America's DHS Is Expected to Stop Buying Access to Your Phone Movements - Slashd...
source link: https://mobile.slashdot.org/story/24/03/30/1619253/americas-dhs-is-expected-to-stop-buying-access-to-your-phone-movements
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
America's DHS Is Expected to Stop Buying Access to Your Phone Movements
America's DHS Is Expected to Stop Buying Access to Your Phone Movements (notus.org) 39
Posted by EditorDavid
on Saturday March 30, 2024 @02:34PM from the I'll-be-seeing-you dept.America's Department of Homeland Security "is expected to stop buying access to data showing the movement of phones," reports the U.S. news site NOTUS.
They call the purchasers "a controversial practice that has allowed it to warrantlessly track hundreds of millions of people for years." Since 2018, agencies within the department — including Immigration and Customs Enforcement, U.S. Customs and Border Protection and the U.S. Secret Service — have been buying access to commercially available data that revealed the movement patterns of devices, many inside the United States. Commercially available phone data can be bought and searched without judicial oversight. Three people familiar with the matter said the Department of Homeland Security isn't expected to buy access to more of this data, nor will the agency make any additional funding available to buy access to this data. The agency "paused" this practice after a 2023 DHS watchdog report [which had recommended they draw up better privacy controls and policies]. However, the department instead appears to be winding down the use of the data... "The information that is available commercially would kind of knock your socks off," said former top CIA official Michael Morell on a podcast last year. "If we collected it using traditional intelligence methods, it would be top-secret sensitive. And you wouldn't put it in a database, you'd keep it in a safe...." DHS' internal watchdog opened an investigation after a bipartisan outcry from lawmakers and civil society groups about warrantless tracking... "Meanwhile, U.S. spy agencies are fighting to preserve the same capability as part of the renewal of surveillance authorities," the article adds.
"A bipartisan coalition of lawmakers, led by Democratic Sen. Ron Wyden in the Senate and Republican Rep. Warren Davidson in the House, is pushing to ban U.S. government agencies from buying data on Americans."
›
I'm OK with the possibility existing, it's not really avoidable.
It should, however, be absolutely 100% illegal with severe penalties for all involved to store that data longer than required for billing purposes and 200% illegal to sell or share it with any person or entity unless a warrant is involved.
-
by flyingfsck ( 986395 ) on Saturday March 30, 2024 @03:02PM (#64357002)
So I take it that the DHS now has a way to get the information for free.-
Or lacks the capability to process it and just gave up. They're not exactly America's finest security agency...
-
they will just 'steal' \ borrow it from some other 5 eyes nation - who bought it from an american data broker,
-
Probably they managed to get the NSA (which is part of the Department of Defense) to agree to share.
-
-
it's not really avoidable.
Absolutely not true. It is not remotely inherent in the technology, it's inherent in the way the technology is currently implemented. It should be no surprised that private interests have implemented it this way, since it gives them the ability to sell your location. The entire online/social media/freemail/goole experience is tailored around divesting you of your privacy, and even today it is completely possible and doable to deny them this.
Addressing your "It's not really avoidable" assertion, the technology isn't just possible, but easily possible to implement in a way that sends no locations outside the device. Apps like Osmand [f-droid.org] have a downloadable map infrastructure that would be easy to adopt as a subsystem in Android itself. Any time an app or web site wants to show your location, it could invoke this which would require no data outside your device. It wouldn't be hard at all to manage your maps, and wouldn't take up much space on your device.
For people today, you can use Osmand instead of Google Maps, say no every time a web site wants your location, use services like Open Street Map for web access, (which anonymizes all access), and even just kick Google out of your life. If you want, there are even Android alternatives like e/OS (Murena) which takes LineageOS (AOSP made workable) and further de-Googles it. It's not just for resistor-heads and nerd-fests any more, it's getting more and more traction and it's even quite possible to buy phones with it on it. I personally use a Fairphone FP5 running Murena and it is implemented in such a way that stuff just works. It has a Google Play Services replacement that lets 99.5% of programs run, even if you intercept or deny access to Google push. I even have the ability to easily, form the OS level, turn on and off location spoofing, in case there are any bad-player apps that I give location access to.
Don't just give up and roll over. Don't assume it's a necessary evil.
It should, however, be absolutely 100% illegal with severe penalties for all involved to store that data longer than required for billing purposes and 200% illegal to sell.
Here is where we 100% agree. But I would go a step further and impose penalties for even collecting it. I would even go another step further, and pass consumer protection laws that state that no free service can be operated where allowing the operator permission to collect, peruse, and/or share your data is a required component outside of the immediate context of that service. IE: If you offer an email service, they can't predicate it on you agreeing to give your location, and they can't look at your emails. If they offer a map service, they can't store your location, and they can't make you agree to let them as a condition of the service. If that means that we lose a lot of free stuff, so be it. I don't mind killing Google's current revenue paradigm.
We need something, because 14-year-olds don't care what they give away, and by the time they are 19 or 20 they are saying things like what you opened up with.
-
>Absolutely not true. It is not remotely inherent in the technology, it's inherent in the way the technology is currently implemented.
I am curious to hear how you would implement routing to mobile devices across external networks without having routing/location information that persists longer than the connection for billing purposes.
-
Routing.... as in network routing? I don't much care about tracking network routing since IP tracking is more and more becoming yesterday's news. There is a already a lot of (old but still valid) common-carrier legislation on the books protecting your phone location data obtained from what cell tower you are on from being sold or used. Which is why Google et al are making it harder and harder to do anything on any app without signing away your phone's satellite location data permissions - they need it.
-
In response to "how would you handle this necessary feature?" you answered "I don't care", and in a way that indicates you didn't even understand the question.
The rest of your post is utterly, utterly irrelevant.
-
If I misunderstood your question, which I may have (hence the initial question mark), then how about you explain the question. What aspect of "routing to mobile devices across external networks" is relevant to or causes inherent tracking in a context which I didn't address?
-
-
-
-
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK