March 10, 2009
[berkman] Al Gidari on cellphone/mobile privacy
Al Gidari, Jr. of Perkins Cole is giving a Berkman talk on privacy called “They Know Where You Are: Location Privacy in a Mobile World.” [Note: I’m live blogging, getting things wrong, paraphrasing badly, missing stuff, not spell-checking, and generally just taking notes. ]
Early on, cellphone fraud was rampant. It was relatively easy to clone a phone. Al worked on tracking down offenders. The three-letter government agencies took note. E.g., the hacker Kevin Mittnick was tracked down by the FBI and the provider by using “trigger fish” tech that judges location based on cellular signals. But the carriers refused to put in the tech the feds wanted because it was too expensive. In 1994, Congress required carriers to install “surveillance-ready” technology; you could wiretap with just a flip of a switch.
“In those debates one of the serious privacy issues was whether or not the gov’t sought to have tracking capabilities for wireless phones included,” Al says. Louis Freeh said that the gov’t didn’t want such a capability, that it was a red herring, etc. CALEA separated the basic info from location info. For the basic info, you just need a subpoena. For location info, you need to go to a judge and show that it’s relevant to an ongoing investigation.
Cellphone carriers know and record a cellphone’s availability on a particular cell tower, whether or not you’re making a call. If you make a call, the tower is recorded. (This was required back when roaming agreements mattered a lot.) Google knows this also for use in Google Maps. So, location info is available from various sources. There’s also realtime inf about where you are. Then there’s prospective: mapping your movements over time.
CALEA only dealt with the historical aspect of this, not real time or prospective. Industry spent 4 years developing a standard for delivering info to law enforcement. There was a major debate over location info. In 2000, the courts decided the way the industry handled location info was proper. In a compromise, the carriers agreed that location would be given at the beginning and end of a call and the info would be included as part of the “pen register” info (the number you dialed, etc.) provided under the law. That’s “signaling info” that’s covered by CALEA.
The carriers immediately started receiving orders from the feds for the pen register info including the location info. The feds looked in the Stored Communication Act to find statutory justification for getting the prospective location info. But it’s about stored records that already exist, not records to be created in the future and stored in real time. The carriers weren’t ready to fight this. A couple of years ago, a judge said that the prospective info — where someone is going — isn’t permitted and that it violates the Fourth Amendment. Most of the following cases have gone against the feds. [Al talks about the applicability of various laws. I lost track.] “One magistrate’s decision doesn’t bind another, and we have inconsistent implementation…” Plus states get to make up their own minds about this, given the “floor.”
“The debate continues to age. We don’t know what the outcome will be.” But we need certainty, so a decision is being brewed. Feds want access, but at least are ok with bringing it before a judge. The carriers want probable cause.
The privacy implications are huge, Al says. For example, they get requests for all people on a cellphone on a site for a ten minute period, e.g., when looking for witnesses to a drug transaction. What about third parties who aren’t subject to this, e.g., Google Maps? Are the standards for requesting info lower for them? Google only responds to search warrants about location info. And if you’re a parent tracking your kid’s location, you’re developing a history that may or may not be subject to the law.
We need transparency, Al says. The carriers get 100 requests a week for location info, often for multiple people. That volume is high. And how long will they be required to track them. Because you can disclose location in emergencies without prior permission, law enforcement has gamed the system. No carrier withholds info if it’s a matter of life and death. But there’s no recording of any of these requests. There’s no oversight. Al tells about a state law enforcement official who insisted that a phone be manually pinged ever 15 mins, even when the phone was off, fort 24 hours. It turned out the guy was pinging his daughter who had not returned from a date. “How subject to abuse is that?” Al asks. Finally, if law enforcement wants to now about a particular target, should the location info of the people s/he calls also subject to disclosure?
“If the service provider is offering these location based services, can civil parties track someone who’s using the service?” he asks. Recently in a state court, a lawyer asked about info based on phone found on a container ship carrying counterfeit condoms. They wanted to know everywhere the phone had been and who it had called. The carriers refused. “The risk is enormous that location information will be abused and misused both in civil and criminal cases and it’s far from clear what Congress will do when this hot potato lands in its lap. But we do know it is coming.”
Q: What are the privacy considerations about providing aggregated, anonymized info? Can anyone other than gov’t request that?
A: Carriers want customer consent to disclose location info. But many customers buy phones for the family. Can the husband watch where the wife is going? But the customer must agree to it. It requires CPNI oy!, i.e., the customer’s consent. Non-carriers are not covered by law covering standards for aggregated or individual information. They all have policies about this and require permission.
[me] What about CPNI? Should it be opt-in
A: The kerfuffle was an example of bad journalism. The article expressed it badly. The info you are opted in to giving can be used only within the family of companies for marketing purposes. For sharing outside, it requires explicit opt-in. And CPNI has a higher standard for location info, which does not get shared. An “affiliate” is an entity you own or control. Verizon is incorporated in separate states, so they’re trying to share the info among that family of corporations.
[ez] When I meet with human rights groups, they disassemble their phones. Is anyone discussing the way in which the backdoors we put into phones will be used by repressive governments?
A: The standards are developed by manufacturers distributed to local markets. The standard reflect the local laws. The local gov’ts own the access points, so they don’t need much of a backdoor…
Q: That’s not true of China.
A: Providers do support the criminal law of their host countries. You end up with compromises made by providers. The quality of service capabilities built in, not there for surveillance, enable monitoring by protocol, etc.
Q: What are the standards for getting info on the people who attended an event? Vodaphone did that in Egypt
A: We get requests. The standard is: Your guess is as good as mine. Suppose we get a request for info about everyone who viewed a particular video at YouTube? What’s the standard? Wisconsin asked Amazon to list everyone who bought a particular book, and a court sided with Amazon’s refusal. We rely on service providers to make those objections. It’s not even clear that you would have standing to make those requests. The carriers object on the grounds that it’s burdensome. “If not for the service providers, that information would go. Most service providers are very concerned because their business rests on your comfort level with the privacy they support.” But it’s not uniform.
[I missed the last few questions. I believe Ethan Zuckerman, the greatest live blogger alive has been taking assiduous notes.]
Date: March 10th, 2009 dw