Post ATKH7Zkf6SfI2is04u by robin@mastodon.social
(DIR) More posts by robin@mastodon.social
(DIR) Post #ATJfzfoF04zQD4ueQq by mimsical@mastodon.social
2023-03-05T19:40:35Z
0 likes, 2 repeats
This is not a drill.The nightmare scenario for personal privacy in a world where women are stripped of their reproductive rights is coming to pass:Meta, Google, other tech companies are providing police with evidence to help prosecute women who seek or perform abortionshttps://www.businessinsider.com/police-getting-help-social-media-to-prosecute-people-seeking-abortions-2023-2
(DIR) Post #ATJfzgHfEgWdgKg9IG by alex@cybervillains.com
2023-03-05T20:23:22Z
0 likes, 0 repeats
@mimsical This is not a great article and the headline is egregious. The need to make every article boil down to "tech companies bad" obfuscates the core issue and therefore the potential responses..The real, but less clickworthy headline would be "Prosecutors and judges are using the law to go after women getting abortions".Tech companies can't just "turn over" data, they have to comply with ECPA/SCA, which requires a signed warrant* for content.*Offer does not apply to FAA702
(DIR) Post #ATJgCbpN7EQdcpbsXY by alex@cybervillains.com
2023-03-05T20:25:44Z
0 likes, 0 repeats
@mimsical All of these examples seem to be utilizing targeted search warrants aimed at individual women and signed by a judge. State search warrants often do not have affidavits or potentially charged crimes attached, so to the companies there is no good way to tell if this is an abortion-related investigation.The companies are bound by state and federal law to respond to search warrants. They can fight and give notice, but in the end that is the law.
(DIR) Post #ATJgQY5BpsSI45ei9I by alex@cybervillains.com
2023-03-05T20:28:17Z
0 likes, 0 repeats
@mimsical If the companies declined to answer a search warrant, the judge could issue an arrest warrant for the tech co lawyer or another corporate officer.The article implies that tech companies can just decide to not turn over data, and that is incorrect. What can be done?1) The companies can be more aggressive with notification, although it's pretty standard for warrants to come with gag orders in lots of cases.2) They can try to fight more warrants, but which ones is the hard part.
(DIR) Post #ATJgf5YQBcCDvfGHIm by alex@cybervillains.com
2023-03-05T20:30:52Z
0 likes, 0 repeats
@mimsical 3) We could amend ECPA/SCA to set standards for interstate warrants to require affidavits or a citation of the law the target is presumed to have violated. That would, at least, give the companies more to work on.4) California could try to create a conflict of laws and promise to not enforce abortion-related search and arrest warrants on behalf of other states. This seems like a serious full-faith-and-credit issue and I think we will know what SCOTUS would do.
(DIR) Post #ATJgiICfc62W1pcDWi by mimsical@mastodon.social
2023-03-05T20:31:12Z
0 likes, 0 repeats
@alex All of this makes sense! I appreciate you sharing this level of detail.
(DIR) Post #ATJgkpd0JPOIGy8xs0 by det@hachyderm.io
2023-03-05T20:31:57Z
0 likes, 0 repeats
@alex @mimsical Oh FFS — yes, clearly the most egregious thing here is the entirely accurate headline.
(DIR) Post #ATJgs3h4PmpxvJUXPE by alex@cybervillains.com
2023-03-05T20:33:15Z
0 likes, 0 repeats
@mimsical 5) The companies can continue to roll out E2EE as widely as possible. This is the only realistic tech response.I know a bunch of civil liberties lawyers are looking into other options, but they aren't great.In the end, if the law criminalizes fundamental reproductive rights then the massive power of the criminal justice system can be perverted to go after innocent women. That's the problem.
(DIR) Post #ATJh7dSxhDX3DIJuWu by mimsical@mastodon.social
2023-03-05T20:36:00Z
0 likes, 0 repeats
@alex Makes perfect sense. But also illustrates, as you say, that E2EE is the primary "good" solution, for now.From my perspective, it sure makes Tim Cook's priorities of late (the imessage encryption, not a commentary on ATT) look like the right ones.
(DIR) Post #ATJhJc0yuxd0BfwYZU by alex@cybervillains.com
2023-03-05T20:38:14Z
0 likes, 0 repeats
@mimsical If we were going to reduce the power of search warrants against lots of crimes, I would start with the geofence warrants. Those do not have to show probable cause against individuals and I could easily see a DA who sees themself as governor issue geofence warrants around reproductive health clinics.I'm not sure how this would play out across state lines.
(DIR) Post #ATJhVxaYX5dMZXTGjI by alex@cybervillains.com
2023-03-05T20:40:28Z
0 likes, 0 repeats
@mimsical iMessage has been (mostly) E2EE for a while, but encryption for iCloud backups is definitely a good response to this threat. Those backups are extremely rich hunting grounds for LE.Unfortunately, the process is so complicated that I expect usage of that feature is <1%.
(DIR) Post #ATJhbjWhjDGohGQFQe by joshsternberg@mstdn.social
2023-03-05T20:39:17Z
0 likes, 0 repeats
@mimsical @alex what if these tech companies just didn't collect that kind of very specific data in the first place? no data collection, nothing to turn over, yeah?
(DIR) Post #ATJhbkA3MukIfIpflI by alex@cybervillains.com
2023-03-05T20:41:31Z
0 likes, 0 repeats
@joshsternberg @mimsical The key case in this article used the content of chats, which either have to exist on servers or be E2EE. Hence bullet #5, saying that E2EE is the only realistic tech response.
(DIR) Post #ATJhpWxXFXl5m4YFSC by det@hachyderm.io
2023-03-05T20:44:00Z
0 likes, 0 repeats
@alex @mimsical If there is any fault with the article, it’s that it doesn’t focus on solutions — its description of the problem is entirely accurate, and it’s a problem that the public needs to be aware of. It also acknowledges that Meta has few legal options. Of all of the possible concerns here, “it makes tech companies look bad” is just not one that matters.
(DIR) Post #ATJhxX9kOwF2ha50Lo by alex@cybervillains.com
2023-03-05T20:45:29Z
0 likes, 0 repeats
@det @mimsical The one redeeming part of the article is quoting Eric Goldman. All of the discussion I've seen on it so far is based upon the incorrect assumption that the companies can voluntarily turn off the spigot, so certainly the article has not had the effect of improving the quality of this conversation.
(DIR) Post #ATJiisVArAJ4Vxg3jE by alex@cybervillains.com
2023-03-05T20:54:00Z
0 likes, 0 repeats
@det @mimsical Also, if the article was aimed at the real problem it would have mentioned the phone companies, who have no history of fighting government surveillance requests and seem to keep location and SMS data for very long periods.
(DIR) Post #ATJj3JxKUaepSBaw1A by mimsical@mastodon.social
2023-03-05T20:57:41Z
0 likes, 0 repeats
@alex @det this is an excellent point. I have heard things about the volumes of location data phone companies have handed over to law enforcement that would turn your hair white
(DIR) Post #ATJj4oZS9Vokh48gDI by det@hachyderm.io
2023-03-05T20:57:57Z
0 likes, 0 repeats
@alex @mimsical I mean, you literally just detailed several ways they could turn off the spigot, which was spurred by the article bringing attention to the issue. I’m not seeing the downside here.
(DIR) Post #ATJjXsLbBrS6nvW3nc by alex@cybervillains.com
2023-03-05T21:03:13Z
0 likes, 0 repeats
@mimsical @det Yeah, and based upon extremely broad location boundaries!Vice had an expose on the phone companies selling location data and it was a scandal for like 4 hours.
(DIR) Post #ATJjpwq9E1NBx0QGuW by fugueish@infosec.exchange
2023-03-05T21:06:26Z
0 likes, 0 repeats
@alex @det @mimsical Both David and Alex are right: You can't begin to talk about solutions until you frame the problem correctly. The problem is that criminalizing abortion is evil, and the bad guys here are governments. Tech companies complying with the law when they can't resist, which they frequently do, are not the bad guys in this specific instance (and sometimes sort of the good guys).The article is lazy and behind the curve in a way that by now I'd hope people would realize. That they don't is a separate problem.
(DIR) Post #ATJlbdLT6qrrLJNIo4 by kentindell@mastodon.social
2023-03-05T21:26:13Z
0 likes, 0 repeats
@alex @mimsical Feels like Prigg v. Pennsylvania. Very dangerous.
(DIR) Post #ATKH7Zkf6SfI2is04u by robin@mastodon.social
2023-03-06T03:19:20Z
0 likes, 0 repeats
@alex @joshsternberg @mimsical E2EE won't address the overwhelming majority of the data those companies collect.
(DIR) Post #ATKMyN9BCGDw4MKgbY by BoredomFestival@sfba.social
2023-03-06T04:24:57Z
0 likes, 0 repeats
@alex @mimsical surely the ethical choice on the part of the companies would be to observe civil disobedience and refuse to comply with an unjust law. (I have no reason to believe any of them will, of course, because corporations aren't people and have no intrinsic ethics in the first place, only a drive for profit.)
(DIR) Post #ATLMnoWNH4umwQ6hXc by brooklynmarie@mastodon.lol
2023-03-06T15:50:57Z
0 likes, 0 repeats
@joshsternberg @mimsical @alex This. No one is forcing anybody to collect all that data. This is a bad faith defense at best. Alex is still running interference for Facebook, I see.
(DIR) Post #ATLMnpMq80slZ8ebJo by alex@cybervillains.com
2023-03-06T15:57:46Z
0 likes, 0 repeats
@brooklynmarie @joshsternberg @mimsical Please read the article and thread carefully before accusing me of bad faith, as I am responding to the specific prosecution in the article which is based upon message contents. In the thread, I call for continued rollout of E2EE, which is the only realistic protection against lawful process targeting messaging contents.
(DIR) Post #ATLS9eBUt0vT1YZXO4 by Mikal@sfba.social
2023-03-06T16:57:41Z
0 likes, 0 repeats
@alex @mimsical 'The real, but less clickworthy headline would be "Prosecutors and judges are using the law to go after women getting abortions".This is exactly the point made in the last few paragraphs, when it should be the lede. At the same time, there is a ton of info that is *not* in private chats that surveillance-based companies collect that they shouldn't be collecting. If you don't have it, you can't turn it over. That part *is* on them.
(DIR) Post #ATMItLX5lCTE78mkHA by AIaYYAle4i1uKmKpqy.gme@bofh.social
2023-03-05T20:31:22.401895Z
0 likes, 0 repeats
I think the bigger point that needs to be considered isn’t that tech companies are turning over data (and as you point out are required to) but that prosecutors are subpoenaing tech companies for the data to go after women seeking healthcare in the first place.The only solution really is not to collect the data in the first place.
(DIR) Post #ATMItMTaFjG52Y9SRk by 8petros@petroskowo.pl
2023-03-07T02:48:18Z
0 likes, 0 repeats
The only solution really is not to collect the data in the first place.This.