Slashdot Mirror

← Back to Stories (view on slashdot.org)

Speculation On Large-Scale Phone Location Snooping

Posted by kdawson on from the what-may-be dept.

An anonymous reader recommends a speculative blog entry by Chris Soghoian up on CNet. Soghoian makes a convincing case that the NSA could be using loopholes in the law to gather real-time location information on the mobile phones of millions of people. There is no hard evidence that this is happening, but the blog post sheds light on the dense undergrowth of companies populating the wireless space that could be easy pickings for a National Security Letter with a gag order attached. "While these household names of the telecom industry [AT&T, Verizon, and Sprint] almost certainly helped the government to illegally snoop on their customers, statements by a number of legal experts suggest that collaboration with the NSA may run far deeper into the wireless phone industry. With over 3,000 wireless companies operating in the United States, the majority of industry-aided snooping likely occurs under the radar, with the dirty work being handled by companies that most consumers have never heard of."

34 of 234 comments (clear)

  1. This is why I keep my phone powered off.... by w0mprat · · Score: 5, Funny

    ... with the battery out, until I need it. I also keep a roll of aluminum foil with me in case I need to make a hat.

    --
    After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
    1. Re:This is why I keep my phone powered off.... by Ethanol-fueled · · Score: 4, Insightful

      You jest, but isn't it a little sad that one must be an amateur cryptographer to have some privacy?

    2. Re:This is why I keep my phone powered off.... by mi · · Score: 4, Interesting

      You jest, but isn't it a little sad that one must be an amateur cryptographer to have some privacy?

      Without encryption, your expectation of privacy should be no more than that of a ham radio operator.

      That said, the article seems to be about phone location snooping — somebody, somewhere records where you (or, rather, your phone) were, and not, what you said. Encryption will not help you here, but your privacy is not violated either — or not nearly as much, as the "Heil Bush" moron would like you to think.

      It is not even illegal — for example from an earlier era, consider the fact, that although the contents of your mail correspondence is private, the fact of the correspondence is not. The government can observe/record/use against you the fact, that you wrote to so-and-so and/or received letters from such-and-such even if it does not know, what was written, because it could not (or would not) obtain a warrant to open up your mail.

      --
      In Soviet Washington the swamp drains you.
    3. Re:This is why I keep my phone powered off.... by letxa2000 · · Score: 3, Insightful

      People need to think rationally about this instead of being paranoid. It's entirely possible the NSA or others have this kind of ability, but it's not going to happen through a host of some number of 3,000 obscure wireless companies. As you increase the number of organizations you're dealing with, the risk of exposure reaches 100%.

    4. Re:This is why I keep my phone powered off.... by mi · · Score: 3, Informative

      It sounds a lot like stalking, which is illegal in most US States.

      The illegal kinds of stalking are those, where (unwanted) physical presence takes place. It is criminalized under names such as "criminal menace" or "criminal harassment". I don't think, what we are talking about here (which, mind you, is in itself some blogger's speculation), would rise to illegal stalking, even if it were true...

      --
      In Soviet Washington the swamp drains you.
  2. An even bigger issue by nightfire-unique · · Score: 3, Insightful

    Gag orders themselves are not legal:

    Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

    I can think of no greater service the press performs than to inform the population of a pending trial/investigation.

    The right to investigate the government's actions is reserved to the people. Period.

    --
    A government is a body of people notably ungoverned - AC
    1. Re:An even bigger issue by Artraze · · Score: 4, Insightful

      While what you say is true in the general case, it is not necessarily true. In particular, when the courts rule it to be in the greater good (INIAL, so I'm not sure the specific criteria) they can suspend free speech rights. Also, of course, contracts are frequently used to limit speech on certain subjects, though of course those can only impose civil penalties and must be agreed to by both parties.

      So, while the gag orders very likely do not fit within those limitations, they do pose one very real problem: how do you challenge them without violating them? If you just want to take the hit, you can always just ignore it, but you'll almost certainly be in federal prison for a couple years before hearing the first verdict with regards to the constitutionality of the order. And furthermore if you were successful challenging them, do you really want to be on the NSA and FSI's shit list?

      Finally, there is no evidence (I am aware of) that these orders are so bad. If the NSA was targeting, say, 10 people, I'm pretty sure most people would agree that would be pretty fair and fall within the realm of a standard investigation (in which case the gag orders would be seen as fair). The real problem is that the providers aren't even allowed to say "chill out it's only a handful of people". And that, I suppose, is the big problem.

    2. Re:An even bigger issue by AndrewCWiggin · · Score: 5, Insightful

      Gag orders are quite legal.

      First Amendment rights can be suspended if it can be shown beyond a reasonable doubt that it is in the interest of the common good. That is why it is illegal to yell "fire" in a theater when there is no fire - the possibility of people getting hurt in a panic balances your right to free speech.

      Gag orders protect many national secrets that would cause the death of thousands, perhaps millions of people. They conceal the locations of government operatives, and protect the true capabilities of the nation's defense.

      They are extremely beneficial when used correctly. Unfortunately, they are abused at a rate that is quite alarming by corrupt politicians and greedy businessmen.

    3. Re:An even bigger issue by nightfire-unique · · Score: 3, Insightful

      Yelling "fire" in a crowded theatre is not in-and-of-itself illegal. For instance, some movies cast a character who yells "fire."

      What is illegal is endangering the public by suggesting there is an emergency when there is none. Suggesting there is a fire by opening the fire escape and waving everyone towards you is also illegal, and for the same reason.

      This particular example has nothing to do with the first amendment.

      --
      A government is a body of people notably ungoverned - AC
  3. Re:All I can say... by lysergic.acid · · Score: 5, Insightful

    that's how i used to view owning a car, but after a while people stopped inviting me to get-togethers...

    but seriously, there's relying on your friends when you accidentally leave your phone at home or in the car, and then there's treating your friends as walking pay phones. perhaps it's not as bad as telling people that you quit smoking and then bumming cigarettes off of everyone else. but it's still a pain in the ass trying to reach someone who doesn't have a cellphone.

    i guess it all depends on your social life. maybe your friends are cool with it, or maybe you just don't need to use a cellphone very often. but i couldn't live without my cellphone. since getting a cellphone in high school i've lost the ability to remember people's phone numbers. this led to a rather embarrassing situation at the hospital when i couldn't tell the nurse what number to dial to reach my girlfriend.

  4. Loopholes? by Asmor · · Score: 5, Insightful

    the NSA could be using loopholes in the law

    Why use loopholes when they don't have any qualms about outright breaking the law?

    1. Re:Loopholes? by AndrewCWiggin · · Score: 4, Insightful

      Why use loopholes when they don't have any qualms about outright breaking the law?

      Why break the law when they can follow to the letter every initiative passed by a corrupt Executive in Chief?

    2. Re:Loopholes? by DaveAtFraud · · Score: 5, Insightful

      What loopholes? You're carrying around a frigging transmitter that conveniently even transmits a unique identifier. There is no expectation of privacy any more than if you're talking on an old citizen's band radio.

      The only forms of communication interception that require a court order are opening and reading someone's mail (strictly snail mail) or listening in on an actual phone conversation:

      - phone records are public (who called who and for how long)
      - e-mail is not private; never has been due to it's store and forward nature
      - external addresses of snail mail received

      If the information is readily available, there should be no expectation of privacy. A case can even be made that *ANY* broadcast communication (cell phone, wireless home phone, bluetooth headset, etc.) is not private. If you throw it out on the air waves, there's no guarantee that someone else isn't listening; even if by accident. As a guess, the government can also legally track you without a warrant (given sufficient interest and effort) using an RFID chip in one of your credit cards.

      This isn't news. Get over it.

      Cheers,
      Dave

      --
      They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
      Ben
    3. Re:Loopholes? by darth+dickinson · · Score: 3, Funny

      As a guess, the government can also legally track you without a warrant (given sufficient interest and effort) using an RFID chip in one of your credit cards.

      Pray tell, how can you track someone using a device that requires radiated energy from a transmitter no more than 5 feet away? Wouldn't the spook with the fedora and trenchcoat following you around with an RFID receiver pointed at your ass kind of be a giveaway?

  5. Re:Why? by slashqwerty · · Score: 4, Insightful

    What would be the motivation for *real-time* tracking of millions of people? How many watchers do you need to watch a million people?

    You don't watch them. You just keep a log.

    After a leak occurs, you cross-reference the reporter's path with the paths of everyone that had access to the information. When you find one person who was in the same place as the reporter for a half hour the day before the story broke, chances are you've identified the whistleblower to retaliate against.

    Or you pick out whoever your most vocal critic is for the day and find out where their dirty little secrets are. Use whatever you learn to discredit them.

    If you need something done, find a random person's secrets and blackmail them.

    You need to blackmail someone in particular? They live a perfectly clean life? Find their associates and use (blackmail) them to pressure your target.

  6. Wife by bastafidli · · Score: 5, Funny

    As long as my wife doesn't know where I am then who cares about the government.

  7. Re:All I can say... by maxume · · Score: 3, Insightful

    Is this because you don't want the NSA to know that you go to KFC, or is it because you don't want the FBI to know that you don't go to Taco Bell?

    Just think, every time you borrow a phone, you expose yourself to voice analysis by the NSA.

    I wish I had delusions of importance. Or was actually important.

    --
    Nerd rage is the funniest rage.
  8. Thanks, Apple! by superdan2k · · Score: 4, Funny

    With the spotty performance of the GPS on my 3G iPhone, I don't need to worry about the NSA ever finding me!

    --
    blog |
  9. Too many people would know by redelm · · Score: 3, Interesting

    It is easy to keep a secret: tell no-one! Two people can only keep a secret if one or both of them are dead.

    Sure, the NSA could try. Maybe even under a legal smoke-screen. The problem is the gag order wouldn't stick. Too many people would need to know, or see the traffic. Somebody, somewhere would leak. Lots of good, anonymous ways. And it is not as if they're comitting treason.

    Besides, I don't think this would yield much. Anyone concerned with surveillence should have their cells turned off unless making a call or expecting incoming/gathering txts. More concerned invidividuals will use disposible phones.

    1. Re:Too many people would know by siddesu · · Score: 4, Informative

      In the country I was born, about a quarter of the population were recurited as informers of the secret services.

      The scale of this "domestic intelligence" was virtually unknown (although suspected by some) until recent laws allowed some old records to be opened.

      Yet, even now there are still people who (out of ignorance, political reasons, blind trust in the government, financial gain etc.) still ignore or deny the fact that mass spying was going on such scale.

      Based on this experience, if I were you I'd at least entertain the possibility that such thing is possible to do.

      Especially if, as the article points out, it is possible that a lot of seemingly innocent data is obtained from a variety of (helpful) sources and then stitched together into a coherent profile by a secret agency with huge budget. ;)

  10. A general problem with modern connected systems. by fuzzyfuzzyfungus · · Score: 5, Informative

    Unfortunately, this is just one facet of a larger problem with no especially easy solution.

    Trouble is, a lot of modern high-tech, networked systems generate huge amounts of potentially creepy data just in order to work. Your cellphone is useless if the network doesn't know what cell you are in, who you are calling, and what cell they are in. Nor does it work if the network doesn't know which handset and SIM are yours. Credit and debit cards only work because the system knows who to transfer money from and who to transfer it to. Hell, the internet isn't going to work all that well if systems between you and your destination don't have the information they need to deliver packets.

    Now, none of this means that we should aggregate and make use of these data, indeed, I think we shouldn't. However, because all these data necessarily exist for the system to work, they are constantly just sitting there, yours for the collecting. That makes legislative or cultural safeguards extremely difficult to build, even under the best of circumstances(ours are not the best of circumstances).

    Unfortunately, I don't know of any good way out. In some cases, it might be possible, with sufficient will, to build systems that don't generate so much compromising information(I hear very interesting things, for instance, about using clever crypto tricks for electronic currency). In others, that may not be possible. While you can, at a cost of latency and bandwidth, make tracking your activity on a network a nuisance(see tor), you would be hard pressed to defeat an opponent who can see the whole network, and you certainly can't match the efficiency of unobfuscated traffic.

    Barring a more or less apocalyptic collapse of modernity, we are going to have a damn difficult time building technology that doesn't, just in order to work, know rather more about us than we would like. Nor will it be very practical to directly legislate against particular abuses, the tech changes too quickly, and a disconcerting proportion of legislators are thick as posts when it comes to technological issues.

    If there is any hope at all, which I'm not sure that there is, it would be in doing what we can technologically(cryptographic cash + encrypting everything we can + avoiding potentially backdoored systems) along with encouraging a culture that rejects surveillance.

  11. siiiiigh, no... by SuperBanana · · Score: 4, Interesting

    I was recently hired by a company that works on classified information. Cell phones are not allowed, by DOD policy. The risk lies in the ability of [??] to remotely activate the phone and eavesdrop on the microphone. This wasn't a joke, several people believe the capability already exists.

    Having the cell phone remotely activated is the least of their concerns. They're more concerned about YOU activating it, or using it to store something.

    I have a friend who works on classified stuff too (as does just about anyone who works in DC/Maryland.) They have a room that is for use of classified systems and materials.

    Cell phones etc are kept outside because everything that goes in, stays in, so that it can't be used to bring something out. For example, he took a USB mouse in, and had to buy a new one to replace it- they wouldn't let the USB mouse out, because it could be used to hide stuff. Maybe it had been modified with memory, or opened up and something classified stuffed inside the case. Etc.

    --
    Please help metamoderate.
  12. Re:Location snooping is only the beginning by NoName+Studios · · Score: 4, Interesting

    This has been possible for a long time already. The Nokia 5160i released in 1998 could be used to eavesdrop. Simply short the answer button to the light up key pad. Toss it in a room and call it at your convenience. The phone will answer immediately without ringing.

  13. Re:All I can say... by Datamonstar · · Score: 4, Insightful

    Here we go again. it isn't what they have to hide, it's the things that you don't want to tell people. Just because it's the government *gasp!* it doesn't give them the right to force everyone into revealing what kind of underwear they're wearing. You might not value your privacy and have no problem giving out information, but at what point will you start to have a problem with it? At that point, you're no different than those of us who prefer to give out no unnecessary private information at all. And still, neither group has anything to hide. Does it make sense now?

    --
    The eternal struggle of good vs. evil begins within one's self.
  14. 1984 is now affordable by Anonymous Coward · · Score: 4, Interesting

    305,063,243 Americans
    talk 0.11 hours per day on the phone or 6.6 minutes on average per day or 2,409 minutes a year
    or 734,897,352,387 total minutes a year
    Using GSM cellphone audio compression technology of 5.6kbps or 336kbpm or 246,925,510,402,032 kb/year or
    30,865,688,800,254 KB/year
    or
    30,142,274,219 MB/year
    or
    29,435,815 GB/year
    or
    28,746 TB/year
    or
    28 PB/year
    and if you assume people mostly talk to other Americans you only need to record half of the conversions
    or 14 PB/year
    1TB drive currently costs about $200 or
    $3 million dollars to store all the made calls in the US in a year plus overhead.

  15. Encrypted Mobile PHones by Dogun · · Score: 4, Interesting

    At this point, I think it's pretty clear that people need a secure way to perform key exchange with friends and have the keys stored and the conversations decrypted off of their mobile phone devices.

    Why aren't such systems in the consumer space yet, and cheap?

    1. Re:Encrypted Mobile PHones by EaglemanBSA · · Score: 4, Insightful

      Can you imagine the scrutiny you'd be inviting to your doorstep if you were the first one to buy a setup like that? Not only that, but look at how difficult it has been to instigate widespread use of PGP -- it's growing (and fast!), especially with more user-friendly interfaces such as Ubuntu's, but the sad reality is that most people really don't care.

      I ask the exact same question all the time, and from fellow slashdotters, you'll get a 'hear hear', but from John Q. Public, you're more likely to get a 'I prefer my false sense of security over your privacy rights'. Downright aggravating, I know.

      --
      Quiz: True or False -- On a scale of 1 to 10, what is your middle name?
  16. Re:All I can say... by Atlantis-Rising · · Score: 3, Interesting

    I think one can reasonably take the position (like I do) that I might be annoyed if something private about my life were to be released. My credit card number, for example, or conversations I have with friends and relatives. But I wouldn't be ashamed or otherwise hurt.

    I may not want it to be released, but if it were released, the only major harm would be my annoyance.

    Demand privacy. Do not require it, or you will become a slave to it. You can't be blackmailed if you have no secrets...

    --
    "It is possible to commit no errors and still lose. That is not a weakness. That is life." -Peak Performance
  17. Re:All I can say... by Hal_Porter · · Score: 3, Insightful

    Privacy advocate(n): Someone so boring no one would bother spying on them.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  18. Re:All I can say... by rawtatoor · · Score: 3, Insightful

    but i couldn't live without my cellphone.

    You know what? I think you would be ok if you didn't have a cell phone.

  19. look at the iPhone feature list by straponego · · Score: 3, Insightful
    If you really want to be paranoid (I know I do!), consider the following features of the iPhone:

    * GPS (It knows where you are)

    * No way to remove battery (You can't turn it off)

    * No multitasking/process monitoring without jailbreaking (You can't see what it's doing)

    * No video capabilities (You can't record the police-- which is one of the few dangers to the state, these days.)

    Interesting that a device so compelling in so many ways is crippled in such specific ways.

    Oh, and of course... it's AT&T.

    ...er, just kidding!

  20. Re:All I can say... by Anonymous Coward · · Score: 3, Insightful

    Since when does anyone have the right to call me and expect an answer? Last I checked, the only person who gets to decide this is me, and most of the time I'm not interested in getting calls. Sure, friends sometimes complain that they can't call me whenever the urge takes them, but I point out that the phone is there for *my* convenience, not theirs, and that I'm the one paying for it so I'm the only one that gets to decide how it's used. They know that if they need to contact me, email is far more likely to get a response in a timely fashion than anything else.

    Most of the time my cell sits in a desk drawer, powered off. I take it out when I think *I* might have a need for it, not when I think *someone else* might have a need for it. Since those occasions are fairly rare, I spend much of my day blissfully unbothered by people who think they just *have* to call me and interrupt whatever it is that I'm doing, because god knows, whatever they have to say is far more bloody important than whatever it is I'm doing at the time!

  21. No. Privacy is hard, anonymity is easy by SuperKendall · · Score: 3, Insightful

    You jest, but isn't it a little sad that one must be an amateur cryptographer to have some privacy?

    Why? Why is that sad? That has been true, throughout all of history. The more people you interact with, the less privacy you have. The equation has remained the same time immemorial.

    That's because Privacy at the levels some seem to think they are entitled to now, is incredibly hard and basically does not work without much diligence.

    What we can all be happy with though is the fact that larger amount of interconnected data render us not invisible, but instead anonymous. Yes people CAN track your cell phone, along with tens of thousands and millions of people in the same city. Yes you are watched by a hundred hundred cameras on your way to work. But who cares, because NO ONE can sift through all that data unless they have a very specific purpose, and even then the data is so lossy the value in it is practically nil.

    Just look at England, a camera network set up specifically basically to spy on the public. The fact that it has no impact on the crime it was meant to deter and punish means that even when you try to keep the data organized, there is so much that you will fail.

    So smile for the camera, because chances are it's the only thing that will ever see you. You are not important enough to watch, and if you were no systems are really good enough to watch you all the time.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  22. Re:All I can say... by bl968 · · Score: 4, Insightful

    You can't be blackmailed if you have no secrets...

    Lets say one day you protest something the government does that you don't like, lawfully exercising your free speech and rights to petition the government for a redress of grievance. Now you have popped up on the government's radar screen. They then go check the voluminous records they have started keeping on every American!

    There are millions of laws on the books many of them are complex and hard for the average person to follow. How many of them have you broken and don't even know about it.

    All the government has to do now is go back and go through your call logs and other electronic traces with a fine tooth comb looking for one to bust you with.

    Your best friend is a member of several environmental groups, one of them the government suspects of environmental terrorism. You were in close proximity to this drug dealer, that mafia guy, some guy who got busted for breaking into homes.

    Even though you are a law abiding citizen can you be sure that every single person you ever have come in contact with is, or was as well? That is the true danger of this. Guilt by association or proximity.

    I hope this clarifies things for you somewhat...

    --
    "GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"