The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
The 4th Amendment Thread: Privacy, Search & Seizure, Chain of Custody
joshofalltrades
Class TraitorSmoke-filled roomRegistered User regular
Class TraitorSmoke-filled roomRegistered User regular
This is sort of tangential to the Surveillance State thread, and while it's related I felt like it could probably support its own thread without getting specifically into FISA courts and such.
So way back in 2013 oh shit wait that's this year a federal judge overturned a 2010 decision which ruled that cell phone data had a reasonable expectation of privacy and warrant procedure needed to be followed in order to obtain that information.
So the argument, according to Brown, is that cell phones with geolocation technologies are so ubiquitous that it's totally cool for the warrant system to be bypassed. After all, if you don't want the cops to know where you are, you can just turn it off!
But there are a lot of problems with that argument, in my opinion. It's like saying, "If you don't want the cops to search your house without a warrant, all you have to do is barricade the door!" The onus is not on me to keep the police from obtaining information they shouldn't be able to have in the first place. It should be on the police and the judicial system. The fact that lots of people have cell phones is a total non-sequitur to me. Lots of people have couches! There are a shitload of people with homes. Does the ubiquitous nature of home ownership mean you don't get to be secure in your home?
But hey, if you don't want people to know what happens in your home, just never be there! It's a very practical safeguard, turning off your phone to avoid tracking data, except that maybe people want to use their devices sometimes. And maybe something more invasive than a GPS tracker attached to your car should be subject to some safeguards.
So if you don't have a reasonable expectation of privacy while using a cell phone, where do we have a reasonable expectation of privacy? Is there a company with a cell phone service that allows you to opt out of sending GPS e-911 data to be stored and later retrieved?
If you want, we can also discuss whether or not privacy is something we should value (please nobody do the "if you are innocent you have nothing to hide" argument, please please).
Wait, so my cell phone isn't part of my "effects"?
Hm.
So way back in 2013 oh shit wait that's this year a federal judge overturned a 2010 decision which ruled that cell phone data had a reasonable expectation of privacy and warrant procedure needed to be followed in order to obtain that information.
“Given the ubiquity and celebrity of geolocation technologies, an individual has no legitimate expectation of privacy in the prospective of a cellular telephone where that individual has failed to protect his privacy by taking the simple expedient of powering it off,” Brown wrote.
“As to control by the user, all of the known tracking technologies may be defeated by merely turning off the phone. Indeed – excluding apathy or inattention – the only reason that users leave cell phones turned on is so that the device can be located to receive calls. Conversely, individuals who do not want to be disturbed by unwanted telephone calls at a particular time or place simply turn their phones off, knowing that they cannot be located.”
The American Civil Liberties Union (ACLU) has long been a voice for the American people against governmental overreach and technological surveillance. Chris Soghoian, a principal technologist and senior policy analyst at the ACLU, wrote that Brown’s opinion was “ridiculous.”
“There is a big difference between location information you knowingly share with a select group of friends (or, in fact, the world) and information collected about you without your knowledge or consent,” he wrote.
So the argument, according to Brown, is that cell phones with geolocation technologies are so ubiquitous that it's totally cool for the warrant system to be bypassed. After all, if you don't want the cops to know where you are, you can just turn it off!
But there are a lot of problems with that argument, in my opinion. It's like saying, "If you don't want the cops to search your house without a warrant, all you have to do is barricade the door!" The onus is not on me to keep the police from obtaining information they shouldn't be able to have in the first place. It should be on the police and the judicial system. The fact that lots of people have cell phones is a total non-sequitur to me. Lots of people have couches! There are a shitload of people with homes. Does the ubiquitous nature of home ownership mean you don't get to be secure in your home?
But hey, if you don't want people to know what happens in your home, just never be there! It's a very practical safeguard, turning off your phone to avoid tracking data, except that maybe people want to use their devices sometimes. And maybe something more invasive than a GPS tracker attached to your car should be subject to some safeguards.
So if you don't have a reasonable expectation of privacy while using a cell phone, where do we have a reasonable expectation of privacy? Is there a company with a cell phone service that allows you to opt out of sending GPS e-911 data to be stored and later retrieved?
If you want, we can also discuss whether or not privacy is something we should value (please nobody do the "if you are innocent you have nothing to hide" argument, please please).
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Wait, so my cell phone isn't part of my "effects"?
Hm.
joshofalltrades on
+1
Posts
The 4th Amendment only applies to prevent "searches and seizures." What counts as a search/seizure depends on whether you have a reasonable expectation of privacy. If you don't, then it's not a search, so it doesn't matter whether a phone counts as your "effects."
I expect that my cellular provider knows where I am, geographically.
I don't expect that they will share this information with law enforcement.
To use an analogy: I expect that my bank knows where I go on vacation because they will see transactions for hotels and restaurants. The government still needs a warrant to obtain those records.
Any meaningful discussion of privacy must include discussion not just of the nature of the information being shared, but also the roles of the people with whom it is being shared.
the "no true scotch man" fallacy.
"I agree to let the provider track me for the geo functions and they agree to not give that information away."
"I agree to let the provider track me for the geo functions and they will give my information away to any law enforcement agency upon request."
What's the actual contract language for providers on this matter? Because that's where this all comes down to. The providers should be mounting legal cases against law enforcement agencies that violate the first statement above.
Except that they're not just giving the information away. It's just that the information is not protected to the point where a warrant is needed, just a subpoena.
What about where it's not addressed in the contract at all?
As AH mentioned, its not a matter of agreements. Its a matter of whether or not the phone company can refuse a court order and demand a full search warrant. Its as if I told John Doe to tell Jane Doe something, the government can subpoena John to find out what I wanted to tell Jane. This differs from the content of the call because its reasonable to expect that the content is a private conversation.
QEDMF xbl: PantsB G+
What is the established legal precedent for protecting privacy, particularly as regards cell phones?
What should be the standard for protecting privacy, particularly as regards cell phones?
What information would law enforcement like to have?
The last one is easy: law enforcement wants all the information. Every damned bit of it. They would like to hit a button and know every last thing about any given person. So we can invariably expect that they will fight for every last datum.
The first one is trickier, but I think that Brown's statement is actually a reasonable (if lazy) extension of existing precedent. The problem - and this gets into the second question - isn't that it's just making up judgments so much as that it's ignoring the fact that changing technologies mean that we need to reexamine this issue from the bottom up. It is defensible to state that the government can have access to contact info for fixed-location landline phones if such information is freely given to a third party. I don't know if I necessarily agree (which isn't to say I don't, either), but it's defensible. But extending that to cover mobile phones that can literally track your location 24/7 - mobile phones that cannot actually work as designed without being turned on all the time - is like saying that the second amendment right to bear arms, written 200 years ago, means people must be allowed to own nuclear weapons.
Technology changes. Society changes. That needs to be considered, and Brown's decision is just silly given its complete dismissal of this fact. We are increasingly living in a world in which it's difficult to function without a mobile phone, without the ability to be reached 24/7. Saying you can just turn off your cell if you don't want the government spying on you is like saying you can just not live in a home if you don't want the government to search it.
Considering the government can already bring your property up on drug charges, it wouldn't surprise me in the least.
But if this is a privacy case, then your rights are being violated without due process of the courts.
Just because there is A system doesn't make it a right or accountable one.
We hold the courts as more legitimate when deciding to violate rights then law enforcement chain of command, and have more strict proof needed for a warrant then a subpoena, for good reason.
If the data is not private then law enforcement can just request all of it, put it in a database for themselves, since why not, then it can be used by malicious actors independently of the state for stalking and such.
Calling it metadata is misleading since it contains specific information, about specific people, and is wanted for that reason.
I need location data on these 3000 people for this drug case, no you are probably not going to go into detail about each of the 3000 people and notice one of them is my ex-girlfriend. Don't worry, its not an invasion of privacy.
Yeah, but no. This is kinda instructive though.
HIPPA basically creates a privacy wrapper that follows your health information pretty much wherever it goes. From your doctor, to his SaaS management system, out to other doctors, insurance carriers, pharmacies, and collections agencies.
Like, such is not the law for telecom information, but I wish it were.
Also, part of my privacy being MY privacy is that I am free to decide who to share it with. I decide to share certain data with my phone company because it's necessary for their job, but I didn't decide to share it with anyone else. I find this third-party thing is bullshit overall. I don't think that a warrant is a lot to ask for in these cases.
Seems like a 2 way public key crypto hash(think document signing) would allow for anonymized tracking, with an expectation of privacy, which could be broken for billing and e911 when needed. Maybe.
Ideally we would get new laws, written and passed by congress, which would limit law enforcement, and require an understanding of modern technology and how it is used by society.
A technological solution may not be ideal, but it could be viable.
They can, however, ask Radiology if they have seen you (and when) without a warrant and without infringing HIPAA. That gives both the location and time you visited, but not why you visited - just like mobile provider requests give location and times you called, but not why you called.
ETA:
There are many ways to get your location and time data, many of which are legal and warrantless - going around with a photo asking "have you seen this person and when?" can produce some pretty detailed results if you ask enough people. Contrast this with the above-mentioned medical records of which there is pretty much only one method of obtaining the information. As mentioned in a previous thread of a similar nature, does the legal hurdle rise simply because one method is more efficient than another? Is there a fundamental difference between asking one person who knows your location (or, at least, your phone's location) 95% of the time, and asking hundreds of people who each know your location some of the time (and collectively around 95% of the time)?
I'm pretty sure this is not true, IANAL but when I worked in the medical community we had it drilled into our heads that even revealing a person is a patient was a HIPPA violation.
http://www.hhs.gov/hipaafaq/permitted/law/505.html
this covers HIPPA exceptions for law enforcement. Seems like they should not be disclosing information about a visit, without a warrant, mostly if a LEO is attempting to locate a suspect. Simply building a case against a suspect would not qualify. So, like, the metaphor of collecting phone metadata to build a timeline of the suspects movements and build evidence of associations would not really be permissible in the case of HIPPA stuff.
I'm mostly saying this because it specifically lists instances where it is OK to list when and where a patient visited. Though I may be taking that a little too far, but restrictions on that information does seem to apply to other entities.
The thing is that just because you want to keep something private, that in of itself should not create a duty on my part to honor that desire. The point of the third party doctrine is to note that beyond specific defined obligations, you choosing to give out information alone does not create that duty on the part of of the recipient.
I ran into this when I was trying to get a prescription for my girlfriend, and she had thought she'd gotten me set up as an authorized person or whatever the term is, but it turns out it hadn't gotten entered correctly, so after getting all this information verified I showed my ID and all of a sudden they say they can't even acknowledge if she is a patient (when it's obvious she is). And then after we got the authorization for me straightened out it was just "okay here you go".
Rock Band DLC | GW:OttW - arrcd | WLD - Thortar
No, but there should be a distinction between me telling my friend that I have the crabs and him them babbling around and me giving a series of personal details to a company in order for that company to be able to provide service. Especially if that information includes my current and past physical location and who I call and how much I talk to people.
What I mean is that it's REASONABLE to expect that the data a company gathers for service purposes would remain PRIVATE.
Why is it reasonable? And let me point out that we would consider medical information private as well, but it was necessary to create a law defining clearly what duties and obligations those working with protected health information have to keep those records safe.
Your argument boils down to "there ought to be a law!", which I agree with. The thing is that right now, there isn't, so the productive course of action is to push for one.
I don't see that as particularly likely but it's possible and logical - maintains the ability of CI's to flip and allows the government to not rifle through your phone data.
That said I'm pretty okay with the system we have now. Still need probable cause to justify a subpoena.
The first is that SCOTUS will, at some point, expand the reasonable expectation of privacy.
The second is that SCOTUS will, probably around the same point, lower the standard for probable cause. This is because whilst the Constitution mandates a reasonable expectation of privacy, the jurisprudence on the probable causes permits the court to weigh the privacy right against the public interest. In the same way that the modern Supreme Court has permitted house inspectors to obtain 'suitably restricted' warrants to enforce housing codes, they can permit surveillance operators to obtain such a suitably restricted warrants to trawl large quantities of low-density data, or permit police departments to serve a restricted warrant upon the credit-card company that has been tracking your location for other purposes (identity theft prevention, say). This has not yet become acceptable, but I suspect very much that it will soon become the case.
It's not 'government conspiracy stuff'. If you are ever accused of a crime, the police can take the information they just took from your provider and hand it over to a prosecutor to spitball into 'evidence' for a conviction. Given enough data points, it's easy to construct a motive or malicious-sounding story out of your phone or computer activity, or otherwise simply sling mud at you for being a bad person. There's a reason that the police are supposed to need to obtain warrants from the court before obtaining information: the information has to be deemed relevant, not just something they can distort into looking relevant.
Say your neighbors kill each other one day, and your phone was at home charging while you were at work. Your phone's geo information says you were at home! Your phone had 'activity' on it, because it received text messages from a penis enlargement supplement spambot. You can't get your employer to back-up your alibi. The cops say you were at home and killed your neighbors and lied to them about being at work, and here's the PROOF - your geo information from your phone, which was actively being used shortly after the murders - according to the prosecutor's phone expert - to solicit for penis enlargements!
Allowing the police to just dig-up any information they want (which, as Jeffe already said, is probably all of the information they can get) without oversight is just asking for a spike in miscarriages of justice.
That is terrible evidence.
The problem there has nothing to do with police being able to gather information and everything to do with the justice sytem in your proposed scenario being pants on head. If that could garner a conviction then the amount of information they're able to actually gather on you is irrelevant.
The 5th amendment only prevents self incrimination. It does not prevent your cell phone service provider from incriminating you.
Similarly the 4th amendment only prevents you from protecting your property. Information you give to others is not your property (absent special carved out exceptions)
The information contained in this decision is equivalent to asking someone "have you seen this person and when?". And such a question is not protected. That is to say that unless such a question implicates the company you give your information to they are generally required to hand over said information.
I don't think "asking someone if they saw you" and "being able to track your present and past position with all detail" are exactly the same thing.
If those photos are communicated via cellular hotspot, this is is already true.
Financial information, like medical information, has a specific legal carve out.
The point is that there's no specific carve out for telephone metadata, so it's not protected to the same degree that financial or medical information is.