Slashdot Mirror
Feds Can Locate Cell Phones Without Telcos
schwit1 sends along an Ars Technica report covering the release of documents obtained under the FOIA suggesting that the Justice Department may have been evading privacy laws in their use of "triggerfish" technology. Triggerfish are cell-tower spoofing devices that induce cell phones to give up their location and other identifying information, without recourse to any cell carrier. "Courts in recent years have been raising the evidentiary bar law enforcement agents must meet in order to obtain historical cell phone records that reveal information about a target's location. But documents obtained by civil liberties groups under a Freedom of Information Act request suggest that 'triggerfish' technology can be used to pinpoint cell phones without involving cell phone providers at all. The Justice Department's electronic surveillance manual explicitly suggests that triggerfish may be used to avoid restrictions in statutes like CALEA that bar the use of pen register or trap-and-trace devices..." The article does mention that the Patriot Act contains language that should require a court order to deploy triggerfish, whereas prior to 2001 "the statutory language governing pen register or trap-and-trace orders did not appear to cover location tracking technology."
Yeah, patriot act, rights violations, unecessary power, etc etc...
Where can I get one?
Sometimes, life itself is sarcasm...
any time, I just flushed it down the toilet. Trigger this fish tracking...
Dude, your septic tank is only 50 feet from the house.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
>step 1, remove batteries.*
*Does not apply to iphone owners
No, most cell phones have one and only one battery.
And for low power EMF (cell phones) even very thin cages can be used, I wouldn't be surprised if most aluminum foil were more than sufficient.
For your Faraday cage to be effective, it has to be very conductive. The higher the resistance, the worse it works.
A thin layer of metallised Mylar is not going to attenuate the signal very much. Certainly not enough to prevent my receiving a call just now. I even tried sealing the end with aluminium tape (which, btw, is much better than duct tape for almost everything, especially ducts).
If you want to make sure some piece of electronics isn't transmitting/in a position to be heard, there are only a few tools that are up to the task. If you're in a hurry: hammer. If you want to be sure: nuke from orbit.
Can you be Even More Awesome?!
McNulty and Co. used "trigger fish" to collect info after the Barksdales moved to disposable cell phones. The devices would collect info without the use of pen registers and obviated the need for a lot of paperwork such as search warrants.
But this is like going through the trash. It's clearly an end-run against privacy laws, but I don't see where the deviousness is. If you carry a cellphone around that emits radio waves, you probably don't have a great expectation of privacy if you leave it on all the time. And it's not like the triggerfish are recording the conversation.
A NYC lawyer blogs. http://www.chuangblog.com/
The article must be in error. Bush passed the patriot act to allow this to happen without warrants, not to impose the need for warrants, right?
Support my political activism on Patreon.
I wonder why they didn't use the Hawaiian name, "humuhumu-nukunuku-a-pua'a"...
*shrug*
I think it's because they want the public to THINK the courts are working, and that the government spies are having to bust their asses to do their jobs. But, they probably are 5 steps ahead, but then get outed. I wonder if anyone else is outing that Predator/drone/RPV that (almost) nightly buzzes/hovers over Glen Park BART Station with such a loud buz that it is annoying as hell. The police i talked to say they know nothing of it. They recommend I write the police chief/commissioner/city mayor.
Whatever nutcase dreamed up the drone surveillance (probably watching gangsters from LA/OC, or Salvadorian or Nicaraguan or Chilean/whomever cartel gangsters in the area, or just for gunshot triangulation, who knows?) seems to have thought that placing it OVER the GP BART building or near the freeway would mask it. But, the fucker is LOUD, and i can hear it adjusting power when coping with the local temperature and wind changes. The noise sweeps up the hill, unmolested by the thousands of homes. It may be quiet directly beneath it, but it's not at all quiet along the ridges and up the hill. They should buy a quieter model, or lose their permit to fly. Fortunately i don't have a brown-out gun, or i'd terminate it (without bragging, of course, lest i face jail/prison), not because of spying, but because that fucker makes it hard to sleep without the use of earplugs from ~~ 1030PM to ~ 0230...
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
The thing is, you don't have control over the GSM/CDMA radio - it's controlled by a completely separate processor, and get access to the microphone, speakers, and a serial link to the main processor, so that the processor powering the phone's OS doesn't cause spurious radio transmissions.
Some data goes back and forth, yes, but you probably won't be able to tell when it's doing this versus a legit cell tower connection...
Privacy is not explicitly spelled out, though. I mean, there are the ninth and tenth amendments, but they're exactly the kind of thing you'd expect politicians to ignore due to their unambiguous, but unspecific language (and ironically, one of the more prominent "pro-privacy" rulings pretty much ignored the tenth amendment). Whittling at the weapons first, that's what's unexpected.
Can you be Even More Awesome?!
Sure, what is the problem with gradually eroding civil liberties and ever increasing surveillance of the populace. Why don't we just throw the Constitution right in the garbage while we're at it?
All in all, its almost as much a problem as this "If you've got nothing to hide, what are you worried about?" attitude that we're seeing more and more.
I wouldn't be surprised if most aluminum foil were more than sufficient.
And to think people laughed at me when I put a pocket in my tinfoil hat!
What are we going to do tonight Brain?
You have no idea as to what I'm hoping, Comrade.
-- Tigger warning: This post may contain tiggers! --
Do elaborate, please. RFID does, in fact, require power. It's just that that power is provided by the reader when in proximity to the tag. Are you suggesting there are RFID tags embedded into "modern cell phones"? Or something else? If you're suggesting that cell towers have the ability to blanket a region with an electric field capable of getting all of the cell phones to respond (loudly enough) to a "ping" for their location, I'm afraid I'm going to have to call BS. So what is this "functionality" that you claim allows cell phones to be identified and located without a battery?
> Why are cell phones designed to be so insecure?
For the same reason bank accounts, Web sites, etc. are. Not more than one user in a million cares.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Just as RFID tags do not require batteries to give disclose their location and unique identifiers, modern cell phones also have similar functionality batteries or not...
I am a cell phone designer, and a phone reporting *anything*, even just a handshake, to a tower thousands of meters away takes significant power.
It is possible that the little coin cell battery in most phones could handle the receiving of a signal, and then wake the phone up and have it reply with the main battery, (though to the best of my knowledge we don't let phones do that [and yes, I design power systems]), but if the main battery isn't there, that's a no-go.
Passive RFID is a completely different batch of apples than active cellular communications. Passive RFID has a maximum range of around 10 meters (phased array antennas notwithstanding, but seriously...). You would need a specially designed phone to use some sort of active RFID when the battery is removed, and we don't make those.
Now, this isn't to say that I'm not pissed at the Feds for doing something like this--perhaps even more so than the average user. I can see how they are taking advantage of perfectly innocuous and functional code and systems designed by my co-workers to agreed standards, and then using those standards to make our customers lose their privacy.
*sheesh*
>> Standing on head makes smile of frown, but rest of face also upside down.
Some cell phones work INSIDE a closed elevator box. Creating a good shielded enclosure is not a casual thing to do.
The only way to be sure, besides nuking from orbit, would be to seal up the phone, then call it. If it doesn't answer, you have *probably* got it right. But no guarantees.
Behold, this dreamer cometh. Come now, and let us slay him... and we shall see what will become of his dreams.
rural != modern
Well, you're comparing traits on multiple axis, but to your point, individualistic remote living requires a higher level of technology than living in cities does. We probably went hunter/gatherer-tribes -> cities -> 'modern' agriculture -> rural individuals, though there's debate about which came first, cities or agriculture. n.b. sanitary sewers are rather new in the history of cities.
More concretely, you'd have a hard time arguing with the farmer running giant gps-guided irrigation robots or my friend who has linux boxes with webcams as shepherds, that rural != modern, but really any rural home is going to be packed full of technology to make life more enjoyable.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
http://www2.rohde-schwarz.com/en/products/radiomonitoring/product_categories/signal_intelligence/overview/
Click on the GC128 datasheet. They have a firmware for that device that turns it into an IMSI Catcher. There is
also a portable suitcase version of the device.
IMSI Catchers basically work by impersonating the cell tower of the network the subscriber is on, forcing his
handset to it by protocol and higher signal strength and then (this is important) flipping whatever calls are
made into non-encrypted mode. Some phones have a debug mode that will show you whether encryption is activated
or not so if you're making a call and encryption is suddenly off - you know what to do at least I hope.
Basically an IMSI catcher is a still a device that is used on the levels of industrial espionage or espionage
by foreign services that don't have access to the normal national monitoring - which incidentally _all_ (cell)
phone networks are hooked into. The claim US intelligence services are not plugged into their telcos and have to
go outside for surveillance by using a device like this is what it is: Disinfo.
As far as I know, phones don't transmit call logs. But the reason they transmit it's serial number and phone number and GSM IDs, is because they need to have a unique identifier to hand off call from one cell tower to another, and that ID must be traceable to an account in order to bill it properly. So you can't really opt out of this even if you controlled the hardware, although I suppose you might be able to filter the towers that the phone will talk to.
The rest of the privacy invading features are intended to provided a more accurate triangulation for use with the e911 system. This could be evaded except it's against the law to manufacture/distribute a phone without e911 support.
Just so you know, here in Southern California, where the FasTrak system the parent mentions is, most toll roads that I'm aware of do not take cash. You must have the FasTrak, or presumably they will photograph your license plate and you will pay a hefty fine.
Here it's different than most places, of course; there are usually alternate routes you can take just as easily that don't have a toll. It'll just take you a little longer; the main difference being that the free route will have our notoriously heavy traffic or be jammed all the time, while the toll road you'll presumably fly through.
They dynamically adjust the toll depending on traffic level, to make sure the toll road is always operating at or below reasonable capacity. There are electronic signs at various points before the exits to these roads that tell you the current toll so you can decide to go that way or not. I've seen it go up to over $15 on the one near my house!
When I lived in New York (I just moved out here a few months ago) I had the EzPass for the NY Thruway, which was a little more nefarious. To get to any other city in New York in a reasonable manner, you have to use the Thruway, which is a toll road. I'm sure a whole lot more people in New York have EzPass than people in California have FasTrak. Of course, there are a lot more toll bridges and stuff in New York, which the EzPass also works on, which makes it, again, even more useful/essential than FasTrak since there aren't a whole lot of toll bridges around here (I can't think of a single one off the top of my head, while I regularly used them back in Buffalo.)