• Categories

  • Archives

    « Home

    Archive for the ‘Fourth Amendment’ Category

    Federal Case and State Law Are Latest Moves to Curb Warrantless Use of Stingray Tech

    Monday, August 8th, 2016

    The Stingray surveillance technology, also called cell-site simulator technology, can gather a significant amount of personal data from individuals’ cellphones. A recent federal case in New York and a new law in Illinois aim to curtail the warrantless use of Stingrays.

    The technology simulates a cellphone tower so that nearby mobile devices will connect to it and reveal sensitive personal data, such as their location, text messages, voice calls, and other information. The Stingray surveillance technology vacuums information from every cellphone within its range, so innocent people’s private data are gathered, as well. It is a dragnet that can capture hundreds of innocent people, rather than just the suspect targeted.

    As I have discussed before, law enforcement officials are using this technology in secret. Documents obtained by the ACLU showed that the U.S. Marshals Service directed Florida police to hide the use of Stingray surveillance technology from judges, which meant the police lied in court documents. Sarasota police Sgt. Kenneth Castro sent an e-mail in April 2009 to colleagues at the North Port (Florida) Police Department: “In reports or depositions we simply refer to the assistance as ‘received information from a confidential source regarding the location of the suspect.’” A recent San Diego Union-Tribune investigation showed that local police are using the surveillance technology in routine investigations – not ones involving terrorism or national security.

    Now, a federal judge in New York has thrown out Stingray evidence gathered without a warrant. The case is United States v. Lambis (pdf) in the Southern District of New York. Without a warrant, the Drug Enforcement Administration used a powerful cell-site simulator to determine the location of a cellphone was in Raymond Lambis’s home. Agents then searched his home and found drugs and drug paraphernalia. Read more »

    Who sees your health-app data? It’s hard to know.

    Thursday, March 24th, 2016

    Lots of people use personal health devices, such as Fitbits, or mobile health or wellness apps (there are a variety offered through Apple’s and Google’s app stores). There are important privacy and security questions about the devices and apps, because the data that they can gather can be sensitive — disease status, medication usage, glucose levels, fertility data, or location information as the devices track your every step on the way to your 10,000 steps-per-day goal. And the medical diagnoses drawn from such information can surprise people, especially the individuals using the apps and devices.

    For example, one man was concerned after reviewing his wife’s Fitbit data. He “noticed her heart rate was well above normal.” He thought the device might be malfunctioning, so he posted the data on message-board site Reddit and asked for analyses. One person theorized that his wife would be pregnant. The couple made a doctor’s appointment and confirmed the pregnancy.

    This case illustrates the sensitive medical data gathered by personal medical devices and apps that a person might not even realize is possible. Did you know that heart-rate changes could signal a pregnancy?

    And this isn’t the first time that sensitive information of Fitbit users has been inadvertently revealed. Five years ago, there was an uproar over Fitbit’s privacy settings when people who were logging their sexual activity as a form of exercise learned that the data was showing up in Google searches. Read more »

    As Our Devices Increasingly Talk to Others, Privacy Questions Arise

    Thursday, December 17th, 2015

    As technology continues to evolve and become integrated into our lives, there are significant questions about privacy and security. We’ve discussed before the “Internet of Things,” which is a computerized network of physical objects. In IoT, sensors and data-storage devices embedded in objects interact with Web services. Such connected televisions, refrigerators and other devices can raise privacy and security questions.

    For example, consider the “smart” or “connected” car. People buy such vehicles for the benefits of integrating technology into something where they can be for hours at a time. Your car or truck knows where you go and when. It knows how fast you drive and how quickly or slowly you brake. Your car knows if you’re wearing a seatbelt.

    Privacy experts have noted that unclear or vague privacy or usage policies could allow companies that collect drivers’ sensitive data to share or sell that information with others, creating databases that may invade the privacy of consumers. For example, the locations where individuals drive to could reveal deeply personal information. Do you go to a church or mosque at the same time every week? Have you visited an adoption or fertility organization? Did you join a protest or demonstration? Did you recently start going to a building that includes the offices of several psychotherapists or one that houses a drug addiction clinic?

    One privacy issue recently arose with connected automobiles — and it caught many people off-guard. ABC25 in West Palm Beach, Fla., reported that a Ford car with opt-in 911 Assist allegedly ratted out a hit-and-run driver in Florida. Read more »

    Legislators, Federal Officials Seek Limits on Use of Stingray Surveillance Technology

    Tuesday, November 10th, 2015

    Rep. Jason Chaffetz (R-Utah) recently introduced a bill, H.R. 3871, The Stingray Privacy Act (pdf), to limit the use of cellphone surveillance technology known as cell-site simulators or “Stingray” technology. The bill, Chaffetz says, “would require law enforcement to obtain a warrant before deploying a cell site simulator consistent with recently issued federal guidance and the 4th Amendment to the Constitution. H.R. 3871 does provide targeted exceptions for exigent circumstances and foreign intelligence surveillance.” The federal guidance mentioned is recent policies on cell-site simulators released by the departments of Justice (pdf) and Homeland Security (pdf), with various exceptions for special circumstances. The new guidance was released after public and Congressional scrutiny of the use of the surveillance devices.

    The Stingray and similar cellphone surveillance technologies are extremely invasive. They simulate a cellphone tower so that nearby mobile devices will connect to it and reveal their location, text messages, voice calls, and other personal data. The surveillance technology scoops up data on every cellphone within its range, so innocent people’s private conversations and texts are gathered, too.

    Dozens of police departments nationwide use this cell-site simulator surveillance technology, and there are a lot of questions about how they’re using it. Even the IRS admitted in Congressional testimony that it using the surveillance technology. Read more »

    Libraries Fight to Protect Users’ Rights to Privacy

    Friday, October 23rd, 2015

    A recent case in New Hampshire illustrates how libraries continue to be battlegrounds for privacy rights. The Kilton Public Library in Lebanon, N.H., a town of about 13,000 people, decided to join Tor, an anonymization network for online activities. It was a pilot for a bigger Tor relay system envisioned by the Library Freedom Project. According to Ars Technica, the Library Freedom Project seeks to set up Tor exit relays in libraries throughout the country. “As of now, only about 1,000 exit relays exist worldwide. If this plan is successful, it could vastly increase the scope and speed of the famed anonymizing network.”

    The Department of Homeland Security learned of the pilot, Pro Publica reported: “Soon after state authorities received an email about it from an agent at the Department of Homeland Security. [...] After a meeting at which local police and city officials discussed how Tor could be exploited by criminals, the library pulled the plug on the project.”

    After much criticism of the DHS and local law enforcement interference and petitions to reinstate the pilot project (including one from the Electronic Frontier Foundation), the Kilton library’s board voted a few weeks later to reinstate the project. ”Alison Macrina, the founder of the Library Freedom Project which brought Tor to Kilton Public Library, said the risk of criminal activity taking place on Tor is not a sufficient reason to suspend its use. For comparison, she said, the city is not going to shut down its roads simply because some people choose to drive drunk,” the Valley News reported. Read more »

    Continuing Debate on Privacy and Use of Newborns’ Blood Samples

    Monday, December 1st, 2014

    There has been considerable debate about the ethical, privacy, and civil liberty issues surrounding the unauthorized or unknowing retention and use of babies’ blood samples for purposes other than disease-screening in the United States and abroad. Often, parents are not told of the possible lengthy data retention period, possible distribution to other agencies, and possible other purposes for which their children’s blood samples could be used. Now, WNCN in North Carolina looks at the situation, and what it finds shows there are also questions about de-identification or “anonymization” of newborns’ medical data.

    Asked what the government plans to do with the data, Scott Zimmerman, director of the N.C. State Public Health Lab, said, “So if an outside agency such as an academic institution approaches us and asks for dried blood spots, there are two approaches that can be taken. One, we can get parental consent to release that dried blood sample to an outside entity. We will not release any DBS that contains patient information without parental consent.”

    Zimmerman added, “The only other way DBS are released is if they are de-identified.”

    Researchers have shown that, often, data that has been de-identified can be re-identified (or “de-anonymized”), and sensitive data could be linked back to an individual. Therefore, there is a significant privacy concern for individuals’ whose information is shared, without their consent, in this manner.  Read more »