Court Rejects Warrantless GPS Tracking

The EFF is trumpeting a victory in a case in which it and the ACLU filed an amicus brief. "The US Court of Appeals for the District of Columbia Circuit today firmly rejected government claims that federal agents have an unfettered right to install Global Positioning System (GPS) location-tracking devices on anyone's car without a search warrant. ... The court agreed that such round-the-clock surveillance required a search warrant based on probable cause. ...the court noted: 'When it comes to privacy... the whole may be more revealing than its parts.'"

Re:I'm still curious

I used to installed GPS tracking devices for the Feds - so I can help you out. These devices are very rarely deployed - fairly expensive and time consuming, even w/o the warrant, which most Agencies have required as a matter of policy anyway for the last ten years. Yeah, sometimes the Feds anticipate rulings like this and do more than required so they won't lose evidence on appeal. Get over it. If you find one on your vehicle - you've earned it - and you won't be scratching your head as to why. Either you've been REAL busy doing some fairly bad stuff or your car is routinely used by others to do so. Knowing who was in the tracked vehicle (if the GPS records are simply being logged and downloaded) is a problem - so you're probably under physical surveillance too and the box is just to reel you back in if you get beyond visual range. Yeah, you can take it off, throw it away, turn it in at the local cop shop - you can even put it someone else' car. Won't matter - you'll soon be in line for an upgrade - that you WON'T find. And as for detecting .gov spyware with your packet sniffer. Good luck with that.

Re:I'm still curious

[Caerdwyn]

A long while ago (about 1996) I noticed unusual traffic coming in to my hobbyist server. Things that nowadays are just part of the background noise: port scans, SYNs to nonexistant hosts (I had a /28 block on a fractional T1. NerdPeen ACTIVATE!), that sort of thing. The source IP address in question then crawled my website and connected to my SMTP server and sent mail to itself (wisdom such as "don't be an open relay" was not widespread at the time... my diagnosic skills were better than my security skills at the time).

A few nslookups and whois later, and a traceroute or two, and I was at Langley. Huh. Was someone there doing something? Or was it spoofed in some way? It's not like I had ever done anything interesting in my life other than flip a significantly-non-stock VW Rabbit onto its roof and host a website for friends to post their dirty pictures. Hmmm, maybe that was it. 007 wanted pr0n!

A few emails and one phone call later and I was talking to an instructor at Langley who was teaching basic network forensics. He said they were choosing random domains then learning what they could about them and presenting that knowledge as a classroom exercise, and apologized if their was any disruption; he said it was only an attempt to do basic recon of non-NATted networks, not penetration (insert joke here). My response was something to the effect of "OK, no problem, I understand. But... I noticed . I shouldn't have. And I'm a total amateur at this. If your students are going to be able to do their jobs, they need to be less obvious about it."

If you find a BatBug on your car, the cops need to know of their incompetence. Then send it to Gizmodo!