Digg this story   Add to del.icio.us   (page 1 of 2 ) next 
Tracked by cellphone
Mark Rasch, 2005-12-22

We know that technology can be used to track people's location via a cellphone, but how difficult is it for law enforcement to get a court order and do this legally?

An old physics joke recounts that Werner Heisenberg (of the uncertainty principle) is pulled over by the police for speeding one night. The police officer asks the professor, "Do you have any idea how fast you were going?" Heisenberg replies, "No, but I know exactly where I am."

Being tracked via your phone

Recent court cases in the United States raise the question of the standard required when the police want to know exactly where you are, using your cell phone to track you down. The issue again raises the question of how new technologies can invade privacy rights, and how quantitative changes in the type and amounts of data collected and stored result in qualitative changes in privacy rights. These require a reexamination of even established laws of privacy and of probable cause. These precedents also apply to entities like ISPs and telephone companies that routinely collect massive amounts of data about individuals which may be subject to eventual discovery or disclosure. It is important that we establish and apply the correct legal standard for obtaining this information now.

Whenever you carry (much less use) a cell phone that is turned on, the cellular network is constantly "scanning" to determine where you are so that it can route telephone calls to the appropriate cell location. By examining the relative signal strength of three of these cells, through a process called "triangulation" the cell provider can determine - with relatively low level of precision, where you are at any point in time. Other technologies employed by cell providers, such as those employed with E-911 services, can determine your location with greater precision. Finally, some cell phones are also equipped with GPS capabilities, which passively receive certain data from geosynchronous satellites to enable the phone (but not the provider) to determine its precise locations - often within a matter of feet.

This digital location information, coupled with high-speed internet access in some cell phones, can be a great boon to users. They can use cell phones to locate restaurants, theaters, or other entertainment in their area, make reservations or arrange for carry out as they travel. They might use such technology to locate family members, including children. In a disaster situation (assuming the cell towers continue to work), the technology might be useful in locating survivors - well, at least locating the survivor's cell phones. One can imagine their use by law enforcement agencies in kidnapping cases.

Such data is already being used by cellular providers to determine demand for and therefore location of new cell towers. It is not difficult to imagine the economic usefulness of this data as well. Cell providers can collect this information, link it to specific users as well as the demographic information provided when the subscriber initiated the cellular contract. They can then sell, lease or otherwise provide this information to third parties. In addition, cell providers are increasingly becoming indistinguishable from Internet Service Providers, as people use their handheld devices to access the Internet from anywhere. Thus, cell providers will have the ability to collect records of every place you have been, who you have talked to, and collect location and content of text messages, e-mails, web traffic, IP video and downloaded or streaming audio. It is time to set some rules on what information can be collected, and what can be done with all of this information.

Location, Location, Location

In at least three separate cases, the U.S. government has attempted unsuccessfully to obtain court order to require the cellular providers to provide them information about the location of a cellular customer gleaned from the triangulation of the signals they have received. This in and of itself is remarkable. When the government wants a court order to obtain a wiretap, a pen register, or to search for or seize documents or records, it files the paperwork ex parte and in camera. What this means is that only the government is represented. If the government believes that a certain law applies, it and only it presents the law to the magistrate judge. In fact, for virtually all such applications, the records relating to the application are sealed - either automatically by statute or as a matter of routine by application of the government. Thus, we have no idea how many times the federal government has gone to court to obtain cell phone location data and been granted the data, with no questions asked. The fact that three magistrates refused the government's request is itself amazing.

What the government was trying to do in these three cases, one in the Eastern District of New York (Long Island), one in Maryland, and one in Texas, was to obtain "prospective" cell location data. That is, they wanted the court to order the cell companies to tell them whenever a particular cell phone moved, where it went, and how long it was there.

It is important to note that all three of the courts recognized that the government could get this information if it needed it. All three courts also recognized that they had the authority to order such prospective cell location data. At issue was the legal standard the government had to meet to obtain the information.

Legal requirements for cellphone location information

Essentially, there are four legal standards for the government to obtain cellphone location information. First and lowest is a pen register or a trap and trace device. This is simply a record of the telephone calls made (from and to) and the time of each call. Because of an assumption that these are merely records of the telephone company, and therefore one can't possible have an expectation of privacy in such records, for a court to order the production of such records (even prospectively), all that needs to happen is for a prosecutor to certify that the records are relevant to some ongoing investigation. Indeed, with such a certification in hand, the court is not even permitted to question or challenge this - it MUST give the government the power to obtain the records from the provider.

Next on the list is stored communications and subscriber records. This would include things like stored SMS messages, stored e-mails, and the information provided to the telephone company when the customer created the account. To obtain these records, the government would need to meet a slightly - and only slightly - higher standard than the above. The government would have to demonstrate specific and articulable facts as to why such records are relevant to an ongoing investigation. Congress made a distinction between communications in transmission or in temporary storage versus those that are incident to transmission and are actually stored. In the former case, the "interception" of the electronic communication is similar to eavesdropping on a telephone call, and in Congress' opinion the same kind of warrant should be required. For stored communications however, since the records already exist and are stored somewhere, its more like seizing a printed document (a printed e-mail). Thus, Congress presumed that a lower standard should apply.

Story continued on Page 2 



Mark D. Rasch is an attorney and technology expert in the areas of intellectual property protection, computer security, privacy and regulatory compliance. He formerly worked at the Department of Justice, where he was responsible for the prosecution of Robert Morris, the Cornell University graduate student responsible for the so-called Morris Worm and the investigations of the Hannover hackers featured in Clifford Stoll’s book, "The Cuckoo’s Egg."
    Digg this story   Add to del.icio.us   (page 1 of 2 ) next 
Comments Mode:
Tracked by cellphone 2005-12-22
Matthew Murphy
Tracked by cellphone 2005-12-23
freedom bird
Tracked by cellphone 2005-12-27
Doc Farmer (1 replies)
Re: Tracked by cellphone 2006-01-01
Mark D. Rasch
Tracked by cellphone 2005-12-28
Jitin (1 replies)
Re: Tracked by cellphone 2006-01-03
Anonymous (3 replies)
Re: Re: Tracked by cellphone 2006-01-07
Anonymous
Re: Re: Tracked by cellphone 2006-01-08
Anonymous
Re: Re: Tracked by cellphone 2006-01-09
Publicus
Tracked by cellphone 2005-12-30
Lou (1 replies)
Re: Tracked by cellphone 2007-04-23
Anonymous
Tracked by cellphone 2006-01-04
Federal Dragon
Tracked by cellphone 2006-01-07
Bob Radvanovsky (1 replies)
Re: Tracked by cellphone 2006-01-10
Roger
Tracked by cellphone 2006-01-08
Anonymous
Tracked by cellphone 2006-01-10
nkr
Tracked by cellphone 2006-06-07
jeff


 

Privacy Statement
Copyright 2010, SecurityFocus