aggregator

The Petya Ransomware Is Starting To Look Like a Cyberattack in Disguise

Slashdot - Your Rights Online - Śr, 2017-06-28 22:46
Further research and investigation into Petya ransomware -- which has affected computers in over 60 countries -- suggest three interesting things: 1. Ukraine was the epicentre of the attack. According to Kaspersky, 60 percent of all machines infected were located within Ukraine. 2. The attackers behind the attack have made little money -- around $10,000. Which leads to speculation that perhaps money wasn't a motive at all. 3. Petya was either "incredibly buggy, or irreversibly destructive on purpose." An anonymous reader shares a report: Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program's decryption failure in a post today, Comae's Matthieu Suiche concluded a nation state attack was the only plausible explanation. "Pretending to be a ransomware while being in fact a nation state attack," Suiche wrote, "is in our opinion a very subtle way from the attacker to control the narrative of the attack." Another prominent infosec figure put it more bluntly: "There's no fucking way this was criminals." There's already mounting evidence that Petya's focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky. Ars Technica has more.

Read more of this story at Slashdot.

More Than 40 ISPs Across the Country Tell Chairman Pai to Not Repeal Network Neutrality

Slashdot - Your Rights Online - Śr, 2017-06-28 21:25
An anonymous reader shares a report: One excuse FCC Chairman Ajit Pai regularly offers to explain his effort to gut net neutrality protections is the claim that open Internet rules have harmed ISPs, especially small ones. During a speech earlier this year, he stressed that 22 small ISPs told him that the 2015 Open Internet Order hurt their ability to invest and deploy. In reality, though, many more ISPs feel very differently. Today, more than 40 ISPs told the FCC that they have had no problem with the Open Internet Order (PDF) and that it hasn't hurt their ability to develop and expand their networks. What is more, that they want the FCC to do its job and address the problem Congress created when it repealed the broadband privacy rules in March.

Read more of this story at Slashdot.

Google Must Delete Search Results Worldwide, Supreme Court of Canada Rules

Slashdot - Your Rights Online - Śr, 2017-06-28 20:45
The Supreme Court of Canada ruled against Google on Wednesday in a closely-watched intellectual property case over whether judges can apply their own country's laws to all of the internet. From a report: In a 7-2 decision, the court agreed a British Columbia judge had the power to issue an injunction forcing Google to scrub search results about pirated products not just in Canada, but everywhere else in the world too. Those siding with Google, including civil liberties groups, had warned that allowing the injunction would harm free speech, setting a precedent to let any judge anywhere order a global ban on what appears on search engines. The Canadian Supreme Court, however, downplayed this objection and called Google's fears "theoretical." "This is not an order to remove speech that, on its face, engages freedom of expression values, it is an order to de-index websites that are in violation of several court orders. We have not, to date, accepted that freedom of expression requires the facilitation of the unlawful sale of goods," wrote Judge Rosalie Abella.

Read more of this story at Slashdot.

FBI Interviews Employees of Russia-Linked Cyber Security Firm Kaspersky Lab

Slashdot - Your Rights Online - Śr, 2017-06-28 19:20
FBI agents on Tuesday paid visits to at least a dozen employees of Kaspersky Lab, a Russia-based cyber-security company, asking questions about that company's operations as part of a counter-intelligence inquiry, multiple sources familiar with the matter told NBC News. From a report: In a classic FBI investigative tactic, agents visited the homes of the employees at the end of the work day at multiple locations on both the east and west coasts, the sources said. There is no indication at this time that the inquiry is part of Special Counsel Robert Mueller's investigation into Russian election meddling and possible collusion. Kaspersky has long been of interest to the U.S. government. Its cyber-security software is widely used in the United States, and its billionaire owner, Eugene Kaspersky, has close ties to some Russian intelligence figures, according to U.S. officials.

Read more of this story at Slashdot.

Toshiba Sues Western Digital For $1 Billion in Damages

Slashdot - Your Rights Online - Śr, 2017-06-28 18:40
Toshiba has raised the stakes in an embittered legal row with its joint venture partner, suing Western Digital for a $1bn in damages and hoping Japanese courts will quash the US firm's interference in the sale of its memory chip business. From a report: The litigation, filed Wednesday in Tokyo District Court, seeks to stop Western Digital from making ownership claims over the enterprise that Toshiba is trying to sell. The Japanese company said in a statement that Western Digital's employees improperly obtained proprietary information. The relationship between Toshiba and Western Digital has gotten more acrimonious, as Toshiba moves toward a sale of the flash-memory division. Last month, Western Digital invoked an arbitration clause in their business agreement, seeking to block Toshiba's transfer of ownership of the unit to a separate legal entity in preparation for a sale. Toshiba, which has since reversed that transfer, then had its lawyers send a letter demanding that the U.S. company stop its "harassment" as Toshiba tries to sell the business.

Read more of this story at Slashdot.

President Trump Attacks Amazon, Incorrectly Claiming That It Owns The Washington Post For Tax Purposes

Slashdot - Your Rights Online - Śr, 2017-06-28 18:00
The Washington Post, which has been critical of Donald Trump and his administration in its coverage, has become the latest victim in Trump's Twitter tirade. On Wednesday, he accused Amazon of not "paying internet taxes (which they should)," adding that the company is using The Washington Post "in a scheme to dodge" the taxes. Quick fact check: Amazon doesn't own The Washington Post, Jeff Bezos -- in his personal capacity -- does. At any rate, Trump's furious tweets come a day after The Washington Post reported that a fake issue of Time magazine with Trump on the cover was hanging in some of the president's golf clubs. The timing of this is also awkward because just last week the president met with Bezos and other top executives to discuss ways the White House can modernize government and aid the tech industry. But the two have a long history. As Recode reminds: Meanwhile, Amazon is about to embark on what could be a lengthy government antitrust review of its bid to buy Whole Foods. Already looming large over the roughly $14 billion deal are the president's own comments: He has previously attacked Bezos and claimed the Post is a tax-dodging scheme for Amazon. "He thinks I'll go after him for antitrust," Trump said at one point during his campaign. "Because he's got a huge antitrust problem, because he's controlling so much, Amazon is controlling so much of what they are doing." Months later, Trump charged: "Believe me, if I become president, oh, do they have problems, they are going to have such problems." Meanwhile, Bezos isn't one to shy about his anti-Trump views either. At one point during the election, Bezos tweeted that he'd save a seat for Trump on his Blue Origin spacecraft, with the hashtag "sendDonaldtospace."

Read more of this story at Slashdot.

Contractors Lose Jobs After Hacking CIA's In-House Vending Machines

Slashdot - Your Rights Online - Śr, 2017-06-28 15:00
An anonymous reader quotes a report from TechRepublic: Today's vending machines are likely to be bolted to the floor or each other and are much more sophisticated -- possibly containing machine intelligence, and belonging to the Internet of Things (IoT). Hacking this kind of vending machine obviously requires a more refined approach. The type security professionals working for the U.S. Central Intelligence Agency (CIA) might conjure up, according to journalists Jason Leopold and David Mack, who first broke the story A Bunch Of CIA Contractors Got Fired For Stealing Snacks From Vending Machines. In their BuzzFeed post, the two writers state, "Several CIA contractors were kicked out of the Agency for stealing more than $3,000 in snacks from vending machines according to official documents... ." This October 2013 declassified Office of Inspector General (OIG) report is one of the documents referred to by Leopold and Mack. The reporters write that getting the records required initiating a Freedom Of Information Act lawsuit two years ago, adding that the redacted files were only recently released. The OIG report states Agency employees use an electronic payment system, developed by FreedomPay, to purchase food, beverages, and goods from the vending machines. The payment system relies on the Agency Internet Network to communicate between vending machines and the FreedomPay controlling server. The OIG report adds the party hacking the electronic payment system discovered that severing communications to the FreedomPay server by disconnecting the vending machine's network cable allows purchases to be made using unfunded FreedomPay cards.

Read more of this story at Slashdot.

Britain's Newest Warship Runs Windows XP, Raising Cyber Attack Fears

Slashdot - Your Rights Online - Śr, 2017-06-28 02:45
Chrisq shares a report from The Telegraph: Fears have been raised that Britain's largest ever warship could be vulnerable to cyber attacks after it emerged it appears to be running the outdated Microsoft Windows XP. A defense source told The telegraph that some of the on-board hardware and software "would have been good in 2004" when the carrier was designed, "but now seems rather antiquated." However, he added that HMS Queen Elizabeth is due to be given a computer refit within a decade. And senior officers said they will have cyber specialists on board to defend the carrier from such attacks.

Read more of this story at Slashdot.

Petya Ransomware Outbreak Originated In Ukraine Via Tainted Accounting Software

Slashdot - Your Rights Online - Śr, 2017-06-28 01:20
An anonymous reader quotes a report from Bleeping Computer: Today's massive ransomware outbreak was caused by a malicious software update for M.E.Doc, a popular accounting software used by Ukrainian companies. According to several researchers, such as Cisco Talos, ESET, MalwareHunter, Kaspersky Lab, and others, an unknown attacker was able to compromise the software update mechanism for M.E.Doc's servers, and deliver a malicious update to customers. When the update reached M.E.Doc's customers, the tainted software packaged delivered the Petya ransomware -- also referenced online as NotPetya, or Petna. The Ukrainian software vendor appears to have inadvertently confirmed that something was wrong when, this morning, issued a security advisory. Hours later, as the ransomware outbreak spread all over Ukraine and other countries across the globe causing huge damages, M.E.Doc denied on Facebook its servers ever served any malware. According to security researcher MalwareHunter, this is not the first time M.E.Doc has carried a malicious software update that delivered ransomware. Back in May, the company's software update mechanism also helped spread the XData ransomware.

Read more of this story at Slashdot.

Police Use Lyft As 'Trojan Horse' To Capture Suspect In Murder of Tech CEO

Slashdot - Your Rights Online - Śr, 2017-06-28 00:40
McGruber writes: On Friday, June 23, 2017, three men broke into the home of Albert Eugene DeMagnus, the CEO of Computer Management Services. The men stabbed DeMangus, who was pronounced dead after he had been taken to a hospital. Police officers chased two of the suspects as they fled in DeMangus' gray Lexus. The Lexus crashed and the two men ran away into the woods. Police then set up a perimeter with road checkpoints. Soon, a Lyft driver approached a checkpoint and told police she was picking up a passenger nearby. "This may be one of our suspects trying to leave the scene," Fayette County, Georgia Sheriff Barry Babb thought of the person being picked up. So Babb and three officers got into his car, which happened to be identical to the Lyft driver's. They got the location of the suspect from the Lyft driver and simply drove to the suspect, posing as his ride. "The subject walked all the way up, was about to open the door and get in our vehicle, when we exited and identified ourself," said Sheriff Babb. The suspect fled and got about 100 yards into the woods before being taken into custody. "That was something that was unique for us," Babb said, "a first time for us."

Read more of this story at Slashdot.

Hacker Behind Massive Ransomware Outbreak Can't Get Emails From Victims Who Paid

Slashdot - Your Rights Online - Wt, 2017-06-27 22:41
Joseph Cox, reporting for Motherboard: On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files. [...] The hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their "personal installation key." This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That process is not possible now, though. "Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account with, wrote in a blog post. "Our anti-abuse team checked this immediately -- and blocked the account straight away.

Read more of this story at Slashdot.

Heritage Valley Health System Target Of Cyber Attack

Slashdot - Your Rights Online - Wt, 2017-06-27 21:20
The Heritage Valley Health System says it has been hit with a cyber attack. From a report: A spokeswoman confirmed the attack Tuesday morning. "Heritage Valley Health System has been affected by a cyber security incident. The incident is widespread and is affecting the entire health system including satellite and community locations. We have implemented downtime procedures and made operational adjustments to ensure safe patient care continues un-impeded." Heritage Valley is a $480 million network that provides care for residents of Allegheny, Beaver, Butler and Lawrence counties, in Pennsylvania; parts of eastern Ohio; and the panhandle of West Virginia. Also read: Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack; Reports Claim the Ransomware Is Quickly Spreading Across the World.

Read more of this story at Slashdot.

China's All-Seeing Surveillance State Is Reading Its Citizens' Faces

Slashdot - Your Rights Online - Wt, 2017-06-27 19:20
China's government is using facial-recognition technology to help promote good behavior and catch lawbreakers, reports the WSJ. From the article: Facial-recognition technology, once a specter of dystopian science fiction, is becoming a feature of daily life in China, where authorities are using it on streets, in subway stations, at airports and at border crossings in a vast experiment in social engineering (alternative source). Their goal: to influence behavior and identify lawbreakers. Ms. Gan, 31 years old, had been caught on camera crossing illegally here once before, allowing the system to match her two images. Text displayed on the crosswalk screens identified her as a repeat offender. "I won't ever run a red light again," she said. China is rushing to deploy new technologies to monitor its people in ways that would spook many in the U.S. and the West. Unfettered by privacy concerns or public debate, Beijing's authoritarian leaders are installing iris scanners at security checkpoints in troubled regions and using sophisticated software to monitor ramblings on social media. By 2020, the government hopes to implement a national "social credit" system that would assign every citizen a rating based on how they behave at work, in public venues and in their financial dealings.

Read more of this story at Slashdot.

Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack; Reports Claim the Ransomware Is Quickly Spreading Across the World

Slashdot - Your Rights Online - Wt, 2017-06-27 16:34
A massive cyber attack has disrupted businesses and services in Ukraine on Tuesday, bringing down the government's website and sparking officials to warn that airline flights to and from the country's capital city Kiev could face delays. Motherboard reports that the ransomware is quickly spreading across the world. From a report: A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack on Tuesday that disrupted some operations (a non-paywalled source), the Ukrainian central bank said. The latest disruptions follow a spate of hacking attempts on state websites in late-2016 and repeated attacks on Ukraine's power grid that prompted security chiefs to call for improved cyber defences. The central bank said an "unknown virus" was to blame for the latest attacks, but did not give further details or say which banks and firms had been affected. "As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations," the central bank said in a statement. BBC reports that Ukraine's aircraft manufacturer Antonov, two postal services, Russian oil producer Rosneft and Danish shipping company Maersk are also facing "disruption, including its offices in the UK and Ireland." According to local media reports, the "unknown virus" cited above is a ransomware strain known as Petya.A. Here's how Petya encrypts files on a system (video). News outlet Motherboard reports that Petya has hit targets in Spain, France, Ukraine, Russia, and other countries as well. From the report: "We are seeing several thousands of infection attempts at the moment, comparable in size to Wannacry's first hours," Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard in an online chat. Judging by photos posted to Twitter and images provided by sources, many of the alleged attacks involved a piece of ransomware that displays red text on a black background, and demands $300 worth of bitcoin. "If you see this text, then your files are no longer accessible, because they are encrypted," the text reads, according to one of the photos. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."

Read more of this story at Slashdot.

Google Slapped With $2.7 Billion By EU For Skewing Searches

Slashdot - Your Rights Online - Wt, 2017-06-27 16:00
Google suffered a major regulatory blow on Tuesday after European antitrust officials fined the search giant 2.4 billion euros, or $2.7 billion, for unfairly favoring some of its own search services over those of rivals. The European Commission concluded that the search giant abused its near-monopoly in online search to "give illegal advantage" to its own Shopping service. Margrethe Vestager, the EU's competition commissioner, said Google "denied other companies the chance to compete" and left consumers without "genuine choice." The hefty fine marks the latest chapter in a lengthy standoff between Europe and Google, which also faces two separate charges under the region's competition rules related to Android, its popular mobile software, and to some of its advertising products. From a report: Google has 90 days to "stop its illegal conduct" and give equal treatment to rival price-comparison services, according to a binding order from the European Commission on Tuesday. It's up to Google to choose how it does this and it must tell the EU within 60 days of its plans. Failure to comply brings a risk of fines of up to 5 percent of its daily revenue. [...] "I expect the Commission now to swiftly conclude the other two ongoing investigations against Google," Markus Ferber, a member of the European Parliament from Germany. "Unfortunately, the Google case also illustrates that competition cases tend to drag on for far too long before they are eventually resolved. In a fast-moving digital economy this means often enough that market abuse actually pays off and the abuser succeeds in eliminating the competition." Google has been pushing its own comparison shopping service since 2008, systematically giving it prominent placement when people search for an item, the EU said. Rival comparison sites usually only appear on page four of search results, effectively denying them a massive audience as the first page attracts 95 percent of all clicks. In a blog post, Google said the EU has "underestimated" the value Google's services brings to the table. "We believe the European Commission's online shopping decision underestimates the value of those kinds of fast and easy connections. While some comparison shopping sites naturally want Google to show them more prominently, our data show that people usually prefer links that take them directly to the products they want, not to websites where they have to repeat their searches. We think our current shopping results are useful and are a much-improved version of the text-only ads we showed a decade ago. Showing ads that include pictures, ratings, and prices benefits us, our advertisers, and most of all, our users. And we show them only when your feedback tells us they are relevant. Thousands of European merchants use these ads to compete with larger companies like Amazon and eBay. [...] Given the evidence, we respectfully disagree with the conclusions announced today. We will review the Commission's decision in detail as we consider an appeal, and we look forward to continuing to make our case," wrote Kent Walker, SVP and General Counsel at Google.

Read more of this story at Slashdot.

Zillow Threatens To Sue Blogger For Using Its Photos For Parody

Slashdot - Your Rights Online - Wt, 2017-06-27 03:25
Kate Wagner is facing potential legal charges by real estate Zillow for allegedly violating the site's terms of service by reproducing images from their site on her blog. Wagner's blog is called McMansion Hell -- a Tumblr blog that "highlights the absurdity of giant real estate properties and the ridiculous staging and photography that are omnipresent in their sales listings," writes Natt Garun via The Verge. From the report: A typical McMansion Hell blog post will have a professional photo of a home and / or its interior, along with captions scattered throughout by Wagner. She also adds information about the history and characteristics of various architecture styles, and uses photos from the likes of Zillow and Redfin to illustrate how so many real estate listings inaccurately use the terms. Under each post, Wagner adds a disclaimer that credits the original source of the images and cites Fair Use for the parody, which allows for use of copyrighted material for "criticism, comment, news reporting, teaching, scholarship, and research." In a cease and desist letter to Wagner, Zillow claims Wagner's reproduction of these images do not apply under the Copyright Act. Additionally, the company claims McMansion Hell may "[interfere] with Zillow's business expectations and interests." As a result of the potential lawsuit, Wagner has temporarily taken McMansionHell.com down. In a statement to The Verge, Zillow said: "Zillow has a legal obligation to honor the agreements we make with our listing providers about how photos can be used. We are asking this blogger to take down the photos that are protected by copyright rules, but we did not demand she shut down her blog and hope she can find a way to continue her work."

Read more of this story at Slashdot.

China, Canada Vow Not To Conduct Cyberattacks On Private Sector

Slashdot - Your Rights Online - Wt, 2017-06-27 02:45
New submitter tychoS writes from a report via Reuters: China and Canada have signed an agreement vowing not to conduct state-sponsored cyberattacks against each other aimed at stealing trade secrets or other confidential business information. The new agreement was reached during talks between Canada's national security and intelligence adviser, Daniel Jean, and senior communist party official Wang Yongqing, a statement dated June 22 on the Canadian government's website showed. "This is something that three or four years ago (Beijing) would not even have entertained in the conversation," an unnamed Canadian government official told the Globe and Mail, which first reported the agreement. The new agreement only covers economic cyber-espionage, which includes hacking corporate secrets and proprietary technology, but does not deal with state-sponsored cyber spying for intelligence gathering.

Read more of this story at Slashdot.

Judge Sentences Man To One Year In Prison For Hacking Smart Water Readers In Five US Cities

Slashdot - Your Rights Online - Pn, 2017-06-26 23:20
An anonymous reader writes: A Pennsylvania man was sentenced to one year and one day in prison for hacking and disabling base stations belonging to water utility providers in five cities across the U.S. East Coast. Called TGB, these devices collect data from smart meters installed at people's homes and relay the information to the water provider's main systems, where it is logged, monitored for incidents, and processed for billing. Before he was fired by the unnamed TGB manufacturing company, Flanagan's role was to set up these devices. After he was fired, Flanagan used former root account passwords to log onto the devices and disable their ability to communicate with their respective water utility providers' upstream equipment. He wasn't that careful, as the FBI was able to trace back the attacks to his home. Apparently, the guy wasn't that silent, leaving behind a lot of clues. Flanagan's attacks resulted in water utility providers not being able to collect user equipment readings remotely. This incurred damage to the utility providers, who had to send out employees at customer premises to collect monthly readings. He was arrested in Nov 2014, and later pleaded guilty.

Read more of this story at Slashdot.

Indie Game Developer Shares Free Keys on The Pirate Bay

Slashdot - Your Rights Online - Pn, 2017-06-26 20:40
Jacob Janerka, developer of the popular indie adventure game 'Paradigm,' recently spotted a cracked copy of his title on The Pirate Bay. But, instead of being filled with anger and rage while running to the nearest anti-piracy outfit, Janerka decided to reach out to the pirates. Not to school or scold them, but to offer a few free keys. From a report: "Hey everyone, I'm Jacob, the creator of Paradigm. I know some of you legitimately can't afford the game and I'm glad you get to still play it :D," Janerka's comment on TPB reads. Having downloaded many pirated games himself in the past, Janerka knows that some people simply don't have the means to buy all the games they want to play. So he's certainly not going to condemn others for doing the same now, although it would be nice if some bought it later. "If you like the game, please tell your friends and maybe even consider buying it later," he added.

Read more of this story at Slashdot.

EFF to Supreme Court: No Real-Time Cell Phone Tracking Without a Warrant

Electronic Frontier Foundation - Pn, 2017-06-26 19:20

Washington, D.C.—The Electronic Frontier Foundation (EFF) urged the U.S. Supreme Court to review a troubling ruling that allows police to obtain—without a warrant—location data from people’s cell phones to track them in real time.

EFF, joined by the Center for Democracy & Technology and the Constitution Project, filed a brief today asking the nation’s highest court to review the decision in U.S. v. Rios, a drug trafficking case. The court should accept the case for review and make clear that the Fourth Amendment requires a warrant for real-time location tracking—whether the tracking occurs via a GPS device on your car or the collection of location data generated by cell phones or other Internet-connected devices.

Protecting the highly personal location data stored on or generated by digital devices is one of the 21st century’s most important privacy issues. We carry our cell phones everywhere, and the location data they generate can be used to create a precise and comprehensive record of our everyday movements, such as when we visit the doctor, attend a protest, take a trip, meet with friends, or return home. Law enforcement officials are increasingly requesting cell phone location data from telecommunications providers to track down suspects, and courts have issued conflicting opinions about whether those demands require a warrant.

“The government should not be allowed to turn a cell phone into a real-time tracking device without complying with the Fourth Amendment,” said EFF Staff Attorney Andrew Crocker. “The Supreme Court has already ruled that Fourth Amendment protections apply when law enforcement secretly places a GPS device on a car. Tracking cell phones is even more invasive because people carry their phones with them at all times, revealing information about their whereabouts that couldn’t be learned by following their cars. We’re asking the Supreme Court to clarify that tracking people as they move from public spaces into private areas, such as their homes or the homes of others, is an invasion of privacy that, at a minimum, requires a warrant.”

In Rios, the police did get a warrant to track the defendant’s cell phone in real time, but last year the U.S. Circuit Court of Appeals for the Sixth Circuit said a warrant wasn't needed. The appeals court based its ruling on a flawed 2012 decision it reached in an unrelated drug trafficking case, in which it found that there’s no privacy protections for this data because people “voluntarily” carry cell phones with them. In both cases, the court ignored the privacy expectations of millions of innocent people for whom using a cell phone is not “voluntary,” but rather a necessity.

These decisions also contradict a Florida Supreme Court ruling—in a case that also involved tracking a suspect’s phone in public—that people have an expectation of privacy under the Fourth Amendment in cell phone location records.

“The Sixth Circuit got it wrong in 2012, and it was wrong to import that faulty ruling to the Rios case. But in the meantime, the Florida Supreme Court got it right. That means that depending on where you are in the country, you may or may not have constitutional protection against warrantless cell phone tracking. It’s time for the Supreme Court to step in and clarify that the Fourth Amendment prohibits warrantless real-time cell phone tracking,” said EFF Senior Staff Attorney Jennifer Lynch.

For the brief:
https://www.eff.org/document/rios-v-united-states-eff-brief

Contact: Andrew Crocker