Tell Me No Secrets: Mobile Privacy

I’m beginning to think that the term “privacy” has as much in common with mobile phones as two tin cans and a string.

Consider these recent developments:

  •  BBC Newsman Jeremy Paxman claims former Editor of the now-defunct British tabloid, News of the World, Piers Morgan, showed him how to hack mobile phones ten years ago. Morgan, now a talk show host on CNN, denies any involvement in the scandal which has rocked media mogul Rupert Murdoch’s worldwide news empire.
  • Even though the Supreme Court ruled in January that Federal agents can not legally put a  secret GPS tracking device on your car without first getting a search warrant; that is not the case when it comes to tracking you via your mobile phone.

Cell phone tracking is a major concern for privacy and civil liberties activists like Rebecca Jeschke, who is the Media Relations Director, and Digital Rights Analyst at the Electronic Frontier Foundation (EFF). During an interview last week, she told me why she thinks it’s so important.

Jeschke explained that one of the main reasons why government agents don’t need search warrants to access GPS data from your mobile phone, is that privacy laws state that once you reveal information to a “third-party”; it’s no longer secret. The government’s rationale is that because you revealed your location to Google, or some other app maker by using their app; you can no longer consider that information private.

“Whether it’s through apps or other tools, I think people need to really think through what location privacy means to them, and what’s important to them”, Jeschke said.  In addition, she said mobile consumers need to make sure “application makers are very transparent about what kind of information they’re gathering, and what they’re doing. It shouldn’t be up to the consumer to have to read the tea leaves and have to figure out what that app might be doing. Manufacturers and distributors have an obligation to be really clear about what’s going on.”

The government can also obtain access to your mobile location data by requesting it from your mobile phone carrier. Because laws differ from state to state; sometimes a warrant is necessary, and sometimes it’s not. Often, Jeschke said, they obtain a legal document called a “D-Order”, which is  “somewhere between a subpoena and a warrant,” in terms of the level of judicial review needed before law enforcement officials can obtain your mobile location data.

To understand how your mobile carrier collects that type of data; you need to remember that your mobile phone is constantly sending out signals to cell towers in an effort to make sure there’s a connection available when you make a call. Every time it finds an available connection; a log entry is created. Whenever you move to a new location; a new log entry gets made. As a result; by analyzing those log entries; a very clear picture of your movements can be obtained.

In addition, log entries are also made every time you make a call; send a text, or do a mobile web search. While the law does in many instances protect your privacy with regard to the content of those communications; information such as who you called, how often you called them, where you were when you placed the call, what websites you accessed, what phone numbers you texted; all that (and more) can be obtained without a warrant in some instances just by police saying they need it for an investigation.

“So, what’s the big deal?”, you might wonder. After all, maybe you lead a pretty mundane life. You go to work, stop and get some milk on the way home, and channel surf your way to oblivion at days’s end. Snore.

But there’s more to it than that.

In a recent Op-Ed piecee, American Civil Liberties Union (ACLU) Attorney Catherine Crump wrote:

“Whom you text and call and where you go (tracked by your cell phone as long as it’s on) can reveal a great deal about you. Your calling patterns can show which friends matter to you the most, and your travel patterns can reveal what political and religious meetings you attend and what doctors you visit. Over time, this data accumulates into a dossier portraying details of your life so intimate that you may not have thought of them yourself.

Another civil liberties public interest group, the Electronic Privacy Information Center (EPIC) recently filed a “Friend of the Court” brief in a case seeking to get the Supreme Court’s ruling with regard to the need for a warrant for GPS tracking on cars, to be applied to cell phone tracking done by using information gathered from mobile carriers as well.

They maintain that the legal basis for that decision, the US constitution’s Fourth Amendment protection against unreasonable search and seizure; should also be applied when it comes to the history of our movements as recorded by cell phone companies.

Meanwhile, the FBI contends it must have electronic communications data in order to successfully fight crime.

Credit card fraudidentity theft, “vishing” (a type of scam that involves internet phone calls using Voice Over IP (VoIP)), cyberstalkingcyber-bullying, email scams, even murders are being enabled by the ever-increasing web of connection we all share.

Cybercrime and the threat of cyber warfare recently convinced the US House of Representatives to pass a still hotly contested bill commonly known as CISPA, to which Jeschke says EFF  is opposed.

One reason is that the bill allows Internet Security Providers (ISP’s) to share their customers’ online communications with the government, if there is a criminal investigation or national security issue involved. This, in effect, Jeschke says, allows ISP’s to spy on their customers, on behalf of the government.

During recent congressional hearings, cybersecurity experts–including some from ISP’s–said they needed the ability to share information freely with the federal government, in order to safeguard both public and private computer networks. Exactly what restrictions are put on how and when that information can be shared is still unknown, because the Senate hast yet passed its version of the bill.

As a result, it’s possible the Senate bill could build in more privacy safeguards, and Jeschke says she’s hoping it will. She maintains that you do not have to weaken laws that protect consumer privacy in order to strengthen cybersecurity.

“One of the ways to get better cybersecurity is to increase your security procedures; to simply make your systems more secure. There’s a privacy law for a reason, she said “and it doesn’t say you can’t ever get access to people’s information. It says you can get it when you have court authorization.”


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s