest route is just to use it as a guiding hand for their official, legal investigation and just never make it part of the evidence so it can't really be challenged.
Legal and moral are two different things, and the police is a public service. Public trust and perception are important because they give legitimacy to government.
My rhetorical question was more a play on the common refrain by police supporters “why not X if you have nothing to hide?” But perhaps was too dry to notice without body language.
True, if you have nothing to hide, then you have nothing to fear. That's why it doesn't matter if the police have the data.
Actually, that's bullshit, as is "Why hide if it's legal?". The obvious answer is that The Court of Public Opinion will convict on many counts that are both legal and ethical.
I don’t like it, but I’m pretty sure third party doctrine makes it legal because they are only using data that is freely available to any paying customer.
I’m curious if the identifier correlation methods would stand up in court…
the problem is LEO shouldnt be able to bypass warrant requirements by purchasing thier way around it. My opinion, if you need a warrant to perform the investigation yourself, you need that warrant regardless of how you are going to obtain that data.
this is very much like a 5 year old asking parent one for something, hearing no, then quietly asking parent 2 trying to double down to get a yes answer; except its much more serious
>. My opinion, if you need a warrant to perform the investigation yourself, you need that warrant regardless of how you are going to obtain that data.
While I agree, I do understand that legally this is somewhat tricky. As long as the data remains publicly available, I can't see how to outlaw law enforcement from getting their hands on it, if we ban the agencies from buying it you'll just see fusion centers or private outreach groups buy it and gift the police.
So do we ban the sale of such data? I'm in favor of that, but it's both going to be really difficult to pass a law that can run ads saying "this bill wants to triple the cost of your cell service" and outlawing the sale could give an advantage to those capabilities of collecting on their own.
Which leaves us with banning the collection of that data, another thing I'm in favor of that I think will be impossible to pass.
This is why, no matter what anyone tells you, FAANG is an effective surveillance arm for the government, even if some of them do not know it yet. Big data remains unchecked because it bypasses rights we are supposed to be guaranteed.
the concept is that a warrant, is court appointed permission to violate legal rights for the scope of the investigation. it should be very simple, if it is determined you need a warrant for search and sieze data,property, statements etc. pertaining to allegations There should be a ban on acting as if judicial oversight is a formality and using a contractor/broker to strawman[!] aquisition of evidence around a warrant requirement.
if there is no warrant demended then cart blanche should apply, the cops can then buy beg phone your friend, rent the apartment beside you etc. for the purpose of discovery pertaining to scope
...........................................
[!] not the HN lexical strawman but more like an FFL strawman
It’s more like: police asking a witness, and them voluntarily talking. Because that’s literally what it is.
A warrant protects your belongings from search and seizure. The unfortunate truth is that when you give data away… you give it away. The internet gives people a false sense of privacy because they can use it from inside of their house. But, telling Google where you parked your car during a bank robbery is no different than telling a newspaper reporter where you parked your car during a bank robbery.
The cloud is, and always has been, someone else’s computer.
The problem is that people's phone applications constantly track their locations, and that we don't regulate information brokers. It's no better for private companies to have access to that data than it is for cops. At least cops are regulated to the extent that people have the ability to ask what they're doing and maybe get a response sometimes.
I mean the problem is that this data is gathered at all.
Secondarily that the data is available for purchase to any old asshole.
That said: Joe Q Public can't arrest me, can't take my shit under the vale of asset forfeiture, can't murder me and walk away under the thinnest of pretenses, can't jail me for a decade before I even see a trial...
Police have much more power than Joe Q Public and must be held to a correspondingly higher standard of responsibility if they are to exist.
This happens at every layer of the security apparatus. There's certain limitations on spying on Americans so the US IC just lets the UK spy on Americans and then asks the UK to give them the data. And the UK does the same vice versa. It's corruption by design from the ground up.
The police don't need a court's permission to investigate or know things about you. They might need various court orders to invade private property, take stuff, or coerce third parties to help them. But they can also just knock & ask nicely.
they often make people feel as if they are obliged, or will be inconveinienced
and when you say i have nothing to discuss with you, and no business to conduct, goodnight, and leave me to my home and family they are supposed to similarily say sorry to bother you and leave.
you have the idea of a warrant on the button, as permission to violate certain legal rights.
I don't have an issue with police being able to request information from companies for their investigations. I do have an issue with our public tax dollars being spent to purchase this information.
In the absence of a financial incentives companies will be less willing to hand over that data and the traditional requirement of a warrant will be utilized as it should be.
Can this data be used for prosecution? How do you prove it’s accurate and not modified? If the PII is claimed to be scrubbed then how do you connect it to the felon? Seems you’d want other supporting info to prosecute with and keep silent on this stuff.
A lot of times information like this is used with parallel construction. So they never need to defend the accuracy of the data in court cause it's mainly used to direct the findings that will presented at trial.
Let me give a hypothetical example, witness says the see a Ford Bronco leaving a murder scene. Police use this data to find all people in the area at the time of the crime. They then look to see which of those people in the area at the time are registered owners of a Ford Bronco. However, instead of presenting this data they used in court court to see was in the area they will then for instance search for instance traffic camera footage. Moreover, since they have detailed location information now know what traffic cameras to check or what gas stations to subpoena for camera footage ect.. Then they probably get a warrant for that persons car and house or start watching that person ect...
However, what gets presented at trial is the Witness saying they saw a Ford Bronco and the camera footage. Nothing about the detailed phone tracking information. Basically parallel construction allows the LEO and the prosecutor avoid what is colloquially called fruit of the poisoned tree.
It is lawfully obtained so yes, but I can see the defense making a good argument otherwise during trial. You subpoeana employees of the company selling you the info to testify and have them maybe produce a chain of custody document for which they will be asked if it is accurate under oath. Depends on what is PII, an IP alone isn't PII for example so if it says IP 1.2.3 4 went to badguy.com at <timestamp> there is no PII there but they can subpoeana the ISP once the traffic is deemed to qualify as probable cause to prove their guy had the IP. The difference being they either obtain the IP with some other means and buy data associated with it or use some destination (could be their trap) and buy all info about traffic to it with very specific parameters without a warrant. But I am neither LE or a lawyer.
Abortion rights in the US were originally based on privacy (the government's right to tell a woman what she could or could not do with her body). Overturning that widened government authority not just over abortion, but 1001 other issues linked to the same core finding. Laws banning sodomy were struck down on the same basis: what two consenting adults do behind closed doors that doesn't affect third parties are a violation of the "right to privacy". The same for interracial marriage.
The same ruling has implications here because the data in question "belongs" to the phone company. But government buying it might violate individuals' right to privacy. Only individuals' right to privacy is now very curtailed.
People think Roe vs Wade was an abortion ruling, but it was really a privacy one, and by overturning it SCOTUS has opened a very large number of social issues to be re-litigated.
I agree it's a stretch to tie it to abortion (and maybe an appeal to emotion/politics?). But there is a link. I wish more people thought about all these issues (plus NSA spying and social media and 101 other things) in terms of one overall right to privacy. It's sort of the issue of our times (which I think West Wing predicted 20+ years ago)
I think abortion is a particularly interesting case. Up until now, it was very difficult to show how bad tracking is - common arguments are "I have nothing to hide", "No one can show me a concrete example of something bad happening", or even "I like ads that are relevant to me".
But now that the publicly available data of women seeking abortions can be used to send them to jail, arguments 1 and 2 are easier to disprove. I'm not aware of any previous pro-privacy argument with such clear connection between cause and consequence.
For the same reason you hear so much talk about "diversity" in the US: it's because of arcane legal arguments in Supreme Court. It's really long and boring, to be honest, but if you are interested, I recommend reading about original reasoning in Roe v. Wade to learn how right to abortion got connected to privacy, and Grutter v. Bollinger about how racial preferences in education and hiring can be washed through the language of "diversity". If the arguments pushed there don't make sense to you (e.g. why does constitutional right to privacy gives you right to abortion until 20+ week, but doesn't give you right to privately use drugs, or e.g. why you're not allowed to discriminate anyone on the basis of race, and in particular you're not allowed to create quotas for racial groups in education admissions, but as soon as you call these quotas "diversity targets", you're allowed to make decisions to reject and admit candidates based on race in order to meet them), that's expected: Roe v. Wade has recently been overruled, and Grutter v. Bollinger will probably be overruled soon.
Yet another example of why privacy never really existed and the Third Party Doctrine was terrible for civil rights protections.
Perhaps the move towards SBOM will help us identify which libraries sell position location to which brokers so there can be more transparency and competition for privacy features.
It’s sad that legislators are asleep at the wheel here and that the FTC / State Attorneys General are so slow to sue.
Yeah, I suppose the data broker ecosystem is so incestuous it would be hard to know/disambiguate the path of data flow without more transparency in of the data broker APIs/contracts.
“By design” implies someone set out with that intention. My belief is that incentives are aligned so no state actor has significant reason to change the status quo.
Readit News
https://arstechnica.com/tech-policy/2022/09/cops-wanted-to-k...
What is most distasteful to me is that both the vendor and the police try hard to hide the fact that they are using it. Why hide it if it’s legal? Odds are because they don’t want to be a squeaky wheel that gets greased.
The goal is to use illegal means, but not have evidence of that illegal means in court.
This is what has been described as "parallel construction". A quaint turn of phrase for when the police use criminal practices to prosecute "criminals".
Welcome to the future
Edit: Please forgive American English phrasing. [This practice is described as...]
My interpretation was that LEOs who use Stingrays were required to sign NDAs and the company as well as one of the three-letter-agencies that facilitated them didn’t want the information in public court records.
It’s possible that there is something unconstitutional going on. It’s possible that having the technical specs in court would allow foreign terrorists (for example) to understand how they are being caught.
Whatever it is, it seems incompatible with a democratic republic government. But the democratically elected representatives don’t seem interested in reigning it in.
They also pick up conversations which have later been used as evidence: https://www.southcoasttoday.com/story/news/crime/2012/01/11/...
Dead Comment
Legal and moral are two different things, and the police is a public service. Public trust and perception are important because they give legitimacy to government.
Agree with your statement.
True, if you have nothing to hide, then you have nothing to fear. That's why it doesn't matter if the police have the data.
Actually, that's bullshit, as is "Why hide if it's legal?". The obvious answer is that The Court of Public Opinion will convict on many counts that are both legal and ethical.
I’m curious if the identifier correlation methods would stand up in court…
this is very much like a 5 year old asking parent one for something, hearing no, then quietly asking parent 2 trying to double down to get a yes answer; except its much more serious
While I agree, I do understand that legally this is somewhat tricky. As long as the data remains publicly available, I can't see how to outlaw law enforcement from getting their hands on it, if we ban the agencies from buying it you'll just see fusion centers or private outreach groups buy it and gift the police.
So do we ban the sale of such data? I'm in favor of that, but it's both going to be really difficult to pass a law that can run ads saying "this bill wants to triple the cost of your cell service" and outlawing the sale could give an advantage to those capabilities of collecting on their own.
Which leaves us with banning the collection of that data, another thing I'm in favor of that I think will be impossible to pass.
Deleted Comment
if there is no warrant demended then cart blanche should apply, the cops can then buy beg phone your friend, rent the apartment beside you etc. for the purpose of discovery pertaining to scope
...........................................
[!] not the HN lexical strawman but more like an FFL strawman
A warrant protects your belongings from search and seizure. The unfortunate truth is that when you give data away… you give it away. The internet gives people a false sense of privacy because they can use it from inside of their house. But, telling Google where you parked your car during a bank robbery is no different than telling a newspaper reporter where you parked your car during a bank robbery.
The cloud is, and always has been, someone else’s computer.
The problem here is this data should not be sold to Joe Q Public.
That said: Joe Q Public can't arrest me, can't take my shit under the vale of asset forfeiture, can't murder me and walk away under the thinnest of pretenses, can't jail me for a decade before I even see a trial...
Police have much more power than Joe Q Public and must be held to a correspondingly higher standard of responsibility if they are to exist.
https://www.eff.org/deeplinks/2022/08/fog-revealed-guided-to...
There is no party to vote for to stop this.
and when you say i have nothing to discuss with you, and no business to conduct, goodnight, and leave me to my home and family they are supposed to similarily say sorry to bother you and leave.
you have the idea of a warrant on the button, as permission to violate certain legal rights.
Deleted Comment
Warrants are needed when the requesting entity doesn't have access.
In the absence of a financial incentives companies will be less willing to hand over that data and the traditional requirement of a warrant will be utilized as it should be.
Let me give a hypothetical example, witness says the see a Ford Bronco leaving a murder scene. Police use this data to find all people in the area at the time of the crime. They then look to see which of those people in the area at the time are registered owners of a Ford Bronco. However, instead of presenting this data they used in court court to see was in the area they will then for instance search for instance traffic camera footage. Moreover, since they have detailed location information now know what traffic cameras to check or what gas stations to subpoena for camera footage ect.. Then they probably get a warrant for that persons car and house or start watching that person ect...
However, what gets presented at trial is the Witness saying they saw a Ford Bronco and the camera footage. Nothing about the detailed phone tracking information. Basically parallel construction allows the LEO and the prosecutor avoid what is colloquially called fruit of the poisoned tree.
Wiki article on parallel construction. https://en.wikipedia.org/wiki/Parallel_construction
https://en.wikipedia.org/wiki/Fruit_of_the_poisonous_tree
If we take this as a non-rhetorical/actual question: to use the evidence in court it may be necessary for it to have been obtained under warrant.
"Why bother with search warrants when people don't bother locking their front doors before going out?"
I, ANAL and all that.
I wonder why every news on privacy issue in the United States try to make connection with abortion.
Won't this make the privacy argument more fragmented?
Abortion rights in the US were originally based on privacy (the government's right to tell a woman what she could or could not do with her body). Overturning that widened government authority not just over abortion, but 1001 other issues linked to the same core finding. Laws banning sodomy were struck down on the same basis: what two consenting adults do behind closed doors that doesn't affect third parties are a violation of the "right to privacy". The same for interracial marriage.
The same ruling has implications here because the data in question "belongs" to the phone company. But government buying it might violate individuals' right to privacy. Only individuals' right to privacy is now very curtailed.
People think Roe vs Wade was an abortion ruling, but it was really a privacy one, and by overturning it SCOTUS has opened a very large number of social issues to be re-litigated.
I agree it's a stretch to tie it to abortion (and maybe an appeal to emotion/politics?). But there is a link. I wish more people thought about all these issues (plus NSA spying and social media and 101 other things) in terms of one overall right to privacy. It's sort of the issue of our times (which I think West Wing predicted 20+ years ago)
But now that the publicly available data of women seeking abortions can be used to send them to jail, arguments 1 and 2 are easier to disprove. I'm not aware of any previous pro-privacy argument with such clear connection between cause and consequence.
Dead Comment
Perhaps the move towards SBOM will help us identify which libraries sell position location to which brokers so there can be more transparency and competition for privacy features.
It’s sad that legislators are asleep at the wheel here and that the FTC / State Attorneys General are so slow to sue.