Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for April 22nd, 2011

From John Yoo and Torture to Warrantless Searches of Papers and Effects: Welcome To The Panopticon

with one comment

“They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.”

Recently, a story has come up in the news concerning certain police departments (Michigan to be precise) have been taking more or less “forensic” images of people’s cell phones and other PDA devices when they have them stopped for traffic violations. Since the reports went live, the Michigan PD has sent out a rebuttal saying that they are in fact asking the citizen if they can scan their data. I say, whether or not they actively are doing it or not, they have the ability to do so per the courts since the loosening of the laws on search and seizure in places like California and Michigan where electronic media is concerned. The net effect is that our due process rights are being eroded in an ever rapid pace.

From Dailytech.com

I. Police Seize Citizens’ Smartphones

In January 2011, California’s Supreme Court ruled 5-2 that police could conduct warrantless inspections of suspects’ cell phones.  According to the majority decision, when a person is taken into police custody, they lose privacy rights to anything they’re carrying on them.

The ruling describes, “this loss of privacy allows police not only to seize anything of importance they find on the arrestee’s body … but also to open and examine what they find.”

In a dissenting ruling, Justice Kathryn Mickle Werdegar stated, “[The ruling allows police] to rummage at leisure through the wealth of personal and business information that can be carried on a mobile phone or hand-held computer merely because the device was taken from an arrestee’s person.”

But California was not alone.  Michigan State Police officers have been using a device called Cellebrite UFED Physical Pro for the last couple years.  The device scrapes off everything stored on the phone — GPS geotag data, media (pictures, videos, music, etc.), text messages, emails, call history, and more.

Michigan State Police have been reportedly regularly been scraping the phones of people they pull over.

In neighboring Wisconsin, the state Supreme Court has ruled that while such searches are generally illegal, their evidence can become admissible in court if the police demonstrate an exigency (a press need) for the information.

Essentially this ruling offers support for such searches as it indicates that they can give solid evidence and ostensibly offers no repercussions to law enforcement officials conducting the officially “illegal” procedure.

So far the only state to have a high profile ruling against the practice was Ohio.  The Supreme Court of Ohio ruled that warrant-less smart phone searching violated suspects’ rights.  The requested the U.S. Supreme Court review the issue, but the request was denied.

II. What Does the Constitution Say?

The United States Constitution ostensibly is the most important government document in the U.S.  It guarantees essential rights to the citizens of the U.S.

Some of those rights are specified in the Fourth Amendment, part of the original Bill of Rights.  It states:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

The Constitution explicitly states that effects of a person cannot be unreasonably seized without a warrant.

Of course courts must play the vital role of defining what a “reasonable” search is.  But by extending the limits of searches to deem nearly all searches “reasonable”, no matter how tenuous the connection to a suspects detainment, this and several other decisions have created an erosion of the protections in the amendment.

Essentially what court rulings in California, Michigan, and Wisconsin indicate is that the courts believe the Constitution is no longer valid, or that certain Constitutional freedoms can be specially selected for elimination.

The law and our losing the path :

The legal battle over the terms here has come down to the nature of papers and effects where they regard digital media as I understand it. I sat in on the EFF talk at Shmoocon where this very topic was brought up. It seems, that the gray areas of just what is a laptop or a phone as opposed to a “cabinet or desk” is a key factor in how some interpret the legalities of searching someone’s hard drive or phone. In my opinion, they are the same thing. A laptop is a case in which my data is stored, just like a desk or a room, which, you MUST get a warrant to search.

But, that’s just me I guess.

Personally, as the title of this post alludes, I believe that all of this started as soon as John Yoo and the Bush administration began to twist the laws concerning not only torture, but moreover, the use of warrant-less wiretaps. Post 9/11 the US went mad for tapping of phones/data at the trunk level in such instances like the one in the MAE West where they put in the NARUS STA6400. This was the biggie for me because that system hoovers ALL of the traffic, there is no selectivity over it at all. Sure the STA6400 can sift the data, but it needs ALL of the data in order to sift and data-mine. Who’s to say what data becomes important other than those who are running the compartmentalised program that has to report nothing to anyone because it is too secret.

What allowed for all of this to happen and then for the over-reaching to continue was 9/11 itself. Having been in NYC at the towers just before the attacks and working there just after in the hole, I know how many felt after it all went down. We here in the US had only had a handful of terrorist attacks within our borders and those were nothing in comparison to what took place on that day.

We all felt vulnerable and wanted the government to take care of us. We wanted vengeance, and we wanted a take charge guy.

Unfortunately that “guy” was GW Bush and his posse of cowboys who then began to run rough shod over the constitution and other documents like the Geneva conventions. It was from this need to be protected that the American people just went along with the things they knew about, as well as a healthy dose of over classification by the Bush administration that kept us in the dark as to what they really were doing. It was only later, toward the end of the second term that the full scope of abuses were coming out, and yet, the American populace really did nothing. Sure, we elected Obama who made promises to end the nightmare of abuse… But.. He hasn’t has he?

So, here we are in 2011. Ten years post 9/11, and we are finding our rights being eroded by legal positions and decisions that remove the most basic and cherished rights to reasonable searches slipping away.

Who’s to blame?

Us.

We the people have failed to keep in check the actions of the government and in some cases the courts because we have taken our collective hand off the tiller steering this country. Perhaps we really have no hand on that tiller to start simply because we have created a beast that is too big to control or have any sway over. By just looking at the state of affairs today within the political arena, one has to admit that its becoming more and more akin to what it used to be back in the days of Boss Tweed than anything looking like the era of J.F.K.

Simply put, without the people standing up and calling a foul on these types of erosions to liberty, then we have nothing to complain about when the liberties are taken away. On that list is the rights granted to us all by the fourth amendment. The tough thing now though is that where once your personal belongings were either in your house or on your person. Now, those “papers and effects” live digitally not only on your device that you have on you, but also may exist “in the cloud” as well. A cloud that you “use” and is not “owned” by you.

So sure, a cop could ask you if they can look at your phone data. Do they have to say that they are taking an “alleged” forensic image? Perhaps not, but, the thing about the whole Michigan PD thing is that independent reports have shown that they were not asking, they were just taking images when they felt they wanted to, and this is where they run afoul of due process. As far as I am concerned, a file on a phone that is not on the screen as a cop looks at it while it sits in front of him in plain view, is NOT a document that he should just have the right to fish for without a warrant.

Sorry cops… It’s a country of laws, no matter how you try to spin them so you can cut corners.

On the other hand, I know how hard it must be for the police forces of the world to do their jobs now in a digital world. Especially one that so few really understand and likely fear. These magic boxes called phones and computers now hold data that could easily make a case for crimes, but, you just can’t take them and rummage through them just like anything else where due process is concerned. What’s more, I know for a fact that unless you are a forensic investigator, AND you have a decent tool, YOU WILL MISS DATA. Which will lead potentially to acquittal because you did not follow processes such as chain of custody in E-Discovery.

For some though, I am sure it’s just about cutting a corner to make a collar… And that is not how the law is supposed to work.

Our complicity in our own privacy erosion:

Meanwhile, in the last few days another spate of news articles warned about how the iOS and Android systems were collecting data on our movements and details. This particular story is not new if you have been paying attention, it was just the aggregate amount of data that we saw being collected by the iOS particularly that shocked the general populace. For these people I have news for you;

This data and even more have been collected on you all for every service that you sign up for on the Internet. Every phone call you make, every text you send, every picture you upload. All of it is available to someone else who has access to the data.

It’s not private.

YOU have been giving away your personal data every minute of every day that you upload or pass through the telco/Internet systems.

So, even if laws are being subverted on personal searches, your data can and will be taken from the likes of Twitter and other services, perhaps even through NSL letters to those hosts and you will be none the wiser. For every post you put up on Facebook with all of your personal details, not only are you sharing that data with your “friends” but the company and whoever they want to sell it to as well.

The privacy you think you have.. Doesn’t exist.

In the case of the iOS data, no one knew about it from a customer perspective, but I am sure that there was some small print somewhere in the EULA when you bought the phone that allows Apple to collect the data… Not that they have to tell you they are doing it in big letters or clear language. So, that data too is not completely yours any more once you have agreed to their agreement to use/own the phone.

The short and long of it is that we are giving up our right to privacy for shiny toys and a sense of security that we can never really have.

In the end, the data that the iOS collects has yet to be proven to be sent to the Apple mother ship. Apple to date, has made no statement on the collection of the data nor the reasons for doing so. One can assume though, that they have some sort of location based software solution that they want to sell down the road and really, it’s caveat emptor. I am just glad that the security community likes to tinker and found this stuff, bringing it to light.

We are all to blame.

Unless we all take up the battle against the loss of privacy then we have none. Just as well, unless we speak truth to power and stop the erosion of rights to privacy within our body of laws, then we have nothing to complain about. We will have done it to ourselves.

K.

Follow

Get every new post delivered to your Inbox.

Join 124 other followers