Warrant Protections against Police Searches of Our Data

The cell phones we carry with us constantly are the most perfect surveillance device ever invented, and our laws haven't caught up to that reality. That might change soon.

This week, the Supreme Court will hear a case with profound implications for your security and privacy in the coming years. The Fourth Amendment's prohibition of unlawful search and seizure is a vital right that protects us all from police overreach, and the way the courts interpret it is increasingly nonsensical in our computerized and networked world. The Supreme Court can either update current law to reflect the world, or it can further solidify an unnecessary and dangerous police power.

The case centers on cell phone location data and whether the police need a warrant to get it, or if they can use a simple subpoena, which is easier to obtain. Current Fourth Amendment doctrine holds that you lose all privacy protections over any data you willingly share with a third party. Your cellular provider, under this interpretation, is a third party with whom you've willingly shared your movements, 24 hours a day, going back months -- even though you don't really have any choice about whether to share with them. So police can request records of where you've been from cell carriers without any judicial oversight. The case before the court, Carpenter v. United States, could change that.

Traditionally, information that was most precious to us was physically close to us. It was on our bodies, in our homes and offices, in our cars. Because of that, the courts gave that information extra protections. Information that we stored far away from us, or gave to other people, afforded fewer protections. Police searches have been governed by the "third-party doctrine," which explicitly says that information we share with others is not considered private.

The Internet has turned that thinking upside-down. Our cell phones know who we talk to and, if we're talking via text or e-mail, what we say. They track our location constantly, so they know where we live and work. Because they're the first and last thing we check every day, they know when we go to sleep and when we wake up. Because everyone has one, they know whom we sleep with. And because of how those phones work, all that information is naturally shared with third parties.

More generally, all our data is literally stored on computers belonging to other people. It's our e-mail, text messages, photos, Google docs, and more ­ all in the cloud. We store it there not because it's unimportant, but precisely because it is important. And as the Internet of Things computerizes the rest our lives, even more data will be collected by other people: data from our health trackers and medical devices, data from our home sensors and appliances, data from Internet-connected "listeners" like Alexa, Siri, and your voice-activated television.

All this data will be collected and saved by third parties, sometimes for years. The result is a detailed dossier of your activities more complete than any private investigator --­ or police officer --­ could possibly collect by following you around.

The issue here is not whether the police should be allowed to use that data to help solve crimes. Of course they should. The issue is whether that information should be protected by the warrant process that requires the police to have probable cause to investigate you and get approval by a court.

Warrants are a security mechanism. They prevent the police from abusing their authority to investigate someone they have no reason to suspect of a crime. They prevent the police from going on "fishing expeditions." They protect our rights and liberties, even as we willingly give up our privacy to the legitimate needs of law enforcement.

The third-party doctrine never made a lot of sense. Just because I share an intimate secret with my spouse, friend, or doctor doesn't mean that I no longer consider it private. It makes even less sense in today's hyper-connected world. It's long past time the Supreme Court recognized that a months-long history of my movements is private, and my e-mails and other personal data deserve the same protections, whether they're on my laptop or on Google's servers.

This essay previously appeared in the Washington Post.

Details on the case. Two opinion pieces.

I signed on to two amicus briefs on the case.

EDITED TO ADD (12/1): Good commentary on the Supreme Court oral arguments.

Posted on November 29, 2017 at 7:33 AM • 51 Comments

Comments

Clive RobinsonNovember 29, 2017 9:13 AM

@ Bruce,

The problem is not just "Third party" it's also jurisdictional and other legislative imbalance.

We see this already in many ways.

For instance people in countries with stronger data protection policies are getting their details taken by US companies no questions asked. Then the details sold to anyone with the cash including Governments (the US has laws that makes giving the data to the government protection against prosecution). Thus the use of a warrant is superfluous when the cost of buying the data is less than the cost of obtaining a warrant. So the warrant protection is illusiory from that respect as long as alternative data access is available.

But worse thanks to the idiocy of people like the W3C adding "easy surveillance" API's and Cloudfare breaking international traffic crypto with man in the middle attacks such "business collection" is way way easier and way more indepth and will simply replace the "Third Party business records" if it gets struck down.

Yes getting it struck down is a first step, but the real step is stopping the data being collected in the first place, then stopping alternative unwarranted access.

To which there are two approaches,

1, Via strong legislation.
2, By technical means.

Whilst we have a reasonably good idea how to do the latter it's not an efficient soloution. The big problem is we realy do not know how to do the former, as there are way way to many loop holes Global Organisations can put work arounds in.

Also I'm very much against the idea of using even warrants to get access to electronic records to use against criminals idea.

Because these days it's a "silent process", the person under investigation does not know and thus can not raise protest.

As you note in the past we kept our papers close to us and authorities getting access was a noisy and very visable process thus the person received due warning and importantly time that a silent process does not give them.

Thus it gets around another right defendants have previously had which is that of the benifits to a speedy trial,

Under the old noisy system the clock started running for the authorities thus what they could do was limited by both resources and time. Modern ICT has reduced the authorities resouse threashold immensely thus has unbalanced the justice process immensely in their favour. When you add in the vastly increased time the silent access the warrant affords them it puts defendents in a very baddly rights stripped position.

Thus when you add in the ridiculous tarrifs that broad scope legislation allows people get forced into an unfair position in the likes of plee barganing. Thus the likely hood of innocent people being forced into the equivalent of a confession even though innocent is much much higher than it should be.

Which realy means there is no equitable justice process in the US for ordinary people, in fact no justice system at all if someone desides for any number of reasons to "get you".

IggyNovember 29, 2017 9:31 AM

The Third Party Doctrine is a ruling that accepted the arguments made by the armies of lawyers paid by the captains of capitalism. The quest for every possible advantage over the Market is permanent Goal 1 for every capital venture world-wide. Such rulings make it far more convenient for companies to conduct their profit making at break-neck speed. There are several, at least, SCOTUS, nevermind Circuit and Appellate court, rulings that have given gross advantage to giant capitalist ventures at the expense of the People. I know I always sound like I hate capitalism, but that's not it. What I fear and fight is unfettered, unmoderated, off-balance anything, including capitalism.

I'll be confident that We the People have regained control over our private destinies without government interference when the court ruling that made our names and addresses "public information" is overturned, and the ability to conduct commerce online using transaction-specific ID codes to order goods delivered to a nearby receiving location is made reality.

That will be privacy; when Others cannot simply demand we out ourselves for their convenience and over-developed sense of crime-fighting. We get to say no and they have to accept it and our anonymous money.

Sounds impossible, don't it? I agree. Thus, I remain skeptical that the IoT and Governments will not continue proto-minority reporting in ways small and incremental until large and inexorable. Thus thus, I will continue to use my Constitutionally protected right to dissemble. Every chance I get.

Petre PeterNovember 29, 2017 10:44 AM

Computer! Compute “probable cause”. Responding in an official way to ephemeral conversation-“we received an anonymous call of suspicious activity in this area”

Computer! “Compute official”. An entity that authenticates by calling other officials with write permission. Occasionally, threats expressed by pointing walkie talkie rubber antenna preced the call to multiply, which preced a seizure. Engaging in ephemeral conversation with an official results in calls of backup by the official trying to prove authority by replacing quality with quantity. This triumph is also known as serial comma and is induced by choke points similar to the ones used at Thermapolis.

Computer! “Compute choke points”. A choke point is how you give up your rights to assemle for ponds you cannot swim in; grass you cannot sit on and boats that look like swans.


Computer! “Compute square”. A square is a flag on a pole populated by choke points. It is not a square.

Computer! “Compute ephemeral conversation”. Ephemeral conversation is not official documentation. It is the human element. Engaging in ephemeral conversation with an official needs third party-which is has nothing to do with good food, good people, good music-it’s more like another entity, trusted by both, official and ephemeral, that has write permissions on the ephemeral conversation turning the ephemeral into official.

Computer! “How would you like to be a part of the arraignment process?”. Only if i get a rubber antenna.

DroneNovember 29, 2017 11:09 AM

Without cause the U.S. government now regularly and unconstitutionally invades your privacy through your "things" (i.e., electronic devices). The government allows large data mining and exploitation companies like Google to do the same because these companies are easily compelled to share their data and knowledge with the now corrupt and unrestrained government.

But what if you found out I was tracking and snooping-in on your family, and you complain to the government about it? You guessed it - in a heartbeat I would be arrested and thrown in jail!

Here are the first steps to fixing this (and many other) problems in the U.S. today:

1. Enact term limits for members of Congress, one or two terms maximum.

2. Reform campaign finance laws removing all access to special interests. All campaign funding must be limited to capped direct contributions by registered U.S. voters. All contribution records are not public information and are accessible only through a warrant.

3. Separate the United States Department of Justice from the executive branch. The Attorney General would be directly elected and term-limited. All candidates for Attorney General must be American born citizens and qualified bar members practicing for a minimum of five contiguous years.

These changes will force leadership to do what is best for the voters instead of doing what ever it takes to be perpetually re-elected. Fixing these fundamental flaws in America's governing system will trigger an avalanche of fixes to myriad other problems, like forcing government and industry to respect your constitutional right to privacy.

stineNovember 29, 2017 11:41 AM

Why aren't Celebrite being charged with DCMA violations? Surely selling a tool to bypass the cryptogrpahy on a cell phone violates the DCMA, right?

hmmNovember 29, 2017 11:53 AM

Cellebrite is an Israeli company and they use NDA's extensively. It's not clear that they actually "defeat the encryption" itself.

GreenAppleNovember 29, 2017 12:00 PM

I'm still hoping for SCOTUS protections for memorized passwords. The contents of my mind should not be subject to confiscation by the police or the courts.

JonKnowsNothingNovember 29, 2017 12:33 PM

Police searches have been governed by the "third-party doctrine," which explicitly says that information we share with others is not considered private

These issues are global but currently addressed locally. The Canadians have decided that Warrantless Stingrays are OK with limits. Of course you cannot know if those limits are enforced or even observed. We already know so-called limits are re-defined such that any inhibitions are removed and any excesses that may be uncovered are belatedly declared as having been unused/removed are instead found that to be not removed or perversely such information is accidently-on purpose deleted.

Governments and corporations get their cakes and eat it too.

Dealing with government excessive zeal is not any easier than dealing with corporate excessive zeal.

Some are trying but how do you define success when it's so easy to just go under the radar, so to speak, when we really have no idea WHAT IS IT they are gathering based on Derived or Extended Authorities/Permissions?


Third Party Derived Rights need to be Under-Rived.

Recently I've received emails from the USPS stating I can have visual images of the contents of my PO Box made available to me via their app/login/site.

Saves a trip to the PO right? Nice! Super!

But if you do a bit of thinking on this you might be inclined to the following:

1. The USPS already images front and back of every single piece of mail that passes through their facilities. The retention period is probably up to 30 years based on derived authorities.

2. These images though require a warrant for use in court. Such warrants are easily obtained from magistrates, who nearly rubber stamp any request for such physical information. This data is independent of any FISA collection. It's domestic collection.

3. If I permit said images to cross the internet into my browser I have now opened the entire sequence, data, metadata to FISA collection via Data Jurisdiction Hopping (invisible routing through Canada or Ireland/UK). Plus the US Fed position of "If you can see it in a browser here it belongs to US(a)".

4. Via Third Party Authority, no warrants are required.

5. I am dis-inclined to agree to this "saving a trip to the Post Office" offer that voids 1st and 4th amendment protections.

  • GET A WARRANT
  • IT'S EASY
  • TRY IT - YOU'LL LIKE IT

As for US Corporate Espionage their rights are derived from Citizens United and the Third Party Doctrine. This is only in the US but these corporate derived rights impact the rest of the globe.

SCOTUS takes a long time to redress their own failures but so far they eventually get around to it - maybe 100, 150 years afterward.

In the US we can only hope for faster resolutions from the EU. Which says a LOT about the USA.


Referenced (urls fractured to prevent autorun)

  1. ht tp://www.theregister.co.uk/2017/11/29/canadian_court_gives_limited_right_to_warrantless_phone_snooping/
  2. ht tps://www.theguardian.com/australia-news/2017/nov/28/afp-did-not-destroy-copies-of-journalists-phone-records-it-unlawfully-accessed
  3. ht tp://www.theregister.co.uk/2017/11/24/uk_spy_court_ruled_immune_from_judicial_review_for_now/
  4. ht tps://www.theguardian.com/media/2017/nov/10/uk-prosecutors-admit-destroying-key-emails-from-julian-assange-case
  5. ht tp://www.theregister.co.uk/2017/11/29/schrems_launches_privacy_enforcement_ngo_pulls_in_nearly_60k_in_first_24_hours/
  6. ht tp://www.theregister.co.uk/2017/11/29/facebook_suicide_detection_ai/
  7. ht tp://www.theregister.co.uk/2017/11/17/anonymized_locationtracking_data_isnt/
  8. ht tps://en.wikipedia.org/wiki/Citizens_United_v._FEC


AlejandroNovember 29, 2017 12:52 PM

It would seem reasonable to me for the Court to overturn the third party rule as well as declare all personal electronic data to be personal/tangible property and thus grant the owner/originator property rights.

I won't try to out-guess the Court, they have surprised me too many in the past, sometimes with decisions that seem to be in the right direction but with the fine print being all wrong for the people and our rights.

I suspect whatever they might do for us has already been, or in process of being, negated by executive law enforcement agencies and their Congressional co-conspirators via painfully misnomered legislation.

(Wait a minute, is this comment TOO political?)

Petre PeterNovember 29, 2017 1:56 PM

@Drone

All contribution records are not public
information and are accessible only through a
warrant.

i say that when running for public office, contributions should be as visible as they are on Formula 1 drivers’ suits. It’s doable, we have the adhesive, we have the labels and we have the suits.

Dr. I. Needtob AtheNovember 29, 2017 2:49 PM

Ideally, no one should be collecting and storing the data in the first place! That's how totally removed we are from the way things ought to be.

IggyNovember 29, 2017 5:00 PM

@Drone • November 29, 2017 11:09 AM said:

1. Enact term limits for members of Congress, one or two terms maximum.

If it's good enough for POTUS, it's good enough for every government desk, regardless. Yes, all government jobs should be term-limited, including SCOTUS. POTUS, keeps two terms. Congress, two terms. SCOTUS, one 20 year term. Every other desk, a maximum of 8 years, but can be removed by POTUS or the pertinent Cabinet head sooner if deemed necessary.

2. Reform campaign finance laws removing all access to special interests. All campaign funding must be limited to capped direct contributions by registered U.S. voters. All contribution records are not public information and are accessible only through a warrant.

Agree. Campaign funding must come only from registered U.S. Voters, not companies, not organizations, not religions.

3. Separate the United States Department of Justice from the executive branch. The Attorney General would be directly elected and term-limited. All candidates for Attorney General must be American born citizens and qualified bar members practicing for a minimum of five contiguous years.

American born citizens born to a native born mother. We really must have a Constitutional Convention, for several issues, but that can end up a double edged sword, so, while amending COTUS would help curtail bad SCOTUS rulings, it could open the door to bad actors eager to reduce the Bill of Rights.

@Petre Peter, unfortunately, making contribution records public has so far inspired those in the press with political agendas to wage witch hunts. E.g., Brendan Eich, Peter Thiel. Keeping names not secret but harder to access without cause is not unlike protecting jurors and ballots.

Sancho_PNovember 29, 2017 5:10 PM

I already made five points here as Orin Kerr had a completely flawed opinion regarding Carpenter v. United States at scotusblog [1]:
https://www.schneier.com/blog/archives/2017/10/friday_squid_bl_598.html#c6763270

@Bruce focuses at the "warrant or not", the most important question.

However, his essay completely omits the distinction between past, presence and future and the different objectives of LE and provider:
The gov surveillance requirements are to store personal data (for weeks and months, which is the past), while the technical requirements of the provider are to store phone location for routing (presence) and probably to collect anonymous data to improve their system.
The provider does not need the personal past.

A Warrant (in the sense of POTS communication [2]) would require to store the data from now to the near future, certainly in a limited timeframe, for certain customers.
To require the provider to store (limited, say two weeks) history (location) data of all their customers “just in case” would already extend LEOs capabilities and the sense of law, as does collecting past metadata.

Also there is no word regarding liability for unneeded personal data stored at the provider.
Imagine a data breach leaking @Bruce’s minute location data for the last three years, might be fun to plot out (but not for him).
Who leaked it, was it LE or the provider? Who had access?
+ We must not forget it's the phone location, no "evidence" that he was there.

Today we are only talking about location data, tomorrow it will be the digitally stored phone communication content - because we can.

But I absolutely agree that the third party doctrine never made sense,
especially when there is no choice to “share” the data.

[1]
There is a new post from today how they tried to draw lines in the sand:
http://www.scotusblog.com/2017/11/argument-analysis-drawing-line-privacy-cellphone-records/

[2]
We know how it was done according to the law from the seventies:
Connecting a tape recorder at the suspect’s line terminator.

AnonNovember 29, 2017 5:54 PM

@Drone:
Last time we enacted campaign finance reform, we got McCain-Feingold bill to "get the money out of politics". How's that working out for everyone (but hey - we at least get a "I am ___ and I endorse this message" at the end of each of the billion ads now, phew, right)? Some people joked at the time that it should have been called the Incumbent Protection Act, and they were right.

I'm not sure the solution is through the congress here, since it's basically asking the proverbial foxes to decide the rules on protecting the hen house. An Article 6 convention of states might the the only way to get term limits done (and other things like spending limits).

trsm.mckayNovember 29, 2017 6:46 PM

@drone @Iggy

Agree with most of suggested political fixes, but not: Enact term limits for members of Congress, one or two terms maximum.

I used to think this was a good idea, but no longer. Living in one of the states that did this for state representatives, it did not work out well. It did get rid of a few "entrenched" politicians that I wanted to see go; but it also resulted in a bunch of representatives who didn't know what they were doing. As a result, unelected lobbyists and staff members got more powerful, and the people we voted for (and had some level of control over) were less effective.

For a moment, think of being a political representative as any other complex job. How long did it take for someone to become competent in a new career? How long did it take to become an expert? With term limits, you are lucky if they achieve competence. And the only way they become expert is if they "position switch" (like moving from congress to senate), something people who promote term limits typically don't like. If you think politics is easy, here in the US we have a good experiment currently in progress -- perhaps because the results of amateurs running the Iraq Coalition Provisional Authority were so good we had to try it at home too.

Actually direct election of justice is a mixed bag too. I think electing a US Attorney General is OK (many states have this), but am very worried about electing judges with our current levels of citizen engagement. It is far too easy for special interests to influence elections and end-up with "friendly" judges.


Ergo SumNovember 29, 2017 6:54 PM

I'd be surprised, if POTUS did not keep the third-party doctrine, effectively legalizing it at the highest level in the US...

The corporations that have financial interest in keeping the doctrine in place won't let it just disappear. They will not get off the gravy-train of selling the collected data to anyone.

Can you imagine Google, oops ABC company, not being able to sell data collected from the web, the Android based smartphone and offline databases? Don't, it's not going to happen...

Can you imagine that Microsoft stops all their "telemetry" in the Windows OSs, in the Office suite and stops pushing everyone in to their cloud? Don't, it's not going to happen...

Can you imagine that all other software companies will stop their "telemetry" reporting, even for little programs like PDF readers? Don't, it's not going to happen...

Can you imagine that all of the data crokers will stop collecting and selling data? Don't, it's not going to happen...

There's way too much money in collecting everything about us and selling/trading the data sets. The only way this gravy-train will stop, if there's no more gravy left. And that may take a long time and the chances are that I won't see that happen...

John SmithNovember 29, 2017 6:57 PM

from Sancho_P:

"...But I absolutely agree that the third party doctrine never made sense,
especially when there is no choice to “share” the data..."

Third party doctrine makes perfect sense to me - it makes parallel construction so much easier. Plus FBI can use it to deploy a new improved COINTELPRO.

From Wikipedia: https://en.wikipedia.org/wiki/Total_Information_Awareness

"...According to a 2012 New York Times article, the legacy of Total Information Awareness is "quietly thriving" at the National Security Agency (NSA)..."

Surprise, surprise.

TIA + third party doctrine = Stazi 2.0

trsm.mckayNovember 29, 2017 7:25 PM

@anon: Last time we enacted campaign finance reform, we got McCain-Feingold bill to "get the money out of politics". How's that working out for everyone

You have this a little wrong, as very little of McCain-Feingold is currently in effect. The supreme court gutted the major beneficial provisions, and gridlock in the FEC has neutered most of the rest. Not to say there weren't some incumbent protection stuff as well, but you are barking up the wrong tree at a scapegoat :)

@clive: good points about silent progress, another technical means changing intent and enforcement, reminds me of speed cameras arguments; more precisely enforcing what was originally practiced/meant-to-be a more flexible law. California actually has done a fairly decent job in regulating these types of traffic devices, in part because of anti-speedtrap laws enacted in the dawning of the auto age.

@clive and @JonKnowsNothing (which BTW is cool alias, any relation to the book where Jon dies eventually?)

USPS tracking of mail is a good example, so is automated license plate tracking. There are many ways that mass surveillance has become easier. We need a legal/ethical shift away from the control freaks of government and the not-so-tender clutches of commercialism.

IsmarNovember 29, 2017 7:31 PM

@Bruce and @Clive
One aspect that gets overlooked is that even if this becomes illegal, how likely is any of it to be discovered and proven in a court of law given the level of sophistication involved?

Sikhandtake RakhuvarNovember 29, 2017 7:35 PM

I've never been comfortable with either choice for filling judgeships - election or appointment - and offer a third possibility. Just as any registered voter is subject to being called up for jury duty, so should any practicing member of the Bar be subject to being called to act as judge for trial or two. Granted, some cross-jurisdictional shuffling might be needed on occasion to cover conflicts of interest, but it would seem to address the problems inherent in the two current methods of selecting judges.

Winston SmithNovember 29, 2017 7:48 PM

@Clive Robinson (and all)

Your comments are rational and conclude well in my humble opinion. To continue your last comment (quoted below), I add:

"Which realy means there is no equitable justice process in the US for ordinary people, in fact no justice system at all if someone desides for any number of reasons to "get you"."

...and then consider that if the IC wants to "get you", parallel construction is an available and effective means, in addition to simply planting the evidence on your device if necessary (although I have no proof nor anecdotes to share of the latter, I don't doubt the capability exists). Why?... Because these entities effectively operate above and outside the law.

The US Constitution was carefully crafted by individuals who suffered with and witnessed first hand the dangers of imperious, authoritarian rule. Unfortunately now, not only does the US Constitution need to be updated to account for technology's role in our lives to preserve the spirit in which it was first drafted, but the governed need to fully understand and act to preserve the rights which it affords. The latter is a huge challenge given how the governed have become "soft" and coddled by the creature comforts of the modern world, and how easily distracted they are by "shiny baubles".

Additionally, we need to be protected from those entities almost as powerful-- the monopolies which oversee our data such as Google, Verizon, et al. and a plethora of other industries which would fill this blog with anecdotes and examples. The rarely used US Sherman Antitrust act notwithstanding, respect for the "law of the land" is being exorcised from the halls of government in exchange for money and promises. How to achieve, then, the goal?

Isn't is odd how humankind can accomplish the technical acumen to put a man on the moon, but we can barely manage our lives-- individually or in groups?

IggyNovember 29, 2017 8:21 PM

@trsm.mckay • November 29, 2017 6:46 PM said:

Agree with most of suggested political fixes, but not: Enact term limits for members of Congress, one or two terms maximum.

Lack of experience is a given with new elected representatives and I'll concede that just two 2-year terms for the House is too brief, so three terms might be more appropriate. But consider the reason why the House term is only two years. The Founders envisioned that Congresscritters, unlike Senators, would be ostensibly closer to their constituents, share the same neighborhood, and thus live the same issues. The shorter term was also intended to get people who are more technologically modern, so consider all the current dead wood who have no clue about technology. Far too many of us leave the incumbent alone as long as s/he isn't openly poking us in the eye. No, we need term limits, or apathy will socialize us all out of the America far too many died to make reality.

@John Smith, no kidding.

IggyNovember 29, 2017 9:37 PM

Sikhandtake Rakhuvar • November 29, 2017 7:35 PM said:

Just as any registered voter is subject to being called up for jury duty, so should any practicing member of the Bar be subject to being called to act as judge for trial or two.

That's an interesting suggestion. Perhaps we could flesh it out at this Friday's squid blog.

FrancesNovember 30, 2017 12:15 AM

I also think that the term limits suggested are too short, especially for Representatives. Senators are elected for a 6-year term, a 2-term limit gives them 12 years, which is more than enough to get up to speed. To do the same for Representatives would mean a 6-term limit. Perhaps consideration should be given to changing the length of the Representatives' term to four years then make it a 3-term limit. The two year term requires too much money for campaigning and hardly gives a Representative enough time to learn the job.

Definitely allow only political contributions from individual taxpayers. You have to get rid of Citizens United. I once read a suggestion that to make a political contribution to a particular candidate for election, you should have to reside in that district, and that makes sense to me.

Finally, establish a commission to handle the required changes in voting districts and get rid of gerrymandering.

Wesley ParishNovember 30, 2017 3:25 AM

After reading this, all I'm going to do is reiterate something I've said before: this warrantless access to personal data, while states are engaged in conflict in cyberspace and various state bodies are enjoying their talentless use of unsecured cloud storage, leaves a nation's "security" in rather the same place that diabetes leaves a person's physical and mental health.

Consider this: a state not only access the information on a population's whereabouts on a second-by-second basis, it also stores it. And the storage security tends to be only as good as the understanding of the last security bug. (Generals fighting the previous war again.) Likewise with spending habits, savings accounts, etc.

Now if one state actor can do it, any other with equivalent or superior technology can do it as well. And competition tends to drive technology.

If you can access the information of an entire population, and can examine it for patterns, etc, you can find the weakest points.

It's like playing Go, or chess, or poker, but being able to see the opponent's hand - in poker - or being able to change any given stone or chesspiece's allegiance in Go and chess.

Consider Phlebas, by Iain M. Banks
The war, briefly (abstract of main text)
Idir was never attacked, and technically never surrendered. Its computer network was taken over by effector weapons, and - freed of designed-in limitations - upgraded itself to sentience, to become a Culture Mind in all but name.

You are not expected to understand this, particularly if you are an recumbent in public office in the United States of America.

JardaNovember 30, 2017 3:27 AM

If "The Supreme Court can either update current law to reflect the world, or it can further solidify an unnecessary and dangerous police power", as I watch where the world is heading, especially under you cretin in chief, I expect the latter.

neillNovember 30, 2017 4:54 AM

i wonder if we could just add a header (and/or footer) to our emails stating

"this is a private (privileged) conversation between A and B"

IF an investigator continues to read he/she would be on notice that this is a private conversation protected by several amendments ...

said investigator would need to explain why she/he continued to 'read' a private conversation

DroneNovember 30, 2017 5:08 AM

@Petre Peter,

"i say that when running for public office, contributions should be as visible as they are on Formula 1 drivers’ suits. It’s doable, we have the adhesive, we have the labels and we have the suits."

I wish contributions could be made open and visible, but they can't. Contributors who have their personal details made public are subjected to targeted harassment by the opposing party and/or ravenous fund-raising by the friendly party.

AlejandroNovember 30, 2017 5:15 AM

I did a little research on this issue.

Legal experts suggest the court could reasonably restrain the third party doctrine to criminal matters only AND require a warrant, but of course there are many arguments to the current predicament.

It occurs to me the pattern at least since 9-11 is to grant the police and government more power, and thus the people less, based on one word alone:

Security.

You fill in the blank.

Clive RobinsonNovember 30, 2017 8:42 AM

@ Alejandro,

Legal experts suggest the court could reasonably restrain the third party doctrine to criminal matters only AND require a warrant

It won't work, as we have already seen with FISA "collect it all" by the NSA.

It's the "three hop principle" at work...

I want to see your traffic, but you appear as saintly and politically inactive as it's possible to be. Which means I can not get a warrant for you "alone".

Which is what the proposal you are thinking about would do.

However what I do is "somehow" get a list of those you communicate with. If they are not saintly but just normal there's about a one in six to one in three chance depending on your socioeconomics that one of your contacts is either a convicted criminal or on a list of people who are thought to be criminals. Thus even if none of your direct contacts are criminals it's fairly certain that one of their contacts is.

So I apply for a warrant on the criminal and sweep up all their electronic contacts. And as the saying about "give me six lines..." has it I can then use it to get the next warrant in the chain...

Thus a couple of warrants later I have you on the list of suspected criminals and all your traffic records... Then with a little time and selective luck I have you hanging on a hook, but you don't yet know it.

Then at a time of my chosing you get SWATed out of bed and dragged of infront of TV Cameras / reporters etc.

I then present you with a bunch of your communications that circumstantially make you look guilty, if you don't cop to a plee deal, I pull another bunch of communications that look just as bad if not worse and offer you an even worse deal. Mean while, unless you are realy rich your lawyer is turning you into a bankkrupt at a thousand dollars an hour or what ever they can get away with.

I just keep doing the same over and over, and even if you do get to court I can drop everything on you only a couple of weeks befor trial. Even if you do get found innocent, you won't get your money back. You have to take the authorities to court and by now they will have blackened your name as much as possible. If you are lucky they may force you into a fraction of your costs, more likely they will find sometging else to drag you to court and get a plee deal which has a little clause about you find the innocent of all malicious etc acts...

That is how certain people think. They decide you are dirty and they will find some way to not just make you so but bankrupt as well, then punish those around you just for not rolling over...

Thus "equity of arms" in the justice system is non existant, unless you have the money and power and ruthlessness to utterly destroy the person who is trying to do it to you... It's just the way the system works, if you don't have a lever to divert the process, then you will get crushed.

Petre PeterNovember 30, 2017 9:47 AM

@Iggy

making contribution records public has so far inspired those in the press with political agendas to wage witch hunts.

@Drone

Contributors who have their personal details made public are subjected to targeted harassment by the opposing party and/or ravenous fund-raising by the friendly party.

i thought the race was for my safe.ty. Since this can can lead to a paradox, i will "eyeball kick" this 'for their safety' can instead of opening it-for my safety.

JG4November 30, 2017 10:03 AM


@Iggy and Petre - you opened the topic of cynically exploiting "market opportunity." File under "evil genius, it's all a giant scam."

A coordinated system for stealing from people who care about the direction of their country. Some people would call it a persistent mispricing, or a market inefficiency. There always are psychopaths available to exploit any opportunity, irrespective of what you call it. Here's a reason that you don't want the marketing people to know much about you - the information will be sold to psychopaths.

http://www.politico.com/story/2015/01/super-pac-scams-114581_full.html
...
Since the tea party burst onto the political landscape in 2009, the conservative movement has been plagued by an explosion of PACs that critics say exist mostly to pad the pockets of the consultants who run them. Combining sophisticated targeting techniques with fundraising appeals that resonate deeply among grass-roots activists, they collect large piles of small checks that, taken together, add up to enough money to potentially sway a Senate race. But the PACs plow most of their cash back into payments to consulting firms for additional fundraising efforts.

JG4:

The Republicans do it at the party scale too, by collecting huge donations from sickcare industry at the same time they fleece the little people for donations to support the scam that Republicans want Obamacare dismantled. Just like the NRA loves Obama, because it drives donations. The Red Cross loves hurricanes for the same reasons, then they pocket the money and send well-marked vehicles to drive around the affected areas, purely for show, without distributing any aid (you caught that in the news about superstorm Sandy?). Don't think for a moment that the Democrats don't run the same scam. Any time that you need a dose of rabid, Karl is happy to oblige.

It's A Scam (GOP Plans To Repeal Obamacare)
http://www.market-ticker.org/akcs-www?post=229800
...
The GOP has utterly no intention of doing anything about this [other than fleecing people as described above]. Nor do the state legislatures. They won't even bring such a thing up in their caucus; I know, because I've been told that specifically.
**** these people. All of them. It appears to me that the law is being flagrantly violated on a literal every-second basis, and we're not talking about "little" laws here either -- Sherman and Clayton, for example, carry 10 year prison sentences and million dollar fines for individuals (ten times for corporations when it comes to the fine part.)
You can talk to me about doing something about medical costs when there are literally thousands of indictments issued across the entire swath of this gigantic scam -- but not until.


AnonNovember 30, 2017 10:08 AM

@trsm.mckay
Whatever your views on the supreme court's decision in that case, McCain-Fiengold ended up being challenged constitutionally and gutted as a result which does not speak well of the law's design. Besides that, it set up, by my understanding, the current Super-PAC and 501c3 nonsense that we have now where all the real money is. I'm not saying this to demean the intentions of those supporting the law - their intentions were noble and good - but the results have been less than satisfying.

tyrDecember 1, 2017 5:47 PM


Isn't this whole argument based on the mad
rush to strip everyones property and the
concept of ownership away ? Once it is
considered a fact that you own nothing the
consequences are clear it is the final step
in the chain of commodification of the world.

If that's true the details argued are like
the external rash of smallpox. You can try
to fix the skin rash but you'll never get
to the virus causing the rash.

Maybe we need to back off and look at a
bigger picture before we expect some badly
flawed intitutions to fix what is wrong.

SnarkSideDecember 1, 2017 7:28 PM

It's all made worse by things like The Communications Assistance for Law Enforcement Act (CALEA) 1994, 2005. No communications company can really even offer a product that offers a reasonable expectation of privacy. They are incentivized not to just simply, not log data. It would be harder to track movements over time if they don't log details.

Better laws would incentivize destruction of logged data to protect privacy and only activate log retention on accounts where a warrant is served to demand retention.

Maybe phones should have a mandatory privacy switch, toggle the privacy protection bar to "on" and no location tracking is allowed unless a warrant is in place to justify override. Logging location history on cell towers and Navigation application use is not needed to provide services. It's unreasonable not to have a right to use services without an option to disable data collection and retention, or sharing of that information with law enforcement agencies that aren't a party to the communications.

If I'm a paying customer I should have the reasonable expectation that the other party in the business relationship should make every effort keep information private including keeping it private when faced with LEO overreach.

CallMeLateForSupperDecember 2, 2017 10:02 AM

@Drone
"3. Separate the United States Department of Justice from the executive branch."

Surely you simply forgot that the three branches of U.S. federal government - executive; legislative; judicial - are independent of each other.

CallMeLateForSupperDecember 2, 2017 10:20 AM

@Ergo Sum
"I'd be surprised, if POTUS did not keep the third-party doctrine, effectively legalizing it at the highest level in the US..."

Did you mean to say "SCOTUS"? Probably, because POTUS does not make law and is not "the highest level in the US".

vas pupDecember 2, 2017 11:07 AM

@Clive:"Which really means there is no equitable justice process in the US for ordinary people, in fact no justice system at all if someone decides for any number of reasons to "get you".
Yes, it is. The more laws you have the more options you provide to, as you stated 'get you'. Your security depends on who targets you, their determination and resources to collect any 'skeleton' out of your closet. All security is just not to be easy target for fishing expeditions of criminals, government (LEA/IC), private investigator, big business,media you name it.
I have no problem with government collecting any information (meta data) without any warrant, BUT for criminal intelligence purpose, NOT to prosecution. The latter should only follow legal hoops aka warrants, etc.

Augie-DoggieDecember 5, 2017 8:04 PM

Believe it or not, there are people actually living and functioning without a cell phone!

WaelDecember 6, 2017 10:27 PM

@Augie-Doggie,

... there are people actually living and functioning without a cell phone!

Yea! Jim Holt is one of them. I won't tell you where he says that so you watch the whole kit and kaboodle.

LongtimeLurkerDecember 9, 2017 6:58 PM

Isn't the "third party doctrine" actually a deliberate misinterpretation of what a "third party" is in order to facilitate abuse of power?

http://dictionary.law.com/Default.aspx?selected=2120

a person who is not a party to a contract or a transaction, but has an involvement (such as one who is a buyer from one of the parties, was present when the agreement was signed or made an offer that was rejected).

The notion that a contract between me and my cell provider should be treated as "unprotected third party communication" is simply inaccurate, we are both "principals" in the agreement.

The only way "third party" should apply to an "internet" contract is if there was, for example a Google representative present at the signing of my contract with AT&T but there wasn't. In any event, that would only allow Google to assert "third party", not AT&T.

JonKnowsNothingDecember 9, 2017 11:18 PM

@ LongtimeLurker

Isn't the "third party doctrine" actually a deliberate misinterpretation of what a "third party" is ...

It's to facilitate not having to disclose how evidence is obtained or even that it was obtained at all.

The concept of "private" or "protected" got dumped a while back. If it is truly private the New New Definition is: You never ever tell anyone. Which is related to the "If you have nothing to hide...." non sequitur.

Companies are made of employees and those employees look at your data so the data isn't private anymore. Once you enter into any agreement your data is open to access.

Data held by companies have open access via a basic subpoena because those are Business Records and are just like accounting books. They are not treated as anything special.

Which is why the FBI/NSA claim they can access any data any place in the world IF you can bring it up in a browser inside the territory of the USA. Once it traverses the internet pipelines and is processed by a dozen protocols and hardware systems and lands in your monitor/smart(?)phone it is way way past "private/privilege". Once it crosses our international border it's Open Season.

Third Party Data also permits the vast data harvesting via Google FB etc. etc. etc. If you didn't want World+Dog to know what you ate for breakfast you wouldn't post a Samuel Pepys Diary about your habits.

It's a handy way to Make What Was Once Hard - Easier. Except the job of Law Enforcement is SUPPOSED TO BE HARD. It was designed that way for a reason.

Those reasons no longer seem to matter.


ht tps://en.wikipedia.org/wiki/Samuel_Pepys
(url fractured to prevent auto run)

LongtimeLurkerDecember 10, 2017 2:49 AM

@JonKnowsNothing

What you described is exactly my point. Those are the same arguments that would be presented by prosecutors or investigators.

What I was getting at is they have successfully confused the public by hijacking the catch phrase "third party doctrine".

A service provider is simply not a third party when it comes to citizen communication. They tap into the ISP based on this deception which really needs a good legal challenge.

JonKnowsNothingDecember 10, 2017 7:26 AM

@ LongtimeLurker

... they have successfully confused the public by hijacking the catch phrase "third party doctrine".

It is the Re-Definition Game. This is not the only commonly understood phrase to have it's meaning twisted.

  • Relevant == ALL
  • Private == Public
  • Evidence == What we pretend to find
  • Disclosure == None For You (it's all: s e c r e t)
  • Legal Defense == Something in the way of their promotions
  • Laws == Something we ignore, at will
  • International Laws == hahahahahahahahaha

The Sith Code at work. The relevant (not all) passage:

THE SITH CODE - Peace is a lie, there is only passion. Through passion I gain strength. Through strength I gain power. Through power I gain victory.

Sancho_PDecember 10, 2017 3:31 PM

@LongtimeLurker, JonKnowsNothing

Although I oppose the TPD as the law-twisters use it, to count the parties goes like this:
First is you, second your (comm) partner, and third any observer of that transaction, if there is any.
With the “if there is any” there goes your privacy, as they argue.

But!
The TPD is wrong when you follow the twister’s arguments.
A nearly perfectly failed twist to sell us the TPD is from Orin Kerr:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1138128
(try the “Open PDF in Browser, download didn’t work for me)

- Be careful not to vomit at the Introduction, you crook, you have been warned!
Now mind the wording ”it implies consent” or ”Consent Doctrine” and “voluntarily”, which also implies there would be a choice (e.g. an option to set “private” or “public” (encrypted or open) for your transaction / conversation.

There is no such choice, therefore there is no TPD as they define it [1].

Also see the infamous “eye witness” eyewash by Orin Kerr:
http://www.scotusblog.com/2017/08/symposium-carpenter-eyewitness-rule/
and the comment I made here:
https://www.schneier.com/blog/archives/2017/10/friday_squid_bl_598.html#c6763270


[1] Bonus point:
Think of a conversation between you and your wife, say in your bedroom.
Is this transaction deemed to be voluntarily shared because someone with the opportunity to do so hid a mic behind the curtain and recorded everything?
Without your knowledge?
Did you “voluntarily” share because you didn’t encrypt what you said to your wife?
Is the eavesdropper / spy / whatever a legal third party only because he can listen?

Sancho_PDecember 10, 2017 3:38 PM

@LongtimeLurker, JonKnowsNothing

One more point regarding our “consent”:
Nearly every page in the Net shouts at us “We use cookies, blah blah, click here to accept”.

¿Does our phone provider, whenever we pick up the phone, tell us:
Before you dial, be aware that we use a pen register and may share all connection details, including but not limited to, time, location, duration, dialed number, with who ever asks for!” ?
No?
But our consent is implied, isn’t it?

Clive RobinsonDecember 10, 2017 5:32 PM

@ Sancho_P,

Also see the infamous “eye witness” eyewash by Orin Kerr

And many other "re-interpretations" you will not find in a Websters or Oxford English.

Like the NSA, Orin Kerr was once painted as "a good guy"... These days it's difficult to decide which is worse in this respect...

I'm sure that if you practised on Orin Kerr what he preaches to others, he will be as bellicose over the sense of intrusion and injustice as many readers here would be on recieving such treatment...

In life there are many that turn a blind eye or worse make suggestions of how to deal with "others" as long as they are on "the doing to" not "having done to" side of the argument. However one thing history teaches us "do unto others at your peril" because of the "Judge ye not lest ye be judged" issue that arises from one day you may be on top, but the next you may be on the bottom...

Being judged by your previous standards and actions, at the least turns into a kind of temporal "Eye for an Eye" thinking, or worse. Which can become a generational blood feud with barely a pause for consideration. In South Africa they realised this danger which is why they had their "truth and reconciliation" process.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.