Re: [ietf-privacy] Fwd: [Internet Policy] How a Radio Shack Robbery Could Spur a New Era in Digital Privacy

stephen.farrell@cs.tcd.ie Mon, 27 November 2017 22:40 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F426129413 for <ietf-privacy@ietfa.amsl.com>; Mon, 27 Nov 2017 14:40:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mYc1gzJnKd7M for <ietf-privacy@ietfa.amsl.com>; Mon, 27 Nov 2017 14:40:19 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BEB0129405 for <ietf-privacy@ietf.org>; Mon, 27 Nov 2017 14:40:18 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 9863ABE74; Mon, 27 Nov 2017 22:40:16 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d1wpNeSr-VIP; Mon, 27 Nov 2017 22:40:08 +0000 (GMT)
Received: from [127.0.0.1] (unknown [109.125.17.207]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id A6C6ABDF9; Mon, 27 Nov 2017 22:40:07 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1511822407; bh=j1h/Keuf3SyfpCJg2HRYbrrSjM+DtokPLGw7CjH6LY8=; h=To:Cc:From:Subject:In-Reply-To:References:Date:From; b=0ImTE+ZcUX1CkyjpywFD0RJUfPcbG7VEoupoqcTpacyXNAvnYdOaYNz1V9U3MvC/A RM9clvkzx8c2bFSRU8zihNN3YhwAVXrYTFinYuY3W4tV2PKnENyPTy6IoFDL4gbGiA cwfu1vv85hsHB8CXXMUBwnDCOKT7d5JnMPp4bu/s=
X-Priority: 3
To: fredbaker.ietf@gmail.com
Cc: ietf-privacy@ietf.org
From: stephen.farrell@cs.tcd.ie
In-Reply-To: <396E100A-55BA-4155-A29E-92D452A45AD4@gmail.com>
References: <012501d36770$fc5a49d0$f50edd70$@ch> <396E100A-55BA-4155-A29E-92D452A45AD4@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Date: Mon, 27 Nov 2017 22:40:06 +0000
Message-ID: <tu86kx.p03lmv.rtnhb5-qmf@mercury.scss.tcd.ie>
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-privacy/oHL6uxaOd6VvVPTX81x72tFuSoY>
Subject: Re: [ietf-privacy] Fwd: [Internet Policy] How a Radio Shack Robbery Could Spur a New Era in Digital Privacy
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Nov 2017 22:40:22 -0000

Hiya, 

On Monday, 27 November 2017, Fred Baker wrote:
> Interesting article, cross-posted from ISOC Public Policy list

I'm not sure it's that interesting, but regardless of that the article is v. US centric and I'm fairly sure such traditional nationalisms are less important than previously. 

S.
 
 
> > Begin forwarded message:
> > 
> > From: "Richard Hill" <rhill@hill-a.ch>
> > Subject: [Internet Policy] How a Radio Shack Robbery Could Spur a New Era in Digital Privacy
> > Date: November 27, 2017 at 3:15:08 AM PST
> > To: "Internetpolicy@Elists. Isoc. Org" <internetpolicy@elists.isoc.org>
> > 
> > FYI,
> > 
> > Best,
> > 
> > Richard
> > 
> > ================
> > 
> > How a Radio Shack Robbery Could Spur a New Era in Digital Privacy
> > 
> > By ADAM LIPTAK <https://www.nytimes.com/by/adam-liptak> NOV. 27, 2017
> > 
> > Photo
> > 
> > 
> > 
> > A Supreme Court decision expected by June will shape how the privacy protections of the Fourth Amendment, drafted in the 18th century, apply to a world in which people’s movements are continuously recorded by devices. Credit J. Scott Applewhite/Associated Press
> > 
> > WASHINGTON — The case that could transform privacy law in the digital era began with the armed robbery of a Radio Shack store in Detroit, a couple of weeks before Christmas in 2010. In the next three months, eight more stores in Michigan and Ohio were robbed at gunpoint.
> > 
> > The robbers took bags filled with smartphones. Their own phones would help send them to prison.
> > 
> > On Wednesday, the Supreme Court will consider whether prosecutors violated the Fourth Amendment <https://www.law.cornell.edu/constitution/fourth_amendment>, which bars unreasonable searches, by collecting vast amounts of data from cellphone companies showing the movements of the man they say organized most of the robberies.
> > 
> > Experts in privacy law said the case, Carpenter v. United States, No. 16-402, was a potential blockbuster.
> > 
> > “Carpenter could be the most important electronic privacy case of the 21st century,” said Jeffrey Rosen <https://constitutioncenter.org/press-room/expert-sources/jeffrey-rosen>, the president of the National Constitution Center, a nonprofit group devoted to educating the public about the Constitution.
> > 
> > In a pair of recent decisions, the Supreme Court expressed discomfort with allowing unlimited government access to digital data. It limited the ability of the police to use GPS devices to track suspects’ movements, and it required a warrant to search cellphones.
> > 
> > Technology companies including Apple, Facebook and Google have filed a brief <http://www.scotusblog.com/wp-content/uploads/2017/08/16-402-ac-technology-companies.pdf> urging the Supreme Court to continue to bring Fourth Amendment law into the modern era. “No constitutional doctrine should presume,” the brief said, “that consumers assume the risk of warrantless government surveillance simply by using technologies that are beneficial and increasingly integrated into modern life.”
> > 
> > The court’s decision, expected by June, will apply the Fourth Amendment, drafted in the 18th century, to a world in which people’s movements are continuously recorded by devices in their cars, pockets and purses, by toll plazas and by transit systems. The court’s reasoning may also apply to email and text messages, internet searches, and bank and credit card records.
> > 
> > “The case is hugely important in that it defines the constitutional role in a really wide range of cases,” said Orin Kerr <http://gould.usc.edu/faculty/?id=73523>, a law professor who will soon join the faculty at the University of Southern California.
> > 
> > The case concerns Timothy Ivory Carpenter, who witnesses said had planned the robberies, supplied guns and served as lookout, typically waiting in a stolen car across the street. “At his signal, the robbers entered the store, brandished their guns, herded customers and employees to the back, and ordered the employees to fill the robbers’ bags with new smartphones,” a court decision said <http://www.scotusblog.com/wp-content/uploads/2016/10/16-402-op-bel-6th-cir.pdf>, summarizing the evidence against him.
> > 
> > In addition to presenting testimony, prosecutors relied on months of records obtained from cellphone companies to prove their case. The records showed that Mr. Carpenter’s phone had been nearby when several of the robberies happened. He was convicted and sentenced to 116 years in prison.
> > 
> > Mr. Carpenter’s lawyers said cellphone companies had turned over 127 days of records that placed his phone at 12,898 locations, based on information from cellphone towers. Prosecutors could tell whether he had slept at home on given nights and whether he attended his usual church on Sunday mornings.
> > 
> > “Never before in the history of policing has the government had the time machine it has here,” said Nathan Freed Wessler <https://www.aclu.org/bio/nathan-freed-wessler>, a lawyer with the American Civil Liberties Union, which represents Mr. Carpenter. Mr. Wessler said prosecutors should be required to obtain a warrant when they seek more than 24 hours’ worth of location data.
> > 
> > Older Supreme Court decisions indicate that no warrant was required. In 1979, for instance, in Smith v. Maryland <http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=US&invol=735&vol=442>, the Supreme Court ruled that a robbery suspect had no reasonable expectation that his right to privacy extended to the numbers dialed from his landline phone. The court reasoned that the suspect had voluntarily turned over that information to a third party: the phone company.
> > 
> > Relying on the Smith decision’s “third-party doctrine,” federal appeals courts have said government investigators seeking data from cellphone companies showing users’ movements also do not require a warrant.
> > 
> > A federal law, the Stored Communications Act <https://www.law.cornell.edu/uscode/text/18/2703>, does require prosecutors to go to court to obtain tracking data, but the showing they must make under the law is not probable cause, the standard for a warrant. Instead, they must demonstrate only that there were “specific and articulable facts showing that there are reasonable grounds to believe” that the records sought “are relevant and material to an ongoing criminal investigation.”
> > 
> > Professor Kerr said Congress was better suited than the courts to strike the right balance between the government’s need for information and privacy rights. In Mr. Carpenter’s case, he added, the Fourth Amendment should not apply because there was no search.
> > 
> > Mr. Carpenter’s lawyers rely on two recent and unanimous Supreme Court decisions expressing discomfort with the collection of large amounts of digital data. In 2014, in Riley v. California <https://www.nytimes.com/2014/06/26/us/supreme-court-cellphones-search-privacy.html?_r=0>, the court said the police must generally have a warrant to search the cellphones of people they arrest.
> > 
> > “Modern cellphones are not just another technological convenience,” Chief Justice John G. Roberts Jr. wrote for the court. Even the word cellphone is a misnomer, he said. “They could just as easily be called cameras, video players, Rolodexes, calendars, tape recorders, libraries, diaries, albums, televisions, maps or newspapers,” the chief justice wrote.
> > 
> > But the Riley case concerned information possessed by the person arrested. Mr. Carpenter’s case concerns information held by cellphone companies.
> > 
> > The second case, United States v. Jones <http://www.nytimes.com/2012/01/24/us/police-use-of-gps-is-ruled-unconstitutional.html>, in 2012, concerned a GPS device that the police attached to a suspect’s car, allowing them to track his movements for 28 days.
> > 
> > All nine justices agreed that this was problematic under the Fourth Amendment, but they were divided on the rationale for the decision. The majority said the police were not entitled to place the device on private property. But five justices in concurring opinions expressed unease with the government’s ability to vacuum up troves of private information.
> > 
> > “The use of longer-term GPS monitoring in investigations of most offenses impinges on expectations of privacy,” Justice Samuel A. Alito Jr. wrote for four justices. “Society’s expectation has been that law enforcement agents and others would not — and indeed, in the main, simply could not — secretly monitor and catalog every single movement of an individual’s car for a very long period.”
> > 
> > Cellphone tower information is not nearly as accurate as that generated by GPS devices, but it is catching up.
> > 
> > Mr. Rosen, who favors broad privacy protections, said Mr. Carpenter’s case could transform Fourth Amendment law however the court rules.
> > 
> > “If the court squarely recognizes what it’s been suggesting in recent cases, namely that we do have an expectation of privacy in our digital data and public movements and that the Fourth Amendment prohibits the government from tracking us door to door for weeks in public, that would be an occasion for dancing in the streets,” he said. “If the court holds that we don’t have an expectation of privacy in public except when there is some sort of physical trespass involved, that could be a huge setback for privacy.”
> > 
> > nyt
> > 
> > _______________________________________________
> > To manage your ISOC subscriptions or unsubscribe,
> > please log into the ISOC Member Portal:
> > https://portal.isoc.org/ <https://portal.isoc.org/>
> > Then choose Interests & Subscriptions from the My Account menu.
> 
>