[astura]

>One could argue that attaching this tracking pixel to an email is similar to attaching a GPS tracker to a vehicle. In United States v Jones in 2012, the supreme court ruled that placing a GPS device on violated the 4th amendment.

One can't make this arguments based on the Jones ruling because Jones doesn't apply in this situation. The entire reason why the court ruled that physically attaching a GPS tracker to a car is against the fourth amendment is because attaching the device involves physical trespass on a suspect's vehicle which they considered part of his "personal effects." A tracking pixel doesn't have the physical intrusion bit that the court found unconstitutional. In Jones the court only addressed the physical intrusion, not the GPS data itself.

https://en.wikipedia.org/wiki/United_States_v._Jones

>Also left unanswered was the broader question surrounding the privacy implications of a warrantless use of GPS data absent a physical intrusion – as might occur, for example, with the electronic collection of GPS data from wireless service providers or factory-installed vehicle tracking and navigation services.[27] The Court left this to be decided in some future case, saying, "It may be that achieving the same result through electronic means, without an accompanying trespass, is an unconstitutional invasion of privacy, but the present case does not require us to answer that question."[36]

[toyg]

> A tracking pixel doesn't have the physical intrusion bit

It does trigger a request on the user's computer, which is a personal effect, after effectively smuggling code onto it. Definitely a grey area.

[aosmith]

Just playing devils advocate... Isn't the (poorly configured) mail client making the request?

[mirimir]

Indeed. Nobody who cares about privacy allows email clients to load remote images. Or any remote content, for that matter.

[swixmix]

The real problem is that it is acceptable for lawyers to use email for sensitive communications. Many lawyers just don't understand-- and don't want to. The rules that allow them to practice forbid being nefarious.

(What I'd do is a different topic.)

[pferde]

My take on it is that the real problem is email software not making it clear-as-day to the user that the message they are about to open is in fact a webpage, and that they will be actively connecting to the World Wide Web to load it, and potentially allowing third parties know that they have opened the message.

Regular people won't make the mail <-> WWW connection in their head without being told, nor should they be expected to.

[LocalH]

Triggering an existing code path with a piece of data in its “normal” use case doesn’t really qualify as “smuggling code” tbh

[shakna]

> The entire reason why the court ruled that physically attaching a GPS tracker to a car is against the fourth amendment is because attaching the device involves physical trespass on a suspect's vehicle which they considered part of his "personal effects."

I understand how you're just trying to reason from the other side. Just trying to show how the reverse argument might happen.

As far as I'm aware, one of the reasons "hacking" has been defined to be a crime, is that unauthorised access to someone's machine has also been defined as a kind of trespass. Allowing them to rule that deploying code from one location to another is also trespass against the physical location.

[rrix2]

How does it fare W.R.T. Carpenter? https://en.wikipedia.org/wiki/Carpenter_v._United_States

[torstenvl]

Carpenter is a fascinating case and you're astute to bring it up. If the tracking image were capable of actually tracking the entirety of someone's location (the way CSLI is), then Carpenter would probably apply.

Assuming it is just a normal tracking image, though, it doesn't provide "detailed, encyclopedic, and effortlessly compiled" information about someone's activities - just whether they opened that particular email while displaying remote images, and - if so - their HTTP request. I think it's unlikely this fits the facts under Carpenter.

Also, Carpenter was about a warrantless search. We really have no idea if the prosecutors did this on their own initiative to try to address the violation of the protective order, or if they did it at NCIS's behest after a warrant. It's entirely possible that this is at NCIS's initiative. Still a lot of facts to uncover here.

[rrix2]

thanks