Today at the same hearing where Senator Al Franken and others blasted Apple and Google about the storing of location data and the subsequent violations of user privacy, a Department of Justice representative had this to say:
"When this information is not stored, it may be impossible for law enforcement to collect essential evidence,"
- Deputy Assistant Attorney General Jason Weinstein
Really DOJ? This of course isn't a shock. The DOJ in January told congress that wireless and internet service providers should be required to store user data for two years. Weinstein provided congress with another gem during a hearing on mandatory data retention:
"In many cases, these records are the only available evidence that allows us to investigate who committed crimes on the Internet. They may be the only way to learn, for example, that a certain Internet address was used by a particular human being to engage in or facilitate a criminal offense."
I briefly comment on the DOJ and the industry surrounding the extracting of personal information for investigators last month when the Locationgate candal broke. Companies and individuals make their livings by creating programs that extract data you don't want others to see. It is a legitimate business, but a scary one. We live under the illusion that the right to privacy is laid out in the constitution. It is not.
The Supreme Court has laid out an implied right to privacy in a number of its rulings over the last fifty years (Roe vs Wade, Stanley vs Georgia), and many will argue that it is inherent in a number of amendments in the Bill of Rights (3rd, 4th, and 5th). But, it is important to know there is know specific right to privacy laid out in the constitutions. This is the argument thrown around by originalists (people who believe in the sole word of the constitution. Think religious fundamentalists, what is in the Bible is what goes).
It is encouraging that Congress is keen on maintaining and upholding these assumed rights to privacy laid out in previous rulings by the Supreme Court and the Bill of Rights. What is disconcerting is there are arms of our government and private sector that are actively engaged in circumventing these assumed rights and its legal. When Locationgate broke it was a shock to a number of us, and to others they could care less. To others though, it was old hat, common knowledge, something they had known about for months. But, these same people that knew about it for months, like Alex Levinson, said nothing about it. Why? Because he works for Katana Forensics and helped develop their iOS forensic software Lantern 2.0. Easy access to location data means a better product for their customers.
For $700 you can purchase Lantern 2.0 from Katana Forensics and get a program capable of the following:
- Supports the iPhone 4 and the new iPad 2
- Supports all generations of the iPhone including the AT&T and Verizon iPhone 4
- Supports all generations of the iPod Touch
- Support for iOS 2.2 to 4.3.1
- Passcode bypass with certificate file from syncing computer
- Bypass Encryption on 3.0 devices and with known password
- Recover Deleted SMS
- Read Gmail & Yahoo Email
- Parse SKYPE Calls & Messages
- Parse Facebook Data
- Cellular Sites & Wi-Fi Location Geo Data
- Wi-Fi Connections History
- Improved Internet History
- Geo Locate Videos & Photos
- Application Usage Data
- Analysis from .dd Images & Backups
- Data Carving Images & Videos
- Timeline Analysis
- View Data while Processing Acquisition
- Physical Image Email Analysis
- Document Analysis
I'm not condemning Levinson and their business, they provide a service to law enforcement officials, corporate investigative teams, and others but, the fact this data is so easily available is condemnable. If someone can write a program, useable by you and me, to procure our most intimate information, then something is wrong.
If the recent digital attacks on Sony didn't convince you (it has been two weeks and PSN is still down), hopefully this will open your eyes to how truly vulnerable our private information is. If the largest corporations in the world can have their secure servers compromised and have information stolen from them, the reality is nothing is really secure. Your location data, your genius playlists, your Facebook stalking habits are available to those who care enough to look. We trust these corporations keep our information private, but if they can't protect themselves, who can protects us?
Source: PC World