IoT lessons from mobile: digital property

June 1, 2016

This has been a tough week for privacy advocates. On Monday, the Intercept brings news that the 4th Circuit Court of Appeals rules that obtaining location data from a cell phone company doesn't require a warrant; today, the Verge reports agencies are filing warrants seeking phone location data so precise it can track you down to a specific building. Some agencies even have a manual to assist with filing practices.

Since this isn't a mobile technology blog or a law blog, you might ask why I would bother covering that news. With an emerging field like IoT, it's critical to understand the domain, from both in a technical and law approach. Mobile is a connected technology just like IoT, so there are lessons to be learned, whether from similar tech or precedents.

For the 4th Circuit case, it's an example of the interpretation of the third party doctrine. I've warned previously about being judicious concerning your data and who can access it. Maintaining presumption of innocence, most people caught in a drag net like that would probably want evidence in the form of location data supporting their innocence; as an aside, this is why dash cams are popular in some countries.

But the point is not how this data may benefit you; the point is if access to it should be granted without your consent. We have protections in place for other instances of your property, like needing a warrant to access your home or a locked car trunk. So why is it different for your data and phone companies? Nicholas Weaver sums it up: it all depends on a company's willingness to fight subpoenas; there are no legal protections for your digital property.

Victory for security and privacy

May 27, 2016

Short update: in the most important news for security this week, Reuters reports the Burr-Feinstein proposal will not continue in this year's Congress. Great news, but if SOPA/PIPA transformation into IPAA is any indicator, we can expect to see a different form of the proposal in the future.

Deepweb streaming on Netflix in June

May 25, 2016

One of my favorite music blogs brings good news for those with Netflix accounts. Deepweb will be available for streaming on June 6. It's massively informative and brings important insight to the defense's case that most of us were probably did not know from following the trial in the news.

Data snake eat tail

May 5, 2016

This recent blog post from the capital is bound to make some heads spin. From the post:

Big data is here to stay; the question is how it will be used: to advance civil rights and opportunity, or to undermine them. [Our organization] is deeply committed to ensuring the Federal government is on the forefront of using technology to advance civil rights and opportunity.

That sounds extremely noble and admirable until you recall the revelations of the a certain organization's phone metadata collection and its constant effort to expand its surveillance powers. 'Big data' has been around for some time now; it was just a matter of time before the organization from the link decided to become publicly-involved.

While some may see this as a validating move, experience tells me differently: more than once I've witnessed people proclaim military standards (milspecs) as some gold standard. While an amount of rigor was appropriate for some previous endeavors -- the space program is a fine example -- this isn't the case.

One of the great things about data and IoT is the freedom to work in a space that doesn't experience the constraints of a field where gov't has already imposed excessive regulations. The industry has flourished with its own set of standards.

Explainer: Rule 41 and its dangers

April 30, 2016

The EFF brings news of an innocuous-sounding — yet Orwellian — Rule 41. The proposal has two main segments; from the article:

The first part of this change would grant authority to practically any judge to issue a search warrant to remotely access, seize, or copy data relevant to a crime when a computer was using privacy-protective tools to safeguard one's location.

The second part...would grant authorization to a judge to issue a search warrant for...infiltrating computers that may be part of a botnet. This means victims of malware could find themselves doubly infiltrated: their computers infected with malware and used to contribute to a botnet, and then government agents given free rein to remotely access their computers as part of the investigation.

This means that any judge in the US — perhaps one with a history of granting warrants without much consideration of evidence — can issue a search warrant for any computer in the world, regardless of jurisdiction. Combine that with the language of the second segment, and this is effectively a rubber-stamp to intrude every connected device on the planet with a single warrant.

Congress has until December 1 of this year to block these changes to Rule 41. See EFF’s write up for an in-depth on the the legal ramifications.

Site search

Categories

Tags

Posts by date