Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unredacted User Manuals Of Stingray Device Show How Accessible Surveillance Is (theintercept.com)

Posted by msmash on from the truth-is-out-there dept.

The Intercept has today published 200-page documents revealing details about Harris Corp's Stingray surveillance device, which has been one of the closely guarded secrets in law enforcement for more than 15 years. The firm, in collaboration with police clients across the U.S. have "fought" to keep information about the mobile phone-monitoring boxes from the public against which they are used. The publication reports that the surveillance equipment carries a price tag in the "low six figures." From the report:The San Bernardino Sheriff's Department alone has snooped via Stingray, sans warrant, over 300 times. Richard Tynan, a technologist with Privacy International, told The Intercept that the "manuals released today offer the most up-to-date view on the operation of" Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the "Stingray II" device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously.

95 comments

  1. Slippery Slope by Anonymous Coward · · Score: 0

    nuf said

    1. Re:Slippery Slope by saloomy · · Score: 5, Insightful

      No. We are way past calling this a slippery slope. Look up, theres the cliff we fell off.

      How about unreasonable search and seizure? How about due process? How about manufactured evidence? Is using the spectrum like this even legal? Aren't they violating the licensing laws of the spectrum?

      If they went to get a warrant, and asked the cell companies to give them the data, that would be legal. We can't allow them to trample on our freedoms and liberties because its inconvenient for them to go through the process the american people have approved. There is no consent of the governed here.

    2. Re:Slippery Slope by networkBoy · · Score: 1

      First and foremost: I completely agree.
      Now devils advocate:

      How about unreasonable search and seizure?

      Your choice to broadcast your signal gives implicit rights for them to read the signal, much like your choice to place your garbage into the county provided can on the curb.

      How about due process?

      See above, there is not a due process violation if all they are doing is processing through the signal you sent.

      How about manufactured evidence?

      There is a chain of custody to be followed, manufactured evidence would require breaking a seal on the device, much like a radar gun.

      Is using the spectrum like this even legal? Aren't they violating the licensing laws of the spectrum?

      One would hope they got a licence from the FCC. *snort* (sorry, couldn't keep a straight face on that one)

      Seriously though, the same argument that has been set forth about using open WiFi APs and even breaking WEP/WPA to use APs that are broadcasting past a property line apply here with your phone and any cleartext that is sent / cyphertext that is broken.

      I'm happily in a state where a warrant is required to use one of these... not that I think they are used anyway, but at least if there is no warrant the evidence is inadmissible and via poisoned fruit any evidence looked for because of one of these also becomes inadmissible (i think).

      -nb

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    3. Re:Slippery Slope by saloomy · · Score: 3

      First and foremost: I completely agree. Now devils advocate:

      How about unreasonable search and seizure?

      Your choice to broadcast your signal gives implicit rights for them to read the signal, much like your choice to place your garbage into the county provided can on the curb.

      No. There is a reasonable expectation of privacy. What about the privacy of the company who has licensed or purchased the spectrum? The signal is in their possession, and the government just trampled it like a heard of bison running over a bunny. Fuck no. Thats what warrants are for.

      How about due process?

      See above, there is not a due process violation if all they are doing is processing through the signal you sent.

      Again, no. In court, if I can't inspect the device that grabbed what they *THOUGHT* was my signal, how could I defend myself? These law enforcement toys are secret, beyond discovery from defense attorneys. So how can you question the charges, or face your accuser, which you are allowed to do. Imagine for a moment that there is a bug in the logging software, and it reports your phone as the one trying to hook up with the 13 year old middle schooler. Just, fuck no. Again. Due Process.

      How about manufactured evidence?

      There is a chain of custody to be followed, manufactured evidence would require breaking a seal on the device, much like a radar gun.

      Not what I was saying. What about "we can't let them know about how we learned about this, so lets say he logged into a bogus website, and generate some logs.

      Is using the spectrum like this even legal? Aren't they violating the licensing laws of the spectrum?

      One would hope they got a licence from the FCC. *snort* (sorry, couldn't keep a straight face on that one)

      Seriously though, the same argument that has been set forth about using open WiFi APs and even breaking WEP/WPA to use APs that are broadcasting past a property line apply here with your phone and any cleartext that is sent / cyphertext that is broken.

      I'm happily in a state where a warrant is required to use one of these... not that I think they are used anyway, but at least if there is no warrant the evidence is inadmissible and via poisoned fruit any evidence looked for because of one of these also becomes inadmissible (i think).

      -nb

      This is not that. In those scenarios, your listening. These devices talk and impersonate cell towers. They are broadcasting in that spectrum which a company has purchased outright. They do so against those licenses. Now wipe that smirk off your face, and get off my lawn!

    4. Re:Slippery Slope by youngone · · Score: 1

      I don't live in the US, but I do live in a 5 eyes country, so I have often wondered whether the Police in my country have any of these devices. My expectation is that they do have them, and they use them a lot, but won't respond to a FOI request on National Security grounds. As far as I am aware no-one has asked.

    5. Re:Slippery Slope by LifesABeach · · Score: 1

      I think that if they, the government you live under, did respond; it would be hard. As for a FOI, I'm surprised any other country except the U.S. had such an instrument.

  2. The manual is ... by PPH · · Score: 0, Flamebait

    ... probably written in Chinglish.

    --
    Have gnu, will travel.
    1. Re:The manual is ... by Anonymous Coward · · Score: 0

      Hebrew would be more likely.

    2. Re:The manual is ... by LifesABeach · · Score: 1

      Why use the word Stingray? Wouldn't Hydra be more descriptive?

    3. Re: The manual is ... by jisom · · Score: 1

      Project name vs Public name.

  3. Everyone should be forced to obey the law. by Anonymous Coward · · Score: 5, Insightful

    It is the beginning of the end for society as a whole if no one cares if the police obey the law. The Sheriff of San Bernadino should face charges for unlawful surveillance.

    1. Re:Everyone should be forced to obey the law. by msauve · · Score: 3, Interesting

      I've said this before, but here it is again: Stingrays are transmitters. It is illegal to transmit on cellular frequencies without a license (cellular users transmit under authority of their provider). So, lacking a warrant, police use of Stingrays is illegal. Why are the cops not being prosecuted for violation of federal law, and why isn't any evidence obtained through the use of Stingrays thrown out by the courts?

      (I think the answer the the last one is parallel construction, which itself is legally bankrupt)

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    2. Re: Everyone should be forced to obey the law. by skywire · · Score: 2

      A search warrant would not empower a cop to violate federal comms law.

      --
      Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.
    3. Re: Everyone should be forced to obey the law. by msauve · · Score: 1

      I wasn't sure on that, but considered it compared to a physical search warrant, which might authorize a search which would otherwise violate a state breaking and entering law. Why is it different for federal law - is it a matter of getting a federal vs. state warrant?

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    4. Re: Everyone should be forced to obey the law. by MooseTick · · Score: 1

      "A search warrant would not empower a cop to violate federal comms law."

      The 4th amendment allows the police to perform "searches and seizures" with a "Warrants" which otherwise would be considered "unreasonable"

      --
      Ninjas don't carry tic tacs
    5. Re: Everyone should be forced to obey the law. by Coren22 · · Score: 1

      But, the warrant doesn't get them around illegal use of cellular spectrum that is only authorized to certain companies by the FCC. There is no loophole in the law for police misuse.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  4. I would love to meet the product developers... by Anonymous Coward · · Score: 4, Interesting

    ...and ask them whether they regard themselves as activists against the principles of their country's Constitution, or whether they believe they're only following orders, i.e. that the known way in which their product will be put to use is "not my dept.".

    1. Re:I would love to meet the product developers... by phantomfive · · Score: 1, Insightful

      They probably consider themselves "people who get paid," like most of the rest of us.

      --
      "First they came for the slanderers and i said nothing."
    2. Re: I would love to meet the product developers... by Anonymous Coward · · Score: 1

      That's like asking a professional hitman what his motivation is.

    3. Re:I would love to meet the product developers... by DickBreath · · Score: 2

      Like the CIA torturers. "just doing my job"

      --

      I'll see your senator, and I'll raise you two judges.
    4. Re:I would love to meet the product developers... by Anonymous Coward · · Score: 1

      If you can get a job developing Stingray software/hardware, you can get a job for less money doing something less ethically abhorrent.

      Class warfare rhetoric used to be used to encourage people to strike in the face of unacceptable labor practices. Now it's turned into a hopeless lament: "Well, we gotta do what we're told or we'll be out on the street."

    5. Re:I would love to meet the product developers... by blindseer · · Score: 1

      If you can get a job developing Stingray software/hardware, you can get a job for less money doing something less ethically abhorrent.

      I must ask, is the problem with the devices or how they are used? If used only after a warrant has been obtained would people still be outraged over these devices?

      Also, these Stingray devices are made of a bunch of parts, everyone with a different use. Are the people that make the capacitors in these things somehow responsible? Even the software in these things were likely derived from code used in legitimate cell phone towers. I find it real hard to draw a bright line that separates the ethical and unethical people in those that make the devices. That get's back to my original point, is the problem with the device or how they are used?

      I can draw a parallel with a guillotine. Are the people the cut down the trees, sawed them to shape, and delivered them to where the guillotine was made responsible for the deaths caused from the use of the guillotine. It is quite likely the lumberjack, sawyer, and delivery service had no idea what the wood would be used for in the end. Even if they did, it is quite likely they were told the people put to death in the machine were criminals that "deserved" to die. They would then have to agree in the death penalty, which has its own controversy, much like some would believe that there is no legitimate need for a government to snoop into a private conversation.

      Perhaps one agrees with the use of the death penalty, and snooping into phone calls, but is opposed to how it's done. People might prefer hanging by rope for the death penalty, and tapping the cell phone towers in the area instead of the Stingray. Just because one is opposed to the use of the guillotine is that someone supposed to find work where they would not contribute to the making of a guillotine? What kind of work would that be? Likewise for the Stingray, what kind of work is someone that develops electronics and software supposed to go to know for certain their work would not wind up in a Stingray? I guess they could go into making lumber or rope but then they might be making the next guillotine or gallows.

      I think of the Cluedo game and the possible murder weapons. Are the makers of the candlestick, lead pipe, rope, revolver, knife, or spanner somehow responsible for the death of Mr. Boddy? Do not all of those items have a non-lethal purpose? Even the revolver is a recognized piece of sporting equipment, much like those used in Olympic shooting events.

      --
      I am armed because I am free. I am free because I am armed.
    6. Re:I would love to meet the product developers... by AHuxley · · Score: 1

      They repeat the cover story that its all for working with "subscriber" data internally and know not to ask anymore questions.

      --
      Domestic spying is now "Benign Information Gathering"
    7. Re:I would love to meet the product developers... by ShaunC · · Score: 2

      I must ask, is the problem with the devices or how they are used? If used only after a warrant has been obtained would people still be outraged over these devices?

      To me, the root of the problem is the devices. The way the Stingray works is by tricking all cell phones within range to connect to the Stingray instead of the legitimate cell tower. The very nature of this design means innocent peoples' phones, people who are not the subject of any warrant, are going to have their communications illegally intercepted. You might have a warrant to tap Bob's phone, but when you park your nondescript van in Bob's neighborhood and turn on your Stingray, his neighbors' phones are going to connect to it too. Anyone who happens to be driving down the street or walking their dog around the block, their phones will also connect to your Stingray. You don't have a warrant for any of those peoples' communications.

      The only justification for a Stingray type device is to go on fishing expeditions. If you have a warrant you don't need the Stingray, you just call the telco and have them tap Bob's line(s).

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
    8. Re:I would love to meet the product developers... by Anonymous Coward · · Score: 0

      "used to be used to "

      you have to wonder about the english language sometimes!

    9. Re:I would love to meet the product developers... by Anonymous Coward · · Score: 0

      My understanding is that the CIA staff didn't want to torture any detainees; it was the Blackwater guys that were pushing for torture. I'd expect the attitude of the torturer to be "Can you believe we actually get paid to do this?!"

      If you're willing to torture someone, there's something deeply wrong with you.

    10. Re:I would love to meet the product developers... by tlhIngan · · Score: 1

      To me, the root of the problem is the devices. The way the Stingray works is by tricking all cell phones within range to connect to the Stingray instead of the legitimate cell tower. The very nature of this design means innocent peoples' phones, people who are not the subject of any warrant, are going to have their communications illegally intercepted. You might have a warrant to tap Bob's phone, but when you park your nondescript van in Bob's neighborhood and turn on your Stingray, his neighbors' phones are going to connect to it too. Anyone who happens to be driving down the street or walking their dog around the block, their phones will also connect to your Stingray. You don't have a warrant for any of those peoples' communications.

      The only justification for a Stingray type device is to go on fishing expeditions. If you have a warrant you don't need the Stingray, you just call the telco and have them tap Bob's line(s).

      This is a legal problem, and it exploits a vulnerability in the cellular phone system.

      In fact, there is nothing that is preventing users from creating their own stingray type device and doing exactly the same thing - OpenBTS and the like have been used to create cellular networks, and they can be abused to form the base of your stingray device.

      And heck, I think it's been demonstrated years earlier at a Black Hat or Defcon where they set it up to capture users' cellphones.

      And this is where the tricky part is - I'm sure an open source variant isn't too far off - but are the developers lauded for exploiting a well known vulnerability in the cellular network system, or demonized for demoncratizing the stingray and letting everyone tap into everyone else?

    11. Re: I would love to meet the product developers... by Anonymous Coward · · Score: 0

      I can draw a parallel with a guillotine

      is it a double-bladed guillotine or do you cut twice?

  5. Surprised face on by bferrell · · Score: 3, Informative

    It's a software defined radio. See Range Networks for similar, MUCH cheaper equipment (also not a dumbed down). Also GNU radio.

    1. Re:Surprised face on by bferrell · · Score: 2

      Also OpenBTS

    2. Re:Surprised face on by NatasRevol · · Score: 2

      These manuals should give very good guidance on how to build an anti-Stingray device. Or pro-privacy device. Call it what you want.

      --
      There are two types of people in the world: Those who crave closure
    3. Re: Surprised face on by Anonymous Coward · · Score: 0

      It's easy. Get a box of prepaid Sims, and swap your imei number on boot.

    4. Re: Surprised face on by NatasRevol · · Score: 1

      How would that possibly help when the Stingray can monitor all calls in an area, regardless of imei? They don't identify by imei. These are used for snooping, rarely for actual legal policework. In fact, it's thrown out of court more than it's used in court.

      --
      There are two types of people in the world: Those who crave closure
    5. Re:Surprised face on by tlhIngan · · Score: 3, Insightful

      These manuals should give very good guidance on how to build an anti-Stingray device. Or pro-privacy device. Call it what you want.

      Or how about our OWN stingray type devices?

      Imagine the chaos if you're tracking an IMSI and it's passing through several stingray devices - yours, and half a dozen others. Since each is pretending to the uplink of the next, the actual location of the phone in question can be quite a distance away. And if you're monitoring the location of the signal, you're just getting the next stingray in line.

    6. Re:Surprised face on by Anonymous Coward · · Score: 0

      You could build one side of an anti-stringray simply by preventing triangulation.
      Custom antennae that let you shift your virtual location by delaying the signal sent out from them.

      Of course, you'd probably be highly noticeable with a huge antenna. (unless you are a dirty terrorist in a Transit van)

    7. Re: Surprised face on by karmatic · · Score: 1

      Alternatively, run an anti-stingray device that scrambles everyone's IMEI and IMSI upstream. The towers will know to reject it, but the stingray device won't.

      It might be possible to detect the stingray and only activate when it's in use.

  6. They need MORE money! Pay your fair share! by Anonymous Coward · · Score: 0, Interesting

    Remember to pay your fair share!

    Because our government needs MORE money! Those Stringrays are EXPENSIVE!!!

    Do you really think it's safe to give even more money and more power to this government? WHAT FUCKING PLANET DO YOU LIVE ON!!?!?!?!

  7. iManual by BringsApples · · Score: 2

    Harris declined to comment. In a 2014 letter to the Federal Communications Commission, the company argued that if the owner’s manuals were released under the Freedom of Information Act, this would “harm Harris’s competitive interests” and “criminals and terrorist[s] would have access to information that would allow them to build countermeasures.”

    Well then just print a manual and give it to us, then burn your copy. We'll keep our copy safe, so no terrorists will ever be able to read the manual. At least that's what Apple was asked to do.

    --
    Politics; n. : A religion whereby man is god.
  8. Handy guide for law enforcement. by jcr · · Score: 5, Insightful

    Do you have a warrant, issued by a neutral magistrate, specifically identifying the party that you wish to spy upon, which you obtained by swearing out a truthful affidavit that you have reason to believe a crime has been committed?

    If yes: you're good to go. If no: fuck you, you're committing wire fraud, you son of a bitch.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
    1. Re:Handy guide for law enforcement. by NatasRevol · · Score: 3, Insightful

      And it's almost always wire fraud. Committed by the police.

      --
      There are two types of people in the world: Those who crave closure
    2. Re:Handy guide for law enforcement. by Anonymous Coward · · Score: 1

      Shouldn't that be "wireless fraud"?

      Thanks folks, I'll be here till Thursday. Try the veal!

    3. Re:Handy guide for law enforcement. by Anonymous Coward · · Score: 0

      Try the veal!

      because there are more brain cells in the veal than in you

  9. It must be obsolete. by Anonymous Coward · · Score: 1

    If we are seeing this, then the product is no longer in use and is obsolete. "Law enforcement" has something better now.

    We need international standards of law enforcement with accreditation and continual audit by civilian authority.

    As long as "law enforcement" remains unaccountable to the people, then our democracies mean nothing and are completely irrelevant.

    1. Re:It must be obsolete. by AHuxley · · Score: 1

      No network drop or jump in signal with the new generations, its just almost the same power level and can stay at the new network standard as the upgraded surrounding telco towers.
      Mapping and voice, later connected PC or device ready malware pushdown, voice prints its all ready for any local aspirational police force to rent and upgrade into :)

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re: It must be obsolete. by AntronArgaiv · · Score: 1

      It is. At least, the iDEN part is. That was the Motorola/Nextel proprietary trunked radio protocol.

    3. Re:It must be obsolete. by Anonymous Coward · · Score: 0

      As long as "law enforcement" remains unaccountable to the people,

      In theory we already have auditors: members of Congress. Somehow they are not working as designed.

  10. And it's fine because they're cops by Anonymous Coward · · Score: 5, Interesting

    For anyone else using this sort of device it would be an illegal wiretap, an FCC violation for unauthorized use of spectrum, interfering with a public utility, copyright violation, DMCA violation, vandalism, reckless endangerment (hey, 911 doesn't work when this is on y'know), interfering with emergency services, intent to commit identity fraud, computer misuse and a unauthorized use of computer equipment violation. Possibly even terrorism...sure, let's throw terrorism in there for good measure. Total sentence: 5x Infinity years, served consecutively. No chance of parole. Leave your human rights at the door.

    For the cops?...they switch this on before breakfast each morning. Assuming they didn't forget to switch it off the night before.

  11. Technical Controls by watermark · · Score: 4, Insightful

    If police can do it, so can "the bad guys". Why aren't there better technical barriers in place to prevent this sort of thing? If this snooping is illegal, that's a great first step, but why are these devices even able to work? Are the mobile carriers working with law enforcement to enable these devices, or just indifferent to it?

    When it came to light that law enforcement was abusing their power by indiscriminately snooping on internet traffic, we started to see more websites use encryption (birth of Let's Encrypt). When it came to light that law enforcement was abusing their power regarding accessing information stored on a phone, we started to see widespread use of device encryption (Android and iOS now encrypt by default). Is StringRay abuse the precursor to the next iteration of mobile security?

    1. Re:Technical Controls by Anonymous Coward · · Score: 0

      Yeah, I was wondering how and why these devices are able to access the mobile carriers' cellular networks.

    2. Re:Technical Controls by Anonymous Coward · · Score: 0

      Apparently you want to explain to grandma why her phone doesn't work on Tuesdays because you installed a whole bunch of technical barriers to entry onto her mobile carrier network and things got complex and stuff broke somehow.

    3. Re:Technical Controls by Anonymous Coward · · Score: 0

      Actually, I think we'll see a much heavier-handed effort to shut down encryption in the US. After all, the FBI's director is promising, "an adult conversation about encryption" after the election is behind us, in 2017. Our fight for civil rights has just begun.

    4. Re:Technical Controls by Anonymous Coward · · Score: 1

      The snooping is designed into the standards. Seriously. I don't mean just the lawful interception interfaces. The standards themselves are breakable on purpose.

    5. Re:Technical Controls by Anonymous Coward · · Score: 1

      Currently, all phones must authenticate themselves to the tower, all we need is for towers to also authenticate back to the phone.

    6. Re:Technical Controls by Anonymous Coward · · Score: 0

      Actually, I think we'll see a much heavier-handed effort to shut down encryption in the US. After all, the FBI's director is promising, "an adult conversation about encryption" after the election is behind us, in 2017. Our fight for civil rights has just begun.

      What utter bullshit.. Why after the election? Why not make this also a campaign issue rather than the utterly stupid shit going back and forth now..
      "I will Build a wall!" and "50% of my opponents supporters are racists, sexists etc"..

      Wouldn't it bee cool if this campaign was about real issues rather than "start a fight in a bar" points of stupidity?

    7. Re:Technical Controls by Anonymous Coward · · Score: 0

      Oh that's FUCKING BRILLIANT. What happens when grandma's phone CAN'T AUTHENTICATE a legitimate tower?? Your proposal requires PATCHING EVERY PHONE SIMULTANEOUSLY.

    8. Re:Technical Controls by bernywork · · Score: 1

      Come now.... Deep breaths little one, it'll be OK....

      New standard, one of the revisions of LTE or 5G perhaps?

      In a fault situation, what do you think happens?

      With the overlap of cell towers, that cell would either automatically shut down for adjacent cells to pick up the load, or it would be shut down by the NOC.

      The larger question is, how do you authenticate a tower? PKI? Does the SIM contain the cell network's root cert as well as it's cert from the HLR?

      Home Location Register, in GSM terms, there's a cert in the SIM which is used to authenticate to network, the other half of the cert is stored by the HLR which does the authetntication

      Does the running of a LIG (Legal Intercept Gateway) require you to give a copy of the network's root private key to law enforcement for them to fake cell sites? (At which point, the jig is up anyway)

      --
      Curiosity was framed; ignorance killed the cat. -- Author unknown
    9. Re:Technical Controls by Anonymous Coward · · Score: 0

      Yup, there's absolutely no way this could be rolled out over time. Impossible.

    10. Re:Technical Controls by Anonymous Coward · · Score: 0

      The simple answer is that there is no financial incentive for the carrier to authenticate the tower to the phone. The phone is not secure, and is not advertised as secure. So there is no security by design. The reserve is not true. The carrier needs to know who you are (your phone) to bill you. So the phone IS authenticated to the tower. It's core to the 4G standard, don't expect a fix anytime soon. Instead, just make sure your data client on the phone verifies the TLS endpoint certificate and the Stingers can eat your crypto and cry.

    11. Re:Technical Controls by Anonymous Coward · · Score: 0

      I see you're fine with spying on grandma because she owns an old phone.

    12. Re: Technical Controls by karmatic · · Score: 1

      Right now? The phone generally complains about the lack of encryption. Same thing that happens when you go to a site with an invalid SSL certificate.

      Grandma may still click "Continue", despite the warnings, but the people who care will have the info they need to make an informed decision.

    13. Re:Technical Controls by Sycraft-fu · · Score: 1

      I believe LTE does prevent a lot of the snooping. Part of the problem is that things evolved from really old-ass standards and so security was not always the consideration it should be. I mean remember that the original cell network:

      1) Was all unencrypted analogue, the only thing preventing people from listening in was not having a radio that could tune the frequencies.

      2) Had all kinds of odd shit related to compatibility with the old PSTN.

      It was not even remotely secure. However, it was what we could do with the technology of the day.

      Things have been getting better, particularly with VoLTE and the move to all packet switched data. It is always hard though because there are always tradeoff between easy of use, cost, features and security. It's easy on the surface to say that security should always be the top concern but you find out when you try to implement things that actually doing really strong security against all kind of attacks can be prohibitive at times and impede usability.

    14. Re:Technical Controls by AHuxley · · Score: 1

      Re "Are the mobile carriers working with law enforcement to enable these devices, or just indifferent to it?"
      If you want to be a telco you have to ensure your network is wiretap friendly in the gov fine print.
      A network that keeps the users, the press out but allows the NSA, GCHQ, state, city police to collect it all is the telco set standard.
      The equipment between nations could also support encryption but its all kept in plain text so the security services can collect it all.
      City police forces to the NSA's collect it all domestic gathering need junk or no crypto to ensure their installed generational hardware keeps working and collecting.
      US and UK set standards and global sales of telco hardware interoperability ensure collection just keeps working.
      Recall the "Inside Menwith Hill" (Sep. 6 2016)
      “The commercial satellite communication business is alive and well and bursting at the seams with increasingly sophisticated bulk DNI (Digital Network Intelligence) traffic that is largely unencrypted...
      Also note the huge weakness left in all consumer WIFI for OVERHEAD to collect from 24/7.
      The local IMSI-catcher is just the state and city police side of global collect it all.

      --
      Domestic spying is now "Benign Information Gathering"
    15. Re:Technical Controls by AHuxley · · Score: 1

      Link for Inside Menwith Hill" (Sep. 6 2016) https://theintercept.com/2016/...

      --
      Domestic spying is now "Benign Information Gathering"
    16. Re:Technical Controls by AHuxley · · Score: 1

      The larger question is, how do you authenticate a tower? PKI? Does the SIM contain the cell network's root cert as well as it's cert from the HLR?
      Same as in the 1980's handover from tower to tower as quickly and cheaply as possible from any telco perspective.
      But with this the device is static or on the move and any cell phone thinks its time to hand over to the new device thats a bit stronger than the last cell tower.

      --
      Domestic spying is now "Benign Information Gathering"
    17. Re:Technical Controls by Gussington · · Score: 1

      If police can do it, so can "the bad guys".

      Aren't they the same thing?

  12. liberties etc.... by phantomfive · · Score: 1

    I know it's about civil liberties, but I want one of those devices lol

    --
    "First they came for the slanderers and i said nothing."
    1. Re:liberties etc.... by Anonymous Coward · · Score: 0

      Nailed it.

    2. Re:liberties etc.... by Anonymous Coward · · Score: 0

      They're SDRs. Try something like this: https://www.ettus.com/product/details/UN210-KIT

  13. Over 300 times by Anonymous Coward · · Score: 0

    Where are the 300 law suits or 300 people that got fired for breaking the law?

  14. For 15 years.... by Bruce66423 · · Score: 0

    Anyone would think something significant happened 15 years ago :(

    Will no one think of the children / terrorist threat...

    1. Re:For 15 years.... by Anonymous Coward · · Score: 0

      You still won't shut up about it 15 years later.

    2. Re:For 15 years.... by WillAffleckUW · · Score: 1

      If we cared we would have isolated Saudi Arabia, Yemen, and Pakistan. Or glassed them over.

      It's obvious we don't care.

      --
      -- Tigger warning: This post may contain tiggers! --
  15. add-on? by JeffOwl · · Score: 1

    and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously

    I do like the fact that it is expandable.

    1. Re:add-on? by Anonymous Coward · · Score: 0

      Throw in an SD card slot and a removable battery and you might change my mind about these devices!

    2. Re: add-on? by Anonymous Coward · · Score: 0

      Interoperability is key to any successful, illegal, mass surveillance operation. And people say the government is slow and inefficient!

  16. Security through obscurity by spaceyhackerlady · · Score: 1

    It's radio. Anybody in the vicinity can listen in all they like. Back in the bad old days this was Industry Canada's position, that cellphones were not private and there was nothing anybody could do about it.

    Unlike AMPS, the communications are digital. So what. If you are sufficiently determined you can decode the data you have captured.

    ...laura

    1. Re: Security through obscurity by Anonymous Coward · · Score: 0

      This is not a passive device acting as a third party listening in on your conversation encrypted conversation (GSM is encrypted, poorly but encrypted) it is actively pretending to be your provider and issuing instructions to your phone to insure that that happens. The fact that it is not passive interception does make a difference legally (at least in the US).

    2. Re: Security through obscurity by wbr1 · · Score: 1

      This, and even passive interception has limits. There -used- to be a thing called reasonable expectation of privacy, regardless of the medium used.

      --
      Silence is a state of mime.
  17. User Friendly Surveillance by Anonymous Coward · · Score: 0

    Isn't it good that the surveillance is so accessible and user friendly? Harris Corp has clearly succeeded in their product development efforts.

  18. Hey, that's not nice! by Anonymous Coward · · Score: 1

    I'm a dirty florist in a Transit van.

    1. Re:Hey, that's not nice! by Anonymous Coward · · Score: 0

      I'm a dirty tourist in a Transit van, you insensitive clod. Just because I need a shower doesn't mean that I am bad.

  19. Which planet? by Anonymous Coward · · Score: 0

    The one where the other candidate is a racist, sexist homophobe who repeats as fact every batshit crazy thing he reads on the Internet. And neither will do anything to lower the taxes that you and I pay.

    1. Re: Which planet? by Anonymous Coward · · Score: 0

      When is Chump releasing his tax records again?

    2. Re: Which planet? by karmatic · · Score: 0

      Trump will release his tax returns when the voluntary action buys him more than giving up his privacy loses.

      Nobody has a right to his tax returns but the IRS, so there is no real reason for him to release them. The same goes for Hillary and her health records. The difference between the two is that Hillary's health is visibly bad, and Trump's finances are visibly good.

    3. Re: Which planet? by Anonymous Coward · · Score: 0

      Well let's all be glad that it's not up to a fucking piece of shot like you to make these decisions on what should and should not be released.

      Go contract pneumonia then come back to me and tell me how your appearance looks. And as for trumps finances? Hahahahha laughable.

    4. Re: Which planet? by Anonymous Coward · · Score: 0

      THIS. THIS is why we need the FDA to put "do not smoke the teabag" labels on Lipton boxes.

    5. Re: Which planet? by Gussington · · Score: 1

      Trump's finances are visibly good.

      Which is why we need to see how he got to this position. It would be extremely naive to assume wealth is an indicator of honesty.

  20. Looks like cool stuff by Sam36 · · Score: 1

    I wouldn't mind working for the company: https://www.harris.com/careers... Looks like cool tech to play with. Too bad they don't have any remote positions :(

    1. Re:Looks like cool stuff by networkBoy · · Score: 1

      We just hired a (bright) guy that used to work for Harris. Shite company from what I gather.
      -nb

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  21. 3G and LTE?! by Anonymous Coward · · Score: 0

    Aren't those supposed to use mutual authentication to prevent exactly that? Are those features disabled in the US, or are the Carriers colluding with the enemy?

  22. But Windows 10 Evilz! by FlyHelicopters · · Score: 1

    All the people who think Windows 10 is the source of all their privacy concerns really have no idea how far lost privacy really is...

  23. Well of course by Anonymous Coward · · Score: 0

    Pigs have a room-temperature IQ, it is no wonder they made it simple and easy to use.

  24. Open source stingray detector by Rexdude · · Score: 1

    I've shared this on previous posts about stingray - there is an open source Android app to detect if you're connecting to a fraudulent base station, and take action by instantly disconnecting if desired. I don't know if it works or how well, since I'm in India, but people can use it to see if there are any stingrays deployed nearby.

    --
    "..One hosts to look them up, one DNS to find them, and in the darkness BIND them."