25 August 2020

More From TechDirt: Data Brokers + Pay-As-You-Go Hacking

Can you tell that your MesaZona blogger is A BIG FAN of TechDirt?

O Yeah!

Secret Service Latest To Use Data Brokers To Dodge Warrant Requirements For Cell Site Location Data

from the it's-just-Supreme-Court-precedent dept

Another federal law enforcement agency has figured out a way to dodge warrant requirements for historical cell site location data. The Supreme Court's Carpenter decision said these records were covered by the Fourth Amendment. But rather than comply with the ruling, agencies like the CBP and ICE are buying location data in bulk from private companies that collect this data, rather than approach service providers with warrants.
These agencies argue they aren't violating the Constitution because the data is "pseudonymized" and doesn't specifically target any single person. But even cops using "reverse" warrants are still using warrants to gather this data. Federal agencies apparently can't be bothered with this nicety, preferring to collect information in bulk and work backwards to whatever it is they're looking for.
The Secret Service is the latest federal agency to buy location data from Locate X -- one of the companies already providing cell site location data to CBP and ICE. Joseph Cox has the details for Motherboard.
The Secret Service paid for a product that gives the agency access to location data generated by ordinary apps installed on peoples' smartphones, an internal Secret Service document confirms.
The sale highlights the issue of law enforcement agencies buying information, and in particular location data, that they would ordinarily need a warrant or court order to obtain. This contract relates to the sale of Locate X, a product from a company called Babel Street.
Motherboard uncovered the Secret Service's warrant evasion through a public records request.
The contract that mentions Locate X stretches from September 28, 2017 to September 27, 2018, according to the document. With the modifications to an existing Secret Service and Babel Street contract, the total amount increased by $35,844 to $1,999,394, the document adds.
This corroborates statements made by a former Babel Street employee, who told journalists at Protocol back in March that the Secret Service was also buying location data, along with CBP and ICE.
This location data isn't pulled from cell towers. Perhaps this is why agencies feel comfortable ignoring the Carpenter decision. But while there won't be as many data points, there will still be plenty of data to sift through. Multiple apps collect location data. Some of them sell this data to data brokers who then sell this to marketing firms and/or the US government.
Senator Ron Wyden is, of course, all over this.
“It is clear that multiple federal agencies have turned to purchasing Americans’ data to buy their way around Americans’ Fourth Amendment Rights. I’m drafting legislation to close this loophole, and ensure the Fourth Amendment isn’t for sale,” Wyden’s statement added.
If there's a loophole, it will be exploited. And federal agencies are going to want this loophole kept open. Since it's unlikely the government is informing courts about this use of data, there have been no courtroom challenges of this practice, leaving the feds free to operate in this precedent-free void. The government is reading the letter of the Supreme Court's ruling, feeling the warrant requirement only applies to data collected from service providers. But other courts have read that ruling to cover more than what the justices specified. Federal agencies are playing to the edges of the Fourth Amendment right now and it might come back to hurt them.
__________________________________________________________________________________

VoLTE Flaw Lets A Hacker Spy On Encrypted Communications For A Measly $7,000

from the time-to-take-a-broader-view dept

As we've noted, much of the hysteria surrounding TikTok isn't based on anything close to consistent outrage. As in, many of the folks freaking out about a teen dancing app were nowhere to be found when U.S. wireless carriers were found to be selling access to your location data to any random idiot. Most of the folks pearl clutching about TikTok have opposed election security funding or even the most basic of privacy rules. The SS7 flaw that makes most wireless networks vulnerable to eavesdropping ? The lack of any security or privacy safeguards in the internet of things (IOT) space?
Which is all a long way of saying: if you're going to lose sleep over TikTok, you'll be shocked to learn there's an ocean of issues that folks are paying absolutely no attention to. Or, to put it another way, TikTok is probably the very least of a long list of problems related to keeping U.S. data secure.
The latest case in point >> https://www.techdirt.com/

No comment