informa
/
Commentary

Electronic Warrantless Surveillance: What IT Should Know

Today, in the name of public safety, federal and local government agencies are piling up advanced technologies to monitor people, with little regard for the basic principles of privacy. Here's what businesses and individuals need to know.

However new, cheaper, passive technologies, based on WiFi and IMSI, are now in the police surveillance device market.

Jugular, PocketHound, and Wolfhound are trade names of a few handheld units that can be carried by officers and used to track cellphones in a limited area.

Those devices are not engaging the phones, they just "listen" to radio chatter when phones communicate with a cell tower and capture their unique IDs. At the same time, their manufacturers claim that "passive" listening doesn't require a warrant. It is like the ALPR technology but applied to anyone carrying a phone in his/her pocket.

Why IT Should Pay Attention

The rise of electronic surveillance creates serious problems for corporations, too.

More and more executives carry large amounts of information in mobile devices and connect to corporate servers through cellular mobile data. If data transmitted is not properly encrypted and secured it can end up in databases unknown to the company. Is there anything we can do to protect corporate data?

There are some steps CIOs can take to minimize the risk, although not completely eliminate it. First, ensure that any access to sensitive information is only allowed via secure VPN, with strong encryption and two-factor authentication.

Second, if possible, fully encrypt the mobile devices carrying corporate data. Both the iOS and Android operating systems permit full encryption of the devices, with keys known only to the owner, something that some law-enforcement agencies are trying to stop.

Many companies also use mobile device management solutions, such as one from AirWatch. This allows them to easily set up security policies, limit access to certain data and services, and remotely wipe data from stolen or compromised devices.

For some people who need maximum protection, solutions such as the one from Silent Circle can protect their devices against attacks from IMSI catchers, WiFi snoopers, and other forms of electronic surveillance.

[It may not be surprising, but learn Why AT&T's 'Willingness' To Help NSA Is Alarming.]

A few years ago Judge Lisa Pupo Lenihan, of the US District Court for Western Pennsylvania, wrote an opinion about a law enforcement request to access location records held by a cellphone carrier. She said, "permitting surreptitious conversion of a cellphone into a tracking device without probable cause raises serious Fourth Amendment concerns, especially when the phone is monitored in the home or other places where privacy is reasonably expected."

Lenihan added, "Law enforcement's investigative intrusions on our private lives, in the interests of social order and safety, should not be unduly hindered, but must be balanced by appropriate degrees of accountability and judicial review."

If you are really concerned about electronic surveillance and how cellular carriers, government agencies, and Internet companies are tracking you, use public transportation, pay everything in cash, and, most importantly, leave your phone at home.