Project for Privacy and Surveillance Accountability (PPSA)
  • Issues
  • Solutions
  • SCORECARD
    • Congressional Scorecard Rubric
  • News
  • About
  • TAKE ACTION
    • PRESS Act
    • Fourth Amendment Is Not For Sale Act
    • Over 3 Million Searches
  • Issues
  • Solutions
  • SCORECARD
    • Congressional Scorecard Rubric
  • News
  • About
  • TAKE ACTION
    • PRESS Act
    • Fourth Amendment Is Not For Sale Act
    • Over 3 Million Searches

 NEWS & UPDATES

Police Impersonators Fool Meta, Apple into Giving Up Personal Data

4/5/2022

 
Picture
The United States has 18,000 police jurisdictions. When law enforcement officers in any one of these U.S. jurisdictions want to view the activity of an American’s social media account or a phone number associated with it, they should – as the Fourth Amendment requires – obtain a warrant or subpoena from a court and submit it to a social media platform.
 
Unless it’s a matter of life and death.
 
Current practice allows for “emergency data requests,” often cases in which someone has been kidnapped or in which violence is believed to be imminent. When such a request is made by U.S. law enforcement or by any of tens of thousands of foreign agencies, social media companies usually comply immediately, no warrant required.
 
This is a good faith workaround, which functions well provided everyone acts in good faith. Bloomberg reports that Meta, Apple, VoIP provider Discord, and other platforms have responded to data requests that were forged by hackers, who compromised email domains of police systems to make emergency requests for private data, including home addresses. The hackers forged the signatures of real law enforcement officials. When that wasn’t possible, they made up fictional officers.
 
Bloomberg reports that Apple received 1,162 emergency requests from 29 countries over six months in 2020. Apple provided data in response in 93 percent of those requests. Meta received 21,700 emergency requests in the first six months of 2021 from around the world. Meta provided data in response to 77 percent of those requests.
 
“In every instance where these companies messed up, at the core of it there was a person trying to do the right thing,” Allison Nixon, chief research officer at cyber firm Unit 221B told Bloomberg. “I can’t tell you how many times trust and safety teams have quietly saved lives because employees had the legal flexibility to rapidly respond to a tragic situation unfolding for a user.”
 
Investigators believe this recent raft of forged emergency data requests is the handiwork of misfits, possible juveniles. In the hands of experienced criminals, or malevolent state actors, such trickery could endanger lives and threaten national security. There is no common program among companies to evaluate such requests.
 
It strikes us that developing a seamless and adaptable software verification program for companies to evaluate law enforcement data requests might be a worthwhile (and perhaps lucrative) project for some startup.

Comments are closed.

    Categories

    All
    2022 Year In Review
    Analysis
    Call To Action
    Congress
    Congressional Hearings
    Congressional Unmasking
    Court Hearings
    Court Rulings
    Digital Privacy
    Facial Recognition
    FISA
    FOIA Requests
    Fourth Amendment Is Not For Sale Act
    Government Surveillance
    Insights
    In The Media
    Lawsuits
    Legislation
    News
    Opinion
    Podcast
    PPSA Amicus Briefs
    Private Data Brokers
    SCOTUS
    SCOTUS Rulings
    Spyware
    Stingrays
    Surveillance Issues
    Surveillance Technology

    RSS Feed

© COPYRIGHT 2022. ALL RIGHTS RESERVED. | PRIVACY STATEMENT