[FoRK] How safe is the data on your cellphone?

Stephen Williams sdw at lig.net
Wed Apr 20 11:24:22 PDT 2011


Good thing it has a standardized interface and is hackable in some cars.

Several years ago you could reprogram all of the engine parameters like spark timing in Subaru sports cars.  These days, you 
could probably hack in through the BlueTooth interface.  You could dynamically rewrite history perhaps.  Or the cop following 
you could.  I bet they wouldn't be so happy to be hacked and tracked back.

Anyway, this is clearly unreasonable search and seizure.  I'd sue them for even asking or appearing to try to access anything.

Until we really have strongly securable cell phone apps and operating systems (not that hard on Android), you could always try a 
wheat and chaff solution: Instead of trying to secure information, poison it with unreliable information that is difficult to 
discern.  Generate automatic text messages, bogus but plausible-while-contradictory location records, etc.  Impeach the 
reliability of your own phone as a source of evidence.

Good thing some courts are thinking clearly:

http://www.cdt.org/blogs/greg-nojeim/ohio-court-extends-4th-amendment-protections-cell-phones-seized-arrests
http://www.eff.org/press/archives/2008/09/11
http://miketully.net/blog/2011/03/24/student-whose-cell-phone-was-confiscated-and-searched-has-fourth-amendment-claim-against-school-official-tx/
http://geodatapolicy.wordpress.com/2011/02/22/cell-phone-location-data-subject-to-fourth-amendment-and-is-more-invasive-than-gps-updated-with-link/

I'm still going for changing the interpretation of traffic laws to make this a non-issue most of the time.  Waiting for a 
transcript and an appeal date:
If you weren't outside of "reasonably safe", it's not illegal.  When there is no safety issue your constitutional rights trump 
malum prohibitum traffic law application.  A law is only valid when properly applied.

In many states, 80mph is automatically reckless driving and higher speeds are severe offenses.  Yet 2 states now have speed 
limits as high as 80 mph and Texas is considering 85 mph.

http://www.reuters.com/article/2011/04/07/us-texas-speed-limit-idUSTRE7366L720110407
>
> "In Utah, after they adjusted from 75 to 80, nothing happened to the accident rate," Biller said. "Actually, nothing happened 
> to the average speed, either; it remained the same."
>
> But Jerry Johns, President of the Southwest Insurance Information Institute, said 85 miles per hour is a bad idea.
>
> "The two things that contribute most to traffic accidents are speed and alcohol," he said.
>

We need a tiered driver / vehicle system.  Our current blindness to risk variance and the resulting simple-mindedness is 
inefficient, wrong, and, at some point, unconstitutional.

sdw

On 4/20/11 6:19 AM, Gregory Alan Bolcer wrote:
> I'm sure accessing your onboard ECU to use your speed history against you will be the next step.
>
> Greg
>
> On 4/20/2011 6:17 AM, Russell Turpin wrote:
>> The ACLU has been raising questions about devices that Michigan and
>> Virginia police use to extract data from the smartphones of stopped
>> motorists:
>>
>> http://news.cnet.com/8301-17938_105-20055431-1.html
>> http://www.techeye.net/security/virginia-coppers-steal-phone-data
>>
>> An interesting question with regard to smart phones is how well they
>> protect their data. I doubt the password option most provide does
>> anything more than lock out the casual individual who finds your
>> phone. (And is that even desirable? What is the point of including an
>> ICE # in your contact list, if the EMT who might try to use that is
>> blocked by your password?)
>>
>> It seems to me that phone data security is pretty poorly thought out.
>> While more and more data is being put on them. And more financial
>> transactions are done through them. 




More information about the FoRK mailing list