Slashdot Mirror
How The FBI Easily Retrieved Michael Cohen's Data From Both Apple and Google (cnn.com)
Court documents unsealed Tuesday showed just how much information America's FBI was able to gather on Donald Trump's lawyer Michael Cohen -- from both Google and Apple products. An anonymous reader quotes CNN:
Notably, the FBI made use of Cohen's use of Touch ID and Face ID on his Apple devices, which allow users to quickly log into iPhones and computers by scanning their face or fingerprint rather than typing in a password... But that gives law enforcement an additional means to access those devices. In one warrant application for Cohen, an FBI agent requested authorization "to press the fingers (including thumbs) of Cohen to the Touch ID sensors of the Subject Devices, or hold the Subject Devices in front of Cohen's face, for the purpose of attempting to unlock the Subject Devices via Touch ID or Face ID...."
One warrant requested not simply access to three of Cohen's Gmail accounts, as well as other email accounts, but also some of the wide array of information Google keeps for its users by default, including search history, web cookies associated with an account, device information, and a host of other metadata categories. One affidavit describes how the FBI narrowed down Cohen's temporary location at the Loews Regency Hotel in New York through his cell phone location data. Agents then used a "triggerfish" -- a reference to a stingray, or IMSI catcher, a suitcase-sized device that mimics a cell tower to convince a cell phone to connect and reveal its location...
Prosecutors also made use of a new law that Trump recently signed. Investigators in the Southern District of New York compelled Google to turn over some documents on Cohen, but the tech giant initially "declined to produce data that it stored on computer servers located outside of the United States," according to an affidavit submitted to the court by an FBI agent working on Cohen's case. Weeks later, Trump signed the CLOUD Act into law, which gave US law enforcement more legal pathways to pursue data stories overseas.... In an April 2018 affidavit, the FBI agent argued that "providers are required to disclose data even if it is stored abroad" under the new law. The judge approved the new search warrant later that day, giving investigators access to additional information from Google, including Cohen's emails, attachments, address book and files stored on Google Drive.
One technology law expert told CNN that police now seek access to more and more information.
"I think any of the electronic debris that people leave online on these services is all potentially subject to being used against you."
One warrant requested not simply access to three of Cohen's Gmail accounts, as well as other email accounts, but also some of the wide array of information Google keeps for its users by default, including search history, web cookies associated with an account, device information, and a host of other metadata categories. One affidavit describes how the FBI narrowed down Cohen's temporary location at the Loews Regency Hotel in New York through his cell phone location data. Agents then used a "triggerfish" -- a reference to a stingray, or IMSI catcher, a suitcase-sized device that mimics a cell tower to convince a cell phone to connect and reveal its location...
Prosecutors also made use of a new law that Trump recently signed. Investigators in the Southern District of New York compelled Google to turn over some documents on Cohen, but the tech giant initially "declined to produce data that it stored on computer servers located outside of the United States," according to an affidavit submitted to the court by an FBI agent working on Cohen's case. Weeks later, Trump signed the CLOUD Act into law, which gave US law enforcement more legal pathways to pursue data stories overseas.... In an April 2018 affidavit, the FBI agent argued that "providers are required to disclose data even if it is stored abroad" under the new law. The judge approved the new search warrant later that day, giving investigators access to additional information from Google, including Cohen's emails, attachments, address book and files stored on Google Drive.
One technology law expert told CNN that police now seek access to more and more information.
"I think any of the electronic debris that people leave online on these services is all potentially subject to being used against you."
Understand what is now a legal search and seizures.
How to use your OS to ensure your digital "papers" stay secure from unreasonable search attempts.
When and how your rights stay protected.
Domestic spying is now "Benign Information Gathering"
is this someone I should know?
Just put up a Miranda Warning. Makes more sense
“He’s not deformed, he’s just drunk!”
With biometric authentication, you are only protected by the 4th amendment. Your finger/face/etc. are akin to a key, and a warrant can compel you to unlock the device with it.
With a password, it can be argued that divulging it would constitute self-incrimination, which keeps you protected by the 5th amendment as well, even if they get a warrant. Case law is unclear on the matter, at least, with contradictory rulings.
This is true in the USA at least. UK has a law that mandates divulging passwords, although I don't recall hearing about it being used much.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
We already knew that, in the US, a person can be compelled to unlock his/her phone if it can be done with a fingerprint or by showing their face.
If you're really paranoid you need to turn all that off, require a complex passcode to be entered on any of your electronic devices, and be willing to put up with a little inconvenience on a regular basis.
Personally, I'm not that paranoid - I'm aware that I'm simply not that important of a person.
#DeleteChrome
Seriously, people, your phones have back-doors, front-doors, compromised apps, malware, etc. on them and send data into insecure clouds. Do not trust your phones. The only way you could ever trust your phones was is there was strong legal protection for your data. There is not. Thanks to the raising authoritarians and proto-fascists in the West, there is the opposite.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You are cheering for the downfall of your own country? Fascinating.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
And why would I do that? Are you stupid? (Well, you are an AC, so the question is redundant...)
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Probably Ireland, they have a European HQ located there, but not sure if they have a server farm there too.
Also, it's probably not very relevant where the data is actually stored these days, it's most likely replicated and backed up in several countries. Most global companies now use off-site backups and replicate their data in geographically separate locations, with data centers in many countries spread throughout the world. This gives them more redundancy and a better shot at handling an international disaster; a given country would likely be unaffected while another is having a disaster like a tidal wave or whatever.
The whole point of the new law was to deal with exactly this sort of situation, where the local laws or agencies of other countries are either not enforceable or somehow otherwise are an impediment to them getting legal access to the data. The other country really doesn't have any chance to say anything in the matter, if they're even aware of it. If Google or whoever refuses the request, they would no doubt prosecute them as though they had denied law enforcement's access to the data just the same as if it was located in the U.S.
Not saying it's right or wrong. Personally, I'm not a fan of laws that give Government expanded powers to nose into people's lives, either real or online, but I'm not a fan of crime, obviously. If nothing else, this was expected. Many of our laws need to be updated to be meaningful and reflect the new digital reality we live in - the legal system is lagging behind reality in many ways by anywhere from 5-10 years to about 50.
-- You are in a maze of little, twisty passages, all different... --
If you use a password or code to unlock your encrypted devices and data then (according to quite a few different court rulings) you are protected by the 5th amendment and can't be forced to give up the password or code (although exactly how far that protection extends depends on which court ruling(s) apply in your jurisdiction). No such protection exists when it comes to things like fingerprint or facial recognition or other biometrics.
Plus its a lot easier for bad guys (whoever they may be) to defeat biometrics. Not only are there all sorts of examples of how to defeat fingerprint recognition (including the Mythbusters busting all the fingerprint scanners they tried) but its a lot easier for a bad guy who wants to get at your data to grab you, grab your device and force your finger onto the sensor (or hold your face in the right place for the facial recognition to work) than it is for those same bad guys to force you to give up your secret code.
I personally do not use biometrics for anything (actually there is one place I do volunteer work at where they use a fingerprint scanner to scan people in and out but that's not for security, its only so they can verify who is in the building if something goes wrong) and will not do so in the future if I can avoid it (e.g. if my next phone has biometrics I will turn it off and not use it)
Being dumb does change reality. Although dumb people are known to not get that. Well, I look forward to morons like you saying dumb things like "How could we have known?" and "It was xyz that ruined it!"
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Are you deranged? Why would I not use anything just because it is not trustworthy? Listen, moron, here is how you do it: You use it but you do not trust it. Takes two brain cells to rub together to see that though and you clearly do not have them.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Biometrics are notorious for being easy to fool, even the emerging 3D-face-scanning stuff coming out is going to be as bad, because the sensors can't be integrated into the chips themselves, in turn you could always just remove the sensor, replace it with a serial line, and spoof whatever signal it expected to see from a "3D" scan using an image.
Two-factor authentication is a joke when biometrics are involved, because the biometric component negates any other component. Security can't be about something someone has (e.g. CAC cards) and is (e.g. biometrics) alone - the something someone knows (e.g. password) is the most critical factor because it can't be stolen, it can't be spoofed, and in extreme cases it can't even be cut off with a saw or scooped out of an eyesocket with a spoon (at least, not directly.)
Making biometrics a part (yes, even a part) of a security deployment of any kind is akin to making everyone set up their full name as a username with their social security number as their password - it's fucking dumb to use public information (no matter how convoluted to spoof, because if it can be done it will be done) for security.
Well, who cares if government has more and more and more access to your "papers" as long as political factions aren't using it in violation of the 4th and 5th amendment to harm their political opponen...OH FUCK
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Problem is even if you get rid of your phone, pretty much every device nowadays is littered with sensors and internet access. TVs, cars, fitness devices, furniture etc. . Even if you got rid of everything in your own room, its even possible to spy on you from adjacent rooms (Wifi).
Privacy has competed with humans need for comfort and lost.
and the rising authoritarians in China and Russia, although admittedly they had a head start.
India is not far behind, nor Pakistan. Cuba was always in the vanguard ever since Castro decided to be la Suprema.
This is the event that made me realize digital privacy is important to anyone, not just those who know they are doing something they need to hide. There was a case a few years ago where some guy left his toddler in the carseat instead of dropping him off at daycare and the kid died. The police went through his online history and found he was talking to prostitutes and engaging in other extramarital, sexually deviant behavior. On that alone, they gave him life in prison because a jury believed he intentionally left the child to die based on that alone. I have no idea if that's what truly happened or not, maybe there was other evidence that really connected those dots. But based on what was in the news, I found that to be way outside of what a reasonable person would consider proving beyond reasonable doubt. It sounded more like a moralistic judgement based on his online activity that had nothing to do with the death. This is the problem as I see it; who gets to defines what 'normal' online behavior is? If you get accused of a crime you didn't do and it's discovered that you watched graphic accidents on LiveLeak, or perused escort ads, or looked at extreme pornography etc, there's no frame of reference for how "normal" or common that behavior is. Until that is better understood by the general public, any prosecutor can convince a group of 12 mediocre idiots off the street to convict you on any charge they want based on character assassination alone.
I never said to get rid of it. Whatever gave you that idea? Just do not put stuff on it you want to keep secret.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Indeed. But the West was supposed to be the model that showed everybody how it could be done differently. Seems that failed and the whole world is going to hell. Again.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
In this case the phones were unlocked because of the use of biometrics instead of password only protection. If they were locked only with passwords and Cohen didn’t cooperate, the FBI would have had to employ hackers.
Well, there's spam egg sausage and spam, that's not got much spam in it.
I love how you guys are still using the same bullshit years gone. Grow up, maybe you're the problem. Have you ever stopped for even 30 seconds to think about that? Maybe the shit like this has pushed the sane half of the country to do what ever is necessary to push back against your ignorance. Please for the sake of the country seek help.
You're wasting your time. The AC seems like a police-state apologist.
I would never own an "internet connected" vehicle. I may purchase one and then rip out the wifi/GSM module. But the sad part is the normies don't even understand what they are doing to their self. They think "OH LOOK I can browse facebook faster in my car now that I have car wifi!!" when in reality they are just helping track their family and children. The internet has been destroyed since the non nerds took over. I want it back damnit!
Yes to both. I am trying to follow George Charlin's advice to "just not give a shit" about ACs, but I clearly have some way to go still. Stupidity just sets me off.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
That's a red herring. The phone isn't so much a storage device itself, as it is conduit to all of your online data.
Learning HOW to think is more important than learning WHAT to think.
That's why you use your dick! Fool proof!
Since you are listening (well, as far as you are capable, which is clearly rather pathetic), obviously not.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I'm curious - why are you so quick to call anyone who questions your comment or respectfully disagrees with you stupid (or other ad hominem insults that aren't germane to the discussion )?
-Turkey
You give them more detail of the inner workings of you, when you play with their broken toys. You are mapping out more of your tiny little brain by trying to fool the collection pile. Think you can outsmart a pile? They are not looking at your data live, while you are inputting or taking actions. They collect the everything. They process what is in it, from every direction, once they finally gain interest in you. (thinking "Eww, I will search for "cats" at midnight, that will fool them. They will totally not know, and will think I like cats." They find later, "yeah, he searched for cats trying to play or something. It was his adjusted typing profile, and twenty seconds after he used his password on twitser. He also kept holding it at the same height in the air.)
It is due to way-too-smart-for-everyone rubes like you that bought the broken tech toys, allowing the collectors to mass produce, instead of waiting for the discussion on data safety.
Your little quirks and habits will stand out in the data, like your bad breath, and non-wiped bottom. Not like hygiene is expected with people like you that don't care about that with which you touch and play.
You have no clue how things actually work. They do most decidedly not "collect everything". That would cause numerous problems, among them that their collection methods would be far too easy to detect. This is not a game that works well with a big ego (which you have in spades), bit one that requires some actual insight (of which you have none).
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Ah, no? It is not?
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If you think there inst an ESP8266 or equivalent somewhere in that PCM you dont understand how electronics work. Once you found the module you could easily disable it numerous ways. If it would cause the vehicle to stop working, well you return it as garbage and laugh at the poor fuck that has to push onto the lot after the AAA driver drops it in the middle of the driveway at my request. You seem to be the internet warrior going on about, well whatever it was that i could tell was a waste of time reading. glfh.
You went from telling of the concerns and danger of the collectors' toys, to arguing there is no danger "if you're smart", within a few exchanges with the AC. You even flustered your response, seething hate, but not actually saying anything more that was useful.
The collector is not one party, as everyone collects their little parts. The pile, and "the everything" is not a single collection. However, telling a questioning person, that does not seem to have a grip on how anything works, to go ahead and use the broken toys, is not a plan for the future. It was that geek excitement that got the idiots of the world interested in those dangerous things, before they were ready, much less safe.
You say everything is not saved, but you have no clue what is, and isn;t kept and for how long by any party, including the chips on your devices that cannot really delete completely. You disbelieve the government entities keep encrypted streams off the backbone lines, as long as they can, hoping to break it one day, but allowing parties to be connected while unreadable. All of that is nothing. Due to the various, and even innocuous, data being kept, something within it will become at least embarrassing, and possibly illegal, in the future near enough to cause you or someone you care for, pain, suffering, or time.
You think your computer and security activities and interests, make you all knowing, but they make you dangerous when seen by others. Slow down your roll. Your one liner responses seem to say you have a bit of stress built up, and it is affecting your responses. Don't add more over this.