Do we have any privacy anymore?

Welcome Lower Merion residents!

We're glad you stopped by. Go ahead and register for a free account to get the benefits of being a member, including:
  • Access to all of our posts and comments
  • Your own profile including an avatar, buddy lists, and other social networking features
  • The ability to send private messages to other users on this site
  • The ability to chat and interact with other citizens and voters in and around Lower Merion.
Creating an account is easy. Register now!

(Don't live in Lower Merion? That's okay. We won't hold it aginst you.)
Tags:
politeia's picture
Offline
Last seen: 4 weeks 4 days ago
Joined: 2008-07-30 :00
Posts:

I’ve been aware of this for some time, but having just read this article, I thought I would post it.

Soghoian describes how "the government routinely obtains customer records from ISPs detailing the telephone numbers dialed, text messages, emails and instant messages sent, web pages browsed, the queries submitted to search engines, and geolocation data, detailing exactly where an individual was located at a particular date and time."

The fact that federal, state, and local law enforcement can obtain communications "metadata"—URLs of sites visited, e-mail message headers, numbers dialed, GPS locations, etc.—without any real oversight or reporting requirements should be shocking, but it isn't.

--------------------------

[from a Sprint employee]

One of the things, like with our GPS tool. We turned it on the web interface for law enforcement about one year ago last month, and we just passed 8 million requests. So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone.

(click green link below for full article)

Posted on Sue, Dec. 1, 2009
Sprint fed customer GPS data to cops over 8 million times
By Jon Stokes
Ars Technica

So, we have wireless carriers making web portals available to law enforcement so they can read your emails, what you text, and exactly where you traveled and where you are at this moment without any probable cause or a warrant.

This article refers to 8 million law enforcement requests through just the Sprint portal by law enforcement in the past year.

I wonder how many wives or girlfriends were tracked for kicks by cops? Somehow I don’t think we have millions of terrorist cells in this country, and the fact that cops can do this real time without a warrant or court order is not surprising because the Constitution is basically a piece of toilet paper to many government agents.

The “legality” for this all came from a ruling by a federal judge a few years ago where it was ruled cops don’t need probable cause to place a GPS device on your car to track it.

Realize that turning your cell phone off won’t cut it. You need to remove the battery or leave your cell phone at home if you want to move around with some privacy.

Still, a GPS device could be hidden under your car, so if you are really paranoid you can get a GPS/ Cell Phone Jammer. With one of those small pocket devices turned on you can have your cell phone on you and powered up and this device will block both GPS and triangulation tracking (though you can't use your cell phone while the jamming device is on) and it will also jam a GPS device planted under your car by our ever so benevolent government or a nosy significant other or even a stalker. Your cell phone and any GPS device in your car won’t transmit as long as the jammer is on and you can move around in privacy if you were to feel the need.

Some will say that they have nothing to hide and could care less about being tracked. Well, then you should welcome government cameras and listening devices into your home also.

To realize the magnitude of this, the above article just references Sprint. There are 271 million cell phones in use in the U.S. and Sprint is the 3rd largest provider behind AT&T and Verizon, with T-Mobile not far behind Sprint.

Assuming the other carriers provide web portals like Sprint where cops can just browse where you have been by the exact route you took and where you are at this very moment via your cell phone (as well as possibly read what your emails and text messages sent via your cell phone), and since cops have hit up Sprint 8 million times in the past year, when you add all the cell phone providers together, you can guesstimate that law enforcement may well have done this 50 million times in the past year (note these are not distinct requests and numerous if not thousands of requests could have been made for any one cell phone in a long and legitimate investigation).

To me the answer to all this is quite simple. The People should be watching the government, and not the other way around. We elect these bozos on the federal level to provide for the common defense, and I'm all for rooting out terrorists and putting criminals behind bars, but no doubt the government will take this type of stuff way too far unless it is held in check.

The question you always have to ask with situations like this is - who is watching those who are watching us?

If the answer is nobody, then this is a very, very slippery slope that has already gone too far.

How it is legal and somehow passes constitutional muster that law enforcement can track your movement via the GPS on your cell phone without probable cause and a court issued warrant is beyond me, but does not surprise me.

=================

Brotherhood of Thieves

~ As we must account for every idle word, so must we account for every idle silence.

5
Average: 5 (9 votes)
Your rating: None

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Wynnewoodie's picture
Offline
Last seen: 51 weeks 1 day ago
Joined: 2009-05-11 :03
Posts:

Constitutionality aside, many mornings I've longed for a cell phone jammer to shut up some blabbermouth on the train, but I thought they were illegal in the US.
_________________________________________________________________
"They who would give up an essential liberty for temporary security deserve neither liberty or security." Benjamin Franklin

5
Average: 5 (3 votes)
Your rating: None
politeia's picture
Offline
Last seen: 4 weeks 4 days ago
Joined: 2008-07-30 :00
Posts:

Yep, they are illegal under federal law. It’s an old law designed to prevent malicious blocking of FCC approved radio transmissions and is provided in a modern sense so you don’t block a cell phone user from being able to dial 911.

However, I never said I have a jammer and I never condoned their use. It is however a law that is very rarely enforced and unless you are frisked based on probable cause for some other crime, also just about impossible to enforce. The police had better have better things to do than find out who may have a personal jammer on them. If a jammer were used in your own car or as you are walking you would not be putting anyone else in danger as I doubt these things jam much past your car and if you are walking and temporarily jam someone else, you will soon be past them and out of range if they need to dial 911.

Still, the simple, free and legal way to do it is just remove the battery from your cell phone. The only real reason I can see for the use of a jammer since you can just pull your cell phone battery is if you are concerned somone has planted and hidden a GPS tracker Under Your Car (note I don't condone the alleged stalking in this link, but the implications to do this to anyone by the police are chilling).

Apparently more than a few businesses that don't want cell phones used on their property use the industrial strength jammers that cover wide areas even though it is illegal.

There are also legal Passive Ways for businesses, churches, individuals etc. to block cell phone transmission.

The other way to protect your cell phone privacy is to only use prepaid cell phones that you pay cash for. That's what criminals know to do, so all these millions of GPS trackings to me can easily go to police trying to harass law-abiding citizens who stand up for their rights if there is no oversight, and there does not appear to be any.

=================

Brotherhood of Thieves

~ As we must account for every idle word, so must we account for every idle silence.

5
Average: 5 (3 votes)
Your rating: None

 

 

chips's picture
Offline
Last seen: 1 year 43 weeks ago
Joined: 2009-02-20 :45
Posts:

To me the answer to all this is quite simple. The People should be watching the government, and not the other way around.

The above statement said it all for me.

Nice piece of blogging by Christopher Soghoian. We need more people like him to stand up and report what they know.

The Electronic Frontier Foundation (EFF) have been reporting and fighting electronic privacy issues in the courts.

5
Average: 5 (4 votes)
Your rating: None
dmuth's picture
Offline
Last seen: 6 weeks 4 hours ago
Joined: 2005-09-13 :35
Posts:

Have you checked out Tor?

Another way of trying to get around things like this is taking your laptop to Internet cafes, hotels, Starbucks, etc.

Encrypted web proxies are another option, but they usually cost money.

Something else you can do, is if you're a business customer of an Internet provider, that usually involves getting/negotiating a contract. You can always try to get a clause in the contract that says "ISP agrees not to monitor customer connections". Should they do so, that's a violation of contract, which entitles you to relief in a civil court. Once incident might not be enough to deter ISPs, but if an ISP gets sued multiple times over this, they might just rethink that idea.

For further reading, I highly recommend Slashdot's Your Rights Online section of their website.

5
Average: 5 (2 votes)
Your rating: None
politeia's picture
Offline
Last seen: 4 weeks 4 days ago
Joined: 2008-07-30 :00
Posts:

Ultra Surf is a decent free one I recommend to friends for basic privacy use when surfing.

If you want to email with complete privacy you do need a proxy server and encryption, as you indicated.

Yes, there are many, many excellent ways to protect your privacy online, but I won't get into them on a public forum.

Oh, and one thing I do know for a fact from a reliable source and by other means is that if you email the LMPD (or most any police department for that matter) or a local government official who does not like your anonymous email, the LMPD have the ability and can determine the location of the IP address that sent the email in minutes - and they do this without probable cause of a crime or with a legal court order (which is patently illegal for email communications as opposed to the bogus and unconstitutional GPS court ruling) for people who are just exercising their constitutional right to petition the government in a perfectly legal and anonymous manner (I always use my known email address to our local government types because they need to know somebody is keeping an eye on them).

=================

Brotherhood of Thieves

~ As we must account for every idle word, so must we account for every idle silence.

5
Average: 5 (2 votes)
Your rating: None

 

 

dmuth's picture
Offline
Last seen: 6 weeks 4 hours ago
Joined: 2005-09-13 :35
Posts:

I checked out UltraSurf's site, and they really don't talk about how their technology works. Unless I couldn't find the page or something. But that does worry me a little.

As for determining the location of an IP address, that's actually more of a gray area. First, there are sites like Hostip.info that contain publicly accessible databases of IP to location mappings. There are other companies that maintain their own databases, who sell them to businesses for location-based advertising. And I know Google does the same for visitors to their site, as I can view visitors by region in Google Analytics. Aside from that, there is the WHOIS database which keeps track of registration information for what ISP or webhosting company owns a particular network. WHOIS is a 100% legal service that has been around since the early days of the Internet.

Finally, some email providers, such as Gmail, does not include the sender's IP address from the headers of the message. So you get email from a Gmail account, all you can determine from looking through the headers is that the email did in fact come from Google's network. You would have no way of determining what the IP address of the user who sent it was. And Google has a pretty good history of not rolling over for baseless subpoenas. (which is more than I can say for Yahoo and MSN, who gladly provided the data the DOJ requested)

5
Average: 5 (1 vote)
Your rating: None
LMT Observer's picture
Offline
Last seen: 20 weeks 2 days ago
Joined: 2009-04-25 :31
Posts:

very helpful, Doug

5
Average: 5 (1 vote)
Your rating: None
politeia's picture
Offline
Last seen: 4 weeks 4 days ago
Joined: 2008-07-30 :00
Posts:

UltraSurf does not talk about its technology because it allows tens millions of Chinese to surf the web - including all the blocked sites by the Chinese government, and also so Chinese citizens who do this can't be detected by the Chinese government in doing so. They don't talk about the technology so the Chinese government does not get a chance to break it. You are looking at serious prison time in China for surfing unauthorized sites, yet tens of millions do in safety every day in China via UltraSurf.

As the Developers of UltraSurf State:

UltraSurf is a robust anti-censorship system evolved from the lasting battle between GFW and UltraReach. Since infancy, UltraSurf has been one of the Chinese Communists’ favorite targets. The freely available software has been analyzed, mutilated and spoofed, and the supporting network infrastructure has been constantly attacked. Without doubt, these factors have accelerated UltraSurf reaching its level of sophistication and fame. The current release, UltraSurf 8.8, has implemented a complex proxy system with complete transparency and a high level of encryption on the Microsoft Internet Explorer (IE) platform.

UltraSurf enables users to browse any website freely--just the same as using the regular IE browser--while it automatically searches the fastest proxy servers in the background. It has strong support for load balancing and fault tolerance, and it even employs a decoying mechanism to thwart any tracing effort of its communication with its infrastructure.

And when I say the police can determine the location of your IP address from an anonymous email sent to them or someone else who hands it over to them, what I mean is that they have access to ISP databases that allow them to determine the exact physical, home postal mailing address of an IP address in minutes (through ISP user registration information) and without probable cause of a crime or a court order.

The LMPD has the ability to do this, and does it without probable cause or a court order, based on my experience and from my sources. As far as I know, the LM Commissioners, who are elected by the People of Lower Merion, let the LMPD do whatever they want along these lines with no oversight.

I did not know that Gmail masks its IP address, but with you saying so, that is great initial prevention against initial government snooping, but a proxy and encryption is needed with the other snooping technologies that are out there.

=================

Brotherhood of Thieves

~ As we must account for every idle word, so must we account for every idle silence.

5
Average: 5 (3 votes)
Your rating: None

 

 

dmuth's picture
Offline
Last seen: 6 weeks 4 hours ago
Joined: 2005-09-13 :35
Posts:

what I mean is that they have access to ISP databases that allow them to determine the exact physical, home postal mailing address of an IP address in minutes (through ISP user registration information) and without probable cause of a crime or a court order.

I doubt this is the case, at least on the local level. Virtually every ISP here in the US has some sort of privacy policy with their customers. If they were freely handing out subscriber information to local cops without a court order, they'd be in all sorts of trouble with their customers, and it would spark numerous lawsuits.

Also, see my previous comment about services like Gmail, and Google's resistance to being bullied by law enforcement. Messages sent from a Gmail account do not include any identifying information about the sender, or their IP address. If you want, I'll post the headers of a sample Gmail message and compare them to the headers from a message sent through some other webmail service so you can see for yourself.

5
Average: 5 (2 votes)
Your rating: None
politeia's picture
Offline
Last seen: 4 weeks 4 days ago
Joined: 2008-07-30 :00
Posts:

I don't disagree. Does not mean the ISP's are not skirting the law to make money per the info in my original post in this thread on cell providers (they all charge for these police requests and get paid with our tax dollars). Also does not mean a judge who is in bed with the police won't quickly rubber stamp any bogus police request, and I am told by a reliable source and I have my own anecdotal evidence that the LMPD does have a database where they can quickly access ISP info - even if they need a court order.

Also does not mean there is any oversight of what the LMPD is doing with this technology and info outside of the LMPD policing itself.

As for Google, I give them a lot of credit. That is one company that respects people's rights and privacy.

=================

Brotherhood of Thieves

~ As we must account for every idle word, so must we account for every idle silence.

5
Average: 5 (2 votes)
Your rating: None

 

 

dmuth's picture
Offline
Last seen: 6 weeks 4 hours ago
Joined: 2005-09-13 :35
Posts:

I'd like to think that judges are sufficiently removed from law enforcement to not rubberstamp everything that comes their way, but I'm gonna have to be realistic about that, too. :-/

I'd love to see some oversight of the LMPD, too. I don't see how it could possibly hurt anything.

5
Average: 5 (3 votes)
Your rating: None
LMT Observer's picture
Offline
Last seen: 20 weeks 2 days ago
Joined: 2009-04-25 :31
Posts:

Doug, would you please? Thanks for offering.

Messages sent from a Gmail account do not include any identifying information about the sender, or their IP address. If you want, I'll post the headers of a sample Gmail message and compare them to the headers from a message sent through some other webmail service so you can see for yourself.

5
Average: 5 (1 vote)
Your rating: None
dmuth's picture
Offline
Last seen: 6 weeks 4 hours ago
Joined: 2005-09-13 :35
Posts:

Okay, get ready for some technical stuff. I'm going to abbreviate the header samples I send, but they're still going to be full of jargon. The main thing to look for in these headers are IP addresses, which are series of 4 numbers, separated by dots, with each number being between 0 and 255. Example IP addresses would be 74.125.45.100 (www.google.com) or 96.16.90.135 (www.whitehouse.gov).

First, here are some headers from a message sent through Yahoo:

Received: by 10.204.79.73 with SMTP id o9cs924117bkk;
Tue, 8 Dec 2009 19:24:51 -0800 (PST)
Received: by 10.90.41.5 with SMTP id o5mr7856764ago.87.1260329087802;
Tue, 08 Dec 2009 19:24:47 -0800 (PST)
Received: from web59316.mail.re1.yahoo.com (web59316.mail.re1.yahoo.com [66.196.101.71])
by mx.google.com with SMTP id 1si49528998yxe.79.2009.12.08.19.24.45;
Tue, 08 Dec 2009 19:24:46 -0800 (PST)
Message-ID: <784581.6054.qm@web59316.mail.re1.yahoo.com>
Received: from [67.149.35.72] by web59316.mail.re1.yahoo.com via HTTP; Tue, 08 Dec 2009 19:24:44 PST
X-Mailer: YahooMailClassic/8.1.6 YahooMailWebService/0.8.100.260964
Date: Tue, 8 Dec 2009 19:24:44 -0800 (PST)
From: Sxxxxxxx Bxxxxxx
Subject: Keyboards!

If you look closely, you'll see that all the headers that start with "Received:" are in reverse order. Each mail sever writes a Received: header as it gets the message and passes it on towards its destination. Now, note the IP of 67.149.35.72 in the final Received: line? That's the first one in the series (chronologically speaking), it just so happens that Yahoo's mail server software writes in the IP address of the user's machine to that first header. In this case, the IP 67.149.35.72 resolves to a customer of wideopenwest.com.

For those of you playing along from home, there are tools on sites like geektools.com that can be used to determine more info about a specific IP address.

Next up are messages from HotMail. There's more of the same type of message headers, so I'm going to skip most of the Received: lines and just show the final few:

Received: from BAY129-W7 ([65.54.190.125]) by bay0-omc2-s20.bay0.hotmail.com
with Microsoft SMTPSVC(6.0.3790.3959);
Sun, 6 Dec 2009 10:47:16 -0800
X-Originating-IP: [131.123.64.59]
From: xxxxxx

Note that Hotmail does it a bit differently. Instead of putting the user's IP address in a Received: line, they create their own header called X-Originating-IP:, and place it there. Here, 131.123.64.59 turns out to be an IP address belonging to Kent State University.

Interestingly enough, it is perfectly legitimate for a mail server to insert its own headers like that. Anything that starts with an X- is not an "official" header. See also RFC 2822, which defines the format of email messages.

Let's move onto Gmail:

Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.152])
by gmr-mx.google.com with ESMTP id 17si380392fxm.7.2009.12.08.09.37.41;
Tue, 08 Dec 2009 09:37:41 -0800 (PST)
MIME-Version: 1.0
Received: by 10.216.89.6 with SMTP id b6mr3024848wef.100.1260293861215; Tue,
08 Dec 2009 09:37:41 -0800 (PST)
From: Txxxxxxxxx

Wait, what? Not the complete lack of any IP that is not Google's. There is no trace of the sending user's IP address at ALL in that email. If I wanted to find out what IP sent that email, I'd have to subpoena Google.

Again, for those who have been playing from home, the IP addresses that start with "10." are listed as "reserved" in the WHOIS database, that requires some explanation. Back when the IP protocol was first devised, certain blocks of addresses were set aside for "internal use". For example, a network that would never be connected to the Internet. Or one that would be connected to the Internet, but all connections would go through a router that translated the IP address. (like many home setups today) It's very similar to business PBXes having a single phone number that can be used to dial into them, but each extension has its own extension number which cannot be dialed to from outside the PBX unless special arrangements are made.

So any IP address that starts with "10.", is an internal IP, and only available on Google's network. Another block of "internal" IPs is anything of the format 192.168.x.x. Most home networks use this. If you're running windows, you can see it yourself by going to the command line and typing "ipconfig". Changes are, you'll have an address starting with 192.168.

Sorry for the length of this comment, but I felt it was necessary to fully cover the topic of privacy at certain email providers and message headers.

5
Average: 5 (2 votes)
Your rating: None
LMT Observer's picture
Offline
Last seen: 20 weeks 2 days ago
Joined: 2009-04-25 :31
Posts:

thank you--very enlightening.

0
No votes yet
Your rating: None
lmprime's picture
Offline
Last seen: 2 years 14 weeks ago
Joined: 2009-10-04 :40
Posts:

The relevant point in all this is who is policing the police and I would say nobody is.

I don't know who does it on the federal level, but Congress is not surprisingly derelict here.

Around here, it is more than obvious that Lower Merion Township Commissioners let the Lower Merion Township Police do whatever they want to, and regardless of legality, as long as they don't get caught. Getting caught appears to be impossible because the D.A. and judges cover for cops.

An example from Philadelphia:

http://www.philly.com/philly/opinion/20091206_Half_Empty__Tepper_case_a_litmus_test_for_Phila__justice.html

5
Average: 5 (4 votes)
Your rating: None
politeia's picture
Offline
Last seen: 4 weeks 4 days ago
Joined: 2008-07-30 :00
Posts:

I found this quote interesting from your link:

Given that officers have the right to use deadly force, there are special procedures of investigation.

We all of the right to use deadly force in order to protect our inalienable right to our life. The PA Constitution specifically provides for a right to bear arms in defense of ourselves (Article I, Section 21).

The only difference is that police don't have a duty to retreat from a confrontation wherever possible, but they have to follow the same laws as everyone else when they decide the use of deadly force is necessary.

Cops, just like anyone else, can't shoot anyone unless they are threatened with serious bodily injury or deadly force, or are doing so to prevent certain violent felonies from being committed against another person.

The difference, as the article points out, is that if a drunk cop shoots an unarmed person in the chest he gets desk duty and taxpayers keep paying his salary until a grand jury run by the D.A. even decides if the cop should be charged with a crime (I'm sure murder will not be the only option), where as if you or I did what this cop did we would be locked up in jail and out of a job until we were found guilty or innocent by a jury of our peers for the crime of murder.

=================

Brotherhood of Thieves

~ As we must account for every idle word, so must we account for every idle silence.

5
Average: 5 (4 votes)
Your rating: None

 

 

dmuth's picture
Offline
Last seen: 6 weeks 4 hours ago
Joined: 2005-09-13 :35
Posts:

It's illegal to drive while drunk. Why isn't it illegal to act as a police offer while drunk?

5
Average: 5 (3 votes)
Your rating: None

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.