Tag Archives: data collection

Cops & Data Collection: No Warrant Needed for Location Data

It seems the cops don’t need a warrant to know where you are. A federal appeals court handed down a ruling on Tuesday declaring that the public has no reasonable expectation of privacy when it comes to their cell phone location records. The ruling means that police don’t need a search warrant to get access to cell tower location records when investigating criminal cases. Why?  According to the ruling this data belongs to a third party, the cell phone carrier.

The ruling in the case centered around Quartavious Davis, a Miami resident, who was convicted of robbery, possession of a firearm, and conspiracy in 2012.  Investigators obtained Davis’ cell phone records, 11,606 in all, for 67 days  from MetroPCS. Davis was eventually sentenced to 162 years in prison.

Davis’ case was appealed to the 11th U.S. Circuit Court of Appeals on the grounds that his Fourth Amendment rights were violated. The court disagreed in a 9-2 decision that the “government’s obtaining of a court order for the product of MetroPCS business records did not violate the Fourth Amendment.”  The ruling states that even though the cell tower records concerned Davis, they did not belong to him. The records were created by a third party, in this case MetroPCS, and therefore Davis did not have a right to privacy around that information.

The court’s ruling also argued that the public understands that cell towers are used to “connect calls, document charges, and assist in legitimate law-enforcement investigations.”  The public is aware that they can be tracked using their cell phones. The court argued that people have no reasonable right to expect privacy around those records. The ruling compared cell phone location records to store video surveillance tapes. “Those surveillance camera images show Davis at the precise location of the robbery, which is far more than MetroPCS’s cell tower location records show.”

Two judges dissented on the decision. They felt that the broad application of the “third-party doctrine” in the case could give the government grounds to greatly expand its searching capabilities without warrants in the future.

 

 

Cops & Data Collection: Lawsuit Challenges Virginia Cops

License plate readers mounted on a police cruiser

License plate readers mounted on a police cruiser

Right now in the U.S. there is a serious focus on the police. As black people we know this was long overdue. But the scrutiny has to go beyond police action on the streets. More and more attention had been focused on police data collection.

In Virginia a man is suing the County of Fairfax over their collection of license plate data. Fairfax resident Harrison Neal,  filed the suit after he learned that his license plate had been scanned by an automatic license plate reader twice last year and stored in a police database. Neal was not a suspect in any criminal investigation. The lawsuit was filed by the American Civil Liberties Union of Virginia on behalf of Neal last Tuesday.

Neal filed a public records request and discovered images of his car in the database maintained by the Fairfax Police Department. In response to his request he received two sheets of paper containing an image of his car. He also received a chart indicating the times and dates the images were taken along with a map revealing street locations believed to be where the reader  was when it snapped the images.

Other individuals have sued before to obtain records stored in police databases. However this is the first known case targeting a law enforcement agency over an alleged illegal use of a database.

The complaint (.pdf) asserts that the database violates a Virginia law entitled the Government Data Collection and Dissemination Practices Act.  The law bars government agencies from collecting, storing, or disseminating the personal information of individuals unnecessarily.

The topic of automatic license plate readers has heated up recently. Some have related the use of the readers to the government’s warrantless use of GPS trackers, stingrays or IMSI catchers used to track the location of cars, cell phones and other mobile devices.

The readers, often mounted on police vehicles or in a fixed location, use cameras and optical character recognition technology to take images of license plates. The images are stored in searchable databases. Insurance agencies, vehicle re-possessors, impounders and others use them to locate stolen vehicles or vehicles belonging to people who are behind on their payments. But law enforcement agencies also use them.

Civil liberties and privacy groups oppose the readers and databases as a violation of privacy. They believe that it’s possible to gain a person’s personal information simply by tracking the location of their car over a period of time. The readers also collect much more than just license and location data. California computer security consultant Michael Katz-Lacabe discovered local authorities in his San Francisco Bay Area town had in their possession images of his two cars 112 times.  In the database was one image taken in 2009 that clearly showed him and his two daughters exiting one of the cars while it was parked in their driveway.

Proponents of the technology argue that it is no more harmful to a person’s privacy than  cell-phone location information.

Terry Jungel, executive director of the Michigan Sheriffs’ Association said “We’re not insensitive to people’s right to privacy,” in 2013 over a battle in his state about license plate databases. “If Big Brother is going to abuse information, there’s better information to abuse than this.”

Virginia’s state law should have prevented Neal’s images from being stored. The State Attorney General, in February 2013, issued an opinion advising the State Police that automatic license plate readers do collect personal information. In accordance with the law, agencies cannot legally collect and store data unless it’s related to a specific criminal investigation. It was discovered that Virginia State Police had used license plate readers in 2008 at political rallies for both Sarah Palin and Barack Obama. The readers were used to collect information about people who had attended the rallies triggering the attorney generals pronouncement.

As a result the Virginia State Police stopped storing license plate records and instituted a policy of deleting such information within 24 hours after being collected by a reader, unless the information is relevant to a criminal investigation.

But the ACLU of Virginia claims that other government agencies in the state have failed to heed the order. The Fairfax Police Department, in particular, stored license plate images for up to a year without reason.

Fairfax also has an agreement with nearby Maryland and Washington D.C. law enforcement agencies to share information collected in its database.

“Like many other technologies, ALPRs have legitimate law enforcement uses,” Rebecca Glenberg, legal director of the ACLU of Virginia said in a statement. “We do not object to the real-time use of ALPRs to compare license plate numbers to a current ‘hot list’ of vehicles involved in current investigations. The danger to privacy comes when the government collects tens of thousands of license plate records so it can later find out where people were and when. The intrusion is magnified in the Washington, D.C. area, where multiple law enforcement agencies may access each other’s information.”

 

Cops & Data Collection: Stingrays Under Scrutiny

extremetech.com

extremetech.com

For years, phone-tracking devices known as Stingrays have been a closely guarded secret of law enforcement. But  according to a new report from The Wall Street Journal that may be about to change.

According to the WSJ report, the U.S. Justice Department has launched a full scale investigation of how police agencies use these snooping devices. As a result they may be about to reveal significant details about how and where the devices are typically deployed. For ten years or more Stingrays have been cloaked in intense secrecy. In some cases criminal prosecutions were halted rather risk admitting in court that the devices were used.

How does a Stingray work? By locating a specific phone in a crowd, sometimes even from a plane flying overhead. They also have the capability to extract more comprehensive data from the phone. Stingrays impersonate  2G cell towers. These towers don’t require any authentication to connect to a phone as long as the Stingray is the strongest signal in the area. Cell phones automatically connect to the device revealing their location and basic identification data. The use of Stingrays inhibits other networks from working properly resulting in significant service disruptions in the areas where they are used.

Stingrays are significant for how deeply they have become entrenched in the law enforcement world. A number of Justice Department agencies are known to have access to the devices including the U.S .Marshals. But local law enforcement is also beginning to use the technology. The Electronic Freedom Foundation (EFF) has compiled legal evidence of Stingray use by local departments in Baltimore, Sarasota, and Tacoma. The EFF believes that many more local departments are using the technology but do not refer to the devices in court. A recent test run in Washington, DC revealed as many as 18 different Stingray-like service interruptions in just two days.

Breaking It Down

America’s system of rights and justice seem to be slowly crumbling. I used to think that those folks we call right-wing gun toting nut cases railing about the government destroying our rights were just that, nuts. I am not so sure anymore. No, not at all.

First of all the collection of data and information on ordinary citizens is simply un-Constitutional anyway you look at it. In the story about license plate data collection I have to ask who is responsible for not deleting  the data the Attorney General ordered destroyed? I want that guy’s name. I want to know why license plate data was being collected at political rallies? Keep in mind these are the very same tactics used in totalitarian states. Constant watching for dissent. Have we come to that?

Now we have law enforcement and prosecutors working together to hide information collected using Stingrays. How much of that evidence has resulted in wrongful convictions of black men, or anybody for that matter? Let’s talk about the fruit of the poison tree. It works like this; any evidence obtained illegally is not admissible in court. Any OTHER evidence collected as a result of the original illegal evidence is also not admissible. But if the cops and prosecutors are hiding the use of Stingray and collect evidence based on information discovered by this technology then that evidence is not legal. Cops, lawyers and all prosecutors know this.  So how many black men are sitting in prison as a result of this practice? So now you see how technology can be abused in the cause of justice

Prosecutors are deciding to drop cases that may reveal Stingray use. What?  Is this evidence of illegal obtained evidence being concealed? Again technology being used to pervert justice. 

Questions abound. Since when did America allow the hidden collection of information by law enforcement? And when did we allow cops and prosecutors to work together? I thought there was supposed to be a separation of powers in the Constitution? One branch enforces the law another prosecutes violation. When did that change?

 

Obama Pushes Consumer Privacy Bill

AP_barack_obama_press_conference_sk_131220_16x9_992President Obama has introduced draft legislation intended to ease the burden on consumers who wish to view or delete personal information that companies collect and keep. The White House announced the release of the draft based on the principles of the Consumer Privacy Bill of Rights originally released in 2012.

Consumer privacy is another Internet related issue that Obama promised to address in his State of the Union address. The president previously released a fact sheet outlining both this and other proposed changes. President Obama has made significant efforts in addressing national cyber security and other consumer Internet related issues including connectivity and broadband, public private information sharing and data breach notification legislation.

The Consumer Privacy Bill of Rights Act of 2015 addresses the staggering volume of personal data that corporations collect from consumers regularly. This data is the raw material used internally, analyzed by advertisers, or sold to a third-party aggregator as the final product of the information industry. The bill introduced by the president would require corporations to explain how they use this data in “concise and easily understandable” language. The bill also requires options for consumers to review, correct, or delete information.

Data covered by this bill includes names, addresses, social security or passport numbers, fingerprints, or credit card numbers. Excluded information includes “de-anonymized” data that theoretically cannot be traced back to a specific person. Information used to identify a cyber security related problem is also excluded as long as companies make “reasonable efforts” to remove any personally identifiable information. The bill requires companies to be specific about what information is collected, who it will be shared with, when and if it will be destroyed, how it’s kept secure, and how customers can see or remove it.

Data collectors will also be required to take “reasonable steps” to mitigate privacy risks and make these efforts clear to users. The  Federal Trade Commission (FTC) will be tasked with establishing rules for privacy reviews. Any company violating the terms of the act is subject to FTC lawsuits, as well as user and states attorney general action. The president’s bill allows exemptions for small businesses, including businesses that process data for 10,000 people a year or less or have no more than five employees.

California’s “Shine the Light” law already makes it possible to find out what information companies have collected. The California law requires companies to reveal what information they’ve sold to third-party marketing companies. Facebook, one of the largest data collectors in the world has already attempted to make their privacy policies more transparent considering the tremendous amount of information it holds.

Center on Privacy and Technology director Alvaro Bedoya at Georgetown’s law school worries that Obama’s bill could actually preempt state laws allowing companies to collect what they want as long as they maintain some level of transparency. Bedoya cites rules in Illinois and Texas that ban companies from collecting biometric information without permission. “This bill would erase those protections without offering any clear replacement.” He added that it “seems to assume a world where all of our data is collected about us, all of the time.”

Bedoya is not alone in his thinking. Nonprofit Consumer Watchdog labeled the bill as “full of loopholes” saying it “envisions a process where industry will dominate in developing codes of conduct.”

The Center for Digital Democracy says it relies too much on companies’ judgment to decide whether information is sensitive and how it should be managed. This limits the FTC’s power.

In a written statement the Center for Digital Democracy said “Although the president’s Privacy Bill of Rights promised transparency and control, it creates a labyrinth-like process that consumers must navigate before they can actually access and correct their own data records held by companies.”

The Center for Democracy and Technology says it “falls short on the privacy protections needed in today’s digital world.”

Bedoya hopes the bill that reaches Congress provides more specific and clear lines of authority, opening the door to meaningful reform. President Obama continues to push on other fronts.  This month he introduced another cybersecurity executive orderAnother attempt to create rules governing breaches like last year’s Sony hack.

Breaking It Down

As a black consumer you need to be aware of the level of data collection that is going on. Because the more corporations know about you the more likely they are to tailor offerings, sales, and information just for black people and that is not always a good thing. Not at all.

But before I get into the dangers of information collection let me explain a simple scary fact to you. Everything you buy is recorded somewhere with your name on it. You sell more information about yourself than you can imagine. What you don’t sell you give away or the major corporation figures out a way to steal it or buy it from someone else. Is this information about you true? Is it accurate and up to date? You don’t know and the information industry won’t let you see it. Major corporations are now collecting every bit of information they can about you. No matter where you are or who you are or what that information is. There is nothing to stop them. President Obama is trying to change that.

Now welcome to the age of digital discrimination. Corporations use the information they collect from black consumers to guide them to choices just for them. Sound familiar? Your information is used to direct you away from homes you can’t buy. That’s called red lining. your information is used to hide jobs you can’t have. Employment discrimination. Your information is used to decide what medical treatment you get and what you pay for prescriptions. Your information is used to determine what price you pay for merchandise and it is not always cheaper. Your information is used to decide what banks you can do business with, what loans you can get and what advertisements you see. Corporations claim its the machines doing it. Do we believe that?

The purpose of the Consumer Bill of Rights is to allow you some control over this information. But it is not going to solve the problem of digital discrimination.  I don’t know what will.

Data Collection; What Do They Know About You?

about-the-datacom-logo-illustrationOk black folks wake up! We live in an age of relentless information collection. Everything you do has been recorded and digitized somewhere by somebody. This information is collected for one simple reason; to know who you are, what you do, and whats happening in your life. Big data is in your business. Nothing is private anymore.

Let me give you an example; like most people, African-Americans are creatures of habit. We do the same thing, go to the same places day after day. So lets use your local pharmacy as an example. Everything you purchased at that pharmacy in the last 10 years has probably been recorded. I mean everything. What you purchased, what time you purchased it, who was on duty,  what credit card you paid with. Did you use a coupon a store savings card? Did you need a prescription filled? Its all there. They probably had you on camera too.

So its all recorded. Now what does that mean? Well if you want to buy health insurance the insurance company will know if you are lying if you say you don’t smoke. They already know you do. They know where you bought your cigarettes and what brand you smoke. They know what prescription you had filled. They can check to see if you use any other over the counter remedies. They know a lot about you before they ask a single question.

Lets take it a step further; your credit or debit card or your store savings or loyalty card. How often do you use it ?A lot! So now the record tells all about what liquor you drink and how much. What beer or wine you like. What foods you eat and where you eat out. What gas you buy, where you get your car worked on and where you went and hotel you stayed in on your last vacation.

Let me get really intimate. Women, they know what feminine hygiene products you use and if you have difficult periods. They know if you’re on the pill. Men if you have a woman on the side the data will tell the story. Are you using  Viagra? That’s out there too.

Black folks! Are you getting the picture?

All that information is accumulated and stored and sold back and forth between companies. It used to be that you had no way of knowing what they knew about you, how they got the information or even to see what it is. That just changed.

Acxiom, the largest of the data brokers, is allowing the general public to get a glimpse of the information they are collecting. The company announced last year that they launched  a web portal to allow consumers to see what data they have collected on them.

African-American consumers can enroll  at aboutthedata.com and check out broad categories of data that Acxiom has collected about them from both offline and online sources. This includes shopping habits and money  spent,  interests such as a music aficionado or amateur chef, your Internet connection, your education and political party affiliation and marital status. Consumers can make any  changes they wish or just opt out completely.

Acxiom CEO Scott Howe said in a statement; “After 40 plus years of advocating for the responsible use of consumer data, we’re now taking our first step in establishing a direct relationship with consumers and plan to grow the site and its capabilities over time.”

Rachel Thomas, VP of Government Affairs for the Direct Marketing Association also spoke about the new portal; “Acxiom’s consumer portal will help consumers understand and demystify what data brokers are all about.” The Direct Marketing Association lobbyists have worked to educate lawmakers and take the mystery out of the data industry.

Acxiom and the DMA understand that the collection of information, consumer privacy, has become a serious and growing issue. Congress has begun to investigate the industry and may feel compelled to act by introducing legislation to control the information industry. This new portal is designed to keep new regulation at bay.

Breaking It Down

Black people are running around with those store savings cards and loyalty cards getting nice discounts on their purchases. What you’re really doing is selling information to data collectors. You sold them your grocery list for 10% off the price of the groceries. You sell them the right to get a look at what you bought any time you use that store card or your credit card.

Data collectors use numerous ways to get information about you. The watch your Facebook, page for example.  What black people need to understand is that there is no privacy so you need to limit what you share. Check out the aboutthedata.com website and see what they know. I’d advise you opt out. Just to annoy them.  And because it really is no use. You may be able to opt out of Acxiom’s data. But there is a lot more information and a lot more companies that are not telling you anything about what they know about you.

Now you know.