News – Page 5 – Hawk Toolbox by LeadsOnline

TechDirt: Don’t Want To Be Part Of A Geofence Warrant Line-Up? You Have Options.

November 3, 2023/in News /by Samantha Roussel

October 30, 2023 | TechDirt | By Tim Cushing |

Google is an internet powerhouse. It’s home to the most-used search engine in the world. It has its own operating system and its own line of cell phones. It also has its own cell phone service. It has ad services, a suite of web-based productivity apps that are (somewhat compatible) with a bunch of Microsoft software, an app store, and a considerable amount of consumer loyalty.

To keep all of this running by keeping all of this profitable (although it’s the ads that actually make the money), Google gathers a ton of data from its users, both implicitly and explicitly.

Google’s desire for data has generated its fair share of legal action and legal threats, ranging from users who think they’ve been wronged to the Department of Justice itself, which believes Google is violating anti-trust laws with its products and services.

That’s why Google has become the go-to source for data cops want to obtain. These requests tend to be the first move in criminal investigations with no readily apparent suspect. Cops send warrants to Google for information on anyone using certain search terms in any certain area — something often referred to as a “keyword” warrant.

Far more common are geofence warrants. A crime occurs and cops send a warrant to Google asking for information on any devices in the area of the crime. From that long list of partial identifiers, investigators hope to find a list of suspects worth pursuing.

The problems with geofence warrants are several. First, most courts aren’t really paying attention to the warrant affidavits, allowing cops to seek whatever information they desire under the theory there’s probable cause to believe Google holds the data requested.

Inattentive judges (or those being actively misled by cops) won’t ask for more details about the area covered by the geofence or the odds that such a request (especially when covering a heavily trafficked or heavily populated area) would necessitate Google searching (on the government’s behalf) all of its users’ data for these particular coordinates.

The government is in the business of obtaining data haystacks from Google and demanding it be trusted to sift through the data without rounding up the unusual suspects — innocent people who just happened to be in the area of criminal activity.

That’s simply not good enough in some cases, which has resulted in judicial pushback on these broad requests. These rebuttals from judges make it clear the government needs more than the broad assumption Google might house the data requested.

Popular with cops. Probably shouldn’t be popular with anyone else. While most people might understand they’ve agreed to share location data with Google, that’s not the same thing as agreeing to share it with the government. And, given Google’s history with location data gathering, there’s a good chance some users may have assumed they never gave Google consent to collect this data.

But you don’t have to be part of this virtual lineup. Tools and options are available for users of Google services, a list of people that likely includes a vast majority of internet users.

Shira Ovide’s article for the Washington Post first details everything that’s extremely questionable about law enforcement’s reliance on geofence warrants.

In a typical search warrant, police have a suspect in mind and ask for a judge’s approval to search their home, phone data and other potential evidence. Legal experts are generally fine with those targeted warrants to Google.

In the large-scale search term and location warrants, police know a crime occurred but don’t know who might have committed it.

They come up with what could be potential evidence — the location near a crime or a search term like “pipe bomb” — and ask a judge to order Google to provide information on people who match those criteria.

“That’s not the way criminal investigations are supposed to go,” said Jumana Musa, director of the Fourth Amendment Center of the National Association of Criminal Defense Lawyers.

That’s correct. Warrants are supposed to be particular (in the legal sense of the word) and supported by probable cause the search will turn up evidence of criminal activity. The warrants served to Google force the company to search the entirety of its data stores to provide data responsive to the warrant. And cops don’t actually believe it is involved in the crime being investigated. All they feel they have to show a court is that it’s probable Google houses the data it seeks. Whether or not the data can be linked to a suspect is conveniently ignored.

Legal rulings on these warrants are all over the place. Given the relative novelty of this technique, it’s unlikely individual federal circuits — much less the Supreme Court — will be delivering clarifying precedent any time soon.

Given that fact, it’s probably best to just remove yourself from this equation. The most tenacious will find a way to live life without Google products, services, operating systems, or hardware. For everyone else, Ovide details how people can opt out of most Google services to ensure they won’t be swept up the next time cops decide an criminal investigation requires nothing more than a few mouse clicks.

In the “Activity controls” settings of a personal Google account, you can turn on or off the option for Google to save records of everywhere you go with your phone or other mobile device.

[…]

You can also delete all or parts of your Location History data.

To minimize Google’s data on what you search, go to the Activity controls and click “turn off” in the Web & App Activity section. It helps to use Chrome and Google web search without logging into a Google account.

These steps should help keep you from being swept up by geofence warrants. “Should” is the operative term, though. Whatever you’ve decided to stop handing over to Google directly may, at points, be gathered indirectly via ad partners or sites/apps/services that heavily integrate Google infrastructure.

Even if it’s impossible to quit Google completely, a few small steps will lower your Google footprint, making it a bit more difficult to end up on a digital lineup provided by Google to investigators who have no idea who they’re looking for but know exactly where to go to get a bunch of data without being asked too many questions from their judicial oversight. The more you know, as they say. And the more you know, the less Google knows about you.

Read the original article HERE.

Connected cars’ dirty little secret: They’re the trailing edge of 5G adoption

October 3, 2023/in News /by Samantha Roussel

October 2, 2023 | By Rob Pegoraro | Light Reading |

At MWC Las Vegas, telecom industry execs suggested ways to pull out of a tech deployment parking lot.

LAS VEGAS – MWC23 – The connected-car industry has a paradox hiding under its hood: While the radio in a new car will have to serve for years and possibly decades longer than the radio in a new phone, vehicles rolling off assembly lines today remain far more likely to include only 4G connectivity.

At MWC Las Vegas, a panel track Thursday morning yielded that warning, but also forecasts of safer roads, more personalized in-car experiences and expanded business models that a 5G-fueled future can deliver for connected vehicles.

Connected cars as a trailing indicator
The program opened with TechInsights analyst Roger Lanctot outlining the box that automakers have put themselves in by sticking with LTE—by that research firm’s estimates, 5G won’t show up on most new light-duty vehicles produced until 2027. And that looked optimistic compared to Qualcomm’s estimate of 2028 for 5G to cross 50%, as shared by product-management VP Jeff Arnold in a later talk Thursday.

“If an automaker, I can do most of the applications we’re talking about with LTE,” Lanctot said. But while that’s been cheaper in the short run, over the long term it will yield vehicles left offline, a risk carmakers should know from the forced retirement of GM’s first-generation, AMPS-only OnStar system: “LTE ain’t gonna be around for 15-20 years.”

In his presentation, Lanctot painted a picture of carmakers searching for directions while driving, as seen in such recent developments as Daimler reprovisioning from AT&T to T-Mobile while BMW is now moving from T-Mobile to Verizon. He also nodded to GM backing away from an unpopular move to stick a $1,500 mandatory surcharge for three years of OnStar connectivity into vehicle prices (which he characterized as “we really haven’t figured out how to sell this to the consumer”) while Toyota opted to make its own connectivity free for the first 10 years.

Getting with the 5G program is the only viable path forward, especially when carmakers like GM back away from supporting smartphone-projection systems like Apple’s CarPlay and Google’s Android Auto in favor of having apps run directly in a car’s display, a much more bandwidth-intensive scenario. Lanctot said car data usage is now going from hundreds of megabytes to between four and six gigabytes monthly.

The rise of electric cars represents another boost to 5G adoption, he continued: “They’re starting from scratch, so automakers can accelerate the adoption of these systems.”

But the strongest incentive to move to 5G is the most straightforward: the chance to make more money. Lanctot cited a TechInsights survey that estimated automakers could boost revenues by 10% in 2027 by selling features over the air, which would be good for $450 billion over 100 million vehicles averaging $45,000 each. Another survey found that customers in the U.S., Western Europe and China would most likely pay subscriptions for safety and comfort features.

(BMW might disagree, having given up on selling seat warming on a subscription basis.)

In his talk, Qualcomm’s Arnold sketched out a vision of predictive intelligence that evoked having Google Assistant take the wheel.

“It promises to make the cockpit interactions even more personalized,” he said. “The vehicle can plan your routing for your drive; it can predict where you’re going to go.”

The topic of driver privacy didn’t come up in his talk or those of others on this panel track—with the exception of an overview of efforts to develop a secure, private, cross-platform standard for sharable digital car keys.

C-V2X: expect delays
Prospects also appeared more complicated for another technology that was supposed to boost demand for car connectivity: “C-V2X,” as in “cellular vehicle to everything” networks that allow traffic lights, sensors, and other vehicles to inform vehicles about their surroundings.

On the one hand, such firms as Tesla and Waymo have decided to keep all the critical processing for their autonomous driving inside each vehicle so an overloaded network doesn’t leave a self-driving car stalled in traffic.

On the other hand, as multiple speakers noted, C-V2X adoption has remained a voluntary proposition in the U.S. and Europe, while China’s government has mandated its use. As a result, TechInsights expects that 90% of V2X deployments will happen in China over the next three to four years.

In the U.S., V2X faces the added obstacles of the FCC rerouting its connected-vehicle strategy in 2020 to C-V2X away from the earlier DSRC (Dedicated Short-Range Communications) standard while also reassigning some of the 5.9 GHz frequencies eyed for DSRC for unlicensed applications. This pivot drew political and legal pushback. The FCC has since been granting approval for V2X projects on a case-by-case waiver basis; for instance, in August, the FCC okayed 17 applications.

Brad Stertz, VP of government affairs for Audi of America, said in a panel: “For automakers, it’s tough to get ahead of the regulations.”

What might coax carmakers and municipalities to deploy V2X without a Washington hand pushing it forward?

Having it automate a first- or last-mile solution could help.

“I think there is consumer demand for a car that comes to me when I need it,” Lanctot said in a nod to Halo, which now has remotely-driven cars coming to car-share customers around Vegas. He also put in this wish list item for future travel: “I want to pull up to the terminal and just let the rental car find its way to the parking lot.”

Quantifiable time or efficiency improvements can also ease the sales pitch.

“We think C-V2X’s compelling argument is avoiding problems,” Stertz said, He pointed to a test of having school buses use V2X to cue up traffic-signal prioritization, which yielded fuel-economy improvements of at least 12% and also meant that students eligible for free breakfast got to their schools on time to eat it.

Audi’s passenger cars can’t get a green light extended. Still, the company already offers a Traffic Light Information System option that animates a dashboard display indicating when an upcoming light will turn green or red and offering corresponding driving advice.

An executive with AT&T – which announced an expanded partnership with the EV maker Rivian at the show – pointed to the carrier’s work with HAAS Alert to send real-time notifications to compatible cars about approaching first-responder vehicles.

“It seems so simple, but to execute this is challenging,” said Ashton Pierre, director of connected-car business development at AT&T, in another Thursday panel. “You can see visually when an emergency vehicle is approaching.”

But V2X can also benefit people who aren’t in any powered vehicle. In another one of the panels in this Thursday-morning session, the CTO of an Atlanta suburb pinned down one upside of what he called “a pretty large investment,” on the order of $8 million, in building out V2X infrastructure that’s also helped animate a set of autonomous battery-electric shuttles.

Brendan Branham, CTO of Peachtree Corners, said: “Now the vehicle that’s 200 yards away knows that there’s a person in the crosswalk.”

Read the original article HERE.

Attorney General Bonta Announces $93 Million Settlement Regarding Google’s Location-Privacy Practices

September 19, 2023/in News /by Samantha Roussel

September 14, 2023 | State of California – Department of Justice | Press Release |

Contact: (916) 210-6000, agpressoffice@doj.ca.gov

OAKLAND — California Attorney General Rob Bonta today announced a $93 million settlement with Google resolving allegations that its location-privacy practices violated California consumer protection laws. The settlement follows a multi-year investigation by the California Department of Justice that determined Google was deceiving users by collecting, storing, and using their location data for consumer profiling and advertising purposes without informed consent. In addition to paying $93 million, Google has agreed to accept strong injunctive terms to deter future misconduct.

“Our investigation revealed that Google was telling its users one thing – that it would no longer track their location once they opted out – but doing the opposite and continuing to track its users’ movements for its own commercial gain. That’s unacceptable, and we’re holding Google accountable with today’s settlement,” said Attorney General Bonta. “I want to thank my Consumer Protection Section for their work on this matter and for securing important privacy safeguards on behalf of all Californians.”

Based in Mountain View, California, Google generates the majority of its revenue from advertising, and location-based advertising (or geotargeted advertising) is a critical feature of Google’s advertising platform because advertisers want the ability to market to users based on their geographical locations. Google also uses their location data to build behavioral profiles of users to help determine which ads to serve users.

In a complaint filed with the proposed stipulated judgment, Attorney General Bonta alleges that Google deceived users in numerous ways regarding how it collected, stored, and used a person’s location data. For example, the complaint alleges that Google falsely told users that if they turned off the “Location History” setting, then Google would not store their location data. However, according to the complaint, even when a user turned Location History off, Google continued to collect and store that user’s location data through other sources. The complaint also alleges that Google deceived users about their ability to opt out of advertisements targeted to their location.

Under the settlement, Google must pay the state $93 million and be subject to a number of injunctive terms that will protect the privacy interests of California users, including requirements that Google:

– Show additional information to users when enabling location-related account settings.
– Provide more transparency about location tracking.
– Provide users with detailed information about the location data that Google collects and how it is used through a “Location Technologies” webpage.
– Disclose to users that their location information may be used for ads personalization.
– Disclose to users before using Location History data to build ad targeting profiles for users.
– Obtain review by Google’s internal Privacy Working Group and document approval for all material changes to location-setting and ads personalization disclosures that will have a material impact on privacy.

A copy of the complaint and proposed stipulated judgment, which details the aforementioned settlement terms and remains subject to court approval, can be found here and here.

Read the original press release HERE.

Are Your iPhone’s Location Services a Convenience or Concern?

September 18, 2023/in News /by Samantha Roussel

September 14, 2023 | By Hiba Fiaz | Make Use Of |

Your iPhone’s Location Services feature has its fair share of pros and cons, making it essential to strike a balance between privacy and convenience.

Key Takeaways:

– Your iPhone uses a variety of methods, such as GPS, cell tower triangulation, and Wi-Fi positioning to determine your location accurately and efficiently.
– Location Services on your iPhone provide numerous benefits, including real-time traffic and weather updates, location-based reminders, and support for emergency services.
– However, there are concerns associated with Location Services, such as privacy and security risks, battery drainage, and targeted advertisements. To balance convenience and concerns, you can control app access to your location and regularly review your location settings.

Your iPhone uses your location to give you a myriad of different features that offer unparalleled convenience. But as is the rule with everything in this world, as the benefits expand, so do the concerns.

Here, we’ll dive into the dual nature of iPhone’s Location Services, discussing its pros and cons while offering practical insights on how to strike a harmonious balance between the two.

How Your iPhone’s Location Services Work
Your iPhone barely takes a few seconds to figure out where you are, but have you ever wondered how? It uses a mix of hardware and software features to determine your exact position, beginning with GPS. GPS allows your device to communicate with satellites to precisely pinpoint your exact coordinates.

While this is highly accurate, it also tends to be slow. A-GPS (Assisted GPS) is employed to enhance speed and accuracy by combining satellite data with Wi-Fi and cellular signals. Next comes cell tower triangulation, which estimates location based on the proximity of cell towers. Wi-Fi positioning system (WPS) utilizes a database of known Wi-Fi network locations. Bluetooth, motion sensors, and beacons are also used.

Ultimately, your iPhone uses a blend of all these methods to determine your indoor and outdoor location. When GPS signals are weak, one of the other methods is focused on, and vice versa. This is also how you trace and find your phone’s location.

The Benefits of Using Location Services on Your iPhone
Your location provides plenty of different features that may otherwise be unavailable to you, and we’ll give you a short overview of a handful of them below.

One of the most practical advantages comes in the form of real-time traffic and weather updates. Your location will allow you to effortlessly plan your route, avoid traffic jams, and prepare for the weather ahead before you leave your house.

You are also privy to location-based reminders, a huge asset to help you remember to do something when you arrive at or leave a specific place. You can be reminded to pick up groceries when you pass by the store or to leave a text for someone as soon as you reach work. The possibilities are endless.

Next up, and probably the most crucial of the lot, is the ability of location tracking to support emergency services. You may not need it often, but you’ll be thankful when your iPhone can relay your exact location to first responders, potentially saving someone from a life-threatening scenario. So, make sure you always know how to use the Emergency SOS feature on your iPhone.

Geotagging of photos is also courtesy of Location Services, where your iPhone can embed location data in your pictures so that you can revisit memories in your Photos app based on where they were captured.

Beyond these personal benefits, location access also enhances app services, and food delivery tops that list. Moreover, personalized shopping apps can recommend nearby stores, deals, and discounts based on your location. And don’t forget home services, spas, or the nearest mechanic—you won’t find anything without your location turned on.

Concerns Associated With Your iPhone’s Location Services
The numerous advantages of Location Services are closely followed by a slew of disadvantages, beginning with the anxiety and discomfort of being tracked. As iPhones continuously gather data about your whereabouts, your privacy and security are increasingly compromised, and the threat of your personal information being misused is always looming over you.

Location-based cybercrimes, harassment, and theft are plausible scenarios if your information falls into the wrong hands. Rest assured, an occurrence like this is near-impossible, with Apple’s security being top-notch at all times.

Once you’ve put your fears to rest, you have to deal with the performance and functionality changes in your iPhone brought about by Location Services. Keeping this feature on takes a big toll on your device’s battery, as the constant tracking consumes a lot of power. Your battery drains quickly, even without using a location-based app or service.

Then comes the saga of targeted advertisements, a topic of endless debate. We’re sure all of you know what it feels like to be bombarded with hundreds of ads that appear to know what you want and are looking for. This can be pretty intrusive and unnerving for many people, leading to panic and massive mistrust, making it even harder for people to trust their iPhones with their location.

Balancing Convenience and Concern: Privacy Settings and User Control
With so many pros and cons, it may be hard to make an absolute decision and stick to it. You may have privacy concerns, but you’d also like to order a meal every now and then. The key is to learn how to strike a balance to have the best of both worlds.

First and foremost, it’s crucial to identify which apps necessarily require your location. Not every app needs it, and giving it to them can potentially compromise security. Maps, food delivery, weather, and ride-sharing apps are some apps that you can put under the essential list. Turn off Location Services on your iPhone for all other apps by heading to Settings > Privacy & Security > Location Services.

Second, choose when these apps have access to your location. Just because you have your location enabled for an Uber ride does not mean the app needs to know where you are 24 hours a day. When granting location access, choose While Using the App instead of Always to mitigate this. You can get the job done, and your battery and privacy are both protected.

Once you’ve taken care of these two things, the last step is to regulate and check Location Services routinely. Revisit your iPhone’s location settings often to check what apps can access your location and revoke it for apps you no longer use or need. If an app gets an update, educate yourself on their new privacy regulations so you stay informed of the changes taking place.

The Final Verdict on Your iPhone’s Location Services
Real-time updates, food delivery, home services, emergency features, and geotagging are advantages you get when you enable Location Services on your iPhone. However, these conveniences come with a price in the form of privacy issues, battery drainage, cybercrime, and increased targeted advertisements.

The key to navigating this lies in achieving a delicate balance by carefully selecting apps with location access and specifying when exactly they are allowed to use it. Head to your iPhone’s Settings app to make these changes today.

Read the original article HERE.

Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?

September 18, 2023/in News /by Samantha Roussel

September 13, 2023 | By Cooper Quintin | Electronic Frontier Foundation (EFF) |

Cell-site simulators (CSS)—also known as IMSI Catchers and Stingrays—are a tool that law enforcement and governments use to track the location of phones, intercept or disrupt communications, spy on foreign governments, or even install malware. Cell-site simulators are also used by criminals to send spam and engage in fraud. We have written previously about the privacy implications of CSS, noting that a common tactic is to trick your phone into connecting to a fake 2G cell tower. In the U.S. every major carrier except for T-Mobile has turned off their 2G and 3G network.¹
But many countries outside of the U.S. have not taken steps to turn off their 2G networks yet, and there are still areas where 2G is the only option for cellular connections. Unfortunately almost all phones still support 2G, even those sold in countries like the U.S. where carriers no longer use the obsolete protocol. This is cause for concern; even if every 2G network was shut down tomorrow the fact that phones can still connect to 2G networks leaves them vulnerable. Upcoming changes in iOS and Android could protect users against fake base station attacks, so let’s take a look at how they’ll work.

In 2021, Google released an optional feature for Android to turn off the ability to connect to 2G cell sites. We applauded this feature at the time. But we also suggested that other companies could do more to protect against cell-site simulators, especially Apple and Samsung, who had not made similar changes. This year more improvements are being made.

Google’s Efforts to Prevent CSS Attacks
Earlier this year Google announced another new mobile security setting for Android. This new setting allows users to prevent their phone from using a “null cipher” when making a connection with a cell tower. In a well-configured network, every connection with a cell tower is authenticated and encrypted using a symmetric cipher, with a cryptographic key generated by the phone’s sim card and the tower it is connecting to. However, when the null cipher is used, communications are instead sent in the clear and not encrypted. Null ciphers are useful for tasks like network testing, where an engineer might need to see the content of the packets going over the wire. Null ciphers are also critical for emergency calls where connectivity is the number one priority, even if someone doesn’t have a SIM card installed. Unfortunately fake base stations can also take advantage of null ciphers to intercept traffic from phones, like SMS messages, calls, and non-encrypted internet traffic.

By turning on this new setting, users can prevent their connection to the cell tower from using a null cipher (except in the case of a call to emergency services if necessary,) thus ensuring that their connection to the cell tower is always encrypted.

We are excited to see Google putting more resources into giving Android users tools to protect themselves from fake base stations. Unfortunately, this setting has not been released yet in vanilla Android and it will only be available on newer phones running Android 14 or higher,² but we hope that third-party manufacturers—especially those who make lower cost Android phones—will bring this change to their phones as well.

Apple Is Taking Steps to Address CSS for the First Time
Apple has also finally taken steps to protect users against cell site simulators after being called on to do so by EFF and the broader privacy and security community. Apple announced that in iOS 17, out September 18, iPhones will not connect to insecure 2G mobile towers if they are placed in Lockdown Mode. As the name implies, Lockdown Mode is a setting originally released in iOS 16 that locks down several features for people who are concerned about being attacked by mercenary spyware or other nation state level attacks. This will be a huge step towards protecting iOS users from fake base station attacks, which have been used as a vector to install spyware such as Pegasus.

We are excited to see Apple taking active measures to block fake base stations and hope it will take more measures in the future, such as disabling null ciphers, as Google has done.

Samsung Continues to Fall Behind
Not every major phone manufacturer is taking the issue of fake base stations seriously. So far Samsung has not taken any steps to include the 2G toggle from vanilla Android, nor has it indicated that it plans to any time soon. Hardware vendors often heavily modify Android before distributing it on their phones, so even though the setting is available in the Android Open Source Project, Samsung has so far chosen not to make it available on their phones. Samsung also failed to protect its users earlier this year when for months it did not take action against a fake version of the Signal app containing spyware hosted in the Samsung app store. These failures to act suggest that Samsung considers its users’ security and privacy to be an afterthought. Those concerned with the security and privacy of their mobile devices should strongly consider using other hardware.

Recommendations
We applaud the changes that Google and Apple are introducing with their latest round of updates. Cell-site simulators continue to be a problem for privacy and security all over the world, and it’s good that mobile OS manufacturers are starting to take the issue seriously.

We recommend that iOS users who are concerned about fake base station attacks turn on Lockdown Mode in anticipation of the new protections in iOS 17. Android users with at least a Pixel 6 or newer Android phone should disable 2G and disable null ciphers as soon as their phone supports it.

1.T-Mobile plans to disable its 2G network on April 2nd, 2024
2.Specifically phones must be running the latest version of the hardware abstraction layer or HAL.

Read the original article HERE.