Police seek Amazon Echo data in murder case (updated)

Amazon’s Echo devices and its virtual assistant are meant to help find answers by listening for your voice commands. However, police in Arkansas want to know if one of the gadgets overheard something that can help with a murder case. According to The Information, authorities in Bentonville issued a warrant for Amazon to hand over any audio or records from an Echo belonging to James Andrew Bates. Bates is set to go to trial for first-degree murder for the death of Victor Collins next year.

Amazon declined to give police any of the information that the Echo logged on its servers, but it did hand over Bates’ account details and purchases. Police say they were able to pull data off of the speaker, but it’s unclear what info they were able to access. Due to the so-called always on nature of the connected device, the authorities are after any audio the speaker may have picked up that night. Sure, the Echo is activated by certain words, but it’s not uncommon for the IoT gadget to be alerted to listen by accident.

Police say Bates had several other smart home devices, including a water meter. That piece of tech shows that 140 gallons of water were used between 1AM and 3AM the night Collins was found dead in Bates’ hot tub. Investigators allege the water was used to wash away evidence of what happened off of the patio. The examination of the water meter and the request for stored Echo information raises a bigger question about privacy. At a time when we have any number of devices tracking and automating our habits at home, should that information be used against us in criminal cases?

Bates’ attorney argues that it shouldn’t. “You have an expectation of privacy in your home, and I have a big problem that law enforcement can use the technology that advances our quality of life against us,” defense attorney Kimberly Weber said. Of course, there’s also the question of how reliable information is from smart home devices. Accuracy can be an issue for any number of IoT gadgets. However, an audio recording would seemingly be a solid piece of evidence, if released.

Just as we saw with the quest to unlock an iPhone in the San Bernardino case, it will be interesting to see how authorities and the companies who make smart home devices work out the tension between serving customers, maintaining privacy and pursuing justice.

Update: An Amazon spokesperson gave Engadget the following statement on the matter:

“Amazon will not release customer information without a valid and binding legal demand properly served on us. Amazon objects to overbroad or otherwise inappropriate demands as a matter of course.”

As a refresher, Echo only captures audio and streams it to the cloud when the device hears the wake word “Alexa.” A ring on the top of the device turns blue to give a visual indication that audio is being recorded. Those clips, or “utterances” as the company calls them, are stored in the cloud until a customer deletes them either individually or all at once. When that’s done, the “utterances” are permanently deleted. What’s more, the microphones on an Echo device can be manually turned off at any time.

Source: The Information

Engadget RSS Feed

Florida court rules police can demand your phone’s passcode

A Florida man arrested for third-degree voyeurism using his iPhone 5 initially gave police verbal consent to search the smartphone, but later rescinded permission before divulging his 4-digit passcode. Even with a warrant, they couldn’t access the phone without the combination. A trial judge denied the state’s motion to force the man to give up the code, considering it equal to compelling him to testify against himself, which would violate the Fifth Amendment. But the Florida Court of Appeals’ Second District reversed that decision today, deciding that the passcode is not related to criminal photos or videos that may or may not exist on his iPhone.

Obviously, this has implications for Constitutional protections of a civilian’s data contained behind a smartphone’s multi-digit passcode. Previously, a 2014 decision by the Virginia Beach Circuit Court found that individuals can’t be compelled to give up their phone’s code, but they could be forced to unlock it with a fingerprint, should that option be available.

The distinction? A passcode requires a person to divulge actual knowledge, while a fingerprint is considered physical evidence, like a handwriting sample or DNA. This interpretation sources back to the Supreme Court’s 1988 Doe v. U.S. decision, in which it ruled that a person may be compelled to give up a key to a strongbox, say, but not a combination to a wall safe.

The three-judge Appeals Court panel in Florida disagreed with this distinction. They also found the comparison out of step with the current state of technology, such that providing the passcode would not be as similarly self-incriminating as directly giving the authorities evidential documents. Further, the police were beyond probable cause of searching suspect Aaron Stahl’s code-locked phone, as Judge Anthony Black wrote for his fellows in the court’s decision:

“Moreover, although the passcode would allow the State access to the phone, and therefore to a source of potential evidence, the State has a warrant to search the phone—the source of evidence had already been uncovered … Providing the passcode does not “betray any knowledge [Stahl] may have about the circumstances of the offenses” for which he is charged.”

Black clarified what kind of foreknowledge authorities would need to possess to compel someone to divulge their phone’s passcode:

“In order for the foregone conclusion doctrine to apply, the State must show with reasonable particularity that, at the time it sought the act of production, it already knew the evidence sought existed, the evidence was in the possession of the accused, and the evidence was authentic … Although the State need not have “perfect knowledge” of the requested evidence, it “must know, and not merely infer,” that the evidence exists, is under the control of defendant, and is authentic.”

Via: The Daily Dot

Source: Courthouse News

Engadget RSS Feed

Apple logs your iMessage contacts and could share them with police

Apple’s iMessage had a few security holes in March and April that potentially leaked photos and contacts, respectively. Though quickly patched, they are a reminder that the company faces a never-ending arms race to shore up its security to keep malicious hackers and government agencies out. But that doesn’t mean they will always be able to keep it private. A report from The Intercept states that iMessage conversation metadata gets logged in Apple’s servers, which the company could be compelled to turn over to law enforcement by court order. While the content of those messages remains encrypted and out of the police’s hands, these records list time, date, frequency of contact and limited location information.

When an iOS user types in a phone number to begin a text conversation, their device pings servers to determine whether the new contact uses iMessage. If not, texts are sent over SMS and appear in green bubbles, while Apple’s proprietary data messages appear in blue ones. Allegedly, they log all of these unseen network requests.

But those also include time and date stamps along with the user’s IP address, identifying your location to some degree, according to The Intercept. Like the phone logs of yore, investigators could legally request these records and Apple would be obliged to comply. While the company insisted that iMessage was end-to-end encrypted in 2013, securing user messages even if law enforcement got access, Apple said nothing about metadata.

Apple confirmed to The Intercept that it does comply with subpoenas and other legal requests for these exact logs, but maintained that message content is still kept private. Their commitment to user security isn’t really undermined by these illuminations phone companies have been giving this information to law enforcement for decades but it does illustrate what they can and cannot protect. While they resisted FBI requests for backdoor iPhone access earlier this year and then introduced a wholly redesigned file system with a built-in unified encryption method on every device, they can’t keep authorities from knowing when and where you text people.

Source: The Intercept

Engadget RSS Feed