Code Talking for the Dumb
A 29-year-old man was taped using the code language Pig Latin to organise reprisal gangs the day after the Cronulla riots, a Sydney court heard today.
Yep, Pig Latin.
Page 23 of 29
A 29-year-old man was taped using the code language Pig Latin to organise reprisal gangs the day after the Cronulla riots, a Sydney court heard today.
Yep, Pig Latin.
New York is installing an automatic toll-collection system for cars in the busiest parts of the city. It’s called congestion pricing, and it promises to reduce both traffic and pollution.
The problem is that it keeps an audit log of which cars are driving where. London’s congestion pricing system is already being used for counterterrorism purposes—and now for regular crime as well. The EZPass automatic toll collection system, used in New York and other places, has been used to prove infidelity in divorce court.
There are good reasons for having this system, but I am worried about another wholesale surveillance tool.
EDITED TO ADD (9/4): EZPass records have been used in criminal court as well.
Dan Solove comments (two posts) on the recent ACLU vs. NSA decision regarding the NSA’s illegal wiretapping activities.
From Technology Review:
A camera developed by computer scientists at the University of California, Berkeley, would obscure, with an oval, the faces of people who appear on surveillance videos. These so-called respectful cameras, which are still in the research phase, could be used for day-to-day surveillance applications and would allow for the privacy oval to be removed from a given set of footage in the event of an investigation.
An interesting privacy-enhancing technology.
This is a great piece of news in the U.S. For the first time, e-mail has been granted the same constitutional protections as telephone calls and personal papers: the police need a warrant to get at it. Now it’s only a circuit court decision—the Sixth U.S. Circuit Court of Appeals in Ohio—it’s pretty narrowly defined based on the attributes of the e-mail system, and it has a good chance of being overturned by the Supreme Court…but it’s still great news.
The way to think of the warrant system is as a security device. The police still have the ability to get access to e-mail in order to investigate a crime. But in order to prevent abuse, they have to convince a neutral third party—a judge—that accessing someone’s e-mail is necessary to investigate that crime. That judge, at least in theory, protects our interests.
Clearly e-mail deserves the same protection as our other personal papers, but—like phone calls—it might take the courts decades to figure that out. But we’ll get there eventually.
U.S. courts are weighing in with opinions:
When Ray Andrus’ 91-year-old father gave federal agents permission to search his son’s password-protected computer files and they found child pornography, the case turned a spotlight on how appellate courts grapple with third-party consents to search computers.
[…]
The case was a first for the 10th U.S. Circuit Court of Appeals, and only two other circuits have touched on the issue, the 4th and 6th circuits. The 10th Circuit held that although password-protected computers command a high level of privacy, the legitimacy of a search turns on an officer’s belief that the third party had authority to consent.
The 10th Circuit’s recent 2-1 decision in U.S. v. Andrus, No. 06-3094 (April 25, 2007), recognized for the first time that a password-protected computer is like a locked suitcase or a padlocked footlocker in a bedroom. The digital locks raise the expectation of privacy by the owner. The majority nonetheless refused to suppress the evidence.
Excellent commentary from Jennifer Granick:
The Fourth Amendment generally prohibits warrantless searches of an individual’s home or possessions. There is an exception to the warrant requirement when someone consents to the search. Consent can be given by the person under investigation, or by a third party with control over or mutual access to the property being searched. Because the Fourth Amendment only prohibits “unreasonable searches and seizures,” permission given by a third party who lacks the authority to consent will nevertheless legitimize a warrantless search if the consenter has “apparent authority,” meaning that the police reasonably believed that the person had actual authority to control or use the property.
Under existing case law, only people with a key to a locked closet have apparent authority to consent to a search of that closet. Similarly, only people with the password to a locked computer have apparent authority to consent to a search of that device. In Andrus, the father did not have the password (or know how to use the computer) but the police say they did not have any reason to suspect this because they did not ask and did not turn the computer on. Then, they used forensic software that automatically bypassed any installed password.
The majority held that the police officers not only weren’t obliged to ask whether the father used the computer, they had no obligation to check for a password before performing their forensic search. In dissent, Judge Monroe G. McKay criticized the agents’ intentional blindness to the existence of password protection, when physical or digital locks are such a fundamental part of ascertaining whether a consenting person has actual or apparent authority to permit a police search. “(T)he unconstrained ability of law enforcement to use forensic software such at the EnCase program to bypass password protection without first determining whether such passwords have been enabled … dangerously sidestep(s) the Fourth Amendment.”
[…]
If courts are going to treat computers as containers, and if owners must lock containers in order to keep them private from warrantless searches, then police should be required to look for those locks. Password protected computers and locked containers are an inexact analogy, but if that is how courts are going to do it, then its inappropriate to diminish protections for computers simply because law enforcement chooses to use software that turns a blind eye to owners’ passwords.
Project Honey Pot files a $1B+ lawsuit against spammers.
There’s a class-action lawsuit against TJX by various banks and banking groups:
The suit will argue that TJX failed to protect customer data with adequate security measures, and that the Framingham, Mass.-based retail giant was less than honest about how it handled data.
This case could break new legal ground, and is worth watching closely. (I’m rooting for the plaintiff.)
Sidebar photo of Bruce Schneier by Joe MacInnis.