Public Buses in Athens Quietly Adding Microphones to Record Passenger Conversations

 

Do you ride a public bus in Athens? If you do, watch what you say. Big Brother is watching and listening to you:

The systems use cables or WiFi to pair audio conversations with camera images in order to produce synchronous recordings. Audio and video can be monitored in real-time, but are also stored onboard in blackbox-like devices, generally for 30 days, for later retrieval. Four to six cameras with mics are generally installed throughout a bus, including one near the driver and one on the exterior of the bus.  

Cities that have installed the systems or have taken steps to procure them include San Francisco, California; Eugene, Oregon; Traverse City, Michigan; Columbus, Ohio; Baltimore Maryland; Hartford, Connecticut; and Athens, Georgia.

 The Katz case from the 1960’s held that a person has a “reasonable expectation of privacy” even in a public telephone booth. (Yes, telephones used to be in booths, kids.) I wonder whether a court would hold a similar expectation of privacy in a public bus. Let’s say two people are sitting in the back of an otherwise empty bus discussing their campaign plans to run against a local Chief of Police. Can the local Chief listen in on their plans?

UPDATE:  As Andrew Fleischman reports, there are problems with recording public buses.

Continue reading
3428 Hits
0 Comments

"You have the right to remain silent about your encryption key . . ."

"You have the right to remain silent about your encryption key . . ."

A U.S. Court of Appeals has upheld your right to remain silent about the key to your encrypted hard drive: 

The 11th Circuit Appeals Court has issued an important ruling on the question of whether or not a defendant can be forced to decrypt a hard drive when its contents could provide additional incriminating evidence. The case in question refers to the actions of a John Doe who was compelled to testify before a grand jury in exchange for immunity from prosecution. Doe was ordered to decrypt the contents of his laptop as part of that testimony, but was told that his immunity would not extend to the derivative use of such material as evidence against him. Doe refused to decrypt the TrueCrypt-locked drives, claiming that to do so would violate his Fifth Amendment right against self-incrimination.

The 11th Circuit’s ruling reverses the lower court's decision to hold Doe in contempt and affirms that forcing him to decrypt the drives would be unlawful. It also states that the district court erred in limiting the immunity it granted Doe to only apply to grand jury testimony and not the derivative use of the evidence in question. The ruling on misapplied immunity means that the 11th Circuit could’ve punted on the Fifth Amendment issue, but the court opted not to do so.

The applicability of the Fifth Amendment rests on the question of what the government knew and how it knew it. Federal prosecutors admitted at trial that while the amount of storage encrypted exceeded 5TB, there was no way to determine what data was on the hard drive — indeed, if there was any data whatsoever. Plaintiffs were reduced to holding up numerical printouts of encryption code that they said “represented” the data they wanted, but were forced to admit that there was no way to differentiate what might be illegal material vs. legal.

The question at hand is whether or not decrypting the contents of a laptop drive is testimony or simply the transfer of existent information. The court acknowledges that the drive’s files are not testimony of themselves, but writes “What is at issue is whether the act of production may have some testimonial quality sufficient to trigger Fifth Amendment protection when the production explicitly or implicitly conveys some statement of fact.” (emphasis original)

Previous court cases have established that merely compelling a physical act, such as requiring a defendant to provide the key to a safe, is not testimonial. Actions are also non-testimonial if the government can invoke the “foregone conclusion” doctrine by showing with “reasonable particularity” that it already knew that certain materials or content existed.

By decrypting the drives, Doe is admitting “his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files.” The court dismisses the argument that the contents of Doe’s hard drives are a foregone conclusion, noting that “Nothing… reveals that the Government knew whether any files exist or the location of those files on the hard drives; what’s more, nothing in the record illustrates that the Government knew with reasonable particularity that Doe was even capable of accessing the encrypted portions of the drives.”

“The Government has not shown, however, that the drives actually contain any files, nor has it shown which of the estimated twenty million files the drives are capable of holding may prove useful… we are not persuaded by the suggestion that simply because the devices were encrypted necessarily means that Doe was trying to hide something. Just as a vault is capable of storing mountains of incriminating documents, that alone does not mean that it contains incriminating documents, or anything at all.”

The strength of this decision is the balance it strikes between the rights of the government and the individual. Rather than focusing on the nature of the pass phrase defendants are ordered to provide, it emphasizes the issue of what the prosecution knows and how it learned it. If the prosecutors had had sufficient data to indicate that illegal materials were stored on Doe’s hard drives, forcing him to testify would’ve been valid under the foregone conclusion principle.

The decision is noteworthy for the nature of Doe’s alleged infraction. Doe was called before the grand jury to testify because an IP address corresponding to multiple hotel rooms where he stayed was found to have accessed child pornography via YouTube. Child pornography is a despicable crime, but deriving legal precedents from a desire to punish someone makes for lousy jurisprudence. The 11th Circuit decision heaps no small amount of scorn on the district court’s attempt to immunize Doe’s testimony without immunizing the defendant, deriding it as akin to asking for “manna from heaven,” in which squeaky-clean testimony mysteriously appears on the courthouse steps without any troublesome questions into how it was obtained.

This decision doesn’t make it impossible for the government to use the contents of an encrypted drive, but it requires that the prosecution demonstrate a knowledge of the contents and data contained therein before being allowed to issue a blanket demand. It’s a fair call, and given the increasing number of similar cases, an important one.

This is very important as more and more poeple encryt their computers using free encryption software like TrueCrypt.  Not only can the government not break in to an encrypted computer with a good encryption key, they also can't force individuals to turn over the key.

UPDATE:  TrueCrypt has fallen into disfavor since this blog post was published, although it still works for many functions.  Here are some alternatives to TrueCrypt:  https://www.comparitech.com/blog/information-security/truecrypt-is-discoutinued-try-these-free-alternatives/

Continue reading
3432 Hits
0 Comments

Cracking Bin Laden's Hard Drives

Few technological advances have been as successful at protecting information from government as the technology of encryption.  I think it is fair to say that the US Government will use everything in its power to defeat whatever types of security Osama Bin Laden used on his computers.  But even that may not be enough:

"If you're doing encryption on the drive properly, meaning you've done your research, looked at the solutions, you follow best practices, have a strong key, and don't have a weak passphrase, then it will probably never be decrypted. Because drive encryption done properly is extremely difficult, it ends up being a brute-force problem," said Hoglund.

In the attorney-client arena, I think it is imperative for an attorney to encrypt client information.  Encryption software like TrueCrypt is free and easy to use.  A computer with an encrypted hard drive stolen in a burglary of a lawyer's office is unlikely to reveal any client secrets to the burglar.  The client is protected, as is the attorney-client privilege.

Continue reading
3691 Hits
0 Comments

City of Paragould Proposes Suspicionless Stops By Armed SWAT Agents

Someone had better talk some sense into this guy before he bankrupts the city with wrongful arrest lawsuits

Continue reading
4135 Hits
0 Comments

5 Reasons You Should Never Agree to a Police Search

Scott Morgan at Huffington Post lists the 5 Reasons to Never Consent to a Police Search.   Morgan writes:

It wouldn't even be such a big deal, I suppose, if our laws all made sense and our public servants always treated us as citizens first and suspects second. But thanks to the War on Drugs, nothing is ever that easy. When something as stupid as stopping people from possessing marijuana came to be considered a critical law enforcement function, innocence ceased to protect people against police harassment. From the streets of the Bronx to the suburbs of the Nation's Capital, you never have to look hard to find victims of the bias, incompetence, and corruption that the drug war delivers on a daily basis.

Whether or not you ever break the law, you should be prepared to protect yourself and your property just in case police become suspicious of you. Let's take a look at one of the most commonly misunderstood legal situations a citizen can encounter: a police officer asking to search your belongings. Most people automatically give consent when police ask to perform a search. However, I recommend saying "no" to police searches, and here are some reasons why:

Continue reading
3960 Hits
0 Comments