Posts Tagged: loophole

The legal loophole that lets the government search your phone

Despite the US ethos that you’ll be innocent until proven guilty in a court of law, law enforcement finding an excuse to search your digital devices only requires a presumption of wrongdoing. The tech to do this already exists, and murky legislation lets it happen, speakers from the Legal Aid Society said at DEF CON last Friday.

“Technically and legally there's not much really truly blocking the government from getting the information they want if they want it,” Allison Young, digital forensics analyst at The Legal Aid Society, told Engadget. It’s easy, too. Without picking up any new skills or tools, Young was able to find sensitive data that could be used to, for example, prosecute someone being targeted for getting an abortion as it becomes increasingly illegal across the country.

The problem isn’t just the state of local law either, but it’s embedded in the Constitution. As Diane Akerman, digital forensics attorney at the Legal Aid Society explained, the Fourth Amendment hasn’t been updated to account for modern problems like digital data. The Fourth Amendment intends to protect people from “unreasonable searches and seizures” by the US government. This is where we get legal protections like warrants, where law enforcement needs court approval to look for evidence in your home, car or elsewhere.

Today, that includes your digital belongings too, from your phone to the cloud and beyond, making way for legal loopholes as tech advancements outpace the law. For example, there’s no way to challenge a search warrant prior to it being executed, Akerman said. For physical evidence that makes some sense because we don’t want someone flushing evidence down a toilet.

That’s not how your social media accounts or data in the cloud work though, because those digital records are much harder to scrub. So, law enforcement can get a warrant to search your device, and there’s no process to litigate in advance whether the warrant is appropriate. Even if there’s reason for the warrant, Akerman and Young showed that officers can use intentionally vague language to search your entire cell phone when they know the evidence may only be in one account.

“You litigate the issues once they already have the data, which means cat is out of the bag a lot of the time and even if it's suppressed in court, there's still other ways it can be used in court,” Akerman said. “There's no oversight for the way the government is executing words on digital devices.”

The issue only exacerbates across the third-party apps you use. According to the Fourth Amendment, if you give your information to a third party you’ve lost any sense of privacy, Akerman said. The government can often very easily get information from the cloud because of that, even if it’s not entirely relevant to the case. “You would be furious if police busted down your door and copied five years of texts for you walking out on a parking ticket five years ago, it's just not proportional,” Young said.

There are no easy ways for an individual to better protect themselves from these searches. On a case by case basis, there are ways to lock down your device, but that changes with every update or new feature, Young said. Instead, both speakers pushed to put the onus back on the systems and structures that uphold this law, not the individuals affected by it.

“I live in a world where I have to opt out of modern society to not have other people housing my data in some way,” Akerman said. “The question really should be like, what responsibility do those people have to us, since they have made us into their profit, rather than forcing me to opt out in order to protect myself?”

This article originally appeared on Engadget at https://www.engadget.com/government-warrant-search-phone-cloud-fourth-amendment-legal-191533735.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Meta will close a loophole in its doxxing policy in response to the Oversight Board

Meta has agreed to change some of its rules around doxxing in response to recommendations from the Oversight Board. The company had first asked the Oversight Board to help shape its rules last June, saying the policy was “significant and difficult.” The board followed up with 17 recommendations for the company in February, which Meta has now weighed in on.

Unlike decisions around whether specific posts should be taken down or left up, Meta is free to completely disregard policy proposals from the Oversight Board, but it is required to respond to each recommendation individually.

One of the most notable changes is that Meta agreed to end an exception to its existing rules that allowed users to post private residential information if it was “publicly available” elsewhere. The Oversight Board had pointed out that there was a significant difference between obtaining data from a public records request and a viral social media post.

In its response Friday, Meta agreed to remove the exception from its policy. “As the board notes in this recommendation, removing the exception for ‘publicly available’ private residential information may limit the availability of this information on Facebook and Instagram when it is still publicly available elsewhere,” the company wrote. “However, we recognize that implementing this recommendation can strengthen privacy protections on our platforms.” Meta added that the policy change would be implemented “by the end of the year.”

While the company ended one exception, it agreed to relax its policy on another issue. Meta said users would be able to share photos of the exterior of private homes “when the property depicted is the focus of the news story, except when shared in the context of organizing protests against the resident.” Likewise, the company also agreed that it would allow users to share addresses of “high ranking” government officials if the property is a publicly-owned official residence, like those used by heads of state and ambassadors.

The policy changes could have a significant impact for people facing harassment, while also allowing some information to be shared in the context of news stories or protests against elected officials.

The board had also recommended Meta revamp the way that privacy violations are reported by users and how reports are handled internally. On the reporting front, Meta said it has already started experimenting with a simpler method for reporting privacy intrusions. Previously, users had to “click through two menus” and manually search for “privacy violation,” but now the option will appear without the extra search. Meta said it will have results from the experiment “later this month" when it will decide whether to make the change permanent.

Notably, Meta declined to make another change that could make it easier for doxxing victims to get help more quickly. The company said that it would not act on a recommendation that it “create a specific channel of communications for victims of doxing” regardless of whether they are Facebook users. Meta noted that it’s already piloting some live chat help features, but said it “cannot commit to building a doxing-specific channel.”

Meta was also non-committal on a board recommendation that doxxing should be categorized as “severe” violation resulting in a temporary suspension. The company said it was “assessing the feasibility” of the suggestion and “exploring ways to incorporate elements of this recommendation.”

In addition to the substance of the policy changes, Meta’s response to the Oversight Board in this case is notable because it represents the first time the company had asked for a policy advisory opinion, received recommendations and issued a response. Typically, the board weighs in on specific moderation decisions, which can then impact the underlying policies. But Meta can also ask for help shaping broader rules, like it did with doxxing. The company has also asked for help in creating rules around its controversial“cross check” system.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Apple and Google close loophole that allowed Russians to use Mir cards for mobile payments

Apple has closed a loophole that had allowed some Russians to continue using its mobile payments service despite the ongoing economic sanctions against Russia. According to Reuters, the company told the country's largest lender on Thursday it would no longer support Russia's homegrown Mir payments system through Apple Pay.

"Apple has informed NSPK it is suspending support for Mir cards in the Apple Pay payment service," the National Card Payment System said Friday. "Starting from March 24th, users cannot add new Mir cards to the service. Apple will stop all operations of previously added cards over the next few days."

Google took similar action last week as well. According to a separate report from The Wall Street Journal, the company paused a pilot that had allowed Russians to connect their Mir cards to Google Pay. "Google Pay is pausing payments-related services in Russia as a result of payment services disruption out of our control," a Google spokesperson told the outlet.

As The Verge notes, the Central Bank of Russia established Mir after the US and other countries imposed sanctions on Russia in response to its annexation of Crimea in 2014. According to statistics shared by the Central Bank, Mir cards are involved in more than 25 percent of all card transactions within the country. Previously, cards from major Russian financial institutions like VTB Group and Sovcombank stopped working with Apple Pay and Google Pay shortly after the Kremlin launched its invasion of Ukraine on February 24th.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics