Police Using IoT To Detect Crime

Privacy invasions related to the Internet of Things (IoT) are already becoming reality. In Arkansas, local law enforcement is trying to access the records of an Amazon Echo device as evidence in a murder investigation and has already compiled evidence based on the files of an IoT water heater.

There are no meaningful federal privacy laws in the US, outside of those that keep medical data, sealed court documents and some government records such as IRS tax returns away from prying eyes. Unless that changes, the IoT will make privacy a quaint recollection of our youth.

The Arkansas case pits Benton County Prosecutor Nathan Smith against James Bates, a homeowner whose friend was discovered dead in a hot tub after a night of intense drinking. Bates’ lawyer is arguing the death was an accident. The county is trying to determine the facts.

The government accessed records from an IoT water heater and argued that the amount of water used in the early morning was sufficient to have washed away evidence. Bates’ lawyer counters that the amount of water used does not represent a spike above the previous day’s level.

But the attempt to access the Echo records is more troubling. It began with the seemingly innocuous observation of a witness that Bates was playing music through his Echo. That gave authorities the idea to hear what information requests Bates might have made on the day of the death. It’s a 2017 version of accessing search engine history.

The Associated Press quoted Smith as saying that he “has no idea if the device recorded anything related to the death” but that he was simply chasing down all possible leads. In other words, it’s a fishing expedition.

Specifically, the prosecutor’s office is seeking all “audio recordings, transcribed records, text records and other data” from Bates’ Echo, according to a search warrant.

Here’s the problem with always-on devices such as Echo and Apple’s Siri: For it to react the moment it hears the magic word (Alexa in Amazon’s case, Siri for Apple), it has to be constantly listening.

Many consumers assume that the worst-case scenario is that the government could learn every inquiry they make to a device, which is indeed analogous to reviewing cached search engine queries. But the actual worst-case scenario is that these devices can overhear any and all conversations or sounds near it.

What if a court order demanded that everything be recorded on a suspect’s device? What if it asked that someone be alerted if the suspect said a series of words, such as the victim’s name?

What if, instead of the victim’s name, it was looking for anyone uttering an elected official’s name? Or maybe it’s a company lawyer seeking to know what its employees say about it when at home? Without explicit privacy rules, there is no limit to how far these requests could go.

Amazon issued a statement saying that it “will not release customer information without a valid and binding legal demand” and that Amazon objects to “overbroad or otherwise inappropriate demands as a matter of course.”

That sounds great and all, but it means nothing. If any judge anywhere signs a warrant, bingo, you have a valid and binding legal demand. In many instances, you don’t even need a judge. Any attorney, on his/her own, can subpoena documents as part of a case. That’s also instantly valid and binding, unless a judge intervenes.

As for “overbroad or otherwise inappropriate demands,” any judge or lawyer who issues such a demand is quite unlikely to consider their own demand overboard or inappropriate, so that doesn’t help, either.

We need real privacy laws in the US, where law enforcement, and anyone else, needs to have a specific and provable fact that they are trying to back up. Not certain how it should be worded, but I think prohibiting any request where the prosecutor tells reporters that he “has no idea if the device recorded anything related to the death” is a good place to start.

Computerworld:   

New Technology To Really Close The US / Mexican Border:

 

 

« Malware Traders Switch To Less Suspicious File Types
Montreal’s Future In Smart Sensors And AI »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Pondurance

Pondurance

Pondurance is an IT Security and Compliance company providing services in Cyber Security, Continuity, Compliance and Threat Management.

Pervade Software

Pervade Software

Pervade Software is a global provider of dedicated compliance tracking software with monitoring & reporting capabilities.

IronScales

IronScales

IronScales combines human intelligence with machine learning to automatically prevent, detect and respond to email phishing attacks.

Cybertekpro

Cybertekpro

Cybertekpro is a specialist insurance broker providing Cyber Liability insurance and cyber risk assessment services.

MerlinCryption

MerlinCryption

MerlinCryption develops infrastructure security software, delivering advanced encryption, authentication, and random data generators, for Cloud, VoIP, eCommerce, M2M, and USB hardware.

RATEL (SRB-CERT)

RATEL (SRB-CERT)

RATEL has been appointed as the National Center for the Prevention of Security Risks in ICT systems of the Republic of Serbia (SRB-CERT).

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

Arkose Labs

Arkose Labs

Arkose Labs' Fraud and Abuse Platform combines Telemetry and adaptive Enforcement Challenges to break down the ROI of fraudsters and protect digital businesses.

Utility Cyber Security Forum

Utility Cyber Security Forum

The Utility Cyber Security Forum offers a focused venue in which utility executives can network one-on-one with colleagues facing issues in protecting against cyber attacks.

Enterprise Ethereum Alliance (EEA)

Enterprise Ethereum Alliance (EEA)

EEA is a member-led industry organization whose objective is to drive the use of Ethereum blockchain technology as an open-standard to empower ALL enterprises.

Enet 1 Group1

Enet 1 Group1

Enet 1 Group audits, assesses, recommends, and delivers tested solutions for the ever-increasing threats to your critical systems and digital assets

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

Securin

Securin

Securin offers a comprehensive portfolio of solutions including Attack Surface Management, Vulnerability Intelligence, Penetration Testing, and Vulnerability Management.

Mogwai Labs

Mogwai Labs

Mogwai Labs deliver cutting-edge penetration tests, security assessments and trainings, to safeguard your applications, networks and cloud environments from cyber threats.

OpenZiti

OpenZiti

OpenZiti is the world’s most used and widely integrated open source secure networking platform. OpenZiti provides both zero trust security and overlay networking as pure open source software.