Individual privacy and effective law enforcement are both necessary ingredients for democratic civil societies. Those two goals are often at odds with each other, as when determining what is permissible in gathering evidence, whether digital or otherwise. The laws around warrants and other authorizations that codify the use of lawful interception therefore place limits beyond those of the technology itself. In other words, many of the limitations on law enforcement agencies (LEAs) are statutory as opposed to technical.
At the same time, continually evolving technical capabilities and standards – including those created by industry or codified by international standards bodies such as 3GPP and ETSI – are pushing the boundaries of what is possible in lawful intelligence. The interests of these parties may be directly commercial, as when an application vendor chooses to expose customer data for marketing purposes, or they may be oriented more toward customer advocacy and building mindshare by protecting privacy. This dynamic interchange between capability and confidentiality helps shape the technical and legal landscape for lawful intelligence.
Developments in Consumer Location Trackers
Physical tags that attach to and help find easily lost items with mobile tracking apps have been available for more than a decade. The company Tile largely pioneered this technology, which uses Bluetooth to broadcast the tag’s location information. To make it effective beyond Bluetooth’s limited range, trackers also communicate with each other in a mesh network topology, making every device visible to each of the others. This approach is inherently limited, however, by the availability of other peer devices to connect to, without which the tag remains isolated and undiscoverable.
The sparseness of deployed devices largely ceased to be a limiting factor when Apple introduced AirTags, which use a similar approach to Tiles but leverage all iOS devices as nodes on the mesh network. Building on its “Find My” technology, Apple immediately accelerated industry adoption of Bluetooth locator tags. Google has announced plans for a similar suite of products and technologies for the Android mobile ecosystem, making these services available to nearly all of the world’s smartphone users.
Concerns about the misuse of this technology have been widespread and consistent. A primary concern has been the potential for location tags to track people without their knowledge or consent, which could contribute to stalking, for example. In addition to being a clear public safety risk, the abuse of tracking technology is a commercial roadblock for the companies that sell it. In a rare public discussion of location intelligence, Apple and Google have responded with a draft joint specification for use in location-accessory development that limits the potential for covert tracking,.
Together with Google’s introduction of location trackers, adoption of this specification for location tags and other accessories could drive consumer interest in solutions to detect unwanted tracker activity. By publishing a joint specification to support that capability across iOS and Android devices, Apple and Google have explicitly acknowledged that potential. While location tags are peripheral to lawful intelligence, SS8 incorporates these developments as part of its strategic situational awareness.
Growing Digital Footprints of Connected Cars
On another frontier where privacy narratives are playing out, consumers are only beginning to recognize the spectrum of personal information their cars collect on them. Vehicles may gather biometric data, location information, and data from synched phones for example, and build user profiles based on it. Disclosures about the scope of this information are not typically readily available or easily understandable, nor are policies for how that data is used.
The novelty of these capabilities is largely responsible for the lack of controls related to them. In addition, the privacy implications of vehicle-collected data are complex and abstract, making them hard to grasp and understand. It is in the clear public interest to give drivers and passengers better visibility and control over their personal information. It is also in keeping with the precepts of lawful intelligence to govern privacy while providing controlled visibility into personal information only under explicit legal authorization, such as when investigating an alleged drunk driving accident, a hit and run, or a missing person.
In a model reminiscent of the vehicle-history report service CARFAX, the free consumer service Privacy4Cars provides information about the personally identifiable information a particular vehicle collects. Using a vehicle identification number (VIN), the service identifies types of information the vehicle manufacturer collects, as well as categories of entities it shares that information with. The report also links to relevant full-text privacy agreements and tracks when personal information was last purged from the vehicle.
As connected vehicles offer more sophisticated digital services, the accompanying datasphere will become larger and more diverse. Privacy4Cars manifests the reality of growing public awareness around the privacy implications of data collected by our vehicles. Cars are rapidly becoming devices of interest for lawful interception that may rival mobile phones in some respects. The initial conversations underway today are setting the foundations for the privacy landscape regarding connected vehicles tomorrow, which will inform the future of lawful intelligence.
Conclusion
As new technologies continue to expand the type and volume of data available to law enforcement and government intelligence agencies, it is important for mediation and monitoring platforms to include privacy safeguards. At the same time, all stakeholders must agree to laws, standards, and regulations that allow for the intercept of such data in specific, legally authorized situations. In this way, the interests of both private citizens and civil society are protected.
About David Anstiss
David Anstiss is Director of Solution Engineering at SS8 Networks. He has been with SS8 since 2015 and has significant experience in critical network architecture technology and advanced data analytics. He currently works as part of the Technical CTO Group under the leadership of Dr. Cemal Dikmen and is responsible for leading engagement with both intelligence agencies and Communication Service Providers (CSPs) around the world. He has been instrumental in helping them transition to 5G, defining system requirements to meet regulatory compliance. As a member of ETSI, he represents SS8 to ensure the adoption of cloud-native infrastructure is met with industry best practices and to guarantee that compliance of lawful interception is maintained. Learn more about David here on his LinkedIn profile.
About SS8 Networks
As a leader in Lawful and Location Intelligence, SS8 helps make societies safer. Our commitment is to extract, analyze, and visualize the critical intelligence that gives law enforcement, intelligence agencies, and emergency services the real-time insights that help save lives. Our high performance, flexible, and future-proof solutions also enable mobile network operators to achieve regulatory compliance with minimum disruption, time, and cost. SS8 is trusted by the largest government agencies, communications providers, and systems integrators globally.
Intellego® XT monitoring and data analytics portfolio is optimized for Law Enforcement Agencies to capture, analyze, and visualize complex data sets for real-time investigative intelligence.
LocationWise delivers the highest audited network location accuracy worldwide, providing active and passive location intelligence for emergency services, law enforcement, and mobile network operators.
Xcipio® mediation platform meets the demands of lawful intercept in any network type and provides the ability to transcode (convert) between lawful intercept handover versions and standard families.
To learn more, contact us at info@ss8.com.