Slashdot Mirror
Speculation On Large-Scale Phone Location Snooping
An anonymous reader recommends a speculative blog entry by Chris Soghoian up on CNet. Soghoian makes a convincing case that the NSA could be using loopholes in the law to gather real-time location information on the mobile phones of millions of people. There is no hard evidence that this is happening, but the blog post sheds light on the dense undergrowth of companies populating the wireless space that could be easy pickings for a National Security Letter with a gag order attached. "While these household names of the telecom industry [AT&T, Verizon, and Sprint] almost certainly helped the government to illegally snoop on their customers, statements by a number of legal experts suggest that collaboration with the NSA may run far deeper into the wireless phone industry. With over 3,000 wireless companies operating in the United States, the majority of industry-aided snooping likely occurs under the radar, with the dirty work being handled by companies that most consumers have never heard of."
... with the battery out, until I need it. I also keep a roll of aluminum foil with me in case I need to make a hat.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
that's how i used to view owning a car, but after a while people stopped inviting me to get-togethers...
but seriously, there's relying on your friends when you accidentally leave your phone at home or in the car, and then there's treating your friends as walking pay phones. perhaps it's not as bad as telling people that you quit smoking and then bumming cigarettes off of everyone else. but it's still a pain in the ass trying to reach someone who doesn't have a cellphone.
i guess it all depends on your social life. maybe your friends are cool with it, or maybe you just don't need to use a cellphone very often. but i couldn't live without my cellphone. since getting a cellphone in high school i've lost the ability to remember people's phone numbers. this led to a rather embarrassing situation at the hospital when i couldn't tell the nurse what number to dial to reach my girlfriend.
the NSA could be using loopholes in the law
Why use loopholes when they don't have any qualms about outright breaking the law?
You don't watch them. You just keep a log.
After a leak occurs, you cross-reference the reporter's path with the paths of everyone that had access to the information. When you find one person who was in the same place as the reporter for a half hour the day before the story broke, chances are you've identified the whistleblower to retaliate against.
Or you pick out whoever your most vocal critic is for the day and find out where their dirty little secrets are. Use whatever you learn to discredit them.
If you need something done, find a random person's secrets and blackmail them.
You need to blackmail someone in particular? They live a perfectly clean life? Find their associates and use (blackmail) them to pressure your target.
As long as my wife doesn't know where I am then who cares about the government.
While what you say is true in the general case, it is not necessarily true. In particular, when the courts rule it to be in the greater good (INIAL, so I'm not sure the specific criteria) they can suspend free speech rights. Also, of course, contracts are frequently used to limit speech on certain subjects, though of course those can only impose civil penalties and must be agreed to by both parties.
So, while the gag orders very likely do not fit within those limitations, they do pose one very real problem: how do you challenge them without violating them? If you just want to take the hit, you can always just ignore it, but you'll almost certainly be in federal prison for a couple years before hearing the first verdict with regards to the constitutionality of the order. And furthermore if you were successful challenging them, do you really want to be on the NSA and FSI's shit list?
Finally, there is no evidence (I am aware of) that these orders are so bad. If the NSA was targeting, say, 10 people, I'm pretty sure most people would agree that would be pretty fair and fall within the realm of a standard investigation (in which case the gag orders would be seen as fair). The real problem is that the providers aren't even allowed to say "chill out it's only a handful of people". And that, I suppose, is the big problem.
With the spotty performance of the GPS on my 3G iPhone, I don't need to worry about the NSA ever finding me!
blog |
Gag orders are quite legal.
First Amendment rights can be suspended if it can be shown beyond a reasonable doubt that it is in the interest of the common good. That is why it is illegal to yell "fire" in a theater when there is no fire - the possibility of people getting hurt in a panic balances your right to free speech.
Gag orders protect many national secrets that would cause the death of thousands, perhaps millions of people. They conceal the locations of government operatives, and protect the true capabilities of the nation's defense.
They are extremely beneficial when used correctly. Unfortunately, they are abused at a rate that is quite alarming by corrupt politicians and greedy businessmen.
Unfortunately, this is just one facet of a larger problem with no especially easy solution.
Trouble is, a lot of modern high-tech, networked systems generate huge amounts of potentially creepy data just in order to work. Your cellphone is useless if the network doesn't know what cell you are in, who you are calling, and what cell they are in. Nor does it work if the network doesn't know which handset and SIM are yours. Credit and debit cards only work because the system knows who to transfer money from and who to transfer it to. Hell, the internet isn't going to work all that well if systems between you and your destination don't have the information they need to deliver packets.
Now, none of this means that we should aggregate and make use of these data, indeed, I think we shouldn't. However, because all these data necessarily exist for the system to work, they are constantly just sitting there, yours for the collecting. That makes legislative or cultural safeguards extremely difficult to build, even under the best of circumstances(ours are not the best of circumstances).
Unfortunately, I don't know of any good way out. In some cases, it might be possible, with sufficient will, to build systems that don't generate so much compromising information(I hear very interesting things, for instance, about using clever crypto tricks for electronic currency). In others, that may not be possible. While you can, at a cost of latency and bandwidth, make tracking your activity on a network a nuisance(see tor), you would be hard pressed to defeat an opponent who can see the whole network, and you certainly can't match the efficiency of unobfuscated traffic.
Barring a more or less apocalyptic collapse of modernity, we are going to have a damn difficult time building technology that doesn't, just in order to work, know rather more about us than we would like. Nor will it be very practical to directly legislate against particular abuses, the tech changes too quickly, and a disconcerting proportion of legislators are thick as posts when it comes to technological issues.
If there is any hope at all, which I'm not sure that there is, it would be in doing what we can technologically(cryptographic cash + encrypting everything we can + avoiding potentially backdoored systems) along with encouraging a culture that rejects surveillance.
I was recently hired by a company that works on classified information. Cell phones are not allowed, by DOD policy. The risk lies in the ability of [??] to remotely activate the phone and eavesdrop on the microphone. This wasn't a joke, several people believe the capability already exists.
Having the cell phone remotely activated is the least of their concerns. They're more concerned about YOU activating it, or using it to store something.
I have a friend who works on classified stuff too (as does just about anyone who works in DC/Maryland.) They have a room that is for use of classified systems and materials.
Cell phones etc are kept outside because everything that goes in, stays in, so that it can't be used to bring something out. For example, he took a USB mouse in, and had to buy a new one to replace it- they wouldn't let the USB mouse out, because it could be used to hide stuff. Maybe it had been modified with memory, or opened up and something classified stuffed inside the case. Etc.
Please help metamoderate.
This has been possible for a long time already. The Nokia 5160i released in 1998 could be used to eavesdrop. Simply short the answer button to the light up key pad. Toss it in a room and call it at your convenience. The phone will answer immediately without ringing.
Here we go again. it isn't what they have to hide, it's the things that you don't want to tell people. Just because it's the government *gasp!* it doesn't give them the right to force everyone into revealing what kind of underwear they're wearing. You might not value your privacy and have no problem giving out information, but at what point will you start to have a problem with it? At that point, you're no different than those of us who prefer to give out no unnecessary private information at all. And still, neither group has anything to hide. Does it make sense now?
The eternal struggle of good vs. evil begins within one's self.
305,063,243 Americans
talk 0.11 hours per day on the phone or 6.6 minutes on average per day or 2,409 minutes a year
or 734,897,352,387 total minutes a year
Using GSM cellphone audio compression technology of 5.6kbps or 336kbpm or 246,925,510,402,032 kb/year or
30,865,688,800,254 KB/year
or
30,142,274,219 MB/year
or
29,435,815 GB/year
or
28,746 TB/year
or
28 PB/year
and if you assume people mostly talk to other Americans you only need to record half of the conversions
or 14 PB/year
1TB drive currently costs about $200 or
$3 million dollars to store all the made calls in the US in a year plus overhead.
At this point, I think it's pretty clear that people need a secure way to perform key exchange with friends and have the keys stored and the conversations decrypted off of their mobile phone devices.
Why aren't such systems in the consumer space yet, and cheap?
In the country I was born, about a quarter of the population were recurited as informers of the secret services.
The scale of this "domestic intelligence" was virtually unknown (although suspected by some) until recent laws allowed some old records to be opened.
Yet, even now there are still people who (out of ignorance, political reasons, blind trust in the government, financial gain etc.) still ignore or deny the fact that mass spying was going on such scale.
Based on this experience, if I were you I'd at least entertain the possibility that such thing is possible to do.
Especially if, as the article points out, it is possible that a lot of seemingly innocent data is obtained from a variety of (helpful) sources and then stitched together into a coherent profile by a secret agency with huge budget. ;)
You can't be blackmailed if you have no secrets...
Lets say one day you protest something the government does that you don't like, lawfully exercising your free speech and rights to petition the government for a redress of grievance. Now you have popped up on the government's radar screen. They then go check the voluminous records they have started keeping on every American!
There are millions of laws on the books many of them are complex and hard for the average person to follow. How many of them have you broken and don't even know about it.
All the government has to do now is go back and go through your call logs and other electronic traces with a fine tooth comb looking for one to bust you with.
Your best friend is a member of several environmental groups, one of them the government suspects of environmental terrorism. You were in close proximity to this drug dealer, that mafia guy, some guy who got busted for breaking into homes.
Even though you are a law abiding citizen can you be sure that every single person you ever have come in contact with is, or was as well? That is the true danger of this. Guilt by association or proximity.
I hope this clarifies things for you somewhat...
"GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"