I have a real issue with the current NSA practices and with much of the government surveillance attitude, that said this generally sounds like a case of doing it right.
I like that there was a court order for specific cell towers near the robberies, it would be better if order specifically requested the intersection of the towers or in someway restricted further use of the information to prevent long term and or continued use of collected data for unrelated cases, but I do not find this to be egregious.
This was a case of law enforcement using reasonable tools to do their job and a judge was in the loop -- I think the there should be a requirement to show probable cause, but a I think that a judge should be able to see that in this case there was probable cause to believe that anyone who had been at X number of the banks at the time of the robberies was a probable suspect and the collection of the data would be warranted.
My issue is when law enforcement (or other 3 letter agencies) collect (and retain) all of this data (and email, and license plates, and security cameras...) for non-specific uses. This is a significant infringement on our personal privacy and a threat to our democracy.
Exactly. The phrase "probable cause" can (and should) be directly related to the probability of a false positive; in the context of virtually unlimited 'data dumps', this paradigm must be adapted to reflect the probability of a false positive in a multiple-testing situation.
The FBI in this case was successful because they had 4 (or 3) towers; with only two it is likely they would not have been able to hone in on the criminals as quickly as they did. It's perhaps even possible to calculate what the chance of success is, and establish guidelines for release of data based on this (e.g., minimum 4 towers). Also, probability would have to be taught in law schools.
> Also, probability would have to be taught in law schools.
The first couple of weeks of my Evidence class was a crash course in probability and Bayes' rule. Our final exam had an entire section on it. I'd imagine you can still get through law school without learning probability, but it's getting increasingly harder as Evidence is reformulated on probabilistic grounds, just as Torts was reformulated on economics grounds in the 1960-1970's. Today you probably can't get through a Torts class without learning about Pareto efficiency or Coase theorem, etc. Also, empiricism is a dominant academic trend right now in legal academia, and it heavily relies on statistical approaches.
As long as you're talking about an investigation to develop leads, if the investigators have a clue false positives aren't necessarily going to be bad. In this investigation, they didn't just go arrest the people associated with the two numbers they found, they got the metadata for the two numbers and saw enough additional correlations they could be pretty sure they'd found their men, especially with the added highly suspicious behavior. Presumably a few false positives wouldn't have panned out after their metadata was examined, e.g. in this one's second stage they went from 3 out of 4 to "most of the 16 the bank robberies under investigation".
Maybe in this case the false-positives were easily filtered out. However, if the initial search is too broad, and too un-specific, incorrect assumptions and false positives are certain to occur due to human error, prejudice or carelessness. This is one of the primary reasons why the "I have nothing to hide" argument in favor of increased surveillance is inadequate-- you may have nothing to hide, but errors not in your favor can unjustly cast you as having something to hide.
NO the primary reason is, you have no privacy. Its a ticking time bomb - nothing you do or say can every be private, which means forgotten except by your intimates.
I liken constant surveillance to a bomb planted in your body. If you have nothing to hide, then no problem right?
Note, I'm not an advocate for our current "you have no privacy to speak of" regime. On the other hand, short of our government going Godwin (in which case the remedies aren't to be found here), the American people aren't going to agree to fixes that preclude this sort of investigation.
Anyway, a point I'm making is that law enforcement officers might cast a wide net, but they really want to find the right fish. If for no other reason than that they then have to prove it all in court. The screw case it sounds like you're concerned with is the "find the person, then find a crime" type. If I'm wrong, could you sketch out an abusive scenario?
I agree, of course law enforcement wants to find the right fish. Short of a few bad apples (more food analogies!), I don't think that their intentions are malicious (i.e., find a person then find a crime). Instead, I'm concerned about a situation where pressure exists to "find the person" (think Boston Marathon bombing)-- and then shortcuts are taken. Granted, this can happen in a world w/o excessive surveillance also, but its far easier to find a fitting suspect when 100k people are in your net. Those suspects-- ideally-- would be crossed off the list asap, but not before significant harm could be done. Thanks for the interesting discussion!
You haven't sketched out a scenario were particularly bad things happen. Yeah, getting arrested and subject to an abusive dwelling search are bad, and due to the poor arms handling of police potentially more than significant harm, but, again, presumably the police would find no evidence to back it up and move to the next set of suspects.
A better example would be the FBI's "investigation" of the post-9/11 anthrax attacks. Neither of the suspects they harassed within an inch of their lives and beyond for the second were guilty, although I think the remedy there is to abolish such politicized "law enforcement" agencies. Whatever their tool set it, they'll abuse it and innocent citizens.
It's kind of annoying that Ars, which is a publication I usually respect, only talks about one side of the legal argument around cell tower information.
"In addition, in its well-known Jones decision of 2012, the Supreme Court ruled that warrantless GPS tracking of a suspect was not allowed, and in response the FBI switched off 3,000 tracking devices. Cell tower dumps might well qualify as warrantless 'tracking' under this standard."
Jones was based on the fact that the police had to physically invade the suspect's property (car) to place the GPS trackers. Physical invasions of property are a clear-cut situation where the 4th amendment requires a warrant.
Trying to extend Jones to cell phone tracking doesn't work. The police didn't place a tracking device on anyone's person. These guys bought tracking devices which uploaded their location in real time to third parties that came under a court's subpoena power. The guys tracked themselves and handed the data to a third party that the police could subpoena for evidence. Third party doctrine says that this doesn't require a warrant: http://www.forbes.com/sites/kashmirhill/2012/01/23/a-supreme....
The basic problems is that connected technology and the 4th amendment aren't friends. Connected technology spills private data everywhere like a sieve, and the 4th amendment, as it's currently interpreted, doesn't really extend to information you "make un-private" by sharing it with your thousand closest friends at AT&T. One or the other will have to change, and it's a much more uphill battle than Ars is making it out to be.
Also, note that this isn't 1970. We have a conservative Supreme Court and a conservative judiciary (that is reeling from decades of criticism from both the left and the right for being "activist judges"). I'd be shocked to see an expansive judicial reinterpretation of the 4th amendment while the composition of the Court remains the way it is today. The Court today is looking for tight legal arguments. I haven't seen one that justifies an expansive view of the 4th amendment in the digital context. What I've seen are the kind of nebulous, policy-based arguments warning about social harm that might have flown in 1970, but are unlikely to do so in 2013.
I've never understood this. Why can't the fourth amendment follow contracts? Why can't I trust my location data to AT&T and no one else?
Third parties are necessary for most communication. It's ridiculous that sharing something with a contracted service provider for a specific purpose is legally identical to publishing it on the open internet.
> Why can't the fourth amendment follow contracts? Why can't I trust my location data to AT&T and no one else?
The 4th amendment protects people and places, not information. You have a right to privacy in your person and your house, but not on information you entrust to AT&T because you have no expectation of privacy on AT&T's premises.
> Third parties are necessary for most communication.
The 4th amendment only indirectly protects communications. It was mainly designed to keep police from breaking down your door to search for items you hadn't paid import duties on. The idea that it protects bits flowing through other peoples' wires is itself a bit of a stretch. The first time wire-tapping came up in front of the Supreme Court (in the 1920's), it was found to not require a warrant under the 4th amendment. After all, it wasn't your apartment being tapped, but some location in the telephone company's office.
Why does the Fourth Amendment specifically and additionally call out "papers and effects" when in your view "persons and houses" is all it actually protects?
No tight philosophical reason. It's just that historically, the court has held that there is no expectation of privacy once you share it with a third party (as long as they get it via subpoena from the third party).
Is this a good idea? Personally, I don't think so. But US law works on precedent, and the 4th amendment was written when there was no concept of privacy that wasn't spatially determined. That is why it says you have a right "to be secure in their [your] persons, houses, papers, and effects".
Yet another example where the constitution is woefully outdated and obsolete, but if you say that you get skinned alive because it was immaculately conceived by gods, and we are unfit to alter or improve the work of our ancestral giants.
The constitution isn't as outdated as you'd think. The fourth amendment is to keep the police from barging into your house and rummaging through your stuff while you're sitting down to dinner. It still does that. Compare with third amendment. They're the "don't mess up my stuff" amendments. The government reading your email doesn't interfere with your ability to read your email.
the 4th amendment was written when there was no concept of privacy that wasn't spatially determined
Not so. If you give me a letter to carry by horse to your co-conspirator, and the government becomes aware of my role as message-carrier, they could certainly subpoena the communication. This was true in 1813 as it is in 2013.
Once you give me custody of the letter, you've taken on the risk that it will be read by people other than yourself or the intended recipient. I might open it to satisfy my own curiosity. I might fall of my horse and the letter could be read by someone who found me lying in the road. I might deliver it to someone else. Unless I'm your lawyer or doctor (in which case I'm held up to certain ethical standards through by my professional peers) then when you hand off the letter you're giving up full control over the dissemination of the contents.
No, electronic documents are widely considered to be "papers" within the meaning of the 4th amendment. Your e-mails, sitting on your laptop, are definitely covered by the 4th amendment. The problem comes in when you send that e-mail in clear text over the internet, where a bunch of people at your ISP can see it, where a bunch of people at Google can see it, where a bunch of people at the recipient's ISP can see it, etc. You don't have an expectation of privacy when you take your private information and put it in the hands of others.
Whether it's an e-mail or ink on dead trees is irrelevant. If I printed out my e-mails and shipped them to Google, the government would be able to subpoena them without a warrant.
USPS is a third party. Why are physical letters protected?
At an organization like Google which is bound to have some internal controls, wouldn't an employee opening your email be analogous to the USPS opening an envelope?
Because there are explicit laws covering the protection of letters sent through USPS. We could make such laws covering ISPs, if our representatives wanted to.
I'm not talking about a letter intercepted en-route. I'm talking about a letter once it has been delivered to Google and is sitting on their premises, like your e-mail does once it's delivered via the SSL connection. The government can subpoena those papers just as they can subpoena the papers relating to your financials held by your accountants, etc.
"The problem comes in when you send that e-mail in clear text over the internet, where a bunch of people at your ISP can see it..."
So are you saying that if I encrypt my e-mail with the recipient's public PGP key, I have an expectation of privacy under the 4th Amendment? (Clearly, my intention in that case would be to make the message readable only to the recipient, not to his e-mail provider.)
Don't know about text messages, but emails are the logical equivalent of sending postcards. If you except privacy when you don't even hide your words in an envelope you're going to be disappointed.
Most major providers support opportunistic SSL for server-to-server SMTP connections, and nearly all providers require SSL from the client (either HTTPS or SMTPS/IMAPS). In that case, would that show an expectation of privacy that would allow 4th amendment protection for email contents in-transit?
To further analogize this to postcards, no one's worried about your mail being seen when it's stuffed in a mailbag that's riding in a truck that the USPS takes some care to make sure it doesn't get stolen (e.g. always behind lock and key). Using SSL for all the hops between organizations amounts to the same thing.
It would make conspiracy rather too easy. Right now the number of privileged communication vectors is pretty low - you can talk in confidence to your lawyer, doctor, or cleric about most things and know your secrets are safe. If all contractual relations were privileged law enforcement would become a bit of a nightmare. The founders or succeeding generations of legislators and jurists certainly had the option to justify such arrangements but chose not to.
Strawman. Electronic communications don't need to be fully untouchable like attorney-client privilege, they just need to be untouchable without probable cause.
Conspiracies are routinely prosecuted using the results of warranted wiretaps based on probable cause.
The main issue in Jones was how the court would find the search unreasonable. Four leaned toward the physical invasion, and four leaned toward the comprehensive and permanent nature as violating reasonable expectations.
Sotomayor broke the tie in favor of physical invasion solely on the basis that it was the more conservative approach, and thus the facts did not require analysis of expectations. Reading her opinion, it's strongly implied that she - or one of the other four justices - would switch sides on a case that actually raised the issue.
You're stating as fact that the third party doctrine means there is no expectation of privacy and that Jones doesn't apply, but then you link to an article about Sotamayor specifically casting doubt on that argument as part of the Jones deliberations.
Also, I find annoying the conservative conceit that when conservative judges knock down decades of established jurisprudence as in the campaign finance or the Voting Rights Act decisions they're not being "activist".
The first part of the quoted section of her concurrence is:
"More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties." (emphasis added)
This is not Sotomayor "casting doubt on that argument." It's Sotomayor conceding the argument while wondering out loud whether the third party doctrine needs to be revisited. There's a big difference between a concurrence that says: "I think this other interpretation is the accepted one" and one that says "I understand that this is the currently accepted interpretation, but I think we need to revisit it."
> conservative judges knock down decades of established jurisprudence as in the campaign finance or the Voting Rights Act decisions they're not being "activist".
I didn't say that conservative judges weren't activist. I said that accusations of activism have forced all judges into making tighter, narrower legal arguments. Gone are the days when judges would wax philosophical about justice and social policy.
Except of course the "conservative judges" did nothing of the sort. Unless you consider 21 years to be "decades" in the first case.
The latter only said, per Wikipedia: "In Shelby County v. Holder (2013), the United States Supreme Court struck down Section 4(b) of the Act, which contains the coverage formula that determines which state and local jurisdictions are subject to Section 5 preclearance, as unconstitutional. The Court said that although the formula was rational and necessary at the time of its enactment, it is no longer responsive to current conditions." Presumably the Congress could enact a new formula that's not based on the racial politics of half a century ago; you're complaining about something akin to rotten boroughs (https://en.wikipedia.org/wiki/Rotten_and_pocket_boroughs).
You are entitled to your own opinion, but not your own facts.
The conservative, and sometimes liberal, decrying of "activist judges" has always been foolhardy short-sightedness. If judges didn't have the power to strike down laws, there would be no purpose for them to review laws in the first place.
In addition, Smith v. Maryland explicitly allowed pen registers to record call metadata, as a person has no reasonable expectation of privacy with regards to that information.
Later, the Electronic Communications Privacy Act explicitly allowed telephone companies to record the information to ensure proper business function. Under the same act, police, with a court order, can search the recorded metadata.
As it stands, the procedure described in the article was constitutional.
Smith v. Maryland only involved pen register on one person's contacts, where there was some suspicion. Each cell tower dump involved that plus location data on at least 150,000 people, only one of which was acting suspiciously.
The court decided that we expect the phone company to have that information, but we also expect them to keep it confidential if we're not doing anything wrong. The standard for sharing may be lower than we'd like, but there is SOME standard.
The government could have given the phone company times and places, and asked them to perform the cross-check and return any matches. That way, only the "suspicious persons" would have had their privacy violated. Handing everything over wasn't the only way.
To me this is OK. Specific crimes, specific limited locations, filter for the repeating phones and and then get a warrant on them and no longer use the general ones. The thought that goes into targeting is important and I hope subscriber information was only looked up on those that did match multiple crime locations.
On the the other hand the NSA/GCHQ etc. scoop everything and that is not OK and is too easy to abuse.
Edit: I do think that the phone companies should have the maximum retention period limited by law rather than the minimum. It would also be better if the full tower warrants only provided unique references (hashes?) rather than phone numbers themselves until the follow up specific requests.
It would be simple enough for each phone company to maintain a lookup table of phone number to random guid (for which the keyspace is sufficiently large) and hand the FBI only these guids.
Before having a knee-jerk response, let me describe something that undoubtably someone will provide within 5-10 years, and which I'm sure the NSA can already do.
Pick a time period and a geographic location. Scoop up all pictures on Facebook (or some other social media) that match this. Run image recognition algorithms to pull back all pictures that might include a particular person. Then manually go through that list.
Sample use case, "So what did you really do at SXSW?" (I name this example because I was surprised at what I saw when I went there a few years ago, but plenty of other conferences have reputations as well.)
Given current trends, universal surveillance is a technological inevitability. Coming soon to a spouse near you. When it becomes commonplace, are we really going to say that it isn't available to law enforcement?
Entropy leaks, and pirates aren't the only beneficiaries. It's just a fundamental fact when sieving that entropy is cheap that life will be less private.
The fact that these guys used their own names and carried their phones says a lot about the crimes. Hard to believe the bit about the run-in (They called 911!) with cops in Telluride, and no way to link these guys to the banks:
In February 2010, three days after they had robbed a bank in Park City, Utah, police received a 911 call from Capito. He was in the mountains outside of Telluride, Colorado, and when the cops arrived they found him carrying a Glock handgun and standing next to a silver Toyota Avalon with blood in the front seat and signs of struggle in the snow.
Capito told them that he and Glore had argued and that he had punched Glore in the nose, after which Glore ran off into the woods. After several hours, Glore had not returned and Capito was worried. The police eventually found Glore "hypothermic and bloody," and they charged Capito was carrying a concealed weapon and with disorderly conduct. But they gave Capito's $4,029 wad of cash to Glore, who promptly used it to bail Capito out of jail. (The Glock had likely just been used in the robbery and the money had probably come from the Park City heist.)
Also, I was in Prescott Valley on Glassford Hill when that October robbery of Country Bank occurred. Still remember seeing that asshole buzz off on an ATV. Made me late for class! Sweet justice is served.
What if the court order prevented the government from obtaining all the data in the first place? The court could order the cellphone companies to do the correlation (for a reasonable fee), and then report back. If they report back that they have a tiny set of numbers that correlate, then that would provide probable cause, but only for those numbers.
Is there a reason why all the information must be handed over?
I'm pretty sure it has something to do with the chain of custody of evidence. The methods and results of the search are 100% the FBI's responsibility, and they simply can't trust Verizon to do it right. It's the sort of thing that an appeals court would tear apart in an instance.
Can this be fixed in statute? If not, why not? The method and results should well defined and reproducible, right? It could even be possible for the FBI to have some level of oversight without actually having access to the data.
The fact that the numbers were all present at the robberies doesn't imply that the owners of those numbers are guilty. It's merely a lead. The result is just records anyway, the very same that the FBI would get from a more permissive request.
The only thing at risk is that the carrier would mess up the query. But if anything FBI could provide the SQL/whatever query as well.
Would this be a case where homomorphic encryption would be useful? This is really just a set intersection problem, which there are known algorithms for I believe.
I have almost no problem with police using cell phone data this way - it allows them to catch specific bad guys they know are somewhere, and they can only get access to the data for a specific time, in a specific location, with approval from a judge.
It would be nice if they were required to delete all but the "evidential" records afterwards, but that's a minor point, frankly, since we know they actually used it to find people for a specific crime they were investigating. If they later trawled it speculatively for random minor crimes, that would be bad, but you can't get that much data out of these things (the prime evidence against these idiots[1] was that they confessed, the cell tower data was just used to find them at all.)
[1] anyone who uses their regular cell phone while committing an armed robbery is foolish in the extreme - especially several armed robberies in different towns all with the same darned phone! I won't go on a rant about how one should go about committing felonies, because reasons, but the stupidity of these two hits me right in the brain.
This sort of search doesn't bother me all that much. There are only a rare set of circumstances where being close to a particular cell tower is incriminating. Furthermore, since moving from cell tower to cell tower requires moving in public, this information could be gathered just as easily by security cameras/license plate scanners, which seem to me to be more invasive, but legal.
I love a good old does-the-4th-Amendment-cover-cell-phone-data debate. However, there's a lot of misinformation going on about the current state of ECPA (the Electronic Communications Privacy Act), what it covers and what it does not. Some brief points.
(1) A number of courts have outright rejected the argument that location information is covered by the pen register act simply because its shared with a third party service. This section of ECPA followed in the wake of Smith which found that since there was no expectation of privacy in your phone number (beacause after all it was listed in the phone book) there was no violation if your number, and the number you were calling were recorded. Where you are at any given moment involves a very different set of data. Many courts recognize this.
(2) In many cases the basic reasonable expectation of privacy analysis does not apply in these data oriented situations. ECPA's application is further complicated by the fact that how information is treated depends on whether it is retrieved from storage or captured while it is being transmitted. The 7th circuit recently addressed this issue and determined that it should not matter how you get someones digital information. However, that is not the law all over the country. In many cases whether this "dump" was received as a result of a file containing location data or recorded live as it came off the tower matters.
150,000 sounds really high. Pinetop AZ only has 4000 people total, and if the other towns were similar in size, every person in those towns would have to make 10 calls during the collected period. Does this include multiple database entries for individual calls or internet access?
You don't have to make a call to register with the tower. I would imagine that sitting directly between two towers would cause lots of renegotiations as one signal gets stronger or weaker.
Rather than catching two criminals by invading public privacy, I'd prefer to pay for the social safety net that would prevent unemployed middle aged men from having to rob banks to make ends meet.
Privacy should not be spent like money. You can earn more money, but privacy is finite.
Sort of amazes me that serial bank robbers wouldn't use burn phones. In that case they probably would have just gotten caught by buying a cart full of TracFones at a Walmart somewhere or frequenting a flea market to buy them, but still.
The smart criminal is as an imaginary figment of pop-culture fiction/dramatization. They do exist, but they are by far the exception, not the rule. These guys were knocking off rural banks for a few grand between fist fights. Ballsy? Yes. Masterminds, they were not.
> Should we have any concerns with the government getting that sort of mass tracking information on so many Americans without a warrant?
It's a pretty interesting article, but as a Brit I just don't get why American's are so concerned about privacy. In England, there is basically no 'right to privacy' in law. As such the police (and anyone else really) are free to track me like this, on CCTV, whatever. If I am innocent, and have nothing to hide, I don't really see what the issue is in this.
"I am innocent and I have nothing to hide" is only a reasonable argument if the authorities are both perfectly trustworthy and agree with your definition of "innocent". There is a long, long history of authorities in America, the UK, and basically everywhere else abusing any private information they can get their hands on: for blackmail, to suppress political enemies, to punish perceived moral failings, or just because they enjoy exercising power.
Just for example, there have been and still are many places where being outed as gay can be anything from a major embarrassment to a firing offense to a death sentence. A perfectly innocent person who should not have anything to hide must conceal where they go and who they meet for their own safety. Governments should not be trusted any further than necessary.
> If I am innocent, and have nothing to hide, I don't really see what the issue is in this.
Turing was similarly naive - in admitting to a homosexual relationship - and the government chemically castrated him and effectively hounded him to suicide. What's decent isn't always the same as what's legal.
And even if you think it is, and somehow know all the laws - which I'm convinced is impossible - and you think you've nothing to hide, can you really say the same about all the people with power over you? Politicians, police, doctors etc? Who will be open to coercion via whoever controls the surveillance apparatus. - Can you really say that no law will ever be put in place curtailing your freedoms in a way that you'd find unacceptable?
Information is like a weapon. Altering the balance of surveillance contributes to strategic political instability. Got to think very carefully about how you do it; when, why, what the costs are.
I guess that boils down to something of a cultural thing. Among the things they shove down the throats of young impressionable minds in school, chief among them is the fact that the Founding Fathers of the US fought for freedom from the British because of the evils of a government having too much control over the citizenry. How surveillance and data acquisition can turn into too much control is another conversation entirely, but it can be used for rather horrific purposes.
The fact is we currently are not living in a brutal dictatorship where our freedoms are limited or none. However we do see some fairly regular evidence of authorities abusing their power, and again this issue is also another conversation entirely... Circling back to the my first point, we're taught that the country was founded on the principal of a limited government and many freedoms and guarantees, in fact founded with a supposed guarantee of it. Then you see things (ab)used for personal/political/whatever gain at the expense of those things promised to you. Now I don't know about you, but I don't like having things that I appreciate forcefully taken from me.
Would you wear a lapel camera that recorded your entire day and uploaded it in real time to the police? Why not? Something to hide? More seriously, my objection would be that assuming everyone is guilty or needs to be monitored is a weird state of governance. Crime exists, it always will regardless of level of monitoring. So the discussion is about what are the reasonable tradeoffs between privacy and crime prevention/solving. I think 24 hour surveillance is too far for the gain it may bring. As others have pointed out, the government also can have...interesting interpretations of who "the criminals" are (see infiltration of civil rights groups in the 60's by the FBI for example), and has shown, even recently, that their idea of oversight is really "theory only" and they don't appreciate actual oversight. Giving broad powers to such groups is a very bad idea.
The law is complex enough that you are certainly not innocent. Piss off the wrong person, and they can search through your recorded history to find SOMETHING to threaten you with.
For instance, did you know that absent-mindedly walking towards an officer while you are pacing back-and-forth during a police interview can be charged as a count of assault on the officer? Really.
You're innocent and lucky. You don't have anything to hide; you also don't have anything to fear. Whistleblowers, equal rights activists, etc are nominally innocent, but the cops sure don't behave that way
The biggest problem is that the law is often quite moralistic and frequently influenced by people with hidden agendas. Almost everyone violates the law at some point or other, and the biggest concern is that with unfettered surveillance the only thing stopping the book being thrown at you is a lack of will. Don't assume just because you believe that you're innocent you actually are in the eyes of the law.
Saying that, I think the process they used here is a good one. If there was some sort of guarantee that the data collected for this search would be deleted (and not left, free for any bored policeman to delve into at any point in the future) then I'd have no issue with this type of investigation. The people they caught were committing potentially violent crimes. A little bit of privacy violation is definitely worth stopping them before they actually hurt someone.
Looking through the responses to your comment, I would bet that most commentators in this thread are unaware that London is the most intensely surveilled city in the world. And the system of surveillance was set up to stop a very real threat - IRA bombings.
For a list of failures of this system, see http://en.wikipedia.org/wiki/List_of_terrorist_incidents_in_.... Most successes didn't get reported. However this history does leave people in the UK with a rather different perspective on universal surveillance than Americans.
>It's a pretty interesting article, but as a Brit I just don't get why American's are so concerned about privacy. In England, there is basically no 'right to privacy' in law.
It's because they value invividual freedom and had a revolution. A population saluting their monarchs in street parades wouldn't necessarily understand.
>If I am innocent, and have nothing to hide, I don't really see what the issue is in this.
That's total BS.
For one, a lot of stuff that moves society forward, is done by people that have a lot to hide (from the backwards regime that is). From reporting on government wrongdoing, to breaking DVD encryption to investigating drug lords, etc. Especially since current governments are so aggresive to penalize even tame and civil protests and activism.
Some examples: you think Veronica Guerin had nothing to hide? How would you like if the names of her sources were made known, and they were killed to?
Did Alan Turing had something to hide? Don't think of such a case as something that only belongs in the past, and it's a solved problem now. How much of BS stuff that's now concidered illegal would be OK in the future?
Second, that's not even true for the ordinary boring citizen. How many people have done stuff like going to a brothel, driving while drunk sometimes, taking e in clubs when they are young, fighting with their spouse, etc? Would you want your browsing history to be made public to potential employees?
It's quite frustrating to watch people completely ignore the fact that if a power and capability exists, it will be abused (accidentally or knowingly) for dubious ends. And those with power and capability seldom relinquish it willingly.
It's quite something for an individual who has never experienced the discomfort of being watched because that's the way it's always have been. Once you taste time away from an unblinking eye, you never quite feel the same under its gaze... whether that gaze is obvious and plain to see or not.
There was a case of the woman in the UK that used the parole DB as her personal dating site / stalking ground. The more data is held on you by the government (and more likely here, 3rd party contractors) the easier it is to stalk or blackmail you.
I personally don't like the idea of G4S, Serco, A4E, etc. having that much power over me.
I am pretty disappointed for such implicit apologism for state tactics, this is not the appropriate political climate right now, there are legitimate sources of state usage of "cell tower dumps" few will argue this, however it has clearly gotten out of hand, and the fact that ars would publish this shows a lack of taste.
It seems like you're calling this out as if it's a negative. MS Access is perfect for a situation like that - available, disposable, and easy for semi-technical people to use. When the community talks about "everyone learning to program," this is what it would look like.
They don't have the authority or budget to set up something permanent just to catch a couple dudes, and frankly they probably don't need something permanent. They just got it done quickly and with the tools on-hand.
Indeed; wouldn't we be ... concerned if they'd used a multi-user database?
For 150,000 records, Access for them, perhaps a Perl or whatever script for us, and then you abandon everything but the very small number of specific hits.
This legitimate use is unfortunately the justification for the NSA's Hoovering of telephone metadata, e.g. you can't tell a judge ahead of time the specific numbers you're looking for until you've correlated them against your initial lead.
I had to turn a squid log over to FBI agents, they wanted it in XLS format so they could search/sort it. A few commands later I grep'd out the addresses they wanted to see, they were amazed.
Moral of the story is FBI field agents are not super hackers. It's like 24 where they take the data back to the HQ and someone works on stuff there, or they just do it in Excel/Access on a laptop.
It's a perfectly reasonable choice. It's better than Excel for that sort of work and Government IT policies usually ban any real scripting language or database.
I like that there was a court order for specific cell towers near the robberies, it would be better if order specifically requested the intersection of the towers or in someway restricted further use of the information to prevent long term and or continued use of collected data for unrelated cases, but I do not find this to be egregious.
This was a case of law enforcement using reasonable tools to do their job and a judge was in the loop -- I think the there should be a requirement to show probable cause, but a I think that a judge should be able to see that in this case there was probable cause to believe that anyone who had been at X number of the banks at the time of the robberies was a probable suspect and the collection of the data would be warranted.
My issue is when law enforcement (or other 3 letter agencies) collect (and retain) all of this data (and email, and license plates, and security cameras...) for non-specific uses. This is a significant infringement on our personal privacy and a threat to our democracy.