Law Enforcement Is Extracting Tons Of Data From Vehicle Infotainment Systems

(Mis)Uses of Technology

from the four-wheeled-informants dept

For years, cars have collected massive amounts of data. And for years, this data has been extraordinarily leaky. Manufacturers don’t like to discuss how much data gets phoned home from vehicle systems. They also don’t like to discuss the attack vectors these systems create, either for malicious hackers or slightly less malicious law enforcement investigators.

The golden age of surveillance definitely covers cars and their infotainment systems. A murder investigation had dead-ended until cops decided to access the on-board computers in the victim’s truck, which led investigators to the suspect nearly two years after the investigation began.

And whatever investigators can’t access themselves will be sold to them. The Ulysses Group, a data broker with several government contracts, told government agencies in early 2021 it had access to location data pulled from vehicles that could be delivered “in near real time.”

Security researchers have uncovered a vulnerability that somewhat inadvertently exposes just how much access law enforcement agencies can pull from on-board systems. A flaw in satellite radio provider SiriusXM’s system allowed anyone to basically hijack a car (turn on the ignition, lock doors, etc.) using nothing but the VIN. This hack also gave them access to personal data stored in the car, along with other data collected by SiriusXM, like speed, brake use, and door status (open/closed).

While this particular flaw only affected Hondas and Nissans, similar payloads of data are only a hack/forensic scrape away from being harvested by law enforcement on demand, as Thomas Brewster reports for Forbes.

The hack highlighted a weakness in modern vehicles’ internet-connected systems, in particular those that track vehicle use and location, while hooking up to drivers’ cellphones and sucking in user data. They’re the same technologies that are regularly being exploited by federal law enforcement agencies, with immigration and border cops investing more than ever before on tools that extract masses of data—from passwords to location—from as many as 10,000 different car models.

10,000 car models is a tasty target for hackers and cops alike. The near-omnipresence of infotainment systems that link with drivers’ phones make nearly any car a potential source of evidence (or, in the case of malicious hackers, a one-stop shop for personal data).

Federal agencies are definitely making use of this data source, according to court documents.

In a recent search of a 2019 Dodge Charger near the Mexican border, a patrol agent wrote that infotainment systems—those that provide GPS, remote control and entertainment features—were especially useful to government investigators. They could provide information on a suspect’s location, email addresses, IP addresses and phone numbers…

Another vehicle system search — this one performed by the ATF — was accompanied by the same claim: infotainment systems not only give investigators access to useful data, but could also reveal user passwords. This (unverified) claim echoed the one made by the CBP agent in regards to the search of the Dodge Charger. What’s undeniable is the fact that investigators are working around phone encryption (and, perhaps, cell phone search warrants) by accessing phone data via connected infotainment systems, rather than trying to access (possibly locked) phones themselves.

It all adds up to real money for companies like Maryland-based Berla, which sells its iVe forensic extraction tool to federal law enforcement agencies.

According to government contract records, in August CBP spent over $380,000 on iVe, nearly eight times its previous single biggest purchase of $50,000 from 2020. ICE, which has been buying Berla’s tools and trainings since 2010, spent $500,000 on iVe in September, well over twice its previous record of $200,000. In a May 2022 contract, CBP specifically asked for “vehicle infotainment forensic extraction tools, licenses, and training” from Berla.

We’ll probably have to wait for a challenge of these searches to learn more details about what the government is obtaining from in-car systems and what judicial paperwork it’s using to perform these searches. Just because it’s technically in “plain view” doesn’t mean a computer storing massive amounts of data should be considered the equivalent of contraband found laying on a backseat or stashed in the trunk. Like cell phones, the search of a connected infotainment system can reveal far more about a person than a search of their home. Hopefully, someone in the judicial system is keeping an eye on these searches and pushing back when warrant affidavits ask for far more than the government is entitled to obtain.

Filed Under: cars, data brokers, hacking, infotainment, privacy
Companies: siriusxm

Media Organizations Ask US To Drop Charges Against Assange

Journalism

from the they're-right dept

While it seems difficult for some to balance these things, it remains entirely possible to think that Julian Assange is, generally speaking, a horrible human being, who was likely easily played like a fiddle by foreign nation states looking to play influence games in other nations… and that the US’s charges against him remain absolute bullshit and a threat to freedom of the press. That’s basically the position we’ve held since day one.

Recently a bunch of giant news organizations appeared to feel similarly and sent a letter to the US government saying that the DOJ should drop its case against Assange. From the letter:

This group of editors and publishers, all of whom had worked with Assange, felt the need to publicly criticise his conduct in 2011 when unredacted copies of the cables were released, and some of us are concerned about the allegations in the indictment that he attempted to aid in computer intrusion of a classified database. But we come together now to express our grave concerns about the continued prosecution of Julian Assange for obtaining and publishing classified materials.

The Obama-Biden administration, in office during the WikiLeaks publication in 2010, refrained from indicting Assange, explaining that they would have had to indict journalists from major news outlets too. Their position placed a premium on press freedom, despite its uncomfortable consequences. Under Donald Trump however, the position changed. The DoJ relied on an old law, the Espionage Act of 1917 (designed to prosecute potential spies during world war one), which has never been used to prosecute a publisher or broadcaster.

This indictment sets a dangerous precedent, and threatens to undermine America’s first amendment and the freedom of the press.

Obtaining and disclosing sensitive information when necessary in the public interest is a core part of the daily work of journalists. If that work is criminalized, our public discourse and our democracies are made significantly weaker.

The letter was signed by the New York Times, the Guardian, Le Monde, Der Spiegel, and El Pais.

That’s the crux of the concern there. Most of the actions described in the indictment would apply equally to many investigative reporters and their employers. And they are core journalism techniques that deserve protection. Criminalizing basic investigative journalism, including the publishing of leaked documents in the public interest would have tremendously dangerous consequences at a time when we need more investigative reporting than ever before.

Filed Under: doj, journalism, julian assange, leaks, reporting
Companies: ny times, the guardian, wikileaks

J6 Suspect Challenges FBI’s Geofence Warrant, Exposing The Massive Scale Of The Fed’s Data Haul

Legal Issues

from the bring-me-everyone,-said-the-g-men dept

Geofence warrants are popular. They’re also controversial. Cops have discovered Google houses plenty of location data. Going to cell phone providers is a bit tricky, thanks to the Supreme Court’s Carpenter decision, which erected a warrant requirement for acquiring weeks or months of location data.

But geofence warrants don’t have a particular target. The only probability (as in “cause”) that exists is that it’s highly likely Google has collected some location data — data completely divorced from the cell towers owned and operated by cell service providers. These warrants dodge the scrutiny of Carpenter. And, since they’re warrants, it’s also possible to dodge judicial conversations about where the Third Party Doctrine begins and ends.

Geofence warrants have no specific target. Instead, law enforcement hopes grabbing massive amounts of data will help them work backwards from the haystack to the needle. But that’s not how things are supposed to work under the Fourth Amendment. Facts need to be particular at the outset, not several steps removed from the original dragnet. Some courts have rejected these fishing expeditions. Others have found there’s no privacy interest in data willingly (but actually unknowingly) shared with third parties like Google.

When Trump supporters converged on the Capitol Building in hopes of (apparently violently) keeping their preferred president in office, the FBI — pursuing cases involving a ton of federal crimes — started searching for suspects. This search began at Google with the deployment of geofence warrants issued in hopes of giving the feds a list of investigation targets.

The warrants used by the FBI remain under seal. But a challenge of this so-called evidence by a January 6th defendant has exposed just how much data was sought, along with the efforts made by the FBI to narrow down a voluminous data dump into something it could use to locate investigation targets.

Mark Harris of Wired has written a pretty thorough examination of the government’s geofence-related efforts. That report is largely based on a suppression motion [PDF] obtained by Marcy Wheeler, who broke the news at her blog, Emptywheel. Wheeler says she’s been waiting for a competent challenge of a geofence warrant. This suspect may have delivered.

The motion to suppress from David Rhine may be that challenge. Rhine was charged only with trespassing (though he was reportedly stopped, searched, and found to be carrying two knives and pepper spray, but ultimately released).

As described in his arrest affidavit, Rhine was first identified via two relatively weak tips and a Verizon warrant. But somewhere along the way, the FBI used the general GeoFence warrant they obtained on everyone in the Capitol that day. Probably using that (which shows where people went inside the Capitol), the FBI found him on a bunch of surveillance video, with his face partly obscured with a hat and hoodie.

The motion to suppress, written by Tacoma Federal Public Defender Rebecca Fish, attempts to build off a ruling in the case of Okello Chatrie (and integrates materials from his case) to get the GeoFence used to identify Rhine and everything that stemmed from it thrown out.

The geofence warrants served by the FBI utilized a three-step process. The first request was for everything. Then efforts were made to separate insurrectionists from non-insurrectionists. As is summarized here by Harris at Wired, the first dragnet warrant simply gathered data on everyone.

A filing in the case of one of the January 6 suspects, David Rhine, shows that Google initially identified 5,723 devices as being in or near the US Capitol during the riot. Only around 900 people have so far been charged with offenses relating to the siege.

Apparently, the first step of “rounding up the usual suspects” is the rounding up of “the everybody.” There’s a 4,800 person gap between what was originally obtained and who was originally charged. The court told the FBI to go back to Google with another request that would eliminate people suspected of nothing but being victims of this attack. So, it went back to Google to obtain info on people the FBI definitely knew weren’t possible suspects. This quote of the suppression motion comes from Emptywheel:

In this case, the second step of the geofence warrant was also done in bulk, given the lack of specificity as to the people sought. In the initial warrant, the Court ordered Google to make additional lists to eliminate some people who were presumptively within the geofence and committed no crimes. First, the warrant ordered Google to make a list of devices within the geofence from 12:00 p.m. to 12:15 p.m. on January 6. And second, the warrant ordered Google to make a list of devices within the geofence from 9:00 p.m. to 9:15 p.m. Ex. A at 6.

An important step, but one that seems divorced from the demands of the Fourth Amendment, which strongly suggests the government only serve warrants targeting suspected criminals or evidence, rather than to help it find actual criminal suspects to go after. But even if this is an important step, it should have been part of the original warrant. It should not have taken a court order to force the FBI to do the obvious thing: obtain a list of people who could not have possibly been involved in the criminal act under investigation. It’s not like geofence warrants are new. The FBI has been using them for years and apparently still has yet to develop best practices that reduce constitutional violations.

Google does push back on broad demands. It did that here, but it still resulted in the FBI obtaining a ton of location data and identifying info, some of which undoubtedly belongs to people who committed no crimes.

For the final step, the government sought subscriber information, including phone numbers, Google accounts, and email addresses, for two groups of users. The first was for devices that appeared to have been entirely within the geofence, to about a 70 percent probability. The second was any devices for which the Location History was deleted between January 6 and January 13. 

From this, in early May 2021, the FBI received identifying details for 1,535 users, as well as detailed maps showing how their phones moved through the Capitol and its grounds.

The problems inherent to these warrants are present here. The government asks for information on everyone in an area when a crime is committed, despite knowing that almost everything it requests will result in Google handing over location data and identifying info on dozens, hundreds, or — in this case — thousands of innocent people. That it may help guide investigators towards legitimate investigative targets isn’t enough to excuse the initial intrusion. And this info can be obtained for nearly any law enforcement reason, whether it’s to identify people who performed a violent raid of a federal building or women just seeking contraceptive advice.

This challenge could prove uncomfortable to the federal government. What’s shown in this suppression motion isn’t pretty. Better still, it makes the sealing of these warrants moot, which means the court should unseal them in the near future because whatever the government wanted to keep hidden is no longer a secret. The federal court system needs to subject these warrants to a whole lot of scrutiny. That they’re warrants shouldn’t excuse the fact that they’re untargeted dragnets the government hopes will eventually result in a list of criminal suspects. The entire process inverts the Fourth Amendment. And, to date, the only excuse the government can offer for this intrusion is that it isn’t really an intrusion. That’s the weakest of sauces, and it only works because courts have often decided the ends are what’s important, rather than the means.

Filed Under: 4th amendment, capitol, fbi, geofence warrant, january 6

Is It Possible To Get Fair Coverage Of The Link Tax Bill When The News Orgs Covering It Are The Main Beneficiaries?

Journalism

from the corrupt-bargain dept

We’ve been covering the Journalism Competition and Preservation Act (JCPA), which is a blatant handout by Congress in the form of a link tax that would require internet companies pay news orgs (mainly the vulture capitalist orgs that have been buying up local newspapers around the country, firing most of the journalists and living off of the legacy revenue streams) for… daring to send them traffic. We’ve gone over all the ways the bill is bad. We’ve gone over the fact that people in both the House and the Senate are (at this very moment) looking for ways to sneak it into law when no one’s looking. Indeed, there are reports that there will be an announcement tonight that it’s included as a part of the National Defense Appropriations Act (NDAA).

The whole thing stinks of corruption. Politicians often rely on local newspapers for endorsements to win re-election campaigns, so they want to keep local papers happy. And it’s the perfect kind of corrupt handout for Congress. It’s not even using “taxpayer” funds. It’s forcing other companies — the hated internet companies — to foot the bill.

And, here’s the thing: the newspapers themselves are now stumping for the bill.

Newspapers nationwide are running editorials today in favor of the Journalism Competition and Preservation Act, which passed a Senate committee with bipartisan support in September and has been waiting ever since for a floor vote.

Which… seems pretty sketchy when you think about it. The newspapers don’t seem likely to be running any editorials, or even op-eds, highlighting the problems and cronyism of the JCPA. Because, why would they? If it passes, it’s literally free cash for the companies.

What newspaper will run articles explaining how the JCPA won’t help journalists, but rather their private equity owners? What newspaper will run articles explaining how the JCPA fundamentally breaks the concept of the open internet where you can link anywhere you want for free? What newspaper will run op-eds explaining how the JCPA messes with copyright law in dangerous ways by implying a new right to demand a license for links or fair use snippets?

If “newspapers nationwide” are stumping for the JCPA in their editorial pages, then it looks like we have to assume that they’re not open to anything highlighting the problems and dangers of the bill.

And that, alone, should cause people to worry. It’s showing how these news orgs are willing to forget about basic fairness in their coverage in order to stump for a corrupt handout for their owners. Shameful.

Filed Under: congress, corruption, editorial, jcpa, journalism, links

Daily Deal: StreamSkill.com Software Training

Deals

from the good-deals-on-cool-stuff dept

StreamSkill.com is a specialist in software and technology training. They’ve been helping make software simple for people to understand for over 14 years, and have comprehensive beginner to advanced courses in Microsoft Office, Data Analysis, Workplace Productivity, QuickBooks, Photoshop, InDesign, Dreamweaver, and various coding languages like HTML, PHP, and JavaScript. Get unlimited access to every Simon Sez IT course in the StreamSkill.com library. That’s over 110 courses, 6,500+ individual lessons, and 800+ hours of training. It’s on sale for $59.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Filed Under: daily deal

Hundreds Of Hong Kong Cops Illegally Accessed Woman’s Case File After Her Arrest For Public Indecency

Legal Issues

from the cops-in-a-police-state-are-just-like-cops-everywhere-else dept

Cops gonna cop, as Rachel Cheung reports for Vice.

Hundreds of police officers in Hong Kong improperly accessed a woman’s case file after she was arrested for allegedly having sex on the balcony of a high-rise residential building, local media reported this week.

A clip that showed a naked couple fornicating on the balcony of a private apartment went viral in June. Taken from an adjacent building apparently without their knowledge, the video led to the arrest of a 36-year-old woman and a 30-year-old man.

Cops accessing sensitive information improperly is something that spans cultures and nations. A cop using their powers to take a peek at data they have no legitimate reason to access isn’t something limited to the worst cop shops or nations where law enforcement agencies have been given an outsized amount of power.

And the Hong Kong police have plenty of power. Thanks to the Chinese government’s incessant meddling, Hong Kong has become a literal police state, led by John Lee, the former Secretary of Security who headed up police efforts during crackdowns on pro-democracy protesters, and whose current Secretary of Security is former police commissioner Chris Tang.

So, the surprising thing isn’t that widespread misconduct — this time taking the form of hundreds of cops taking a peek at a woman arrested for exposing it all — is occurring in Hong Kong’s freshly minted police state. It’s that Hong Kong police officials actually bothered to open an investigation into this widespread abuse of power. According to Cheung, an internal investigation was opened when the problem became too big to ignore, what with one case file being accessed hundreds of times. And it appears officers shared this information with others via WhatsApp and other messaging services.

That being said, nothing is going to happen to these officers because the Hong Kong PD believes (1) the problem isn’t that big, and (2) the problem is too big to handle.

According to local newspaper Mingpao, the force said officers did not commit a criminal offense as they merely acted “out of curiosity.” Another report said the investigation did not result in severe punishment because too many officers, including senior ones, were involved.

It doesn’t matter which law enforcement agency you work for: “curiosity” isn’t a justification for accessing the personal information of others. It’s the “boys will be boys” excuse, but at scale. An agency that commands the budget the Hong Kong PD does should never be able to get away with pretending any problem is too big to handle, but it will get away with this because it really answers to no one but (perhaps) the Chinese government that wants to keep its boot heel on the neck of Hong Kong residents who’d rather have more freedom and democracy.

The supposed deterrent here is the law, which provides punishment of up to five years in prison for violators. But the deterrent means nothing if the PD is unwilling to enforce the rules — something that aligns it not only with authoritarian regimes, but with hundreds of police agencies in freer countries where officer discipline is largely theoretical.

Filed Under: abuse of power, hong kong, police, police state, surveillance

Funniest/Most Insightful Comments Of The Week At Techdirt

Techdirt

from the said-and-done dept

This week, our first place winner on the insightful side is Ben Jones with a comment on our post about the appeals court denying immunity to officers in the harrowing case of Floyd Bledsoe:

So, these cops acted as accomplices of the murderer, aided in his escape from justice, obstructed the investigation, submitted fraudulent evidence and perjured themselves on the stand, for the false arrest, and false imprisonment after kidnapping him.

That’s quite a litany of charges, or would be if anyone but a cop had done that. But because these are cops, there’s just a shrug and a civil suit with the fine paid for by taxpayers

It’s almost like the cops recognised Tom Bledsoe as ‘one of their own’, but.. I don’t know… he tested as too smart to be allowed to join?

In second place, it’s Nathan F with a comment about Canada extending copyright terms:

Shit like this is why people don’t care about copyright and will just pirate a work. This is not how you build respect for a law and get people to abide by it.

For editor’s choice on the insightful side, we’ve got one more comment from each of these posts. First, it’s That Anonymous Coward on the Bledsoe story:

The sad thing in all of this is the number of people who believe that this is an isolated incident and isn’t that common.

Next, it’s AbolishDisney with a pertinent quote about the fact that copyright industries would love perpetual copyright:

I’m reminded of a rather pertinent quote from Mary Bono, a prominent supporter of the Sonny Bono Copyright Term Extension Act of 1998:

Actually, Sonny wanted the term of copyright protection to last forever. I am informed by staff that such a change would violate the Constitution. I invite all of you to work with me to strengthen our copyright laws in all of the ways available to us. As you know, there is also Jack Valenti’s proposal for term to last forever less one day. Perhaps the Committee may look at that next Congress.

Corporations won’t be satisfied until they own our culture in its entirety.

Over on the funny side, our first place winner is Thad with a comment about Elon Musk’s use of Twitter polls to make content moderation decisions, and the silly Latin he dresses it up with:

Vox populi, vox dei, e pluribus unum, yo quiero Taco Bell.

In second place, it’s Pixelation with a comment about Musk’s overall project:

Twitter 2.0

Worst. Sequel. Ever.

For editor’s choice on the funny side, we’ve got a pair of comments about Mercedes putting faster acceleration behind a subscription paywall. First it’s That One Guy with some predictions:

So many new and exciting business oportunities…

Next up in the world of Paying Forever For Stuff You Already Bought(tm):

+$100/month to enable AC
+$150/month to enable heating
+$50/month to turn on car blinkers so the driver doesn’t have to use their arms to indicate when they plan to change lanes
+$75/month seat padding rental fees to cover everything beyond the metal frame of the seats
+$200/month self-service gas service to allow drivers to buy their gasoline at stations rather than having to go to the dealership to have the tank refiled

Finally, it’s a simple anonymous reaction:

You know what this means, people.

YES, I’D DOWNLOAD A CAR.

That’s all for this week, folks!

This Week In Techdirt History: November 27th – December 3rd

Techdirt

from the as-it-ever-was dept

Five Years Ago

This week in 2017, we wrote about Ajit Pai’s big lie about net neutrality. His FCC had lots of little lies too, which was why the NY Attorney General was investigating how dead people submitted comments supporting the repeal. Comcast was also lying, of course, and promising that even though it spent millions opposing net neutrality, it wouldn’t abuse the lack of rules, even as its promise to avoid “paid prioritization” suddenly disappeared as the repeal neared, while other ISPs were already using the planned repeal to harm consumers. And the whole thing was based on lies from lobbyists in the form of garbage data. But Pai was busy avoiding the need for facts by attacking Hollywood folks and internet companies on Twitter.

Ten Years Ago

This week in 2012, copyright maximalists were attempting to smooth over the waves made by a recent RSC report on problems with the copyright system, a team of porn copyright trolls were trying to get Verizon held in contempt of court for trying to protect its users, MPAA boss Chris Dodd was citing those bogus “declarations” that people occasionally post on Facebook as evidence that everyone loves copyright, and TVshack operator Richard O’Dwyer cut a deal to avoid extradition to the US. Yet another study showed the well-established fact that pirates buy more, while another more specific study suggested that the Megaupload shutdown hurt box office returns for smaller movies. ICE engaged in its annual Cyber Monday takedown blitz, which further exposed how many claims about the necessity of SOPA were exaggerated at best. This was also the week that the Supreme Court agreed to hear an all-important case about gene patents.

Fifteen Years Ago

This week in 2007, the MPAA was doing some shifty stuff in its push to make universities stop file sharing, Universal Music was alienating its biggest stars, and sample troll Bridgeport Music lost a lawsuit over a sample of a sample. We took a look at Harry Potter, fan fiction, and fair use, and also at the history of how even the earliest copyright pirates didn’t do much harm. The RIAA was ordered to turn over data on what a download really costs, the MLB was told yet again that it doesn’t own facts, and an attempt to sue Creative Commons by someone who misunderstood the license mercifully failed.

Filed Under: history, look back