Tuesday 18 June 2019

No matter how we try to evade it, technology has us all cornered

Elaine O'Hara
Elaine O'Hara

Adrian Weclker

If you have a phone in your pocket - any basic phone - then it is very difficult to remain undetected in today's Ireland.

Mobile operators log your location by default, and hold this information for a year. But even when this data is deleted under existing law, your physical phone can reveal much more than you might have thought.

Modern technology is capable of extracting massive amounts of information from devices such as phones, sim cards, memory cards and hard drives, even when the device is dead or has been lying at the bottom of a reservoir for some time.

Gadgets such as Cellebrite's Universal Forensic Extraction Device can extract text messages, photos, passwords, location logs and details of other devices that the phone has come into contact with over Bluetooth. Even information you thought you had deleted from your phone or your sim card can often be retrieved.

It's not just phones, either. Most modern 'wearable' devices, such as health trackers and smartwatches, have a GPS or location-based component to them, providing a rich source of intelligence about where their owners go.

If you don't store much on your actual phone, everyday online services you use pinpoint and log a lot more about you than you might think, too. This week saw one of the biggest ever European class action law suits go from the Irish High Court to the European Court of Justice. And it is the result of an Austrian student's shock at finding out how much geographic and behavioural information Facebook gathered about him.

In 2011, Max Schrems asked Facebook for all of the personal data - he got a CD with over 1,200 pages on it showing deleted chat conversations, event invitations he hadn't responded to, pokes and details on his physical location identified by computer and phone IP addresses. Much of this was from his phone.

And using a 'burner' pre-pay model doesn't really improve anonymity either. While TV shows depict tech-savvy criminals using alternate pre-pay phones as a security filter, this has proven to be an outdated idea of anonymity. At national security levels, state security organisations target phones physically and then simply hop on to calls made by tapping the relevant networks.

There is even evidence that what many thought to be the most securely encrypted channels - the Tor network, for instance - are now routinely infiltrated and monitored by security agencies.

Time and again, we have seen murderers tripped up by this general advance in forensic detection technology. If gardaí had not recovered two unregistered pre-pay phones at the bottom of a reservoir, Graham Dwyer would almost certainly have not been convicted.

Even with the phones in police custody, Mr Dwyer must have thought that he had a chance to deny association based on the lack of a 'contract' registration. But exhaustive comparative analysis between the phones' locations matched against other elements of his life were enough to persuade a jury that he was the phones' owner. If there is an example of how technology has us cornered even when we think we're being private, the Graham Dwyer case is it.

Irish Independent

Editor's Choice

Also in Irish News