Victory for Privacy as Supreme Court Rules Warrantless Phone Location Tracking Unconstitutional

This is a very important ruling that should serve as a good precedent for technologically-based privacy rights in the future.

The Supreme Court handed down a landmark opinion today in Carpenter v. United States, ruling 5-4 that the Fourth Amendment protects cell phone location information. In an opinion by Chief Justice Roberts, the Court recognized that location information, collected by cell providers like Sprint, AT&T, and Verizon, creates a “detailed chronicle of a person’s physical presence compiled every day, every moment over years.” As a result, police must now get a warrant before obtaining this data.

This is a major victory. Cell phones are essential to modern life, but the way that cell phones operate—by constantly connecting to cell towers to exchange data—makes it possible for cell providers to collect information on everywhere that each phone—and by extension, each phone’s owner—has been for years in the past. As the Court noted, not only does access to this kind of information allow the government to achieve “near perfect surveillance, as if it had attached an ankle monitor to the phone’s user,” but, because phone companies collect it for every device, the “police need not even know in advance whether they want to follow a particular individual, or when.”

[…]

Perhaps the most significant part of today’s ruling for the future is its explicit recognition that individuals can maintain an expectation of privacy in information that they provide to third parties. The Court termed that a “rare” case, but it’s clear that other invasive surveillance technologies, particularly those than can track individuals through physical space, are now ripe for challenge in light of Carpenter. Expect to see much more litigation on this subject from EFF and our friends.

Advertisements

Snowden Interview in The Intercept

Mass surveillance is worse than five years ago, and it’s cool to think about the initial disclosures and then fast forward to this interview. Also, if you haven’t seen the documentary Citizenfour, I recommend watching it.

Mehdi Hasan: I’m Mehdi Hasan, welcome to Deconstructed.

My guest today is the NSA whistleblower Edward Snowden. Yes, the man himself, who became a global household name almost exactly five years ago.

[…]

So I started off by asking Edward Snowden: “Is privacy dead?”

ES: No, and I think this is the thing that is really taken out of context by politicians and all of these corporate powers that are working to use that as a justification to extend and further the abuses that we’ve seen in the last decade or so. When you look at the polling and all of these different issues and you ask young people, particularly, you know: Do you care about privacy? They actually seem to care more than older generations because this is affects their lives everyday. They understand what it means to make a mistake, have someone with a smartphone in the room and then have it haunt you for the rest of your time in high school or college or whatever.

There is this feeling of powerlessness that’s surrounding all of us every day on this issue, because we see that we are being abused. People openly admit that they’re abusing us. You know, Mark Zuckerberg in front of Congress is talking about this quite unashamedly.

[…]

MH: Your enemies here in the U.S. have accused you of being ultra-critical of the. U.S. government but soft on the Russian government, on President Vladimir Putin. And yet in March, I saw that you were on Twitter suggesting there had been vote-rigging in the Russian presidential election. You even called on Russians to “demand justice.” More recently you called the Russian government’s attempt to crack down on the messaging app Telegram “totalitarian.”

Now, from where I’m sitting, those were pretty bold, ballsy, principled moves by you, but were they also foolish moves? Aren’t you risking pissing off Putin and him then sending you back into the U.S. in a fit of rage?

ES: You know, yeah there’s definitely risks involved. And it’s not a smart thing to do. Every one of my lawyers tells me it’s a mistake to keep criticizing the Russian government. They say: Look, you’ve done enough. But that’s not what I’m here for, right? If I wanted to be safe, I never would have left Hawaii. I believe that this world can be better. I believe that this world should be better, but it’s not going to get better unless we make it better. And that requires risk, that requires hard work, that ultimately might require sacrifice.

[…]

MH: Where do you think you’ll be another five years from now?

ES: I don’t know. I honestly don’t know. There have been so many times, over the last five years, where I’ve been sure that things were going to change, that people understood, there were days I was sure that nothing was ever going to change, and it’s status quo forever. But it’s that uncertainty that actually gives me optimism, that gives me hope.

So many people look at the world today, they look at how broken and ruined things are, and they are just disempowered and lost. But what I want people to focus on is the fact that things changed, right. And if they can change for the worse, they can change for the better. And the only reason the world is changing for the worse is because bad people are working to make it happen that way. And if more good people are organizing, if we’re talking about this stuff, if we’re willing to draw lines that we will not allow people to cross without moving us out of the way, the pendulum will swing, and I’ll be home sooner than you think.

Disturbing: Surveillance Database of Journalists Being Built in the U.S.

A large threat to press freedom with Orwellian undertones — more mass surveillance means more repression. It also means an attempted suppression of effective activism due to what’s known as the “chilling effect” of mass surveillance, where people generally take different actions (such as not visiting the Wikipedia pages on terrorism as much) due to being aware that they’re under intrusive surveillance.

Donald Trump is not known for being a friend of the media. Now he seems to be taking up new methods to control unfavorable journalists. The Department of Homeland Security wants to create a database of journalists and bloggers from around the world that can be filtered by location, content and sentiment. While the DHS claims this is standard PR practice, the alarm bells must ring. After all, surveillance is what upcoming autocrats commonly use to undermine democracy.

The Department of Homeland Security (DHS) is looking for contractors to build up a Media Monitoring Service. Details seem to be based on instructions by George Orwell: The DHS asks for the ability to scan more than 290.000 news sources within and outside the US, and store “journalists, editors, correspondents, social media influencers, bloggers etc.” in a database that must be searchable for “content” and “sentiment”.

[…]

The current development in the US is very worrisome, particularly as the freedom of the press is under attack worldwide.

Reporters without Borders state: “Once taken for granted, media freedom is proving to be increasingly fragile in democracies as well. In sickening statements, draconian laws, conflicts of interest, and even the use of physical violence, democratic governments are trampling on a freedom that should, in principle, be one of their leading performance indicators.”

The Freedom of the Press Report 2017 by Freedom House concludes that global media freedom has reached its lowest level in the past 13 year. This is not only down to “further crackdowns on independent media in authoritarian countries like Russia and China.” The report also blames “new threats to journalists and media outlets in major democracies”.

Dangerous Cloud Act Legislation Appears in Congress

The Cloud Act would allow for dangerous violations of consumer privacy rights through abusing the stored data corporations have on people. U.S. citizens, I encourage you to oppose this type of legislation. Privacy rights are going to become much more important in the next several years ahead as more and more of society is effused with technological infrastructure.

Civil libertarians and digital rights advocates are alarmed about an “insidious” and “dangerous” piece of federal legislation that the ACLU warns “threatens activists abroad, individuals here in the U.S., and would empower Attorney General Sessions in new disturbing ways.”

The Clarifying Lawful Overseas Use of Data or CLOUD Act (S. 2383 and H.R. 4943), as David Ruiz at Electronic Fronteir Foundation (EFF) explains, would establish a “new backdoor for cross-border data [that] mirrors another backdoor under Section 702 of the FISA Amendments Act, an invasive NSA surveillance authority for foreign intelligence gathering” recently reauthorized by Congress.

Ruiz outlines how the legislation would enable U.S. authorities to bypass Fourth Amendment rights to obtain Americans’ data and use it against them:

The CLOUD Act allows the president to enter an executive agreement with a foreign nation known for human rights abuses. Using its CLOUD Act powers, police from that nation inevitably will collect Americans’ communications. They can share the content of those communications with the U.S. government under the flawed “significant harm” test. The U.S. government can use that content against these Americans. A judge need not approve the data collection before it is carried out. At no point need probable cause be shown. At no point need a search warrant be obtained.

The EFF and ACLU are among two dozen groups that banded together earlier this month to pen a letter to Congress to express alarm that the bill “fails to protect the rights of Americans and individuals abroad, and would put too much authority in the hands of the executive branch with few mechanisms to prevent abuse.”

[…]

“This controversial legislation would be a poison pill for the omnibus spending bill,” declared Fight for the Future’s deputy director, Evan Greer. “Decisions like this requires rigorous examination and public debate, now more than ever, and should not be made behind closed doors as part of back room Congressional deals.”

The group also pointed out that big tech companies such as Apple, Facebook, and Google are among those lobbying lawmakers to include the CLOUD Act in the spending bill:

DYgig4bX0AEOjsI5

Amazon Patents Wristband that Tracks Movements of Warehouse Workers

These wristbands would increase worker repression levels that are already far too high. Amazon’s CEO is the richest person in the world by net worth, but he still insists on mistreating his workers in their quasi-totalitarian workplaces.

Amazon’s CEO could simply sell $1 billion of stock and give a $2,000 bonus to Amazon’s 500,000 employees, and that’s only one example of what could be done to remedy the mistreatment of its workers. It doesn’t look like that will happen anytime soon though, unfortunately.

Amazon has patented designs for a wristband that can precisely track where warehouse employees are placing their hands and use vibrations to nudge them in a different direction.

The concept, which aims to streamline the fulfilment of orders, adds another layer of surveillance to an already challenging working environment.

[…]

Amazon already has a reputation for turning low-paid staff into “human robots” – working alongside thousands of proper robots – carrying out repetitive packaging tasks as fast as possible in an attempt to hit goals set by handheld computers.

This month, the 24-year-old warehouse worker Aaron Callaway described having just 15 seconds to scan items and place them into the right cart during his night shifts at an Amazon warehouse in the UK. “My main interaction is with the robots,” he said.

Video on China’s Disturbing Surveillance State

No rational human being would ideally want to live in a society with this much mass surveillance. It presents all sorts of problems and has a major repressive effect.

Mass surveillance has never been about security too. It’s about population control. More people will realize this as time goes on.

China has been building what it calls “the world’s biggest camera surveillance network”. Across the country, 170 million CCTV cameras are already in place and an estimated 400 million new ones will be installed in the next three years.

Many of the cameras are fitted with artificial intelligence, including facial recognition technology. The BBC’s John Sudworth has been given rare access to one of the new hi-tech police control rooms.

More Than 400 of the World’s Most Popular Websites Try to Record Your Every Keystroke

This is significant work done by Princeton researchers. It’s honestly a pretty damning indictment of the world’s most visited websites.

Most people who’ve spent time on the internet have some understanding that many websites log their visits and keep record of what pages they’ve looked at. When you search for a pair of shoes on a retailer’s site for example, it records that you were interested in them. The next day, you see an advertisement for the same pair on Instagram or another social media site.

The idea of websites tracking users isn’t new, but research from Princeton University released last week indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled “No Boundaries,” three researchers from Princeton’s Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world’s most popular websites track your every keystroke and then send that information to a third-party server.

Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers’ findings. If you accidentally paste something into a form that was copied to your clipboard, it’s also recorded. Facebook users were outraged in 2013 when it was discovered that the social network was doing something similar with status updates—it recorded what users they typed, even if they never ended up posting it.

These scripts, or bits of code that websites run, are called “session replay” scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don’t just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don’t run on every page, but are often placed on pages where users input sensitive information, like passwords and medical conditions.

[…]

Most troubling is that the information session replay scripts collect can’t “reasonably be expected to be kept anonymous,” according to the researchers. Some of the companies that provide this software, like FullStory, design tracking scripts that even allow website owners to link the recordings they gather to a user’s real identity. On the backend, companies can see that a user is connected to a specific email or name. FullStory did not return a request for comment.

[…]

Companies that sell replay scripts do offer a number of redaction tools that allow websites to exclude sensitive content from recordings, and some even explicitly forbid the collection of user data. Still, the use of session replay scripts by so many of the world’s most popular websites has serious privacy implications.

“Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details, and other personal information displayed on a page to leak to the third-party as part of the recording,” the researchers wrote in their post.

Passwords are often accidentally included in recordings, despite that the scripts are designed to exclude them. The researchers found that other personal information was also often not redacted, or only redacted partially, at least with some of the scripts. Two of the companies, UserReplay and SessionCam, block all user inputs by default (they just track where users are clicking), which is a far safer approach.

[…]

Finally, the study’s authors are worried that session script companies could be vulnerable to targeted hacks, especially because they’re likely high-value targets. For example, many of these companies have dashboards where clients can playback the recordings they collect.

[…]

It’s not just session scripts that are following you around the internet. A study published earlier this year found that nearly half of the world’s 1,000 most popular websites use the same tracking software to monitor your behavior in various ways.

If you want to block session replay scripts, popular ad-blocking tool AdBlock Plus will now protect you against all of the ones documented in the Princeton study. AdBlock Plus formerly only protected against some, but has now been updated to block all as a result of the researchers’ work.