SCOTUSblog: Compelling iPhone Passcodes

Fri. Jan. 29, 2021 |By Andrew Hamm – SCOTUSblog |

This week the SCOTUS Blog highlights cert petitions that ask the Supreme Court to consider, among other things, whether law enforcement can compel testimony in the form of a phone passcode.  A law enforcement officer became the subject of an investigation for allegedly passing information about a narcotics investigation to a suspect.  Investigators seized his phones, but they were unable to unlock the phones to access the data. Officials sought a discovery order to compel the officer to disclose his passcodes, which the officer argued would violate his Fifth Amendment right against self-incrimination. The New Jersey Supreme Court ruled that a passcode, comprising a series of characters, was of “minimal testimonial value” for which the state could — and had here — overcome the constitutional protection by proving the phones belonged to the officer. Claiming state and federal courts are divided on this question, the petition in Andrews v. New Jersey asks the justices to weigh in.

Andrews v. New Jersey
Issue: Whether the self-incrimination clause of the Fifth Amendment protects an individual from being compelled to recall and truthfully disclose a memorized passcode, when communicating the passcode may lead to the discovery of incriminating evidence to be used against him in a criminal prosecution.

Read the full story here.

AT&T-FirstNet launches Band 14 HPUE, z-axis location

Thurs. Jan. 28, 2021 |By Kelly Hill – RCR Wireless News |

AT&T-FirstNet is now offering first responders vertical location capabilities in more than 100 markets, ahead of an April 2021 FCC deadline for having the technology in place to support 911 callers on mobile devices.

The z-axis location information is one of several new technology offerings for public safety that AT&T-FirstNet announced this week. The others are high-power user equipment in Band 14, which it has dubbed “FirstNet MegaRange”, and a new compact deployable that can be purchased by departments and used to connect to FirstNet when other coverage is not available.

The carrier says that z-axis information is available in more than 105 U.S. markets, including Chicago, Dallas, Detroit, Los Angeles, Philadelphia, and San Francisco and that markets are being added weekly to give public safety “a new level of indoor spatial awareness not previously available using traditional GPS-based location methods.” The first app that integrates the information from AT&T-FirstNet is from Intrepid Networks, which offers a situational awareness platform, Response for FirstNet, that includes services like mapping, information sharing and push-to-talk voice.

In addition to the z-axis capability, AT&T-FirstNet said that its standards-based mission-critical push-to-talk (MCPTT) now supports Land Mobile Radio-to-LTE interoperability, so that responders using LMR can talk with others using FirstNet’s MCPTT. The capability is enabled through a Radio Over IP (RoIP) gateway and “seamlessly integrates with almost any LMR system,” according to an AT&T blog post about the interoperability. “Our intention is to ensure FirstNet capabilities are designed to interoperate with the thousands of LMR networks currently in use so that the promise of integrated voice, data and video capabilities for public safety group communications is realized,” the company said. AT&T-FirstNet noted that it now has 11 devices approved for FirstNet PTT.

The public-safety network partnership also added new options for high-power user equipment (HPUE), initially in the form of two modems, which operate at higher power levels in Band 14 to improve cell-edge coverage or better in-building penetration. In addition, public safety agencies can now purchase their own deployable network assets that connect to the FirstNet network, including compact cells-on-wheels (COWs) which link to the cellular network via satellite and can be activated by one person within minutes.

“These innovative mission-driven solutions are equipping first responders with better situational awareness – whether conducting a search and rescue mission in a remote area or on the upper floors of a burning building – all while helping to ensure a seamless, interoperable connection,” said Jason Porter, SVP of the FirstNet program at AT&T.

Read the full story here.

TikTok has User Cell Phone Numbers? Interesting…

Wed. Jan. 26, 2021 |By Zak Doffman – Forbes |

A new warning today for the hundreds of millions of users with TikTok’s app on their phones. If you have your phone number linked to your profile, you should remove it—but, beware, that’s very difficult to do. And while your number is still there, TikTok will use it to track you online. So, here’s what you do now.

If you have TikTok on your phone, there’s a good chance it has your number—it’s the easiest way to sign up for an account and then login. But now security researchers at Check Point suggest you change that. “I see significant privacy risks in users giving TikTok their phone number as an account identifier,” Check Point’s Ekram Ahmed warns. “Phone numbers can be a very powerful data source for tracking location.”

Check Point has issued this warning “given TikTok’s past issues with data security,” according to Ahmed. The security firm has just released a report into the latest such threat. The firm says that a server-side security vulnerability would have enabled an outside actor to query TikTok’s database, pulling private information, linking phone numbers to profiles. This could then have been used to harvest private contact details for celebrities or to build a database of users that could have been targeted at scale. Put simply, throwing lists of random numbers at TikTok returned matching profiles.

Check Point’s Oded Vanunu tells me that the accessible details “included phone numbers, nicknames, profile and avatar pictures, unique user IDs, as well as certain profile settings, such as whether a user is a follower or if a user’s profile is hidden.”

Linking phone numbers to social media profiles is not new—there’s another news story doing the rounds this week about a Telegram bot querying leaked Facebook data to do the same. But anything TikTok related carries extra spice given the U.S. campaign last year—this alleged links between the platform’s parent, ByteDance, and the Chinese state and that users risked their data being spirited back to China…

Read the full story here.

SUV Bicycle Attack Prompts Manhattan Assemblywoman To Unveil Legislation To Help Police Get Cell Phone Locations In Emergencies

Wed. Jan. 27, 2021 |By Jenna DeAngelis – CBS New York|

A man terrorized by teen cyclists in Manhattan’s Flatiron District a month ago is frustrated there’s been little progress in his case, and now an assemblywoman is stepping in with an idea she’s sharing first with CBS2’s Jenna DeAngelis.

The terrifying experience when Max Torgovnick and his mother were inside their SUV under attack by young cyclists on Fifth Avenue on Dec. 29 is a moment he will never forget.  “I literally was fearing for my life, fearing for my safety, fearing for my mom’s life and her safety,” Torgovnick said. For the past month, Torgovnick has been speaking out, calling on the city for systemic change. CBS2 has also gone to the city several times for solutions.

Torgovnick reached out to Manhattan Assemblywoman Rebecca Seawright, who in response is unveiling legislation to help others in emergencies.  It would require cell phone companies to immediately respond to police requests for location information of someone in danger. “It’s passed in 27 other states, and it’s something that we need in New York to help law enforcement respond quickly so there’s no waiting time, so they can respond immediately, like in Max’s situation,” Seawright said.  It’s based on legislation named after Kelsey Smith, an 18-year-old from Kansas who was abducted and killed in 2007.

Her parents say after she went missing, it took their cell phone company several days to give investigators location data needed. Once they got it, her body was found within 45 minutes. Tragedy inspired the Kelsey Smith Act.

“This is a tool for law enforcement to use when somebody is in danger of serious bodily injury or death. That’s the only time it’s used,” father Greg Smith said.  “Just the location. No text messages, no pictures … Just where is the wireless device,” mother Missey Smith said. “The goal is to bring someone home.”

“Kelsey’s story is not the first time that a tragedy could have been prevented if cell phone companies had turned over their records to help find missing persons,” Seawright said. “Passing the Kelsey Smith Act will save lives.”

“We’ve had medical cases where somebody had a stroke or something and they’re unable to speak and they can call 911 but they can’t say anything, and the police are able to use the Kelsey Smith Act to locate that phone and get medical assistance to those people when they need it, so it’s not just a kidnapping type situation,” her parents said. “When we hear the stories of where it did work, I know she’s up in heaven saying go mom, go dad, get it done.”

They’re hoping it’s adopted in New York, as does Torgovnick who says a month after what happened to him, he’s finally seeing some action he’s been pushing for.  “Personally, I think I owe you some of the credit. The local news has not stopped following through on this, and I think that’s important. Especially you and Hazel Sanchez. I mean, you’ve been getting the city’s attention for me in a way that I may not have been able to get on my own,” he said.

He says since CBS2’s latest story last week, he heard from the district attorney’s office.

The NYPD tells us this is still under investigation. So far, one 17-year-old has been arrested.  Separately, Torgovnick is exploring an idea with City Councilmember Ben Kallos to find a way to use cell phone cameras in an emergency.

Read the full story here.

MeWe Gains New Members as Other Social Media Platforms Are Banned From App Stores

Saturday, Jan. 23, 2021 | By James Crowley – Newsweek |

(Hawk Note: This is a BOLO for new social media app increase in use.)

Social media platform MeWe has seen a massive increase in membership over the last few weeks as many people have vowed to leave “big tech” services like Facebook and Twitter.

In an email to Newsweek, a representative for MeWe said that the app gained 2.5 million new members in the week leading up to January 20. The rep added that MeWe’s current membership stands at 16 million, which is double the app’s membership in June 2020, when the company celebrated reaching 8 million members.

MeWe Marketing Director David Westreich summed up the app’s appeal, as he sees it, in his email. “People all over the world are leaving Facebook and Twitter in droves because they are fed up with the relentless privacy violations, surveillance capitalism, political bias, targeting, and newsfeed manipulation by these companies. MeWe solves these problems,” he wrote. “MeWe is the new mainstream social network with all the features people love and no ads, no targeting, no newsfeed manipulation, and no BS.”

In the wake of the riots at the U.S. Capitol on January 6, various tech services took action against platforms like Parler and users deemed dangerous on sites like Facebook and Twitter. Parler was removed from the App Store, and various accounts, including former President Donald Trump, were suspended from sites like Twitter. This led to an exodus by users to platforms like Gab and MeWe.

Some of MeWe’s competitors, including Gab and Parler, are not currently available on distribution platforms like the Apple App Store or the Google Play store. Parler had been removed from the App Store in the days following rioters storming the U.S. Capitol for not moderating potentially harmful content. It was removed from Google Play for similar reasons.

Gab was removed from Google Play in 2017 for violating rules about hate speech, and Apple rejected it from the App Store that same year. On its website, Gab states: “Gab is banned from the Google Play Store and Apple App Store for refusing to censor speech for Google and Apple, but you can still install our Android app on your phone.” It then gives instructions on how to add Gab for both Android and iOS devices.

Unlike these rivals, MeWe’s app is readily available in app stores and ranked as one of the top free apps on Google Play.

MeWe insists it isn’t an “anything goes” platform, noting that “haters, lawbreakers, violence inciters etc. are not welcome,” and that a Trust and Safety team would enforce terms of service. Another tweet said that MeWe was alerting authorities to any illegal activity discussed on its platform.

Westreich sent a similar response to Newsweek when asked why the app hasn’t been banned like some of its competitors, and said that the company communicates with major tech organizations like Google and Apple for positive results. “MeWe has a strong Terms of Service and an outstanding Trust and Safety Team that works hard…to proactively investigate and remove all TOS-violators,” he wrote. “MeWe is unlike ‘anything goes’ sites and apps. MeWe’s relationships with Apple, Google, and AWS are good, and we have been in touch to ensure that MeWe meets their moderation guidelines.”

Gab accused MeWe of being “Big Tech lite,” sharing an article by a website called Reclaim the Net that raised questions about MeWe’s place as a “free speech platform.” In a tweet with a screenshot of MeWe’s “anything goes” tweet, Gab defied MeWe and said that it had “No threats. No illegal activity. No Porn,” and accused its competitor of “cav[ing] to Apple and Google in order to stay on the app stores.”

Westreich detailed different methods that MeWe employs to monitor users, including allowing users to block and report people, a search that doesn’t allow members to search for anything illegal or terms of service violation, and a three-strike policy called “MeWe Jail,” where people are unable to access their account for a certain period of time with their first two strikes and then banned on their third. There are still some exceptions. “Egregious violators are removed from MeWe outright,” the description of MeWe Jail states.

The company can also take further action on more alarming content. “Illegal activity can also be reported to law enforcement at MeWe’s discretion, and law enforcement can follow procedures in our terms to request information from us,” Westreich wrote.

Three services that the company had partnered with were listed “to stop known bad actors at the door and find them if they’ve gotten inside.” He also said that MeWe is stepping up to make sure that it can keep on top of the new users. “Due to recent rapid membership growth, the company is currently expanding its Trust and Safety Team and adding new tools to help moderators find and remove TOS-violators,” he wrote.

Newsweek attempted to reach out to Gab via its support email, but did not receive a response in time for publication.

Read the full story here.