ACLU Obtains Cell Phone Tracking Training Materials

← Back to Stories (view on slashdot.org)

ACLU Obtains Cell Phone Tracking Training Materials

Posted by samzenpus on Sunday April 1, 2012 @07:43AM from the step-by-step dept.

guttentag writes "The New York Times has published a large collection of law enforcement training documents obtained by the ACLU. The documents describe in detail what kind of information can be obtained from cell phones and cell phone carriers, and how to obtain it. The 189-page PDF also contains dozens of invoices from the major carriers for their services to law enforcement that describe the fees for those services."

33 comments

Min score:

Reason:

Sort:

Watch out reporter by Anonymous Coward · 2012-04-01 07:53 · Score: 0

This won't make them happy, not at all!
Any suggestions further securing an Iphone? by Eightbitgnosis · 2012-04-01 07:54 · Score: 2

Can any of the programs available to jailbroken phones prevent scans?
1. Re:Any suggestions further securing an Iphone? by GmExtremacy · 2012-04-01 07:56 · Score: 3, Funny
  
  What are you hiding?
2. Re:Any suggestions further securing an Iphone? by Anonymous Coward · 2012-04-01 08:05 · Score: 5, Informative
  
  No. The reason is they dump the contents of the phone. They don't actually utilise the phone itself. They just plug in a USB cable and can access the disk. Sort of like putting a device into mass storage mode where instead of the device being able to sync it can be used as an external hard drive.
  They can actually do forensics of live devices (laptops, etc) under at least some circumstances through USB 3.0 (i believe) and firewire ports.By live I mean they access the ram of the device while it is running. So if for instance a device is connected to an Internet host somewhere they can insert commands and do other stuff to it. Or figure out what is being displayed on screen without having to break your password. They could for instance grab a security key if your device is encrypted.
3. Re:Any suggestions further securing an Iphone? by Eightbitgnosis · 2012-04-01 08:08 · Score: 2
  
  .....Cake....Yeah...cake
4. Re:Any suggestions further securing an Iphone? by fustakrakich · 2012-04-01 08:15 · Score: 5, Funny
  
  That's a lie, and you know it!
  
  --
  “He’s not deformed, he’s just drunk!”
5. Re:Any suggestions further securing an Iphone? by girlintraining · 2012-04-01 08:23 · Score: 5, Informative
  
  Can any of the programs available to jailbroken phones prevent scans?
  You're using an iPhone and you have illusions about your privacy? Dude, have you read the EULA? Law enforcement has more restrictions on what it can and cannot do with your data than the manufacturer does, which is basically no restrictions. Worry less about what the ACLU found out and more about the people who made your phone.
  "...you agree that Apple and its subsidiaries and agents may collect, maintain, process and use diagnostic, technical, usage and related information, including but not limited to information about your iOS Device, computer, system and application software, and peripherals, that is gathered periodically..."
  "...To provide and improve these services, where available, Apple and its partners and licensees may transmit, collect, maintain, process and use your location data, including the real-time geographic location of your iOS Device, road travel speed information, and location search queries."
  "These unique identifiers may include your email address(es), the Apple ID information you provide, a hardware identifier for your iOS Device, and your iPhoneâ(TM)s telephone number. By using the iOS Software, you agree that Apple may transmit, collect, maintain, process and use these identifiers..."
  By the way, that's all on page 1. There are 96 pages after that.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
6. Re:Any suggestions further securing an Iphone? by Anonymous Coward · 2012-04-01 08:24 · Score: 0
  
  Do you have a source on this? I'm curious how it works?
7. Re:Any suggestions further securing an Iphone? by Anonymous Coward · 2012-04-01 08:28 · Score: 1
  
  Firewire specifically supports DMA. Feature, not bug.
8. Re:Any suggestions further securing an Iphone? by DigiShaman · 2012-04-01 09:14 · Score: 4, Insightful
  
  "...you agree that Apple and its subsidiaries and agents may collect, maintain, process and use diagnostic, technical, usage and related information, including but not limited to information about your iOS Device, computer, system and application software, and peripherals, that is gathered periodically..."
  I just love how they sneak that in there. Those four word sandwiched in between makes all others moot. Instead, they should be honest and phrase it as
  "You're data is ours and everyone else's we so choose. Bitch! Deal with it!"
  That would be at least more respectable.
  
  --
  Life is not for the lazy.
9. Re:Any suggestions further securing an Iphone? by mikael · 2012-04-01 11:19 · Score: 1
  
  bios level remote access, KVM switches - some sys-admins want remote BIOS level access to their servers. The software replicates the framebuffer as well as mouse anf keyboard events across the internet.
  
  --
  Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
10. Re:Any suggestions further securing an Iphone? by Anonymous Coward · 2012-04-01 11:51 · Score: 0
  
  Can any of the programs available to jailbroken phones prevent scans?
  No.
  If you care about security, get a blackberry.
11. Re:Any suggestions further securing an Iphone? by bigstrat2003 · 2012-04-01 11:58 · Score: 1
  
  South Park nails it, as usual.
  
  --
  "16MB (fuck off, MiB fascists)" - The Mighty Buzzard
12. Re:Any suggestions further securing an Iphone? by CharlyFoxtrot · 2012-04-01 12:35 · Score: 1
  
  Still better than using Android. Because Apple is making money off of selling the device not ads or services, they are actually de-incentivized from abusing that info because it could drive away their customers and as a consequence they've got a pretty good track record on not giving away your info. Google's whole raison d'être on the other hand is actually gathering that info, correlating it with info from all of their other services and then using it to target you. Plus they've been known to make a run around privacy protections.
  
  --
  If all else fails, immortality can always be assured by spectacular error.
13. Re:Any suggestions further securing an Iphone? by CharlyFoxtrot · 2012-04-01 12:37 · Score: 1
  
  You're trolling, right ? The people who give repressive regimes access to their servers ?
  
  --
  If all else fails, immortality can always be assured by spectacular error.
14. Re:Any suggestions further securing an Iphone? by mindcandy · 2012-04-01 14:24 · Score: 5, Informative
  
  In short .. No.
  
  Here's what they can gather at a network level :
  1. Which antenna of what tower your phone last registered on (and possibly also RSSI).
  2. Incoming and outgoing numbers dialed, call duration, and technical data during call (which towers, etc.).
  3. Data ingoing/outgoing (including SMS) to the extent that they log it (ever notice the proxy under the APN settings?).
  
  Once they have the device itself ..
  1. Anything stored on the device (including SMS not stored on the SIM).
  2. GPS history (and other debug information the device might have collected).
  3. Contacts and other information in the SIM (provided you didn't lock the SIM, unless they get the PUK, which is mentioned in tfPDF).
  
  The network-level stuff is controlled (in your phone) by the baseband chip and associated firmware .. it would *theoretically* be possible to write custom firmware that identified attempts at triangulation (frequent BTS handoffs) and denied them or deliberately registering with a tower with a less-than-ideal RSSI (ie: farther away), but PCS technology is fragile enough with everyone following the rules as-is .. if enough people start breaking the standards *on purpose* I suspect it will be detected and blocked by the carriers proper quick.
  
  You're carrying an active transceiver that operates independent of your input (eg: there is no 'key' like in HF). Finding it will be easy. Tracking it will be easy.
  
  Moxy Marlinspike (et.al.) have done some work on the upper layers with respect to anonymizing and/or encrypting the content of the communication, and there are several projects to help you secure the container (the phone itself), but realistically .. if you don't want to be tracked, don't carry a radio beacon in your pocket.
15. Re:Any suggestions further securing an Iphone? by Eightbitgnosis · 2012-04-01 14:38 · Score: 1
  
  I was thinking less of the tracking, and more of the flashing of a copy of the phone, but thank you for the thoughtful reply
16. Re:Any suggestions further securing an Iphone? by mindcandy · 2012-04-01 14:49 · Score: 1
  
  Well .. the simple answer to that one would be to open up the phone and clip the data pins to the iPort on the bottom.
  The police buy off-the-shelf gear and go to expensive training courses to learn how to plug it in and press the 'go' button .. electrical engineers they ARE NOT.
  
  That said, if you are sufficiently interesting and your phone ends up in the hands of the FBI/NSA/etc with someone that has the experience to do SMD rework and physically pull the chips off the board you're likely being held incommunicado and the forensic value of the hardware in court is the least of your problems.
  
  Have a look at WhisperSystems (the Marlinspkie project I mentioned) .. he is working on encrypted voice/sms, but AFIK it's only for Android ATM.
17. Re:Any suggestions further securing an Iphone? by WolF-g · 2012-04-01 20:44 · Score: 1
  
  This reason right here is why despite Apple's failings I am an iOS user over Android.
Redactions by Anonymous Coward · 2012-04-01 07:55 · Score: 5, Interesting

If you look at all of the redactions from the invoices from cell companies (at the end), you'll notice that a few times names and emails are NOT redacted. Someone screwed up.
1. Re:Redactions by girlintraining · 2012-04-01 08:29 · Score: 3, Funny
  
  redactions from the invoices from cell companies (at the end), you'll notice that a few times names and emails are NOT redacted.
  
  Someone now has the name and e-mail address of a few of the secretaries that process the paperwork for [ 3 letter government agency]. We'll have to raise the terror alert to Muave: 'Increased Risk of Angry Letters Being Sent to Actual People Instead of Boiler Room.'
  
  --
  #fuckbeta #iamslashdot #dicemustdie
2. Re:Redactions by Anonymous Coward · 2012-04-01 08:31 · Score: 1
  
  No, they redacted the names and emails of the officers involved. On a couple, they forgot to redact the email and/or name of the requesting person. Most of the invoices due contain the names from the cell company employees, it's the names of the people requesting the information I was referring to. :P
Re:USA land of pay as you go by Sorthum · 2012-04-01 08:02 · Score: 2

That's a bit misleading; every time this has been brought to light it's been the case of the general public bribing a cell company employee. It's a problem, to be sure, but it's also not like I can punch my credit card info into verizonrecords.com or whatnot...
link to HBGary / Team Themis by decora · 2012-04-01 08:08 · Score: 2

one of the three companies, Berico Technologies, had on it's menu of expertise the area of 'cellular exploitation'.
took a while to figure that out, but essentially you have 1. cellular communications, and 2. exploitation, the former being obvious, the latter being extracting 'actionable intelligence' from the logs, records, billings, etc of the former.
their management learned how to do this in the GWOT - some of them were part of special operations in Afghanistan.
every tool we use against the terrorists will be turned around and used on citizens eventually.
Android by Anonymous Coward · 2012-04-01 09:07 · Score: 0

Is there a way to make an Android phone secure?
1. Re:Android by Truekaiser · 2012-04-01 09:23 · Score: 1
  
  take out the battery. something you can't do with a apple device strangely enough :P
2. Re:Android by Anonymous Coward · 2012-04-01 10:19 · Score: 3, Interesting
  
  "something you can't do with a apple device strangely enough :P"
  Much more secure than removing the battery when there might be a small hidden battery
  in the phone which defeats such measures, is this :
  Get three foil-lined bags of the type used to contain potato chips.
  Insert one bag inside the next, so you end up with the innermost bag
  covered with two more bags.
  Then insert the phone into the innermost bag, and fold over the openings of all three bags so the bag
  is closed tightly. The phone will not be able to send or receive signals until it is removed from the foil bags.
  You're welcome.
3. Re:Android by CharlyFoxtrot · 2012-04-01 12:40 · Score: 4, Funny
  
  You can use any additional bags to fashion yourself a nice hat too.
  
  --
  If all else fails, immortality can always be assured by spectacular error.
"spin" on presentation by mindcandy · 2012-04-01 14:12 · Score: 1

While flipping through the powerpoint slides, I noticed the spin they put on Kyllo, namely that they quoted the dissenting opinion.
The Real Question Is by Anonymous Coward · 2012-04-01 15:19 · Score: 0

The real question is, when I take a big shit, can they automatically smell it's aroma from their super secret homeland defender cyber bunkers to make sure that no slave contraband has mingled with my bile at any time in the past? ZERO TOLERANCE! These people are slacking! I'm writing my congressman at once!
I don't know what all these "privacy nuts" are upset about. If I'm not doing anything wrong, what have I got to hide? Speaking of nuts. Maybe the average government worker DOES need to inspect my nutsack hairs with their tongues on demand, just to make sure that no illicit activity has been committed. It would be an invaluable tool in our war against prostitution! I have nothing to hide, and my nutsack is as patriotic of an American as I am! If you don't like it yew can git out!
You aren't in favor of terrorists/drunk drivers/pedophiles/muggers/thugs/coke fiends/pimps/scary men in the shadows with trenchcoats, are you? /sarcasm
DMA to bypass security by crow · 2012-04-02 01:47 · Score: 1

Any device that can do DMA can be used to gain access to anything on the system. This includes eSATA, Firewire, PCMCIA, and probably other ports. USB does not support DMA, though that may have changed in 3.0.
It would be possible for the OS to disable most of these when the system is locked, which should be a feature of any secure OS, though it would annoy users, so don't expect it to be the default setting.