Police Using IoT To Detect Crime

Privacy invasions related to the Internet of Things (IoT) are already becoming reality. In Arkansas, local law enforcement is trying to access the records of an Amazon Echo device as evidence in a murder investigation and has already compiled evidence based on the files of an IoT water heater.

There are no meaningful federal privacy laws in the US, outside of those that keep medical data, sealed court documents and some government records such as IRS tax returns away from prying eyes. Unless that changes, the IoT will make privacy a quaint recollection of our youth.

The Arkansas case pits Benton County Prosecutor Nathan Smith against James Bates, a homeowner whose friend was discovered dead in a hot tub after a night of intense drinking. Bates’ lawyer is arguing the death was an accident. The county is trying to determine the facts.

The government accessed records from an IoT water heater and argued that the amount of water used in the early morning was sufficient to have washed away evidence. Bates’ lawyer counters that the amount of water used does not represent a spike above the previous day’s level.

But the attempt to access the Echo records is more troubling. It began with the seemingly innocuous observation of a witness that Bates was playing music through his Echo. That gave authorities the idea to hear what information requests Bates might have made on the day of the death. It’s a 2017 version of accessing search engine history.

The Associated Press quoted Smith as saying that he “has no idea if the device recorded anything related to the death” but that he was simply chasing down all possible leads. In other words, it’s a fishing expedition.

Specifically, the prosecutor’s office is seeking all “audio recordings, transcribed records, text records and other data” from Bates’ Echo, according to a search warrant.

Here’s the problem with always-on devices such as Echo and Apple’s Siri: For it to react the moment it hears the magic word (Alexa in Amazon’s case, Siri for Apple), it has to be constantly listening.

Many consumers assume that the worst-case scenario is that the government could learn every inquiry they make to a device, which is indeed analogous to reviewing cached search engine queries. But the actual worst-case scenario is that these devices can overhear any and all conversations or sounds near it.

What if a court order demanded that everything be recorded on a suspect’s device? What if it asked that someone be alerted if the suspect said a series of words, such as the victim’s name?

What if, instead of the victim’s name, it was looking for anyone uttering an elected official’s name? Or maybe it’s a company lawyer seeking to know what its employees say about it when at home? Without explicit privacy rules, there is no limit to how far these requests could go.

Amazon issued a statement saying that it “will not release customer information without a valid and binding legal demand” and that Amazon objects to “overbroad or otherwise inappropriate demands as a matter of course.”

That sounds great and all, but it means nothing. If any judge anywhere signs a warrant, bingo, you have a valid and binding legal demand. In many instances, you don’t even need a judge. Any attorney, on his/her own, can subpoena documents as part of a case. That’s also instantly valid and binding, unless a judge intervenes.

As for “overbroad or otherwise inappropriate demands,” any judge or lawyer who issues such a demand is quite unlikely to consider their own demand overboard or inappropriate, so that doesn’t help, either.

We need real privacy laws in the US, where law enforcement, and anyone else, needs to have a specific and provable fact that they are trying to back up. Not certain how it should be worded, but I think prohibiting any request where the prosecutor tells reporters that he “has no idea if the device recorded anything related to the death” is a good place to start.

Computerworld:   

New Technology To Really Close The US / Mexican Border:

 

 

« Malware Traders Switch To Less Suspicious File Types
Montreal’s Future In Smart Sensors And AI »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Digital Shadows

Digital Shadows

Digital Shadows is a cyber threat intelligence company that helps clients discover sensitive data exposed through social media, cloud services and mobile devices

Cyber Together

Cyber Together

Cyber Together is dedicated to advancing the cyber security industry by giving businesses access to Israel’s leaders, innovators and great minds in the field of cyber security.

Casaba Security

Casaba Security

Casaba are specialists in software security providing managed Software Development Lifecycle services as well as products for security testing.

Cybertrust Japan

Cybertrust Japan

Cybertrust Japan provides a comprehensive security certification and digital authentication service, enabling customers to build and manage highly secure IT infrastructures.

Mastercard

Mastercard

MasterCard is a leading global payments solutions company that serves consumers and businesses in over 210 countries and territories worldwide.

CyberPlat

CyberPlat

CyberPlat is an integrated broad-based multibank Internet payment system. It is the largest electronic payment system in Russia and CIS.

CIO Dive

CIO Dive

CIO Dive provides news and analysis for IT executives in areas including IT strategy, cloud computing, cyber security, big data, AI, software, infrastructure, dev ops and more.

Cyberteq

Cyberteq

Cyberteq is an innovative Information and Communication Technology Consulting Company, enabling it’s customers to take full advantage of the latest technologies in a secure manner.

Tutamantic

Tutamantic

Tutamantic develops software that reduces security risks and weaknesses during the architectural and design stages.

Radically Open Security

Radically Open Security

Radically Open Security is the world's first not-for-profit computer security consultancy company.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

SYSGO

SYSGO

SYSGO is the leading European provider of real-time operating systems for critical embedded applications in the Internet of Things (IoT).

Aujus Cybersecurity

Aujus Cybersecurity

Aujas is a pure-play cyber security services company with deep expertise in Identity and Access Management, Managed Security and Security Testing services.

ACET Solutions

ACET Solutions

ACET Solutions delivers a wide range of Automation, Cyber Security and Enterprise IT/OT Integration Solutions to industrial clients.

SAP National Security Services (NS2)

SAP National Security Services (NS2)

SAP NS2 are dedicated to delivering the best of SAP innovation, from cloud to predictive analytics; machine learning to data fusion.

Peraton

Peraton

Peraton provides innovative solutions for the most sensitive and critical programs in government today, developed and executed by scientists, engineers, and other experts.

Drata

Drata

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining workflows to ensure audit-readiness.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.