Mobile Phone Unlocking, Now Less Illegal?

On Friday, President Obama signed a mobile phone unlocking bill into law. Some observers have taken to describing S. 517, the Unlocking Consumer Choice and Wireless Competition Act, as a permission slip for consumers. Here’s a sample:

The New York Times: “you will no longer be breaking the law if you unlock your cellphone”
The Los Angeles Times: “makes it legal once again for consumers to unlock their cellphones”
CNET: “makes unlocking a cell phone legal again”

Those explanations aren’t quite accurate. The new law (temporarily) shields consumers from the Digital Millennium Copyright Act. It is, by design, a narrow fix; it expressly leaves other sources of legal liability untouched. … 

Is Instacart Deceptive?

A few weeks ago, a Stanford colleague stormed into my office. He had ordered some groceries from Instacart, a buzzy get-it-now startup that recently raised $44 million. My friend thought he had paid a flat $3.99 for delivery from a local store. In fact, he had paid about $20 net of store prices. How, he fumed, could this be legal? From a quick Googling, he isn’t the only one steamed about Instacart’s subtle surcharge.

… 

Questionable Crypto in Retail Analytics

Retail analytics is a fraught field. The premise is straightforward: enable brick-and-mortar stores to track their customers. The technology is straightforward, too: monitor broadcasts from shoppers’ smartphones. Privacy concerns have, however, put a damper on the nascent industry. Regulators, legislators, and advocacy groups have questioned the legitimacy of surreptitiously monitoring shoppers’ gadgets.

Last fall, Senator Schumer announced a grand bargain with retail analytics firms. They will be bound by a “Mobile Location Analytics Code of Conduct,” a set of voluntary practices intended to assuage privacy fears. The document has already been widely panned, both as a product of backroom dealing, and for providing little substantive protection to consumers.

One particular point of contention is how the industry proposes to preserve privacy through cryptography. This post explains the Code of Conduct’s crypto, and demonstrates how it can trivially be undone.

… 

MetaPhone: The Sensitivity of Telephone Metadata

Co-authored by Patrick Mutchler.

Is telephone metadata sensitive? The debate has taken on new urgency since last summer’s NSA revelations; all three branches of the federal government are now considering curbs on access. Consumer privacy concerns are also salient, as the FCC assesses telecom data sharing practices.

President Obama has emphasized that the NSA is “not looking at content.” “[T]his is just metadata,” Senator Feinstein told reporters. In dismissing the ACLU’s legal challenge, Judge Pauley shrugged off possible sensitive inferences as a “parade of horribles.”

On the other side, a number of computer scientists have expressed concern over the privacy risks posed by metadata. Ed Felten gave a particularly detailed explanation in a declaration for the ACLU: “Telephony metadata can be extremely revealing,” he wrote, “both at the level of individual calls and, especially, in the aggregate.” Holding the NSA’s program likely unconstitutional, Judge Leon credited this view and noted that “metadata from each person’s phone ‘reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.’”

This is, at base, a factual dispute. Is it easy to draw sensitive inferences from phone metadata? How often do people conduct sensitive matters by phone, in a manner reflected by metadata?
… 

Advancing Empirical Legal Scholarship: State Materials

Over the past year, I have shared various federal primary legal materials formatted in XML. The project’s focus has been enabling empirical legal scholarship with machine-readable government documents.

This final post is accompanied by state materials, including statutes, court opinions, regulations, and administrative rulings. I continue to welcome feedback from fellow researchers.

… 

MetaPhone: The NSA’s Got Your Number

Co-authored with Patrick Mutchler.

MetaPhone is a crowdsourced study of phone metadata. If you own an Android smartphone, please consider participating. In earlier posts, we reported how automated analysis of call and text activity can reveal private relationships, as well as how phone subscribers are closely interconnected.

“You have my telephone number connecting with your telephone number,” explained President Obama in a PBS interview. “[T]here are no names . . . in that database.”

Versions of this argument have appeared frequently in debates over the NSA’s domestic phone metadata program. The factual premise is that the NSA only compels disclosure of numbers, not names. One might conclude, then, that there isn’t much cause for privacy concern.
… 

MetaPhone: The NSA Three-Hop

Co-authored with Patrick Mutchler.

MetaPhone is a crowdsourced study of phone metadata. If you own an Android smartphone, please consider participating. In an earlier post, we reported how automated analysis of call and text activity can detect private relationships.

Does the National Security Agency have court authority to pore over your phone records? Quite possibly.
… 

MetaPhone: Seeing Someone?

Co-authored with Patrick Mutchler.

Two weeks ago we kicked off the MetaPhone project, a crowdsourced study of phone metadata. Our aim is to inform policy and legal debates surrounding dragnet surveillance programs. We are exceedingly grateful to the hundreds of users who have joined. If you have not yet participated, you can still grab the MetaPhone app for Android.

Today we are excited to share some preliminary results: We can predict many romantic relationships. Automatically. Using solely phone metadata.
… 

Saving Your Cryptographic Front Door

Does the Fourth Amendment protect SSL keys? Not really, argues the executive branch in Lavabit’s appeal. “[A] business cannot prevent the execution of a search warrant by locking its front gate.”1

True enough. But a business does have a constitutional right to keep that gate intact. When executing a warrant, officers must ordinarily announce themselves and afford an opportunity to open up.
… 

What’s In Your Metadata?

Original at Stanford CIS.

Co-authored with Patrick Mutchler. This is a project of the Stanford Security Lab.

We’re studying the National Security Agency, and we need your help.

The NSA has confirmed that it collects American phone records. Defenders of the program insist it has little privacy impact and is “not surveillance.”

Like many computer scientists, we strongly disagree. Phone metadata is inherently revealing. We want to rigorously prove it—for the public, for Congress, and for the courts.

That’s where you come in. We’re crowdsourcing the data for our study. We’ll measure how much of your Facebook information can be inferred from your phone records.

Participation takes just a few minutes. You’re eligible if you’re in the United States, use an Android smartphone, and have a Facebook account.

To get started, grab the MetaPhone app from Google Play.