Slashdot Mirror
US Justice Dept. Sued For Cellular Tracking Information
tpaudio writes "The ACLU and the EFF are suing the Department of Justice over how the government might be using GPS and location data from cell phones. With over 200 million Americans carrying cell phones, this could be pretty important for setting guidelines. We have already seen other frightening powers related to cell phones, such as 'cell mic tapping.'"
The ACLU press release is also available, and it contains links to the complaint and the Freedom of Information Act request. We've previously discussed instances of cell phone tracking in the US and elsewhere.
There already is a website dedicated to tracking spouses. http://www.sat-gps-locate.com/english/index.html
Open source really isn't a solution. (Not that I don't want a fully open source cell-phone.) So long as the shut down procedure is implemented in software, someone at the FBI can find a way around it.
What we need to do is go back to the days when the off switch was a switch that broke the circuit connecting the power supply to the devices. That way, you shut it off, and it is off.
An even better solution (since I don't really trust it to be off unless I can see the circuits are inoperable) is a phone with two interlocking pieces, one of which contains the CPU, one of which contains the battery. It would need a simple mechanism to invert one of the pieces, a foolproof way of ensuring the machine cannot activate.
With regards to the story about the mafia being listened into with their cell phones and as also noted in the original affidavit related to the case: the cell phones were altered, i.e they were bugged: they were not dealing with off the shelf goods. The interesting part of the story was how they managed to obtain these mobile phones for alteration/switching. Bugging a device that already has the necessary parts to transmit audio is pretty unexciting.
That somewhere in the Justice Dept. there's someone throwing a temper tantrum because someone took away their totally illegal advantage?
"Court decisions indicate that USAOs claim not to need probable cause to obtain real-time tracking information. News reports further suggest that some field offices are violating a Department of Justice 'internal recomendation' that 'federal procecutors seek warrants based on probable cause to obtain precise location data in private areas.'"
Don't make us get probable cause! Probable cause is for losers! And put the bumpers back into my bowling lanes!
I love it when my rights are seen as an inconvenience. (Though it's nice that someone has RECOMMENDED that probable cause be found.)
Seriously, they're law enforcement: finding probable cause IS THEIR JOB.
This is exactly why we need phones with open firmwares running fully-published and open peer-reviewed code. I hope the openmoko comes close.
Actually, the article that /. originally posted on this specifically referred to remote software installation that did NOT require hands-on phone snatching shenanigans.
It's just a link to a joke site. Why someone modded it insightful, I can't figure.
That bitch!
Just as I suspected!
I saw an article on CNN for a social networking site in the works (I don't remember the name of the company offhand), where you sign up with your cellular phone number to allow your friends to locate you.
The first thing I thought of was some dude signing up as his girlfriend or the girl at the bar who gave him her number last night, and then the stalking begins. The gal from CNN thought about it too - she asked him if he ever thought of that. His reply was something like 'Oh, well, uh, we could set it up so that when you sign up you can have the site text your phone when someone tries to locate you or something.'
Fortunately the dot-com craze is far behind us, or this idiot may already have investors!
When you're dead, you don't know you're dead. It only affects the people around you. Same thing when you're stupid.
When tracking a phone it is important to differentiate between methods that allow the phone to locate itself or methods that locate the phone from the outside. GPS only allows the phone to locate itself. Consequently it has to be a two step process: First the phone must locate itself, then it must tell a third party about the position.
When it comes to obtaining GPS positions from a phone (without consent of the owner) there are two approaches in my view:
1. The person has installed a client software to use some LBS service There are a number of services out there that use client software that sends location information to a server to get location-based content. I do not know if loopt does that but probably yes. Police need to get to the service provider's data to get location information. It will only be current when the phone owner is using the software. Most of these clients will not just be running in the background all the time (due to battery). Not possible to do on most phone OSs anyway.
So you have full control of your position's privacy in this case. Whenever you don't want to be tracked, don't use a location-based service that sends your location over the internet.
2. A client software that sends your information is running without you knowing it. OS providers could be forced to pre-install OS "features" that transmit your position (on demand by remote command) . May be these lawsuits will show if there ever have been attempts to introduce something like that. May be it exists in the US. I wouldn't know. Even though I doubt that it could go unnoticed.
All in all I think the question is: How hard is it for police to get direct access to the live data of service providers such as loopt. Then they can locate people while their using the client. Otherwise they don't have access to GPS information on phones, unless government spyware is pre-installed on all GPS-enabled phones.
So, stop using loopt when running out of the bank.
What I do for a living: Build a GPS mobile game
Worse than all the privacy implications, this is making Enemy of the State look plausible.
--
billeater - lower my bills
Come on, setting aside all the technology in that film, the idea that there could be a secret, unscrutinised government-within-a-government working out of the basement of the USG is plainly ridiculous. After Watergate a system of checks and balances and congressional oversight was introduced which, although it probably does mean some bad guys are caught later than would otherwise be the case, guarantees that constitutional rights are protected.
You don't need GPS to locate the phone. The phone continually handshakes with multiple cells to support handoff between cells, and the phone company can use that information to locate and track you.
Government have been doing this for years. Now they are willing to do it out in the open. Which is a good thing -- not that I support it though.
Even veals have more autonomy!
Phones based on OpenMoko might be a lot harder to bug using the built-in mic (without the user knowing it), but this story is about location data.
Where your phone is at, is already tracked as a normal function of the cellphone network, because the network needs to determine what cell tower(s) your calls are routed through. So any time your phone is ready to make or receive calls, your provider knows where it is.
It's safe to assume that some (or all) of that data is recorded somehow. In the European Union, there's a EU-wide directive that would require such location data to be kept for at least a year or so. AFAIK that's already been passed despite protests from many sides, and now in the process of implementation in national laws. That is, where implementation isn't blocked by national governments, legal or technical problems. And there have been some high-profile court cases already, where cellphone location data was at stake.
The story is about how that location data could be used. How long is it kept? Who has access to it? Do you need a court order to get access? If so, on what grounds should it be granted? Is there any supervision? What other uses are there? What control (as a consumer) do you have over use of your cellphone location data?
Interesting questions - I can't say I know any clear answers for where I live. I guess that location data is recorded, may be kept for a loooong time, and that mis-use is possible by parties who have no right snooping in there. Like criminals, shady business, or government/law enforcement that may or may not honour applicable laws. If you don't like that, then: a) don't carry a cellphone, or b) pull out the battery when you're not calling.
with the cellphone turned off. Witness the long times that phones take to turn on / reboot the uP, and you know that nothing is going on inside there unless someone physically gets a hold of your phone and installs some electronics in it. But working in the handset industry for years I can tell you there is not enough room in the phones for anything extra, no matter how compact.
This is not news, common mobiles can have their voice calls intercepted very easily as they are simple transceivers and do not use any encrytation when making voice calls. Very easy to spy on, no fancy 'tools' requiered...
What, you can sue because something is merely possible? That is amazing - Minority Report here we come!
Ken
Ken
Tangentially related to this posting and focusing on US law...
Is there any legal right to privacy for data transmitted over the airwaves (wi-fi, cell phone, etc)? Are there laws in place to limit snooping by capturing information transmitted over the airwaves? There are a number of clear laws in place to prevent tapping physical lines, but what about "tapping" the airwaves?
It seems that tracking data traffic via passive listening stations skirts most laws designed to product data transmitted over land lines. With more people using cell phones and wireless network connections, most communications can probably be monitored without restrictions. Strategically placed listening stations and some decent sized data centers could easily monitor large populations using wireless communication. Even if the data is encrypted, enough information can probably be gleaned to track individuals (and, with enough compute power, the encryption used for consumer devices could be broken, maybe not in real time, but definitely off-line) .
Can anyone shed more light on the laws surrounding this type of monitoring?
-AC
Hate to break it to ya'll, but that second link doesn't track users... bothering to read the article (I know I know) you would learn that they only knew the towers the calls used, pretty low-res data...
In other words, they are using (anonymized) billing records, not gps locators. Now there are probably still privacy concerns with this, but any phone company must keep these records. Would you prefer the credit card companies to not keep a record of purchases (for your privacy) and instead just have a running tally for your balance? What could possibly go wrong?
So legitimate privacy concerns may exist, but they exist when using cell phones, regardless of the presence of any scientists' actions
Of course they can. The cell phone, when turned "off" is still operating. How else do you think it determines that you want to turn it on? It needs to figure out that you have held the button for a specific period of time (the same button normally used to disconnect a call when "on" .) Do you think it accomplishes this without the power? The cell phone is always powered even when "off" . Even if the CPU wasn't powered at all times, which it is, you are assuming that the IC that sends and recieves the analog signals to and from the cell are not operational, which is also a bogus assumption.
... and a few points to keep the clueless from responding to quickly, as they are wont to do:
Just a note to the people who read this line and assumed it was a reasonable voucher of credential:
Working in the health industry for years does not qualify one to perform brain surgery. Working as a surgeon for years still may not do so. No offense intended to to LM741N (which ironically is an analog op-amp IC IIRC), but you are severiously misinformed.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
I am still shocked at how many people in the States are still blissfully unaware of the fact that as part of the E-911 regulations all phones made circa 2000 through present already contain a GPS device and/or support an automated method of triangulation via cell phone towers. During a 911 call in a supported region the GPS/Locating system can be activated to transmit your coordinates back to call-center where they are in turn relayed to the proper authorties. The accuracy of the system depends on the generation of your phone, but anything purchased within the last few years already contains enough hard/software to provide an accurate location. Typically, if you go digging through your options menus, you will find an option to enable/disable the GPS from operating all the time, however it can always be activated by calling 911(which begs the question can it be activated any other time through some software means - not trying to start conspiracy time but I'm willing to bet that it can be.)
Simply because we now have the existence of the T.I.A. (made up of NSA, NGA and 90 plus government contractors performing domestic surveillance - including everything from pay-per-view at the hotels/motels, those cameras at all those toll booths, those security cameras throughout every major metropolis, your every online credit and check transaction courtesy of First Data...oh, I could go on, but what's the use...), not to mention all those privatized satellite networks - once run by the government...
Then, of course, there's that HAVA legislation which required centralized voter registration databases, under the power of individiual secretaries of state (bad news, when their Republicans or globalist Dems), and a number brought into existence by either Accenture or ChoicePoint......
http://news.zdnet.com/2100-1035_22-6140191.html
RTFA and please excuse me while I get my tinfoil car.
http://offthebroiler.wordpress.com/2008/07/06/bletchley-park-the-forge-of-computer-creation/
it created a lot of discussion about the method that was used to bug the phone, as it implied they were unaltered phones - however further investigation revealed that the author of the article (and also the fox news televised story) were propagating incorrect information.
Thanks, I appreciate the info. I'd mod you up if i were cool enough ;-)
Do you happen to have a link on the corrected info?
Who didn't think it was going to come to this when the FCC mandated GPS capability on all phones sold after a particular date (2005, I believe)?
The battery-gobbling RF transmitter has just got to be off when the phone is on standby, but can malware intercept the power-off request and turn off the display and keyboard while leaving the tower-tracking logic running? If it were set to wake itself up every five minutes to acquire a tower but to sleep in between, it would be good for tracking and might not noticeably affect battery life.
For people who worry about things like this but still want to be reachable, there's the option of giving out a pager number instead of your mobile number and only turning on the phone to call back numbers sent to the pager.
do you disable your cell phone or not use one?
no problem!
the stasi had a trick of using radiation to track you if you're interesting enough, you think there's nothing like this used today in the stormtrooper's of USA?
What about RFID and other tiny bugging devices?
If they want you bugged they'll bug you, some of the wonderful ones which are little known are little sticky rfids and other bugs which can be applied to your clothing by touch or from remote by a projectile tagging method. There are many, many ways, and most of them are not public knowledge.
there is [b]always[/b] someone listening.
You are wrong. The cellphone is not "operating", in the sense that its main processor and subunits - that is, the "smart" components which could do that sort of tracking - are actually not running at all. Not even the memory is powere.
There is a tiny subsystem that keeps a watch on the powerbutton and is probably as complex as a watchdog as far as circuitry. Similar to ATX power supplies. That's all.
There was a lot of chatter about it in the original /. comments thread. I haven't been able to find a link to something that is still accessible though. Although it's a big proposition to suggest that a mobile phone has out-of-band management.(A feature that is usually reserved for plugged-in hardware.)
That's nothing. The standard Linux GPS daemon (gpsd) still doesn't let a user use an authentication mechanism or even specify an IP other than 0.0.0.0 to listen on. As a result, anyone scanning for port 2947 (at least this is changeable) can dump out the location of an IP-accessible Linux box that has a GPS device attached. At least only the phone companies and whoever they sell or give your location data to know about your cell phone location -- a Linux box is rather more exposed.
You have no references (other than Slashdot chatter) and I believe you are wrong.
Even the BBC has flatly stated that intelligence agencies employ such a remote surveillance technique. MI5 and FBI both are declining to fix this so-called misapprehension when asked by the press.
We are also talking about the same FBI that will infect target PCs with spyware through popular Internet sites like MySpace.
With respect to cellphones, there is no reason to believe that network operators in today's surveillance landscape (eavesdrop at will and avoid the consequences) would avoid exercising control over phones' firmware, turning them into bugs.