Police Report’s Semi-Redaction

I just got back from the Phoenix Police Department Headquarters, where I purchased a copy of the Accident Report. The report is also available online through their e-Services department — we downloaded it a few days ago — but it indicates that an officer took pictures at the scene. The pictures are only available if you request a copy from the Records Office at HQ.

So I purchased the report ($3) and had a choice of photos for $.50/ea or all of them on CD for $4. I opted for the CD. In either case, it would take a week for pictures to be prepared and mailed to us.

But that wasn’t the interesting part.

In order to purchase a copy of the Accident Report, I had to complete a form that included my name, address, and phone number, along with my signature where I certify that I’m who I say I am and that I have a right to request the information. After the clerk verified my information, she printed off a copy of the report, then picked up a black wide-tip marker and manually redacted all the addresses and phone numbers of both Son#1 and the other driver, as well as the witnesses.

I found this very interesting since the report we downloaded online only required that we know the report number and the last name of one of the parties involved in the accident … and had absolutely no redactions! I double-checked this after returning from downtown — no redactions, everything is clearly readable.

Although I applaud the Phoenix Police Department for trying to do the right thing, they’re going about it bass-ackwards. The version online should be the redacted copy, and the version being handed out in person to a verified and authenticated individual should be the untouched copy.

Cell Phones used as Listening Devices

A recent article in CNET highlights a new privacy threat posed by cell phones: Their microphone can be enabled, even while the phone is “off,” allowing an eavesdropper to listen to conversations held within listening distance of the phone. The FBI recently used this “roving bug” as one method of electronic surveillance while investigating the Genovese organized crime family in New York.

mobile_phone.gif

Although there is some conjecture on exactly how the “bugs” worked, it’s been generally agreed that rather than installed a physical device — which may have been impossible in the Genovese investigation — the cell phone carrier, Nextel in this case, may have remotely installed software causing the phone to call an FBI number where the “open mic” could be recorded while the phone’s display still indicated it was off-hook and offline. This theory is supported by the fact that the affidavit requesting the court order for electronic surveillance included the phone number, the 15-digit IMSI (International Mobile Subscriber Identifier), and the name of the carrier for the cell phone they wanted to bug. This information would not have been necessary if a physical bug had been used.

This is not the first time ordinary cell phones may have been used for surveillance. A 2004 BBC article suggests that this method was used by US and British security agencies to routinely bug senior UN officials, including the Secretary General, Kofi Annan.

As a privacy issue, there may not by any immediate cause for alarm. This method of surveillance requires the cooperation of cell phone providers, so it is currently only useful as an eavesdropping tool for government agencies — which, by itself, may or may not be cause for concern. However, since this is simply an application of software, it’s probably only a matter of time before hackers or virus writers make this a much more common occurrence.

If your job requires to you discuss very sensitive or top secret information, it might be best to go ahead and remove your cell phone battery for the duration of the meeting.

Link: CNET: FBI taps cell phone mic as eavesdropping tool
Link: BBC: ‘This goes no further…’

Big Brother OnStar

Excerpt of “Court to FBI: No spying on in-car computers” by Declan McCullagh on News.Com:

The 9th Circuit Court of Appeals said Tuesday that the FBI is not legally entitled to remotely activate the system and secretly use it to snoop on passengers, because doing so would render it inoperable during an emergency.

In a split 2-1 rulingthe majority wrote that “the company could not assist the FBI without disabling the system in the monitored car” and said a district judge was wrong to have granted the FBI its request for surreptitious monitoring.

The court did not reveal which brand of remote-assistance product was being used but did say it involved “luxury cars” and, in a footnote, mentioned Cadillac, which sells General Motors’ OnStar technology in all current models. After learning that the unnamed system could be remotely activated to eavesdrop on conversations after a car was reported stolen, the FBI realized it would be useful for “bugging” a vehicle, Judges Marsha Berzon and John Noonan said.

David Sobel, general counsel at the Electronic Privacy Information Center, called the court’s decision “a pyrrhic victory” for privacy.

“The problem (the court had) with the surveillance was not based on privacy grounds at all,” Sobel said. “It was more interfering with the contractual relationship between the service provider and the customer, to the point that the service was being interrupted. If the surveillance was done in a way that was seamless and undetectable, the court would have no problem with it.”

I’ve often wondered how long it would take before someone began using OnStar and similar products to keep track of, or spy on, a vehicle and it’s occupants. I’ve been expecting for some time now to see someone offering a web-based service for tracking these vehicles, so I’m not particularly surprised that law enforcement would want to use the system’s voice capabilities for “wiretap” surveillance.

As with most recent technological conveniences, we must each weigh it’s value to us against the impact it may have with the level of personal and family privacy we feel comfortable with. Personally, these products are a bit outside my comfort zone.