Feeds

Court limits in-car FBI spying

But only because it crippled some safety features

  • alert
  • submit to reddit

SANS - Survey on application security programs

An appeals court this week put the brakes on an FBI surveillance technique that turns an automobile driver's on-board vehicle navigation system into a covert eavesdropping device, after finding that the spying effectively disables the system's emergency and roadside assistance features.

The case arose from a 2001 FBI surveillance operation in Las Vegas, in which agents obtained a court order compelling a telematics company to secretly activate the stolen vehicle recovery feature in a customer's car. The feature, designed to listen-in on car thieves as they cruise around in a stolen auto, turns on a dashboard microphone and pipes conversations out over a cellphone connection - normally to the company's response center, but in this case to an FBI listening pos0t.

After initially complying for 30 days, the company asked a federal judge to block the order. It lost, and filed the appeal with 9th U.S. Circuit Court of Appeals while complying with the order. The proceeding were handled in strict secrecy, and the text of the final ruling omits the name of the company. Geri Lama, a spokesperson for General Motors subsidiary OnStar, says it wasn't them.

Court records strongly point to OnStar's Texas-based competitor ATX Technologies, which makes the "Tele Aid" systems used in Mercedes vehicles: the description fits the Tele Aid systems, and the Dallas-based attorney listed as arguing the appeal is also representing ATX in unrelated civil litigation in Texas. ATX spokesman Gary Wallace said he couldn't immediately comment.

Emergency Services Blocked

Under federal law, the FBI can obtain court orders compelling telecommunications companies, ISPs, landlords and others to assist the Bureau in spying on customers. But the law requires that surveillance in such cases be conducted "unobtrusively and with a minimum of interference with the services" provided by the company. With the navigation system's cellular link dedicated full time to eavesdropping, the system had no way to communicate with the company's response center if the roadside assistance or emergency reporting features were activated, according to the court's split 2-1 decision.

"Pressing the emergency button and activation of the car's airbags, instead of automatically contacting the Company, would simply emit a tone over the already open phone line," the majority wrote. "[T]he FBI, however well-intentioned, is not in the business of providing emergency road services, and might well have better things to do when listening in than respond with such services... The result was that the Company could no longer supply any of the various services it had promised its customer, including assurance of response in an emergency."

The decision, released Tuesday, is only binding in the 9th Circuit, which covers eight western U.S. states and Hawaii. Other federal circuits have not addressed the issue.

Despite the reversal, David Sobel, an attorney with the Electronic Privacy Information Center, says the ruling is not a victory for privacy. "Although the bottom line is that the surveillance order was rejected, the real effect of it is that this kind of monitoring is permissible as long it does not interfere with the service," says Sobel. "It underscores the fact that it's becoming increasingly difficult to escape the reach of surveillance capabilities."

Copyright ©

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.