You know you might not be serving the public interest if... "The stigma of working with the FBI might cause customers to ... file civil actions to further prevent the disclosure of information"
I'm with Spock on this one, the needs of the many outweigh the needs of the few... or the one.
Which is my roundabout way of saying that violating the constitutional freedoms of an entire people is probably not worth it just to catch a few bad guys.
Not necessarily. It's hard to tell what you mean though. Are you saying the interests of the state and the interests of its people are necessarily at odds, or just that they have become so in the US?
I think more importantly, serving the public interest is not the same thing as serving the popular interest.
I do not approve of FBI methods, but in the pedantic case I do recognize that a fundamental part of a republican (little r) government is doing what's best for the people, not what they like.
This why the recent iPhone location data "scare" doesn't make sense to me. The wireless carriers must have MUCH more extensive location data on a much larger user base. I understand the growing concern over privacy issues as more companies begin aggregating user data etc, and I'm glad that people are (hopefully) becoming more aware of this issue, but shouldn't we react a bit more proportionately to corporate violations of user privacy?
The iPhone scare was about the availability of data. If someone finds/steals your iPhone they can with little effort recover the GPS data. As oppose to federal bureau or phone company who are, at least theoretically, bound by law.
Except that it is GPS data ... the file "consolidated.db" does contain a list of (your) latitude + longitude + timestamp -- and when this was discovered, that file contained location data for the last 10 months (probably since iOS 4 was released).
This data is indeed used by Apple to build a database of Wifi hotspots and cell towers, along with their locations, doing this to improve their location services when GPS data is not available (the first iPhone could show you your location by doing triangulation on the cell towers nearby).
The fact of the matter is that if you can get your hands on such an iPhone (without a security fix, which I'm sure it's available by now) - you can find out where that iPhone has been.
You know, a simple search on Google could have told you the answer to this -- now you've just added noise.
Can you point to a page that says there are indeed latitude + longitude + timestamp that follow a user's location?
From what I've read, the database was a cache of nearby cell tower and wifi hotspot locations from Apple's servers, not the GPS-calculated (or even tower-triangulated) location of the user.
All comes to the same end: random guy, jealous colleague, nosy employer or landlord snatches your phone while you're not looking and it only takes a few minutes to upload a very thorough archive of "places stephen_g's iPhone has been".
They can get a very rough idea of the places you've been. But if they've stolen your phone, getting access to a list of cell towers you've been near isn't very much of a breach compared to all of your email, bookmarks, facebook, twitter, all of your contacts, etc. The whole thing is a very silly argument and Apple has already addressed it; so lets stop spreading FUD, please.
What about people outside the US? Before Apple, the FBI couldn't track them. Now that the phones are sending their gps tracks home every 12 hours, they probably can...
This is why you should use Skype. The only phone service not based in the US... oh, wait a second.
Seriously, though, I wonder if the FBI can eavesdrop on a Skype call. It seems like it would be damn near impossible because it is peer to peer and encrypted.
Honestly at this point, most people should expect this sort of behavior from any type of telecom company. Yeah, it sucks but it's the name of the game. Take into consideration that the gov owns the air space/spectrum these companies use, and you'll understand why they're so compliant with releasing information. The only way this will change is if there's a privatization of air space which at this point is seemingly impossible.
I would like to know when and how phrases like "that sucks but," "that's just the way it is," and "that's the name of the game" were first introduced to the language. These non-justifications are like a poison that kills our curiosity and our ability to question what's wrong with the world.
I don't know that privatization is a panacea for the government corruption we see here. And you are right that privatization of airspace is impossible (read: undesirable). How about taking steps to curb government corruption?
That's pretty pie in the sky too barring an entire reform of our economic system. How about we take steps to get everyone using strong client-side encryption?
I've actually actively started to petition clients to use GnuPG since the HBGary hack, but I agree that it's difficult to make progress. Someone has to develop interfaces to make it usable. This is especially needed for web mail clients, the Firefox extension that used to allow this on GMail is no longer maintained.
I'm not a browser hacker so I'm not sure if it would be easy or hard to get this integrated, but ideally the browser would have built-in support for crypto on designated input fields, i.e., "encrypt this text box" option on right-click. I'm sure it would be hard, but I bet if Mozilla and Google got together and worked out a common interface that allowed Gmail et al to pass information to the browser (like whose keys should be used), this would eventually get implemented and be awesome.
As usual, Microsoft is the biggest roadblock with Outlook. Hopefully if your company is using Outlook it can afford a license for PGP, which afaik is the only complete crypto extension for Outlook.
Actually, though I've dabbled but little, it seems pretty easy to get arbitrary encryption on firefox. For an example, look at the LeetSpeak addon, which provides a bunch of ways to transform text, both in textboxes and on the page. The real challenge I can see is to provide a good interface for sellecting from the (potentially hundreds of) public keys at you disposal to encrypt with.
Are you kidding? While we're a litigation-happy society, we are also entirely content with letting government and business trample all over us without raising an eyebrow, much less a finger.
We let companies get away with destroying the economy through sloppy and greedy irresponsible behavior and then we cover their asses by bailing them out. Because the committees that determine their bailing out are filled with former/current executives of the same companies they're bailing out (Goldman Sachs, for example).
We let companies stick dangerous and unproven chemicals in our food, soda, animals with little evidence that it's safe beforehand and little oversight afterhand, because the various government agencies (FDA, for example) are staffed primarily with executives of the companies that are trying to ram these things through (aspartame, roundup-ready seeds, rbgh in milk, etc).
We have food that is mass produced in conditions that are horrifying to anyone who, even if they love meat like I do, don't like to see living creatures abused and tortured in the process and that are filthy and commonly spread disease (that we see reports of all the time on the news when there are outbreaks and recalls), because the FDA and other agencies are - again - staffed with current/former executives of the biggest food manufacturers and processors in the world.
Hell, we even have government officials shutting down public run juvenile rehabilitation centers so that private ones can take their places and then those private companies paying judges directly to incentive's them to send juveniles to jail. I forget where this was (the northeast is what I remember), but a couple years ago it was huge news and it actually happened. The judge in question (and there may have been more than one) received millions of dollars in payola from the private prison industry system that built the juvenile detention centers. As a result, the judge just kept sending kids there. First time offenders. Kids who did very little to deserve it (get in a fight at school, use foul language, skip school) would get about two minutes of face time with the judge before he sentenced them to the facility. And once at the facility, they would keep kids indefinitely, until they said it was time to go. So a two week sentence could turn into a year. (Oh, found the story: http://www.reuters.com/article/2009/02/13/us-crime-usa-judge... -- "Two judges pleaded guilty on Thursday to accepting more than $2.6 million from a private youth detention center in Pennsylvania in return for giving hundreds of youths and teenagers long sentences.")
So if we know all of these things and we don't care (I'm sipping on a diet coke and eating a processed microwave burrito right now, for example), why should I expect that people are going to give much more concern to their privacy or the liberties of anyone else around them? Unless they think you're taking jesus away from them, cheap gasoline away from them, or their $5 latte away from them, or their favorite television show away from them . . . they don't fucking care.
Not only don't they care, but a big percentage will always play the role of apologist. For anything. FBI pouring through your personal information, using your geolocation data. Whatever it is, the complaining voices are always few and the people taking action even fewer.
Question: if you're embarrassed about the idea of the FBI knowing something about you, then why are you cool with the idea of the phone company knowing it?
Prepare to be shocked, but they don't. I mean, other than busting down the doors and taking the servers they need.
Remember that guide that was leaked a few weeks ago, detailing the procedure required for law enforcement agencies to get user info? Presumably that is not some sort of elaborate conspiracy to convince Facebook users that the government is not monitoring each and every one of their check-ins.
The FBI has free-range to do whatever it wants on Facebook. All they need to do is submit a request to the FISC which approved 100% of such requests in 2010
Again, this is all ancient news. We've known for years now that the FBI has had eavesdropping ability not just on phones but on the Internet. We've had whistle blowers talk about installing large routers to duplicate and divert Internet traffic on huge top-tier ISP levels.
Time and time again, no one cares or at least cares enough to do anything.
Many people I talk to only think about their cell calls and do not know about mic recording as well. They also do not know that this can occur while the phone is off.
That sounds a bit more tin-foiley. That would require modifications to firmware and phone software that would require direct cooperation from a lot more parties. It would also be relatively easy to discover (vs snooping of traffic that is out of your control).
(edit) Thanks for all the info. I hadn't heard as much about this stuff.
Actually it isn't. There's been documented evidence if this very thing being carried our in at least 1 large case[1][2][3]. I'm actually sure there's been some exploits in the wild that have even been presented at Blackhat before, but I can't locate the links properly right now; on the iPhone.
The documented evidence is from a case in 1996. According to the article:
Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.
I'm not so sure that this is still a common practice for modern phones.
If my Android phone is off, it's off. It doesn't turn itself on, period. If it's just idle, screen off, with lots of stuff asleep, sure it will "wake up" in that the screen turns on, and sound an alarm. But that's it.
That is not true at all for Android. Ask any Android developer. it is entirely possible to code an alarm callback that will not activate the screen at all, but can use a network to send and recieve data.
That's generally what's meant by "wake up." This would seem to indicate the phone's not really "off," though I couldn't say how possible it is to tap into the mic in this state.
> That would require modifications to firmware and phone software that would require direct cooperation from a lot more parties.
Telecom companies don't exactly have a history of protecting our privacy and standing up to its abuse by law enforcement agencies.
And then I would guess it is probably one of those things that is possible in theory but probably not happening necessarily, just because there are other ways, and it is just more of a hassle to modify, upload and patch the firmware on a wide variety of cell phones. Maybe if it is a very high profile case ...
> It would also be relatively easy to discover (vs snooping of traffic that is out of your control).
Well it depends. If it is a GSM phone, it could betray the fact that it is transmitting when it is supposed to be 'off' if you suddenly hear those characteristic clicks when that phone is near a set of computer speakers for example. Otherwise you could, I guess, notice that battery life has suddenly decreased considerably. Besides those things, what other methods could an average consumer use to determine if this is happening?
>notice that battery life has suddenly decreased considerably
This here is the key thing. I know that when the phone sitting in front of me is off, it is off because when I turn it back on it has no idea what time it is and I don't have cell reception here. If it's not even running a clock, it (trivially) can't be running GPS, and other stuff is fairly unlikely.
If you talk to individuals they'll almost always tell you something along these lines. I've heard "the public doesn't want to know what it takes to keep America safe" a couple of times now from agents in different federal law enforcement/intel agencies.
I can't help but wondering why statistics aren't published about "the things it takes to keep us safe" and how much they actually help at keeping us safe. It seems, to me, that if it was actually working, they would want to try to vet it with the public.
It seems to me that this data is not being used to keep anyone safe, but for other purposes.
