| ▲ | alexpotato 5 hours ago |
| I always like to mention how Paula Broadwell was identified as David Petraeus' mistress as it's a good example of how even without a phone you can still be identified. - FBI had three distinct IPs linked to emails - They geolocated those back to 3 different hotels - They pulled the guest list from each of the hotels - Did a "join" on them and the only guest at all 3 was Broadwell https://en.wikipedia.org/wiki/Paula_Broadwell#Petraeus_affai... |
|
| ▲ | hackthemack 4 hours ago | parent | next [-] |
| When news broke about the affair, I remembered, 6 months prior, watching an episode of the Daily Show where Jon Stewart interviewed Paula Broadwell and they even made jokes about if her husband was jealous of her spending so much time interviewing David Petraeus. https://archive.org/details/COM_20120127_020000_The_Daily_Sh... |
|
| ▲ | tantalor 4 hours ago | parent | prev | next [-] |
| It's also a good demonstration how probable cause is supposed to work. In this case, the subpoena probably looked something like "this email must have been sent by one of your guests, so give us the guest list and we'll cross check and find the guy". Contrast with the geofence subpoena. "Hey maybe some small % of people carry a phone that might send its location to you, can we check if they did?" It's ludicrous. |
| |
| ▲ | JoshTriplett 3 hours ago | parent | next [-] | | > give us the guest list and we'll cross check and find the guy An entire guest list is still a broader fishing expedition than should normally be permitted. Warrants should be much more targeted than that. (Of course, many companies seem happy to give overly broad information without even requiring a warrant...) | | |
| ▲ | xboxnolifes 3 hours ago | parent [-] | | A guest list on a single day seems pretty fine grained if you looking for someone who was there on that day. Im not sure how they would get much more fine grained than that without already knowing the answer ahead of time. | | |
| ▲ | JoshTriplett 2 hours ago | parent [-] | | You have the IP address and the time. For many hotels, that'd give you a specific room number and guest. | | |
| ▲ | zamadatix 2 hours ago | parent | next [-] | | The IP address on hand is probably the hotel's public address used for NAT, especially in 2012. This means you'd need to have full NAT logs + source port + something like a captive portal setup that forces the user to identify the room to be able to tie (externalIp, sourcePort) to (user, room). The captive portal type isn't unheard of for hotels, even in 2012, but the NAT logs... it's no surprise they had to ask for the room list. | |
| ▲ | mminer237 2 hours ago | parent | prev | next [-] | | With IPv4 there's zero chance of that. At most, you could get all the people who were using [Gmail] around that time. With IPv6, mayyybe, but that assumes the hotel does as much data collection as possible and does it correctly. | | | |
| ▲ | xboxnolifes 2 hours ago | parent | prev [-] | | Assuming the hotel had customer specific login info and the person you are looking for was using it, sure. |
|
|
| |
| ▲ | trogdor 2 hours ago | parent | prev | next [-] | | In this case it was a warrant, and the Supreme Court’s ruling does not hold that the warrant violated the fourth amendment. Edit: looks like I misunderstood what you were referring to by “this case” | |
| ▲ | Natsu 2 hours ago | parent | prev [-] | | > Contrast with the geofence subpoena. "Hey maybe some small % of people carry a phone that might send its location to you, can we check if they did?" It's ludicrous. In the case before SCOTUS, there was a witness who mentioned seeing the suspect in a particular area and that they were on their phone. So it's not a large inferential leap to say that call records would lead to evidence of who the witness saw in this particular case. That said, Minnesota has an even broader right, so even this sort of warrant might not pass muster in states like that. |
|
|
| ▲ | Terr_ an hour ago | parent | prev | next [-] |
| Similarly, for the people who don't see the big deal about geo-data, consider that knowing (A) where a phone "goes to work" and (B) where it "sleeps" is usually enough to uniquely identify a person, even when there's a large degree of inaccuracy in the coordinates. Almost nobody who works near my office lives in my apartment complex, and vice-versa. |
| |
| ▲ | matheusmoreira 11 minutes ago | parent [-] | | The sheer tradecraft necessary for privacy and anonymity these days is so absurd. One would need to do things like somehow buying burner phones untraceably, removing the battery when not in use and only ever turning them on in a specific location that's completely unlinked from one's normal everyday activity, and only use the phone for one specific purpose in order to prevent identity cross contamination. The depths of compartmentalization necessary for this stuff almost seems to require that the person develop a split personality. |
|
|
| ▲ | ptsneves 3 hours ago | parent | prev | next [-] |
| The whole Petraeus affair[1] is a wiki 'telenovela'. The only things missing are references to Corintian leather. I will share gossip tomorrow, even if old news. [1] https://en.wikipedia.org/wiki/Petraeus_scandal |
|
| ▲ | novaleaf 2 hours ago | parent | prev | next [-] |
| obligatory link: https://en.wikipedia.org/wiki/Parallel_construction |
|
| ▲ | remarkEon 5 hours ago | parent | prev [-] |
| This is also a great example of map resection. |
