Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.
posted by janrinok on Sunday March 10 2024, @08:41PM   Printer-friendly
from the pushing-the-jail-door-open dept.

The ubiquitous phone feature has powered a surveillance technique used to catch suspected kidnappers and pedophiles. It's also fueled fears of a 'privacy nightmare' at a time when abortion is criminalized:

The alleged pedophile "LuvEmYoung" had worked to stay anonymous in the chatrooms where he bragged about sexually abusing children. A criminal affidavit said he covered his tracks by using TeleGuard, an encrypted Swiss messaging app, to share a video of himself last month with a sleeping 4-year-old boy.

But the FBI had a new strategy. A foreign law enforcement officer got TeleGuard to hand over a small string of code the company had used to send push alerts — the pop-up notifications that announce instant messages and news updates — to the suspect's phone.

An FBI agent then got Google to quickly hand over a list of email addresses this month linked to that code, known as a "push token," and traced one account to a man in Toledo, an affidavit shows. The man, Michael Aspinwall, was charged with sexual exploitation of minors and distribution of child pornography and arrested within a week of the Google request.

The breakthrough relied on a little-known quirk of push alerts, a basic staple of modern phones: Those tokens can be used to identify users and are stored on servers run by Apple and Google, which can hand them over at law enforcement's request.

[...] The data has become prized evidence for federal investigators, who have used push tokens in at least four cases across the country to arrest suspects in cases related to child sexual abuse material and a kidnapping that led to murder, according to a Washington Post review of court records. And law enforcement officials have defended the technique by saying they use court-authorized legal processes that give officers a vital tool they need to hunt down criminals.

Originally spotted on Schneier on Security.


Original Submission

This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0, Troll) by Anonymous Coward on Sunday March 10 2024, @10:41PM

    by Anonymous Coward on Sunday March 10 2024, @10:41PM (#1348172)

    What they didn't tell you is it's the second case they worked this month.

    The first one got tossed out because they decided it was in the "interests of justice" to not prosecute a senile old pedophile who couldn't remember his job title.

    No seriously. It had *nothing* to do with his "high status". Oh, and he also isn't senile. But that's why it didn't get prosecuted.

    But this second guy is a complete rando and actually did it. No political connections, no senility, no nothing. So we're going to make an example out of him.

  • (Score: 4, Insightful) by JoeMerchant on Sunday March 10 2024, @10:55PM (1 child)

    by JoeMerchant (3937) on Sunday March 10 2024, @10:55PM (#1348173)

    If you can communicate to someone, there are always ways to "trace the call" and it is getting easier, not harder, with modern complex systems.

    Best method to avoid a trace that comes to mind at the moment is two bought with cash burner phones setup as a relay in a self destructing box. Everything you send out goes through a relay, preferably one of a dozen relays setup around a metro area that is actually two metro areas away from where you usually communicate from.

    Trusting some app provider is right up there with buying a burner phone yourself with your personal credit card.

    --
    🌻🌻 [google.com]
    • (Score: 2, Insightful) by Anonymous Coward on Monday March 11 2024, @01:05AM

      by Anonymous Coward on Monday March 11 2024, @01:05AM (#1348180)

      > Best method to avoid a trace ...

      Just don't use phones, or any public network for that matter, for things you don't want traced.

  • (Score: 2, Interesting) by Anonymous Coward on Monday March 11 2024, @01:48AM (1 child)

    by Anonymous Coward on Monday March 11 2024, @01:48AM (#1348184)

    ... but not in the Application Settings, locally. Turn them off in the app itself. If you just *hide* them on your device, then all that (profitable) user data is still going to Goggle.

    The common root of the spying problem here is pretty commonly clear. The FBI isn't just sending warrants, with gracious responses from the Corporation -- the FBI is sending checks (the money kind, not balances) with those warrants, or at least monthly. Your tax dollars, straight to privacy-defeating mega-corps, so that criminals can be defeated for the actions at home, in their bedrooms. (Oh sure, they'll publish a story a few times a year that are probably *every single one* of the suspects they find outside their bedroom, but every single other one? Yeah. Your-own-bedroom crimes.)

    • (Score: 3, Informative) by Ox0000 on Tuesday March 12 2024, @05:39PM

      by Ox0000 (5111) on Tuesday March 12 2024, @05:39PM (#1348439)

      One could also consider running a phone OS that does not have Google Play Services (which is the underlying infrastructure that enables things such as push notifications) or other equivalent things.
      GrapheneOS [wikipedia.org] comes to mind.

      A nice benefit from running such an OS is the quiet that you will experience, not being disturbed by all those childish little pings coming from your phone, begging for your attention.

(1)