Erosion of privacy through technology

[GostHacked]

http://www.bbc.co.uk/news/technology-18102793

The Metropolitan Police has implemented a system to extract mobile phone data from suspects held in custody.

The data includes call history, texts and contacts, and the BBC has learned that it will be retained regardless of whether any charges are brought.

The technology is being used in 16 London boroughs, and could potentially be used by police across the UK.

Campaign group Privacy International described the move as a "possible breach of human rights law".

Until now, officers had to send mobiles off for forensic examination in order to gather and store data, a process which took several weeks.

Under the new system, content will be extracted using purpose built terminals in police stations.

It will allow officers to connect a suspect's mobile and produce a print out of data from the device, as well as saving digital records of the content.

The kicker, is that you don't even need to be charged with any crime for this to happen.

A Met Police spokesman told the BBC that when a suspect was released, "data received from the handsets is retained and handled in accordance with other data held by the MPS [Metropolitan Police Service]" - regardless of whether charges had been brought.

Guidelines given to officers state that data extraction can happen only if there is sufficient suspicion the mobile phone was used for criminal activity.

"Mobile phones and other devices are increasingly being used in all levels of criminal activity," said Stephen Kavanagh, Deputy Assistant Commissioner of the Metropolitan Police Service.

I've heard about these things for some time. Now with the event which is the 2012 Olympics held in London, this is going to be widely used. London is already the CCTV capitol of the world, and Big Brother has been watching over the UK for close to a decade now. More and more we are already seeing this type of thing in Canada and the USA.

What happens in a case where the phone has proprietary confidential information because it was issued by the employer? I work in IT for a grocery warehouse, I am privy to some confidential information on our networks and hardware and security measures. Would my employer make a stink about it because it is not personal private data? But that poses another question, would they target just personal cell phones, or any cell phone even if provided by the employer?

http://www.zdnet.com/blog/facebook/us-senators-investigate-employers-asking-for-facebook-passwords/10834

In some cases, current employees are being pressured to allow access to their Facebook accounts. A teacher's aide in Michigan was recently suspended after refusing to provide access to her Facebook account to the school's superintendent.

Now, I've never had a Facebook account and never will. But what happens when they ask for the account password, I tell them I don't have one, and I am still pressured to give the password up? Would they believe me that I do not have one?

And why would employers ask for the facebook account password anyways?

Anyways, this is just a small bit compared to the overall scope in which technology is being used to erode your rights. I am sure many of you can put something else in here that goes along with what I am talking about.

[guyser]

The whole thing sucks, but I suppose one could get encrypted files and hit a button that closes it off.

It would take govt's forever to try and break them.

As for why one would ask for a FB pass, seems they want to know what you do in offtime before they hire you.

I would tell them to pound salt, but I think this was quashed by a court redcently or it was shown to be in the minor and other companies were not follwoing suit.

[Moonlight Graham]

The kicker, is that you don't even need to be charged with any crime for this to happen.

I'm thinking this should be handled like any other piece of private property that could be searched, like your wallet or car or a briefcase you might be carrying. I don't know the laws in Canada exactly, but wouldn't you need a warrant to search these things?

As for my Facebook account, I would never let an employer or anyone else have my password. If they asked for my password I'd only let them maybe if they let me search through their drawers at home haha.

[bush_cheney2004]

The whole thing sucks, but I suppose one could get encrypted files and hit a button that closes it off.

It would take govt's forever to try and break them.

I doubt that....the police can scan a cell phone in minutes and break pass codes and encryption in a few hours. Commercial scanner software makes it child's play. What the police are really after is the phonebook and contacts lists to ID more perps! They already have a timeline and geo-position from cell tower records. Saved text messages about that drug deal are also welcomed.

People with cell phones and other mobile devices crack me up with their privacy whining after being dumb enough to load their entire lives into a smart phone. These are the same idiots who walk down the street or drive a car while texting, oblivious to the world around them.

Advice for perps: Use a pay phone, if you can find one.

[guyser]

I doubt that....the police can scan a cell phone in minutes and break pass codes and encryption in a few hours. Commercial scanner software makes it child's play.

If the encryption is similar to PGP software encryption, the govt would be able to break it, however by their own estimate , it would take years .

Yes, years.

Saved text messages about that drug deal are also welcomed.

With a warrant served on the carrier you mean. Thus they would need cause.

[bush_cheney2004]

If the encryption is similar to PGP software encryption, the govt would be able to break it, however by their own estimate , it would take years .

Yes, years.

Not if the case was a high priority and warrants (pun intended) more horsepower. Standard GSM and 3G ciphers for voice and data transmission are easy to crack, and anything more exotic for the actual phone data just means more fun, not years.

With a warrant served on the carrier you mean. Thus they would need cause.

Depends on the jurisdiction. Cops can still use UFEDs to suck every bit of data out of the phone at time of arrest, but the data may not be admissible in court. Apple will provide the access codes to law enforcement upon request for iPhones.

[guyser]

Not if the case was a high priority and warrants (pun intended) more horsepower. Standard GSM and 3G ciphers for voice and data transmission are easy to crack, and anything more exotic for the actual phone data just means more fun, not years.

My blurb about the years it will take the govt to crack it comes from a NH case of a computer searched at the border where the govt admitted they could not crack the pass code, and would take years to crack it with what they have now, and that case is recent.

My point is if the same type of encryption works on a phone, then the police are SOL.

Two veiwpoints are suggesting that getting the p/word from the person who owns it violates federal law on self incrmination. However the other side of the coin says that they are not self incriminating since they offer up no evidence , just the key. The third side of that coin (huh?) says that anything lept in the mind cannot be compelled to admit.

Round 2 will start on that I suspect.

[bush_cheney2004]

...My point is if the same type of encryption works on a phone, then the police are SOL.

I agree that a garden variety police department or border agent office would struggle with sophisticated encryption, but anything of high interest and value would bring more resources to bear on cracking the key. The phone providers will assist government with user access codes.