[ietf-privacy] Fwd: [Internet Policy] How a Radio Shack Robbery Could Spur a New Era in Digital Privacy
Fred Baker <fredbaker.ietf@gmail.com> Mon, 27 November 2017 19:35 UTC
Return-Path: <fredbaker.ietf@gmail.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF4EF128854 for <ietf-privacy@ietfa.amsl.com>; Mon, 27 Nov 2017 11:35:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3hVq_bjk3FPW for <ietf-privacy@ietfa.amsl.com>; Mon, 27 Nov 2017 11:35:27 -0800 (PST)
Received: from mail-ot0-x230.google.com (mail-ot0-x230.google.com [IPv6:2607:f8b0:4003:c0f::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57A7C128E19 for <ietf-privacy@ietf.org>; Mon, 27 Nov 2017 11:35:27 -0800 (PST)
Received: by mail-ot0-x230.google.com with SMTP id d27so25239955ote.11 for <ietf-privacy@ietf.org>; Mon, 27 Nov 2017 11:35:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:message-id:references:to:date; bh=q45/CZSanepIG7Hlnpa/br4SjoaBmTGCHCJKiuDP9uQ=; b=GFvb7Q0amUaFbdFKOXcHZ0U7yb46miBJR7eknlReBVvNf1vi5VgVJ78DIFQO8QV1Bs 8K2uouU/dI4t9690UH6f2zCs2L+CTJwdRqg/kanUR1JomV4Uo41Y1oVjS+5aUjgINLnh sveIzXGg8O6TsIiV09uMp450FIXz58wD/4le7CPVWfeVI4RWlGFf+iVm9C3qzW7zwb1w nTx2Hj3NyWKmivoz2uWaQQzXPJGXzF9ICZHIzcXDcV1KZKnZEyKDN/qqOf6T6KiqprYh 5HoT7+KTzG8aIzPx0w0s1DmR19WbHWBB7RDKlXzRZqNTAPxgCpFnBONjOhIijF+Tu8P1 ySHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:references :to:date; bh=q45/CZSanepIG7Hlnpa/br4SjoaBmTGCHCJKiuDP9uQ=; b=Z3X311hUP4VTlJdC1gV7jW1aQg6T/tXQgf/3e1VSxvihwyK9xZ18SrizP8ZrLpPLC1 YRJT203EqD0+R7VqlYjIzS3lBlmB0TzPX2WY1n10Sydp5to8vyvd3b+PjLb1+COhPdAh ZcjIXybneRIXV4h0lklPPF0HjAJBFUczge09ej+vlj8P21j5QdETZiMLD7pgFJ4jnk51 6s4QGlO5YgtKhd2vCPU+gGJx8inQ+82y/Usa0F3k3WugaoyRJDeKRvgtSPu4Arr6L4cz ZNhC02yMsDbaeGgaMk+UX20L9GqKL+bUJqtL0qK4nH6v8HAg9iodAk+WH29yXCgzfxRM t9Uw==
X-Gm-Message-State: AJaThX78b7ktduUslgL+p07LeZKOUSEXe0crnMtjcSNpJ26bcJBSx57O xHpjH7pWuV2l6M90WnHTyb9B8CUR
X-Google-Smtp-Source: AGs4zMboSItjY35s5N1FXeKvb7pRLMJId+yUi8ZhtkgoMEunj1UwgIKtFNK7XeECZE92dwbueOO5tQ==
X-Received: by 10.157.39.134 with SMTP id c6mr26875116otb.259.1511811326363; Mon, 27 Nov 2017 11:35:26 -0800 (PST)
Received: from ?IPv6:2600:8802:5600:f7a::1019? ([2600:8802:5600:f7a::1019]) by smtp.gmail.com with ESMTPSA id x127sm11318124oix.8.2017.11.27.11.35.24 for <ietf-privacy@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Nov 2017 11:35:25 -0800 (PST)
From: Fred Baker <fredbaker.ietf@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_CE3DD63D-469A-4E77-B1FC-027E7B6ABC8C"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Message-Id: <396E100A-55BA-4155-A29E-92D452A45AD4@gmail.com>
References: <012501d36770$fc5a49d0$f50edd70$@ch>
To: ietf-privacy@ietf.org
Date: Mon, 27 Nov 2017 11:35:23 -0800
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-privacy/0k_ww2U6QmOBrBvD5s7AVhjeEgA>
Subject: [ietf-privacy] Fwd: [Internet Policy] How a Radio Shack Robbery Could Spur a New Era in Digital Privacy
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Nov 2017 19:35:30 -0000
Interesting article, cross-posted from ISOC Public Policy list > Begin forwarded message: > > From: "Richard Hill" <rhill@hill-a.ch> > Subject: [Internet Policy] How a Radio Shack Robbery Could Spur a New Era in Digital Privacy > Date: November 27, 2017 at 3:15:08 AM PST > To: "Internetpolicy@Elists. Isoc. Org" <internetpolicy@elists.isoc.org> > > FYI, > > Best, > > Richard > > ================ > > How a Radio Shack Robbery Could Spur a New Era in Digital Privacy > > By ADAM LIPTAK <https://www.nytimes.com/by/adam-liptak> NOV. 27, 2017 > > Photo > > > > A Supreme Court decision expected by June will shape how the privacy protections of the Fourth Amendment, drafted in the 18th century, apply to a world in which people’s movements are continuously recorded by devices. Credit J. Scott Applewhite/Associated Press > > WASHINGTON — The case that could transform privacy law in the digital era began with the armed robbery of a Radio Shack store in Detroit, a couple of weeks before Christmas in 2010. In the next three months, eight more stores in Michigan and Ohio were robbed at gunpoint. > > The robbers took bags filled with smartphones. Their own phones would help send them to prison. > > On Wednesday, the Supreme Court will consider whether prosecutors violated the Fourth Amendment <https://www.law.cornell.edu/constitution/fourth_amendment>, which bars unreasonable searches, by collecting vast amounts of data from cellphone companies showing the movements of the man they say organized most of the robberies. > > Experts in privacy law said the case, Carpenter v. United States, No. 16-402, was a potential blockbuster. > > “Carpenter could be the most important electronic privacy case of the 21st century,” said Jeffrey Rosen <https://constitutioncenter.org/press-room/expert-sources/jeffrey-rosen>, the president of the National Constitution Center, a nonprofit group devoted to educating the public about the Constitution. > > In a pair of recent decisions, the Supreme Court expressed discomfort with allowing unlimited government access to digital data. It limited the ability of the police to use GPS devices to track suspects’ movements, and it required a warrant to search cellphones. > > Technology companies including Apple, Facebook and Google have filed a brief <http://www.scotusblog.com/wp-content/uploads/2017/08/16-402-ac-technology-companies.pdf> urging the Supreme Court to continue to bring Fourth Amendment law into the modern era. “No constitutional doctrine should presume,” the brief said, “that consumers assume the risk of warrantless government surveillance simply by using technologies that are beneficial and increasingly integrated into modern life.” > > The court’s decision, expected by June, will apply the Fourth Amendment, drafted in the 18th century, to a world in which people’s movements are continuously recorded by devices in their cars, pockets and purses, by toll plazas and by transit systems. The court’s reasoning may also apply to email and text messages, internet searches, and bank and credit card records. > > “The case is hugely important in that it defines the constitutional role in a really wide range of cases,” said Orin Kerr <http://gould.usc.edu/faculty/?id=73523>, a law professor who will soon join the faculty at the University of Southern California. > > The case concerns Timothy Ivory Carpenter, who witnesses said had planned the robberies, supplied guns and served as lookout, typically waiting in a stolen car across the street. “At his signal, the robbers entered the store, brandished their guns, herded customers and employees to the back, and ordered the employees to fill the robbers’ bags with new smartphones,” a court decision said <http://www.scotusblog.com/wp-content/uploads/2016/10/16-402-op-bel-6th-cir.pdf>, summarizing the evidence against him. > > In addition to presenting testimony, prosecutors relied on months of records obtained from cellphone companies to prove their case. The records showed that Mr. Carpenter’s phone had been nearby when several of the robberies happened. He was convicted and sentenced to 116 years in prison. > > Mr. Carpenter’s lawyers said cellphone companies had turned over 127 days of records that placed his phone at 12,898 locations, based on information from cellphone towers. Prosecutors could tell whether he had slept at home on given nights and whether he attended his usual church on Sunday mornings. > > “Never before in the history of policing has the government had the time machine it has here,” said Nathan Freed Wessler <https://www.aclu.org/bio/nathan-freed-wessler>, a lawyer with the American Civil Liberties Union, which represents Mr. Carpenter. Mr. Wessler said prosecutors should be required to obtain a warrant when they seek more than 24 hours’ worth of location data. > > Older Supreme Court decisions indicate that no warrant was required. In 1979, for instance, in Smith v. Maryland <http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=US&invol=735&vol=442>, the Supreme Court ruled that a robbery suspect had no reasonable expectation that his right to privacy extended to the numbers dialed from his landline phone. The court reasoned that the suspect had voluntarily turned over that information to a third party: the phone company. > > Relying on the Smith decision’s “third-party doctrine,” federal appeals courts have said government investigators seeking data from cellphone companies showing users’ movements also do not require a warrant. > > A federal law, the Stored Communications Act <https://www.law.cornell.edu/uscode/text/18/2703>, does require prosecutors to go to court to obtain tracking data, but the showing they must make under the law is not probable cause, the standard for a warrant. Instead, they must demonstrate only that there were “specific and articulable facts showing that there are reasonable grounds to believe” that the records sought “are relevant and material to an ongoing criminal investigation.” > > Professor Kerr said Congress was better suited than the courts to strike the right balance between the government’s need for information and privacy rights. In Mr. Carpenter’s case, he added, the Fourth Amendment should not apply because there was no search. > > Mr. Carpenter’s lawyers rely on two recent and unanimous Supreme Court decisions expressing discomfort with the collection of large amounts of digital data. In 2014, in Riley v. California <https://www.nytimes.com/2014/06/26/us/supreme-court-cellphones-search-privacy.html?_r=0>, the court said the police must generally have a warrant to search the cellphones of people they arrest. > > “Modern cellphones are not just another technological convenience,” Chief Justice John G. Roberts Jr. wrote for the court. Even the word cellphone is a misnomer, he said. “They could just as easily be called cameras, video players, Rolodexes, calendars, tape recorders, libraries, diaries, albums, televisions, maps or newspapers,” the chief justice wrote. > > But the Riley case concerned information possessed by the person arrested. Mr. Carpenter’s case concerns information held by cellphone companies. > > The second case, United States v. Jones <http://www.nytimes.com/2012/01/24/us/police-use-of-gps-is-ruled-unconstitutional.html>, in 2012, concerned a GPS device that the police attached to a suspect’s car, allowing them to track his movements for 28 days. > > All nine justices agreed that this was problematic under the Fourth Amendment, but they were divided on the rationale for the decision. The majority said the police were not entitled to place the device on private property. But five justices in concurring opinions expressed unease with the government’s ability to vacuum up troves of private information. > > “The use of longer-term GPS monitoring in investigations of most offenses impinges on expectations of privacy,” Justice Samuel A. Alito Jr. wrote for four justices. “Society’s expectation has been that law enforcement agents and others would not — and indeed, in the main, simply could not — secretly monitor and catalog every single movement of an individual’s car for a very long period.” > > Cellphone tower information is not nearly as accurate as that generated by GPS devices, but it is catching up. > > Mr. Rosen, who favors broad privacy protections, said Mr. Carpenter’s case could transform Fourth Amendment law however the court rules. > > “If the court squarely recognizes what it’s been suggesting in recent cases, namely that we do have an expectation of privacy in our digital data and public movements and that the Fourth Amendment prohibits the government from tracking us door to door for weeks in public, that would be an occasion for dancing in the streets,” he said. “If the court holds that we don’t have an expectation of privacy in public except when there is some sort of physical trespass involved, that could be a huge setback for privacy.” > > nyt > > _______________________________________________ > To manage your ISOC subscriptions or unsubscribe, > please log into the ISOC Member Portal: > https://portal.isoc.org/ <https://portal.isoc.org/> > Then choose Interests & Subscriptions from the My Account menu.
- [ietf-privacy] Fwd: [Internet Policy] How a Radio… Fred Baker
- Re: [ietf-privacy] Fwd: [Internet Policy] How a R… John Levine
- Re: [ietf-privacy] Fwd: [Internet Policy] How a R… Ted Hardie
- Re: [ietf-privacy] Fwd: [Internet Policy] How a R… Wendy Seltzer
- Re: [ietf-privacy] Fwd: [Internet Policy] How a R… stephen.farrell
- Re: [ietf-privacy] [Internet Policy] How a Radio … Mark Nottingham
- Re: [ietf-privacy] [Internet Policy] How a Radio … John Levine