US Federal Court Rules Against Geofence Warrants

2 months ago 32

BOOK THIS SPACE FOR AD

ARTICLE AD

Comments

R.Cake • August 26, 2024 9:13 AM

Why, look at that. I had never realized that there is such a thing as a “geofence warrant”. But then, I do not live in the US either.

yet another bruce • August 26, 2024 10:46 AM

I applaud the Fifth Circuit Court decision. The article refers to an opposite decision in a similar case made last month by the Fourth Circuit Court. I would have thought ideally Federal Law would be interpreted consistently across all 50 states. Circuit Courts seem anachronistic in an age where many legal cases are heard by teleconference.

John Levine • August 26, 2024 10:59 AM

It’s worth reading Orin Kerr’s take on this case.

The Fourth Circuit and the Colorado supreme court both recently decided that geofence warrants are OK, so this is a circuit split headed to the Supreme Court. Both based on Kerr’s analysis, and the fact that the Fifth Circuit has a history of legally extreme decisions, I wouldn’t count on this being upheld.

(I’m not saying the reasoning in this decision is wacky because it’s not, but it is definitely out of step with other courts.)

Victor Serge • August 26, 2024 2:17 PM

seems obvious to me, but you can’t take anything for granted

Gosh, yah. Take Signal for example, you’d think after the “Edwardian Revelations” their users would’ve realized we are ALL targeted endpoints, and yet the only secure way of using it via SEIF airgaps, like JS partially details, [‘https… github…com/johnshearing/PrivateKeyVault], makes Signal completely redundant.

TEXT> PGP> QRCODE PARADE> MP4 Video> XMIT via WIREGAURD or TOR or Signal…> MP4> QRCODE> PGP> TEXT, for example. Land of the free, right? HUH! Fair enuf for your tiny QKI maybe.

But do you really want to stick your poker in that fire? Targeted WITH a huge bullseye painted on your back. Who wins? You heard Jesselyn Radack. ‘https://whisper.exposefacts.org/staff/

You’ll be dripping from their eye teeth for decades, if they LIKE you.

lurker • August 26, 2024 7:55 PM

“This is a big deal.”

Yeah, right. The Fourth Circuit says you can, the Fifth Circuit says you can’t. It’ll have to go to the Supremes for a better answer. And Google’s gesture of flicking the data down to the device won’t be so much of an improvement for the perps being sought by the LEAs, because they will never turn Location Services OFF.

Clive Robinson • August 28, 2024 11:37 AM

@ Victor Serge,

Re : Air gap solution is insecure and exploitable.

You mention,

https://github.com/johnshearing/PrivateKeyVault/blob/master/README.md

And whilst with it’s clear plastic box it looks like it is secure it’s not.

Firstly it talks of swapping the memory card equivalent of “the boot drive” that makes it a faux-HSM with another card to make it Internet-Usable or similar via externally connected communications… That is a very very bad idea.

Because it ignores the fact that the Pi2 has the equivalent of a boot up BIOS ROM that can be over-written as can most SoC chips.

We went through this issue years ago with the ideas behind BadBIOS, and before that the spat between the UK Government and Guardian Newspaper, that resulted in “Tweedle-dee and Tweedle-dum” of GCHQ or similar “on a day trip to London”. The result of which was photographs published “double page” in the Guardian that identified chips on a computer motherboard that provably had Flash-ROM or equivalent that could be subverted by malware etc known to GCHQ or Hanslope Park. The number was quite significant. At the time I did point out that it would be usefull for students of security to learn from.

Also the device as described has no RF or acoustic segregation that is present or reliable. Thus it not just leaks energy into the environment it is susceptable to energy from the environment as well (see EMC training info to get nice easy to understand info on this).

Most if not all communications paths are bi-directional and the are all susceptible to “covert channels” of one form or another (something I’ve warned about with commercial “Data Diodes” pumps and sluices, oft used for security segregation).

All that is actually required is the parts that Claude Shannon and others identified getting on for a century ago that became the “Shannon Channel” model which fundamentally underlies “Information Theory” that “came of age” during the 1960’s. And in turn also is the underlying model that TEMPEST and EmSec is built on, even though what we now call Emission Security” was being exploited during “The Great War” or World War I in 1914-18.

We happen to actually know that these “energy channels” are exploitable with very little equipment these days as the WWI exploits suggest. The use of an old Android phone can when close (say tapped under the table) will pick up enough radiated signal to break both Symmetric and Asymmetric crypto. Grad Students have done this practically and published it.

Further it is known from earlier work done in the UK Cambridge Computer Labs set up by Emeritus Prof Ross J. Anderson that directed EM Radiation can fritz an IBM secure True Random Number Generator, and their paper won a Usenix award. Over on the “Light the blue touch paper” blog, I told them how to very much expand the attack.

Because I as had other Engineers “had previous” that we had not openly discussed (yup security by obscurity to “keep your job”). I’d discovered back in the 1980’s that if you get a “Walkie Talkie” handset in the VHF or UHF bands near CMOS computer boards it caused the computers to be not just be unreliable but crash. I investigated not just the fact you could crash systems, but there were ways you could “get information out” by “cross talk” effects but more importantly “get information in”. As I’ve mentioned before by combining both you got the necessary synchronisation to be selective with the way you carried out your “fault injection attack”. Thus you could do the equivalent of malware exploiting a vulnerability akin to making branch test instructions go the wrong way. Other researchers in the 1990’s when “Smart Cards” were being pushed hard investigated using low power IR lasers and rapid pulses in nano-inductor “pico probes” that simulated chip area specific EMP faulting to do similar.

Whilst the equipment to do these attacks back in the 1980’s and later last century was eye wateringly expensive it rapidly droped in price. You can now buy for sub $100 second hand smart devices or “gum-stick” or similar small “Single Board Computers”(SBCs) and “Software Defined Radios”(SDRs) and get the likes of GNU-Radio such that you can develop such advanced instrumentation and attack systems.

As I’ve pointed out in the past back with BadBIOS “air gaps are insufficient” what you actually need is “energy gaps”. Because “sensitive information” can easily be impressed / modulated onto radiated energy. But it’s also been known by the work of Peter Wright (Spycatcher) and his assistant Tony Sale both working for the UK MI5 how a Russian Inventor of the Theramin also developed “The Thing” found in the US Embassy in Moscow. That became known as “The Great Seal Bug” that used exactly these basic principles,

‘https://www.smithsonianmag.com/smart-news/theremin-100-years-anniversary-instrument-music-history-180976437/

‘https://en.m.wikipedia.org/wiki/The_Thing_(listening_device)

That as we know from the catalogue of surveillance equipment that allegedly was designed by NSA TAO members is still in use today in the likes of implanted network, printer, screen, keyboard and even wall socket power leads that some incorrectly call “Radar bugs” (they are “illuminated bugs”). As I’ve mentioned before I’ve also designed such devices using more than just an unmodulated carrier as the trigger, such that most standard “bug detectors” which use “acoustic feedback” howl will not find them.

Thus “Energy Gapping” not old fashioned “Air Gapping” is essential these days, and I’ve described on this blog how to go about doing so by building the equivalent of a “Home SCIF” or “TEMPEST / EmSec Tent”. In a way that uses innocuous looking “house hold” items that will not get picked up by the usual “guard labour” used to do premise searches.

But remember in our “madly connected world” the likes of Home-Wifi can be used to track your movements around the home by similar principles to actual RADAR systems, further the sounds the keys on your keyboard make reveal with a high degree of certainty the keys you are pressing for your password/phrase making search attacks so much easier. Then there is “shoulder surfing” by micro-miniature CCTV cameras of the high-def sort now used in drones that can be put innocuously in overhead Fire Detector/Sensors clocks etc. I’ve mentioned how these can be found using the “red eye” or “lamping” technique of 180 degree internal reflection all focused systems suffer from. The “red eye” technique works against nearly all “radiant energy sensors” simply because mostly the sensors or feed-lines to them have to be focused in some way to get the energy into a “waveguide” such as an acoustic tube. Such waveguides are also “resonators” like musical wind instruments or blowing across the top of a milk bottle so even though apparently entirely passive they can be found from their physical dimensions resonating. Likewise you can get “thermal imaging equipment” these days that if used correctly can reveal the presence of non passive systems “doing work” and by inefficiency producing heat. They also have differential thermal mass issues, where what the absorb and importantly how from the environment can be “seen” thus reveal their presence.

But onwards to the intentional “gap crossing” by QR code, it’s a bad idea. Some years ago researchers at the UK Cambridge Computer Labs came up with the idea of using a diamond of coloured dots to “gap cross”. I pointed out that it was rife with problems that could be used as “covert channels” due to the necessary “redundancy” needed to make image sensor systems work.

QR Codes also suffer greatly from this “redundancy” issue as I’ve pointed out here in the past. Worse you can using differential encoding hide at least twice the raw information the QR code conveys…

So whilst it looks like a solution it’s not. Worse the nature of it is “suspicious” / “curious” at a glance so will not survive unnoticed if the “guard labour” come searching.

Chris • August 28, 2024 2:25 PM

Bit of a buried lede here:

“While the Fifth Circuit ruled that geofence warrants are unconstitutional, the court concluded that the police department had acted in good faith when seeking the warrant for the location data held by Google, and upheld the defendant’s conviction.”

So the search was unconstitutional but not so much that the identification of the suspect and any subsequent evidence gathered from it was ruled impermissible. Can an actual lawyer weigh in on whether or not this is odd?

Clive Robinson • August 28, 2024 8:02 PM

@ lurker,

With regards,

“… won’t be so much of an improvement for the perps being sought by the LEAs, because they will never turn Location Services OFF.”

You are incorrectly thinking about how base “geo-fencing” operates. Law enforcement making a request to an OS or Application developer like Google will not “get all”. But sent to the infrastructure service providers such as AT&T will.

It’s long established that “pings to the tower” are part of the infrastructure functioning and records of them are “third party business records” that are easily available.

The real issue is two fold,

1, Are you in public
2, Is the request specific or trawling with a mile wide net for everything.

In most jurisdictions the expectation of privacy in a public place is now minimal and results from historic limitations, that died with car registrations and automatic cameras and is now failing to facial recognition and other imperfect bio-metrics. The problem with “pings to the tower” data is they can not tell which side of your front door or curtains you are or for that matter how high you are just the range from a tower. The arrangement of cells in mobile phones is that any two tower pings can not ever reliably fix your position and the chance of getting reliable three tower pings unlikely even in city areas (this is something that data miner/brokers and law enforcement do not want publicly known as it “reduces the value” significantly).

But the second point is the real bone of contention in many jurisdictions there are legal protections in place to stop “trawling” two phrases express this,

1, “Innocent untill proven guilty”
2, “Secure in their persons”

The first is from ancient English Law and goes back to several “Grand Charters”. And later got “Exported with Empire” and was for a while even part of North American jurisprudence (and still is in some places). In essence you had with it a right to silence and non self incrimination and it could not be held against you. This in effect killed law enforcement going on “fishing expeditions” they had to have “sufficient burden of proof” that put you at “a place and time”. UK PM Tony Blair killed this in various ways and subsequent legislation has made it worse. London and other city “travel card” systems as well as mobile phone tower pings thus give the ability to “go fishing” now (though judges quite rightly frown on it, magistrates and ‘justices of the peace’ as lay-persons often do not hold “officers” to account).

However the US law changed with the “fourth amendment” which is where the second quote comes from.

Unfortunately other differences in the US in State and Federal legislation has allowed law enforcement and prosecutors to over time to “push the line” very much in their favour.

One such is the “in plain sight” rule to most people papers covered over by a cloth or book, in a closed draw through to a locked safe are in no way “in plain sight”. How about “data on a disk?” a look through that quagmire will tell you much of what you need to know about how things are going in the US toward the nullification of the constraints of both quotes original intent.

But don’t take my word on this others say similar for instance,

https://constitutioncenter.org/the-constitution/amendments/amendment-iv/interpretations/121

And whilst people would like you to think such attacks on people are not political, they very much are. Every time a Politician dog whistles with “think of the children” or “tough on crime” or “war on XXX” they are laying the ground work for legislation they are going to eventually push, that will take more of your rights away.

Unfortunately “technology is agnostic to use” and is always in advance of legislation. Thus opportunities to rob you of your rights arise. If law enforcement or prosecutors can “normalise before legislation” then they in effect can drive court choices in advance of legislation and then use it to attack any potential legislation and either blunt it or eliminate it.

What you see playing out here is part of that very prejudicial against the citizens forced normalisation play in progress.

Subscribe to comments on this entry