Saturday, April 30, 2016

GPS Evidence: Better Cybersecurity through GeoPrinting*

Digital devices, computers, cell phones, and tablets are more mobile today than ever before. They are also wired for more sensors than ever before. These sensors detect movement, orientation, g-forces and, yes, GPS generated location fixes. Digital devices know where they are, and often know where they have been, and, with appropriate software, are probably are capable of predicting where they will be used in the future, based on historical records.

Both because of their value as strictly as hardware and because of the valuable data they store, digital devices are the targets of thieves. Because they are always with us, digital devices are also susceptible to accidental loss, loss that can leave them in the hands of those who might not return them, or use the data on them for their own purposes.

Digital devices are often portals to the authorized user's entire life “on the cloud.” Because owners often allow nearly automatic logins from portable digital devices in their possession, others can easily “take over” email, banking, and other security sensitive websites or applications. Thus, the loss of a digital device might not just endanger what is on that device, but rather endanger the owner's financial, commercial, social and emotional future: the owner's entire “Cloud Persona.” Furthermore, because portable digital devices often hold business, professional or otherwise confidential data trusted to the authorized user, hacking, theft or loss can effect entire business ventures or threaten government security.

How do we protect ourselves from these threats in a connected digital age? Answer: GeoSecurity: The practice of raising or lowering portable device digital security based on whether the device is within a valid GeoPrint location for the device, and the process of both heightening security to access the device, and digitally informing cloud accessed applications to raise or lower security standards based on the current device location. As explained below, digital devices can become much safer by recording where they are usually used, then requiring less security in those familiar physical locations, and much higher security when used outside the familiar locations.

A “personal” digital device is only used from one physical location at one time, as the authorized user has only . Because most portable digital devices are equipped with GPS chips, those devices know and can record where they are currently being used, and where they have been used before, and the paths between those points (if activated.) For instance, an I-pad owner might use their I-pad at home (Point A), at their office (Point B), at their health club (Point C), and at selected friends houses (Points D, E, and F.) Previously recorded locations are safer, because if someone logs into the digital device, it is likely to be the owner or an authorized user of the portable digital device.

Points A through F are lower risk locations, because these are locations. Software can “learn” device owner locations and keep them in memory after a “training period” of a week, two weeks,etc., or tie them to a locational database such as vehicle tracking databases like those used by some insurers. These recorded points, and travel between them, would be the authorized user's GeoPrint.

Establishing the “GeoPrint” [Digital locational fingerprint]:
We all travel in patterns: to work, to school, to social locations, ect. We carry our portable digital devices with us [Ipads, Iphones, Tablets, Cell Phones, etc.] These devices have sensors that “know where they are,” and can preserve and record locational information in several ways: GPS chips can write track records, Cell phones connect to certain cell towers throughout the course of a day or trip, etc. Software can be written to record those geographic locations and establish a GeoPrint: Digital geographic “fingerprinting” based on a portable digital device's unique GPS track record based on the user's repetitive cyclical travel patterns over the course of time. Like a fingerprint, our travel patterns are unique based on our daily obligations. Some trips will repeat daily, others, several times a week, and some, once a month or so. Rarely, trips will be seasonal, such as seasonal but repetitive trips to cottages in the summer, or ski locations in the winter. Good software will allow for a baseline GeoPrint, and allow for high security authorized additions to the baseline record, which will eliminate the need for repetition in following seasons or years.

Protecting our Devices With GeoSecurity:
The first line of defense is making sure no one unauthorized gets into our portable devices, so GPS related low and high security zones recording (training?) and comparison should be either part of the operating system, or booted before the operating system boots, so access can be controlled before any device information is exposed.

Therefore, if, suddenly, someone logs into the Ipad from a previously unknown location (Point Z), outside the owner's geoprint, even if the login is correct, there is a much greater chance that the person logging in is not the owner, but a thief or unauthorized user. Should, then, the device lock out the potential user based on location?

No, absolutely not! But, the device can shift to a higher security mode based on the new location, perhaps requiring a second, unrelated password, answer to a security question, or secondary requirement to trace a security drawing in a predetermined manner.

Furthermore, if the higher security feature is attempted and the unauthorized user fails it, the device can be programed to generate predetermined email messages indicating 1) the current GPS location 2) Identities and strengths of nearby network signals (together with whatever ID signals can be gleaned from the networks) and 3) a picture of the party attempting to log in.

Finally, if the higher security mode login passes, the system can query if the user wants to designate the previously unknown area as a new lower security area, and put that GPS information into memory. If so, Point Z would now be designated lower security.

Protecting our Cloud Personas With GeoSecurity:
The second line of defense would be software added or activated from cloud based providers. To prevent these providers from “tracking” the device owner, apps on the device can handle the training, and make a determination whether the device is in a low or high security location (where low is where the owner usually logs in, and high is “everywhere else.”) Then the local app would simply flag the cloud application to use low or high security for the current transaction – for high security, it would require additional password(s), security questions, or logging. Cloud applications would be more secure simply by “listening” to the high or low security recommendations from the app.

Of course, the owner might try to log in from a device that does not generate a GPS fix – which, in itself, would probably require higher security, because it might not be the owner. In such situations, sensitive cloud apps might use other determinations, like networks logged in from, locations of network nodes, and the like, to determine that lower security should be used, or let the owner make a decision AFTER passing a high security login requirement a single time. Better practice would be using Desktop GeoChronoSecurity, described below, after authorizing the desktop for certain times of use.

Using GPS device location as a factor in determining what security measures should be used would make mobile devices less subject to theft, online account more secure from hacking, while allowing device owners to access their accounts with reasonably lowered risks. Device owners can dial in a margin of locational error they are comfortable with, from a few hundred feet to a few miles, and still enjoy better security.

Temporary Geographic Changes
While we travel to usual places regularly, there will be times when our geographic “fingerprint” is just not valid – vacations, extended hospital stays, etc. Good security software will allow a valid user (determined by passing the high security test) to temporarily reduce security – but for a specific preprogrammed time period, so at the return from vacation, the former GeoSecurity scheme automatically resumes. This removes the possibility the user will forget to resume the program.
Such changes can be chronologically AND physically based to reduce risks, such as restrictions to the city the user is visiting for a period of three days, changing to the next city for two days. While less secure than continuous high security, such a plan reduces risk of data loss and limits risk in a high risk situation.

Permanently Changing the Digital Fingerprint:
While we all engage in repetitive movement, viewed over the course of weeks, there are “sea change” times in our lives where everything in our “movement lives” changes – job change moving to a new city, graduating high school and going to college. GeoPrints could be changed by high security login and authorizing the software to "relearn" our travel pattern-which might either replace our previous patterns; or be amended to those travel pattern.  This would allow the college student to return home for the weekend without facing high security software challenges.  

Enhancements - GeoChronoprint:
Those who desire both the best in security and the best ease of access might want to use not only a GeoPrint but a GeoChronoprint: A combination of location AND TIME at that location. A GeoChronoprint would record not only past locations, but time frames at that location, or times in transit. These could be used to develop location and time based rules for lower security access, with other other times and places requiring higher security access. For example, your device “learns” that your are at your location “workplace” from 9 am to 5 pm. Therefore, it won't allow low security access at 7 pm even if the device is still at your workplace- which is good, because you forgot your phone there and someone is trying to hack it! Of course, there will be some built in “fudge factors” in time frames, as you might get to work late some days, travel at different times, etc. but “windows” of access could easily be built to allow minutes or hours of additional low security access and still improve overall security. Likewise, larger geographic security could allow additional freedom without too much reduction in security. So, a typical test might be “If within 500 feet of Lat. X Long. Y from 7 am to 6 pm, then use low security, otherwise, high security” (if 8 am to 5 pm are usual hours.)

Desktop GeoChronosecurity: Desktops don't move, so why do we need GeoSecurity for desktops? Digtal Personnas can be accessed by both portable and nonportable computers, so if I've locked up my digital access from portable devices with GeoChronosecurity, my nonportable computers either will have high security access at all times (because they don't “know” and can't “tell” where they are) or I will be stuck with low security at all times from my desktop, which means any other desktop from anywhere could act like my desktop to get to my apps with lower security, even when I'm not at my desktop keyboard. The better answer: Authorize specific desktops by using portable devices:
  1. Travel to your desktop with your portable device. Go to “Authorize Desktops” on the GeoSecurity app.
  2. Enable “GeoChronosecurity” by downloading the correct application, or enabling it on the application.
  3. The portable device app will give you both the Long. Lat. GPS location of your desktop AND
  4. A security code you input to the application, different for each desktop. To be authorized the desktop would HAVE to be within your GeoChronoprint (correct time and location) because that is what makes sure you are you!
  5. The desktop will import your GeoChronoprint and only give you desktop low security access at times when your are expected to be at that location (home, for instance) and all other times, high security access would be required.
  6. When you reboot, your desktop should give its location and the current time.
While desktops suffer less thefts, they are just as susceptible as portable devices to hacking. So you may wish to use the principle of exclusion to keep others off your Desktop. Authorizing a desktop gives it a permanent stored GeoPrint that never changes; unauthorized users will attempt to login either with a different locational information or no locational information-and will face high security when trying to log into cloud applications or websites.

GeoExclusion Security: Because there is only one you, you may want to turn on GeoExclusion – that is, the highest security that will exclude the most people (three passwords, security questions, etc.) When you are expected to be in a certain location, your digital devices in that location will return to low security. When you are expected to leave, your devices return to high security. GeoExclusion could also lock out others from your applications when you are both detected on a portable digital device elsewhere, because there is only one of you. Desktops would also benefit from GeoExclusion – If you incorporate your GeoChronoprint in the desktop computer, your software and Cloud apps will know when you are expected to be on the desktop computer, and move to lower security for the duration of your expected stay, then shift back to high security once you leave the premises.

Would GeoSecurity threaten digital privacy?
In a word, no! The entire process could encrypt GPS coordinates, locations, and times. The GeoPrint, or GeoChronoprint, is needed for comparison purposes, and the software could be written in such a way that hides the actual information both from the authorized user and from any network or Cloud Applications. The only question GeoSecurity software needs to answer is “Do I need to lower security here? And now?” by checking if the current location is historically safe, that is, visited before. This simple “Yes or No” answer can be handed off to local software, applications, and Cloud Based software. Therefore, adding GeoSecurity to current web applications would be as simple as adding the extra security features, adding some “hooks” to detect the local software's responses, and adding configuration options to turn on GeoSecurity.  Encrypted GeoChronoprints can be shared with the authorized users other devices by secure means (USB transfer) together with whatever algorithm and keys are needed to sync the GeoSecurity system.

This blog post describes an outline of a digital security system based on past geographic travel that will enhance current security systems by introduction of a unique computer recognized element - gps location - that, while in control of the authorized user, will provide an element of identification that is both nearly impossible to replicate and is created without any additional effort by the authorized user.  Based both on current technological sensors and current software capabilities, it just needs dedicated, and hopefully open sourced coders (under a GNU license) to write the code to link the pieces of the puzzle.  

Thursday, February 25, 2016

GPS Evidence: GPS location data as an element of predictive technologies.

      This blog has examined and discussed GPS tracking evidence in both legal and practical settings. In recent years, GPS evidence creation has become omnipresent in technological devices. These same devices include information about individuals and their surroundings. That information is stored both for the convenience of the individual and for the profit of others who want to market both goods and services to the owners and users of the technology. At this writing, most of the applications don't intelligently use all the information either available to them or data available to actually predict user actions in ways that will assist the users. This blog is about how GPS evidence help can establish what I would call geocontexts, that is, contexts derived from both current geolocation, past geolocational history, and supporting data.
       Take, for instance, the activity of cell phone predictive texting or voice recognition. Current programs are blind, deaf and dumb to their surroundings. They focus on either a few keystrokes, within the message. Newer programs try to predict what the next word will be based on who the message is addressed to. But all ignore the basic context clues that humans rely on every day to attempt to decipher person-to-person face-to-face communication. Geolocation is one of the major communication clues.
        A face to face conversation in a specific geological location (together with its identifying functional context) give humans a great advantage in predicting how a conversation will proceed. Often, people will complete each others sentences because the overall circumstances make the content of the conversation so clear.
         If two strangers dressed in white jumpsuits were ushered into a stark white windowless room, seated across from each other, then asked to predict what the other might talk about, the answer would probably be “could be anything.” A cell phone app or voice recognition software faces the same issue. However, two people talking at a supermarket probably are talking about food, work or family. Two people talking at a car dealer are probably talking about cars. People at a sporting event are probably talking about sports. These people are aware of what is going on around them, the likely subjects to come up in that environment, and even probably have an idea about how the conversation will go. Certain conversations take place at certain times of day, different at 8 a.m. at the front door of a school than at 1:30 a.m. at a bar.
          In the same light, voice recognition and text predictive software could, if taking advantage of all the contextual sensor information available, more reliably predict possible inputs and give much more accurate choices by narrowing down the likely word choices to ones that make sense in the context. For instance, a program could build lists of possible word choices or phrases usually texted or from car repair shops - “e” choices would include “estimate” “exhaust” etc., These targeted libraries would be much more accurate than choices picked from the entire universe of the English language. Voice recognition could be weighted towards an auto repair specific vocabulary, rather than choosing possible words from an entire universe of vocal sounds.
          Since we are all creatures of habit, our devices could learn that, based on our GPS tracking history, we work out at the gym on Tuesdays at 7 am, so texts or voice recognitions that occur either just before or while we are traveling (hopefully, as a passenger) would skew towards exercise talk. If our devices are aware of our schedule and our location, they might actually be able to suggest messages, or send them for us-if I'm late to the dentist, but on my way (as detected by my device) it sends a message telling them when to expect me.
          Trips at certain times to certain places on a regular basis also suggest context, context that can be used by devices (and created by learning) that can serve to limit vocabulary to your choice of destination. Weekly trips to certain restaurants will probably have talk of menu choices, seating choices, reservation times and possible companions. Specific areas can be gleaned from past voice or text driven conversations.
           Devices some day may actually share where both the sender and the desired recipient are, and use that data to make intelligent decisions about both message context (for accurate text/ voice prediction) and intelligent message handling. For instance, messages about what to get at the grocery store can wait to be delivered until the driver going to the grocery store has stopped; whereas messages about a scheduled sporting event that was canceled due to bad weather should be passed immediately to those on the way of the event, but passengers should be notified prior to attempting to notify the driver. The device would know of the scheduled event; know the direction of travel toward the event. While sensors to determine which phone (I.d.ed by phone number) is in which car seating area (thus designating the driver) have yet to be invented, GPS technology might tell who is driving based on a historical driving pattern.
           Where two distantly located people are talking will likely suggest a conversation-two business contacts, one a supplier and one a customer, are likely to limit the conversation to the overlap of the two businesses. A restaurant owner talking to a paper supplier will likely be talking about toilet paper and paper towels. More advanced systems might even identify locations of whole families, relate their schedules based on GPS history, and suggest conversation topics based on all those locations. A text from a minor child at school mid-day, with subsequent exchanges between working parents at their workplaces suggests illness related discussions, and who will pick up the child from school.

         The entire point of this post is that predictive text, voice, and someday autonomous systems have much to gain from GPS generated context evidence. While the universe of human activity is highly varied and complex, the specific activity of specific human beings is much more narrow, more constrained and more predictable than the species as a whole. When tracked and recorded by GPS evidence, autonomous predictive systems can accurately predict the context and content of text and voice behavior, and therefore offer a more accurate, quicker, and less frustrating user experience.

Saturday, October 18, 2014

GPS Evidence: Contact Tracing, refreshed recollection and GPS evidence

      In any serious health care crisis, (communicable disease outbreak,food poisoning, or exposure to chemical or biological hazards), health care agents will likely need to track contacts that a patient has had. At the time I'm writing this blog, Ebola contract tracing is extremely important. While health care contract trackers primarily rely on a patient's memory, the patient, by virtue of their symptoms, will not have as good a memory as they might without whatever illness or impairment that bought them to medical attention. Furthermore, none of us have a good memory for details, especially when the history desired can go back days at best, and weeks at most. A history of contacts can be jumbled against the background of mundane repetitive actions and activities we all engage in to survive, but engage in on autopilot.
            GPS evidence, likely stored either on a cell phone, or with a patient's cell phone provider, can provide a context that will allow a patient to give a better history of events. GPS evidence tracks will give both a locational context and an accurate time line that will help a patient recall details- and these details will lead to potentially missed contacts. For instance, GPS evidence that the patient went to a certain store on a particular evening might jog the memory that the trip was made to buy a pizza, which the patient prepared for a birthday the following day and served to several people, who the patient can then list. With a cell phone GPS time line of when and where, a patient can provide the why, which will probably trigger information about the who.
          GPS evidence can also rule out spurious recollections – by accounting for the patients time, GPS evidence can rule out recollections the patient might have of contacts prior to exposure to the health hazard or communicable disease. Of course, avoiding tracking down people the patient hasn't had contact with clearly saves health care agent resources. Because each actual contact might lead to another string of contacts to investigate, avoiding mistaken investigations might make the difference between containing an outbreak and having sufficient manpower to fully contain an outbreak.
         Where many contacts have GPS enabled cell phones, GPS evidence from the phones themselves can either confirm or refute actual contact between the diagnosed patient and the alleged contact. Agents can compare the patient's GPS track history with the track history of the alleged contact, determine if the two GPS tracks meet, and when they met. If they never met at all (and both the patient and the potential contact agree they both carry their phones at all times), then contact never occurred, and that branch of the investigation can be closed, with confidence.
          Why would the patient allow disclosure of their cell phone GPS evidence history? Because their possible contacts, like relatives, co-workers, and acquaintances, are both innocent and important to the patient. Potential contacts should co-operate for no less reason than to either rule themselves out (and avoid unnecessary treatment and further investigation) or to confirm they are at risk, so they can watch for potential signs or symptoms, so they can go into treatment as soon as possible.
         What of the actual confirmed contact that doesn't have symptoms, but also doesn't have a GPS enabled phone? Health care workers should give such a person a GPS enabled phone, both 1) for quick contact and further checkups; and 2) to easily construct a GPS time and movement history to help that contact develop a chronological and geographically based contact list as soon as symptoms develop.

           Finally, heath care agents themselves should carry GPS tracking devices in case they become infected or exposed to the communicable disease or health hazard. Their own tracks will easily reconstruct positively who they had contact with.   

Sunday, March 18, 2012

GPS Evidence: Ability to Detect True Innocence, and avoid the temptation of Law Enforcement Evidence Fabrication

When you read recent GPS evidence cases, nearly all the cases start with a recitation of the facts that show how law enforcement, when using GPS on a vehicle, discovered evidence of a crime, very often overwhelming evidence, that, by itself, would convict of guilt. You will not read a case that begins like this: "Law enforcement attached a GPS tracking device to vehicle. After tracking for two weeks, no evidence of crime or guilt was found. Without contacting or his family, business associates or physically following him, law enforcement concluded that he was innocent. The GPS device was recovered, the information erased, and the next investigation started. Few law enforcement resources were used on this investigation; an multiple simultaneous investigations (some disclosing crime) were possible."

You also won't read this: "Law enforcement, faced with a clear crime of continuing theft, and several persons who could have committed the theft, chose to use GPS tracking to determine who was committing the crimes. They attached multiple GPS units to possible perpetrator vehicles. Using the GPS tracking data evidence, they determined the guilty party. In addition, they had positive evidence that none of the other possible perpetrators had anything to do with the thefts. None of the innocent possible perpetrators had to face questioning, possible employer prejudice, co-worker disgrace, or were the subjects of rumors or taunts. Nor was the guilty target tipped off an investigation was going on, therefore did not dispose of physical evidence or flee."

Why won't you read these fact summaries in trial court or appeals court cases? Because while most law enforcement activities are only closed by the guilt or conviction of a suspect, it is rare to have positive proof of innocence of the type GPS tracking can provide. (DNA comes the closest.) Proof of innocence allows law enforcement to, in good conscience, close cases, rather than let them sit open. Cases where the targets were found positively innocent, either by physical absence from the scene of crime, no evidence of crime, or positive proof someone else committed the crime in conjunction with positive proof of the target innocence are not tried, and are not appealed. Our system of judicial “error correction” and “policy making” only come into play when the judicial process proceeds past the investigation stage. However, proof of innocence is just as much a sign of a successful investigation as proof of guilt, however rare.

Therefore, GPS evidence gets bad press, because only the problems (loss of privacy and constitutional issues) are reported on. Investigations that quietly exonerate the innocent get no attention.

The importance of GPS evidence of innocence is, therefore:

  1. Maximum Utilization of Law Enforcement Resources: First, because GPS evidence is relatively easy to gather, cheap in terms of human resources, time and energy, getting to a determination of evidence will occur relatively quickly, allowing law enforcement to “move on” to other investigations. Because less resources are needed to investigate murders, more theft investigations can occur, and if less resources are needed for thefts, more fraud investigations take place. In his book, The Tipping Point:How Little Things Can Make a Big Difference, Malcolm Gladwell describes, well, how small changes can and do make big differences. Widespread use of GPS evidence to prove innocence, cheaply and quickly, will allow resources to focus on affirmatively proving the guilt of other parties in other crimes. There are only so many dollars to pay so many officers for so many hours; how they function determines how efficiently they can effectively deter crime. Investigating the innocent is a waste of that time, but no one knows it until either innocence is proven, or investigation is abandon.

  2. Avoiding Wasteful Investigation based on Prejudice or Bias: We all have preconceptions, including law enforcement officers. If a suspect or target happens to fall in a category law enforcement is more likely to, based on past experience, wrongfully accuse, early use of GPS tracking evidence is a good way to methodically either convict (pre-judging a person is wrong; judging on valid evidence is not only right, but just) or exonerate. Even someone who is prejudiced will have a harder time pursing a target where positive evidence shows the target was not near the scene of a crime, or any crime. While GPS evidence along may not convict, it will raise questions the innocent can answer, but the guilty have trouble with, narrow the investigation, and speed the resolution.

  3. Remove Incentives to Falsely Plant Evidence by Law Enforcement: Imagine you are a police officer, and on your belief and urging, dollars, resources, and time have been spent investigating a target. You push on, because each dollar spent might disclose a pile of physical evidence. Yet nothing turns up. You conclude you need more resources; which involves more dollars and time. You boss yells and tells you you'd better be right – promotions depend on it. Finally, you face the truth that there is no evidence that will show up, unless you make it. Because of the cost of the investigation, time, and effort, law enforcement by human nature will want to make something happen, and may be tempted to plant evidence, in order to justify the expense. Never mind that the enforcer has just become the criminal.

    Contrast that to a GPS evidence investigation- with probable cause, law enforcement gets, and abides by, a warrant for GPS tracking. If the tracking shows nothing, they at least attempt to renew the warrant. They can try again, if they feel the need, at a later time. Given the minimum amount of effort for the same investigation, there is little incentive to circumvent the system and “make something happen.” Officers, too, will know how effective GPS trackers are, and know that they, too, could be tracked if they move to the wrong side of the law or take advantage of their badge. GPS deterrence works on both sides of the judicial equation.

  4. Defense Resources – Although Public Defenders client's are not all innocent, some actually are innocent. If those clients are either victims of a fraudulent accusation or simply an innocent understanding, Public Defense (and private defense, if applicable) resources must be used to detect and defend against erroneous charges. Where law enforcement could confirm actual innocence before charging with GPS evidence, targets, and their attorneys, are forced to waste resources just to prove their innocence. Where the target is someone represented by a Public Defender, the pool of resources is limited. There are only so many attorneys to cover so many cases in so much time. True GPS evidence of innocence allows defense attorneys to concentrate resources on other cases, including those for those who are innocent, but don't have a GPS track to prove it.

  5. The Court System – If an objectively innocent investigation target gets into the judicial system, the system will handle it, either by a trial or by a plea. Trials take resources, many resources, from all the actors above. Those trials may have appeals, so more resources are spent. Trial of an objectively innocent person clearly works an injustice and distrust for the system, so the system suffers.

  6. The Penal System – Of course, not all who claim their innocence in jail are; but DNA testing has shown that some are wrongfully convicted and actually are innocent. Undoubtedly, there are others who a GPS track would have exonerated. Therefore, anyone who would be exonerated by GPS tracking evidence, and is objectively innocent, but wrongfully convicted and jailed, costs the system thousands of dollars to incarcerate – to punish a crime the target didn't commit and deter actions the target didn't do in the first place. This takes space that could be used for actual offenders that might end up with lessor punishments, because of prison overcrowding.

GPS evidence, therefore, can be the best friend of the innocent target, law enforcement and the Public defense sector, the judiciary, and the Penal system by proving actual innocence at the outset. But because this proof of innocence all happens with no fanfare, neither the press nor the public know what positive impacts GPS evidence has on the justice system.

Monday, March 5, 2012

GPS Evidence: Getting to “Reasonable” after U.S. vs. Jones

Most who will read this blog will know by now that the U.S. Supreme Court made its ruling in U.S. v. Jones, 565 U. S. ____ (2012)(No. 10–1259). Most will believe the press that the court announced sweeping rules requiring a warrant any time law enforcement uses a GPS to track a vehicle. Some, however, will realize like Professor Orin Kerr, that this was actually a very narrow ruling.

The majority of the Court decided that attaching a GPS

unit to a vehicle was a “trespass,” and that “trespass” constituted a fourth amendment “search.” Because the government attorneys arguing the case at the courts below the Supreme Court didn't address fully whether the search was reasonable, but only argued that it was reasonable at the Supreme Court, the Court found that the issue of “Reasonable Search” was waived-but only for the Jones case.i Future cases that can argue that attaching a GPS unit is reasonable may not be excluded by the 4th amendment.

Of course, the majority opinion and the concurrences would have used different grounds to reverse the decision:common law trespass vs. “reasonable expectation of privacy.” Whether GPS attachment was “reasonable” is important for two reasons: 1) the fourth amendment only protects against unreasonable searches; and 2) there is a whole body of U.S. Law giving law enforcement privileges to “commit acts that would otherwise be a trespass” if under a Duty or Authority Based Upon Public interest, and if they act reasonably. Restatement of Torts (2nd) §265.

The Court seemed to equate the volume of the data a GPS can produce with a trespass, which the concurrence attacked as leading to “vexing” future problems. Clearly, this is a rational approach, analogous to viewing the tiny trespass of a few lines of computer code loaded into an unsuspecting computer transferring reams of information to law enforcement.

My reading of the opinion is that the government, in the proper case, may be able to argue “reasonableness” based on the length of the surveillance. However, as noted by the concurrence, with no clear bright line of what would and would not be reasonable, law enforcement will have no idea what to do to get admissible evidence, until each and every type of case reaches the court and is ruled on.

The one question the U.S. Supreme Court did lay to rest-GPS accuracy is certainly sufficient to admit tracking results into evidence. Indeed, its very accuracy results in the privacy issues complained of. If GPS can't pinpoint a private location, than targets can have no issue with it disclosing private destinations.

In the nearly twelve years since GPS tracking began, no real meaningful legislation has been passed to either limit the collection or the use of GPS generated data. I published an article in 2004 urging legislation; the Wisconsin Court of Appeals and Supreme Courts asked for legislation, and yet, there is no GPS evidence regulation in Wisconsin. Any court can only react to the case and facts before it; even the Jones court made a very limited ruling that gives little guidance to law enforcement.

Therefore, I believe it is time for law enforcement to proactively demand a system that allows warrantless GPS data collection, but cannot be used to disclose the private destinations of tracking targets, without a good reason, on the record, and while leaving a record for a court to review and act upon. Given the requirements of Jones, such a system would also enhance the probability that GPS evidence collected with a defective warrant, lapsed warrant or procedurally questionable warrant would survive constitutional challenges, under either state or federal constitutions.

Why should this burden fall upon law enforcement? Law enforcement will save the budget dollars; law enforcement must face the victims; law enforcement can remove GPS evidence's “Big Brother” stigma; and law enforcement faces the possibility of years of total uncertainty while the judiciary tries to address GPS evidence problems one small issue at a time. Therefore, law enforcement should demand GPS manufacturers produce GPS devices that encrypt GPS track evidence, decrypt limited evidence only after cataloging and reporting all access to GPS evidence, and allow law enforcement the ability to introduce only that evidence necessary to obtain a conviction, and destroy evidence not relevant to the case.


Historically, sixty years ago, crime occurred where the criminal was. Investigators were where the criminal was. Public transportation – trains, planes, buses or streetcars, were too slow, too unreliable, and allowed for recognition of the criminal after the commission of a criminal act, so could not be used as a “get-away” path. However, with the advent of cheap used automobiles that generally look alike, a system of superhighways that allow a criminal to travel 70 miles per hour, legally, away from where his criminal acts were committed, gives the criminal a virtual cloak of invisibility-the automobile.Physical tracking is almost impossible, given budgets, traffic, speed of travel, and similarity of auto styles.

Because the criminal can increase the geographic territory of his crimes, local law enforcement must now go farther, faster, and better, with fewer officers and shrinking budgets. Because law enforcement doesn't even know which way a criminal might flee, they must investigate much more territory to find and prosecute a criminal. For every mile further from the scene they go, more and more population must be considered (including the criminal population) as persons of interest, increasing geometrically. This is not just in one direction, but in ALL directions, and ever increasing circle for each mile traveled. Even if the police locate a suspect, the speed of travel makes it harder to establish timelines, thwart false alibis, detect false statements, etc. This gives the person of interest great leeway in lying about his whereabouts and activities. It is a wonder any crimes are solved at all.

If a vehicle a criminal is driving is being tracked by a GPS unit, however, law enforcement can:

  1. Limit the playing field- Once law enforcement has a GPS track, the suspect will have to answer questions about why he was where he was during the time of the crime. By geographically limiting where the suspect can say he was, he is limited in false excuses of why he was at that location. Tracking targets that answer where they were honestly have no problems justifying their presence at geographic locations.

  2. Establish the time line-Along the same lines, because GPS establishes not only the place of travel but the time of travel, a criminal answering falsely will not only have to fit geographic details into their lie, but chronological ones.

GPS tracking evidence, therefore, focuses the investigation in time and space.

GPS tracking evidence does not answer questions, but raises questions that the innocent will (usually) have no problems answering, but the guilty will have no good response for.

GPS, therefore, removes some of the virtual cloak of invisibility modern automobile travel gives a criminal. However, such tracking must be constitutional, and after Jones, it looks such tracking must reasonable protect private destinations from disclosure, or the track evidence will be excluded.


It is not the tiny bulk of the GPS device, attached by magnets or glue, that has offended any court. It does no damage to the vehicle it is attached to, and, unless a warrant so permits, uses no electricity and is not hooked to the cars wiring. Rather, it is the information that the GPS device generates that the court finds constitutes a search.

We hold that the Government’s installation of a GPS device on a target’s vehicle, and its use of that device to monitor the vehicle’s movements, constitutes a “search.” U.S. v. Jones, 565 U. S. Slip Opinion at 7 (2012)

What is this information? A track, that is, a series of connected longitude and latitude fixes, (track points) each labeled with a very accurate time stamp.

Breaking down the process, is it the collection of the GPS fixes that troubles the court and make the trespass a search? Collectively, yes. Individually, perhaps. Perhaps not. Here's the problem. A series of track points can be used by law enforcement, or anyone viewing the track when correlated with electronic mapping software, to track very legal but very private activities, “including professional, religious, and sexual associations. See, e.g., People v. Weaver, 12 N. Y. 3d 433, 441–442, 909 N. E. 2d 1195, 1199 (2009) ('Disclosed in [GPS] data . . . will be trips the indisputably private nature of which takes little imagination to conjure: trips to the psychiatrist, the plastic surgeon, the abortion clinic,the AIDS treatment center, the strip club, the criminal defense attorney, the by-the-hour motel, the union meeting, the mosque, synagogue or church, the gay bar and on and on').” Slip op. Concurrence 565 U. S. ____ (2012) at 3.

Under current GPS tracking systems, when law enforcement either gets GPS track information in real time or retrieves and downloads a GPS device, they get ALL the information, private forbidden information (if any), innocuous information, and, what they are looking for, evidence of any crimes or criminal activity. Ironically, just thepossibility that private information track points might be disclosed and abused is sufficient to exclude the relevant track points that evidence a crime. In short, law enforcement gets TMI-”too much information.”


Every day, confidential and potentially embarrassing information is collected on thousands if not hundreds of thousands of people every day. Each time we pick up a phone, the recipient, the length of the call, and much other information is recorded. Our medical and Social Security records contain reams of personal information, much of which we might find embarrassing if disclosed. However, we accept the information beingcollected because we are assured it will be kept private. Yet, courts do issue warrants, when necessary, for phone records, medical records, etc., based on probable cause and the reasonable needs of law enforcement for the common good. The gathering of medical, phone, and other private information is not barred by the fourth amendment. Why should the gathering of information about private activities in public areas on a GPS system be found unconstitutional, if it can be kept confidential?

How, then can we create a system where relevant GPS data can be collected, but not disclose private and personal information without a warrant?


The answer to a “reasonable” GPS evidence collection and distribution lies in the nature of GPS data collection- each track point is separable from the next track point; each has its own time stamp, longitude and latitude. Each track point will either be either relevant evidence, superfluous information, or even forbidden private but legal information. A “reasonable” GPS system would allow disclosure of the relevant evidence, but keep superfluous information and private information hidden.

Crimes that are investigated by GPS tracking have links to locations in geophysical space-otherwise a GPS investigation would show nothing. A murder may occur at a specific location, a chain of burglaries happens at certain longitudes and latitudes, conspirators meet in specific places, etc. (I'll call these “crime points” for shorthand.) Where there is a physical location of a crime and there is a GPS track points collected, law enforcement could calculate relationships between the track point information and crime point information that would either give them probable cause, or exclude the tracking target from the investigation.

Therefore, if the GPS tracking device can 1) record all the information BUT 2) encrypt the information, and store it in a database-type system, private data won't be exposed. Law enforcement can then (without a warrant) ask the database specific queries that relate to the crime scene or physical evidence locations:

On (date(s)) in (timeframe(s)) what distance was (GPS unit serial number) from (crime-point- Locations of a string of burglaries)?

NOTE: Such a query would not expose private information, because although it might give the distance to the crime scene, it does not give a compass bearing, or the actual longitude-latitude location of the GPS unit.

I will describe many variations on this query system later.




Because GPS data collection alone is reasonable, if that data is either never disclosed or disclosed only in such a way that legitimately private information is protected, ANY

recording of GPS data would have to be immediately encrypted, and either stored on the GPS unit, or encrypted on the unit, then transmitted and stored to a secure third-party site.

Using rolling codes devices paired with the GPS ensures that only those in possession of the rolling-code device can decrypt the track information or make queries. Recording all access insures that attempts to access track points will be documented for court consideration.


GPS evidence is simply computer data that can be compared, like a database, butwithout disclosing the actual location of that data. For instance, knowing that the vehicle in question was within 500 feet within the timeframe in question limits the law enforcement inquiry and helps pin down the person of interest to that location. The Equal Justice GPS system would allow such comparisons without giving the exact locations of the encrypted trackpoints, thus preserving privacy until a spacial relationship between the “crimepoints” that are known and the encrypted trackpoints, that remain unknown, is established.

The only way to decrypt this data would be through software that uses a rolling-code device (such as banks use to access accounts) to allow even partial decryption. ALL decryption attempts would be documented by the firmware and stored in the firmware; therefore, an electronic record would exist of every query or attempted query of the encrypted track.

As discussed above, law enforcement queries without a warrant would expose onlyrelationships between the encrypted track points and crime points, but not the actual locations themselves.

Queries to the encrypted database would proceed only as needed to get either probable cause, or to further the investigation by non-GPS based methods- that is, physical investigations, questioning persons-of-interest or witnesses, or checking other technology – such as security cameras that might have recorded physical evidence of a target's presence.

Keeping the search “reasonable” would use the least amount of warrantless GPS possible to accomplish the goal of solving the crime or getting a warrant for the rest of the already gathered evidence. This step-by-step method investigation would ensure that no more GPS evidence is used than is absolutely needed to get to probable cause.

This “relationship” information will raise questions-questions an innocent person will have no problems answering, but questions a guilty person won't be able to answer.

Sample Timeline and Sample Data Entry and Readout Screens: Equal Justice GPS System


With “relationship” data in hand (for instance, that the GPS, attached to the target vehicle, was 220 feet from the scene of a burglary in the 5 hour window of the burglary) will determine when they have probable cause to unlock the actual GPS locations- but only for relevant time frames (related to crime points) and relevant time frames (also related to crime point times frames.) Accordingly, even though a GPS device might be attached to a target's vehicle for 6 months, only a few hours and few hundred track points might be relevant to the case. This avoids “Big Brother” tracking, unrelated to specific crimes or events. Prosecution will continue with the pinpoint GPS evidence of the crimes, together with any physical evidence available.


There will be targets where Step 2 Queries will give no relationship between the GPS track points and the crime points. This does not exonerate a target; perhaps a different vehicle was used to commit the crime. However, when an investigation is no longer open; has run out of leads, or ends in conviction (and all appeals are exhausted), all unused GPS evidence should either be archived while encrypted, or erased. Digital erasure to Department of Defense protocols will ensure that any private data will be completely destroyed. Archived encrypted must be justified in the same manner as queries. The GPS units could be programmed with “drop dead” dates that would required further action (with warnings) or encrypted data would be erased, further ensuring continued privacy.


  1. KNOWN CRIME LOCATIONS- (Crime example- Arson) Police think a target has been setting fires, but haven't got enough probable cause evidence for a warrant. Police place a Equal Justice GPS device on the target vehicle. When the next fire occurs, they recover the GPS and query the encrypted database for the GPS distance to point of fire origin for 3 hours before and after the suspected start time of the fire, which report the unit was 30 feet from the crime point fire origin. Using this information, they get a warrant to decrypt GPS data that for seven other fire scenes and get GPS data of the times surrounding those scenes. The other four months of irrelevant GPS data is erased. The alleged arsonists 4th amendment challenges fail; the search is deemed reasonable.

  2. LINKING TARGET WITH MULTIPLE POTENTIAL CRIME LOCATIONS(Crime example-drug dealing) Where Law enforcement knows the locations of believed drug houses, but can't connect the person of interest to those locations, they can attach a Equal Justice GPS to the target vehicle. After a time period, they can query the GPS database about specific times the target visited the specific locations, within a certain radius. Given this information, they can either apply for a warrant, or ask the Equal Justice GPS for a real time warning of an approach of any of the locations.

  3. POTENTIAL STALKING SITUATIONS- Where the crime point might be a person that is constantly moving, things get more complicated. However, someone who is the victim of stalking, who is a witness, or needs police protection from the tracking target will have no objection to wearing a Equal Justice GPS unit paired to the Equal Justice GPS unit attached to the target vehicle. Both GPS units encrypt their locations, and without human intervention, exchange and compare locations – and if the locations come within preset distances, signal an alarm to Law enforcement and transmit both decrypted locations for immediate action. Again, no private information on the tracked target is disclosed.

  4. PROVING A CONSPIRACY – Two (or more) linked GPS units, both with encrypted data, could be programmed to communicate securely with each other, trade data, etc. When attached to two (or more) vehicles of possible co-conspirators, the units will report only “meetings” within a certain geographic distance, at a certain point-but keep the other travel details of the targets private and undisclosed. Of course, this will be useful when the parties claim never to have met, or not met within a certain time frame. In a conspiracy, linking the targets is likely more important than the location of the meeting, although if one location is linked to a target (like the target's home) conspiracy might be easier to prove.

  5. TERRITORIAL MODE – (crime; violent crimes like serial rape or muder in a specific area) When crimes are occurring in different locations, but in a specific territory, neighborhood, or area, law enforcement can set up a “geofence” in the Equal Justice GPS- that is, a geographic boundary (square, circle or closed irregular boundary) that will trigger the Equal Justice GPS to start reporting the target's encroachment in realtime, decrypted mode (while keeping movements outside the geofence encrypted.) While this mode is constitutionally more risky than a standard encrypted passive tracking mode, it would be used for violent crimes tracking targets where criminals “hunt” for victims that are at risk of life and limb, or arson tracking targets that could kill people. Property crimes that can be later matched to “crime points” are not worth the constitutional risk. Alternately, Equal Justice territorial mode could be used on probation or parol, or bail targets to allow them privacy and freedom of movement within a specific geofenced geographic area, but trigger real-time tracking if they leave the geofenced area.

  6. LOCATE UNIT MODE – Since GPS's are not attached to a vehicle's electrical system (as most courts determine that attachment using electricity is both trespass and unreasonable) units must be recovered at some point. Allowing a unit to broadcast a “I'm here” beacon if not recovered when power is waining constitutes only a slight constitutional risk and seems reasonable, as long as such “beaconing” is not recorded as unencrypted evidence.

  7. EMERGENCY REAL TIME MODE-For use in “Exigent circumstances.”(See Wikipedia, 4th Ammend.) There will be situations where a Equal Justice GPS is attached to a vehicle, and law enforcement will be faced with an emergency- information a child is kidnapped in the vehicle, gleaned from other evidence. The Equal Justice System should have a real-time tracking emergency mode triggered by the correct rolling code trigger. This mode should allow the officer to go back in time; but the officer should be able to control how far back in time to go, so that he doesn't violate even the rights of an alleged kidnapper.


  • The time an Equal Justice GPS unit is attached to a vehicle is no longer relevant to any “reasonableness” analysis – Case after case discuss the time period the target is under surveillance, with the justified idea that the longer surveillance lasts, the more privacy is lost. While such an idea can be attacked on several logical grounds (a legal secret that occurs once every six months should not be given more respect that daily AIDS treatments or chemotherapy), the Equal Justice System equipped GPS would protect both secrets equally – regardless of how long the unit was attached. If the target has no geographic relationship to the crime points, no information will be reported. Indeed, Equal Justice queries may exonerate innocent targets quicker than those who are not tracked at all- at lower expense, and at no loss of privacy. The longer a tracked target is not related to the crime points, the better for the target.
  • The Equal Justice GPS System allows Law Enforcement to proceed more accurately and control the risk of getting GPS track evidence thrown out, step by step. With Equal Justice, law enforcement can decide to query the database so that they have just enough information to collect other evidence, or apply for a warrant to decrypt the relevant portions of the GPS track. They can question a target or witnesses, query the track, and with new information go back to the target or witness, all while making sure to protect the private information that may be contained on the track. If the target isn't caught by real-time tracking, the track within the geofence can be decrypted (with a warrant) to disclose possible links to the targets whereabouts.

  • The Equal Justice GPS System allows the same cost savings, deterrence, and crime solving capabilities that a standard GPS system save, with less privacy risk. Because the Equal Justice System increases the likelihood of a conviction on more limited GPS evidence, it will reduce appeals, court costs, encourage early pleas, and remove uncertainty from prosecutions, thus speeding up the justice system.

  • Tracking with an Equal Justice GPS System actually preserves more privacy than a physical human surveillance would – Because a human surveillance team must follow a target anywhere they go, not just to “crime points,” a human surveillance team would disclose exactly the types of secrets U.S. v. Jonesseeks to protect. This points out one of the weaknesses of the Jones analysis- that although human surveillance is difficult and expensive, it is legal, it can be done, and it will be done, in the right case. So, high value target secrets tracked by humans aren't protected, but low value target secrets are? The Equal Justice System treats both the same.

  • Equal Justice System Technology could even protect the privacy of Workers- Employers have the right to require GPS tracking on Employee vehicles as a condition of employment, but may chose to protect the off hour or off territory

  • If a “crime point” is a “private destination,” even a Equal Justice System GPS will likely disclose that fact; but so would a standard law enforcement investigation. Taking precautions to preserve privacy (of thing, it must be remembered, that are done in public) meets the test of “reasonableness”; there is no guarantee of privacy when traveling in public.

While Equal Justice technology might well be patented, I am releasing it under a GNU public license. Why? While courts talk about how many officers it might take to mount an investigation, criminals have gotten more mobile. Criminal hurt real victims. To the potential victims, budgets, ease of investigation, how much work it would take to bring a person to justice just doesn't matter. I hope this technology helps potential victims stay just that, potential, not real, victims. At the same time I recognize that GPS evidence can be misused to bully a citizen with a legal secret into pleading to a crime. Equal Justice technology with save those potential victims and preserve their privacy. Criminals shouldn't be able to hide behind the legitimate privacy concerns of citizens; Citizens shouldn't have to sacrifice privacy because there are criminals – then those citizens also become criminal victims.

Does an Equal Justice GPS System exist today? No. However, all the technology I've mentioned is “off the shelf,” and nothing more than combinations of devices already in use, and some software. I suggest the “data screens” because sometimes imagining the technology is harder than actually putting it together. This is a blueprint. I know at least one GPS tracking system that, because of its current sophistication, could probably accomplish everything the Equal Justice System requires with some changes to firmware and a few software changes. So, please, build this system!

GNU Project

iWhat of a 2-day monitoring of a suspected purveyor of stolen electronics? Or of a 6-month monitoring of a suspected terrorist? We may have to grapple with these “vexing problems” in some future case where a classic trespassory search is not involved and resort must be had to Katz analysis; but there is no reason for rushing forward to resolve them here.

The Government argues in the alternative that even if the attachment and use of the device was a search, it was reasonable—and thus lawful—under the Fourth Amend­ment because “officers had reasonable suspicion, and indeed probable cause, to believe that [Jones] was a leader in a large-scale cocaine distribution conspiracy.” Brief for United States 50–51. We have no occasion to consider this argument. The Government did not raise it below, and the D. C. Circuit therefore did not address it. See 625 F. 3d, at 767 (Ginsburg, Tatel, and Griffith, JJ., concur­ring in denial of rehearing en banc). We consider the argument forfeited. See Sprietsma v. Mercury Marine, 537 U. S. 51, 56, n. 4 (2002).“

U.S. v. Jones,: 565 U. S. ____ (2012) at 8.