Slashdot Log In
Feds Can Locate Cell Phones Without Telcos
Posted by
kdawson
on Mon Nov 17, 2008 06:31 PM
from the marco-polo-if-you-can dept.
from the marco-polo-if-you-can dept.
schwit1 sends along an Ars Technica report covering the release of documents obtained under the FOIA suggesting that the Justice Department may have been evading privacy laws in their use of "triggerfish" technology. Triggerfish are cell-tower spoofing devices that induce cell phones to give up their location and other identifying information, without recourse to any cell carrier. "Courts in recent years have been raising the evidentiary bar law enforcement agents must meet in order to obtain historical cell phone records that reveal information about a target's location. But documents obtained by civil liberties groups under a Freedom of Information Act request suggest that 'triggerfish' technology can be used to pinpoint cell phones without involving cell phone providers at all. The Justice Department's electronic surveillance manual explicitly suggests that triggerfish may be used to avoid restrictions in statutes like CALEA that bar the use of pen register or trap-and-trace devices..." The article does mention that the Patriot Act contains language that should require a court order to deploy triggerfish, whereas prior to 2001 "the statutory language governing pen register or trap-and-trace orders did not appear to cover location tracking technology."
Related Stories
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Just one question (Score:3, Funny)
Yeah, patriot act, rights violations, unecessary power, etc etc...
Where can I get one?
That explains it! (Score:2, Funny)
I saw a poorly disguised cell tower in a shark suit just yesterday.
I said it had to be a cop.
Re: (Score:3, Funny)
Candygram!
batteries ftw (Score:3, Insightful)
step 1, remove batteries.
or get a potato chip (mylar) bag and stuff it inside. (who know that the movie "Enemy of the State" would be so handy).
Re: (Score:2, Informative)
The potato-chip bag only works if the mylar plastic's aluminum layer is sufficiently thick to act as an effective Farady Cage. http://en.wikipedia.org/wiki/Faraday_cage [wikipedia.org]
Just as RFID tags do not require batteries to give disclose their location and unique identifiers, modern cell phones also have similar functionality batteries or not...
Re:batteries ftw (Score:4, Informative)
No, most cell phones have one and only one battery.
And for low power EMF (cell phones) even very thin cages can be used, I wouldn't be surprised if most aluminum foil were more than sufficient.
Parent
Re:batteries ftw (Score:5, Funny)
I wouldn't be surprised if most aluminum foil were more than sufficient.
And to think people laughed at me when I put a pocket in my tinfoil hat!
Parent
Re: (Score:3, Funny)
And to think people laughed at me when I put a pocket in my tinfoil hat!
Is that a tinfoil hat in your pocket, or are you just exercising your 4th amendment rights?
Re: (Score:3, Informative)
Re:batteries ftw (Score:5, Insightful)
Some cell phones work INSIDE a closed elevator box. Creating a good shielded enclosure is not a casual thing to do.
The only way to be sure, besides nuking from orbit, would be to seal up the phone, then call it. If it doesn't answer, you have *probably* got it right. But no guarantees.
Parent
Re: (Score:2)
It won't do squat. Get an ESD nickel bag from uline.
http://www.uline.com/BL_52/Static-Shielding-Bags-Reclosable [uline.com]
Then test to see if I'm correct. Failing that wrap it in aluminum foil.
http://www.missmab.com/Comics/Vol_321.php [missmab.com]
Re: (Score:3, Informative)
Just as RFID tags do not require batteries to give disclose their location and unique identifiers, modern cell phones also have similar functionality batteries or not...
Umm... no they don't? That's BS.
-Taylor
Re:batteries ftw (Score:5, Informative)
Do elaborate, please. RFID does, in fact, require power. It's just that that power is provided by the reader when in proximity to the tag. Are you suggesting there are RFID tags embedded into "modern cell phones"? Or something else? If you're suggesting that cell towers have the ability to blanket a region with an electric field capable of getting all of the cell phones to respond (loudly enough) to a "ping" for their location, I'm afraid I'm going to have to call BS. So what is this "functionality" that you claim allows cell phones to be identified and located without a battery?
Parent
Re:batteries ftw (Score:5, Informative)
Just as RFID tags do not require batteries to give disclose their location and unique identifiers, modern cell phones also have similar functionality batteries or not...
I am a cell phone designer, and a phone reporting *anything*, even just a handshake, to a tower thousands of meters away takes significant power.
It is possible that the little coin cell battery in most phones could handle the receiving of a signal, and then wake the phone up and have it reply with the main battery, (though to the best of my knowledge we don't let phones do that [and yes, I design power systems]), but if the main battery isn't there, that's a no-go.
Passive RFID is a completely different batch of apples than active cellular communications. Passive RFID has a maximum range of around 10 meters (phased array antennas notwithstanding, but seriously...). You would need a specially designed phone to use some sort of active RFID when the battery is removed, and we don't make those.
Now, this isn't to say that I'm not pissed at the Feds for doing something like this--perhaps even more so than the average user. I can see how they are taking advantage of perfectly innocuous and functional code and systems designed by my co-workers to agreed standards, and then using those standards to make our customers lose their privacy.
*sheesh*
Parent
Re: (Score:3, Interesting)
designed by my co-workers to agreed standards
most of those standards were specifically weakened for "the Feds" requirements (basically that meant USA & France over the interests of Germany if I remember right). It's a) clear that it's not really the cell phone industry's fault since they wouldn't get approval otherwise b) clear that "everybody" in some sense knew about this otherwise the weakening wouldn't have been done.
A very specific change made in the UMTS standard from GSM is to require that the phone verifies the network. Without that it's
Re: (Score:3, Insightful)
Re:batteries ftw (Score:5, Funny)
>step 1, remove batteries.*
*Does not apply to iphone owners
Parent
Re:batteries ftw (Score:5, Informative)
For your Faraday cage to be effective, it has to be very conductive. The higher the resistance, the worse it works.
A thin layer of metallised Mylar is not going to attenuate the signal very much. Certainly not enough to prevent my receiving a call just now. I even tried sealing the end with aluminium tape (which, btw, is much better than duct tape for almost everything, especially ducts).
If you want to make sure some piece of electronics isn't transmitting/in a position to be heard, there are only a few tools that are up to the task. If you're in a hurry: hammer. If you want to be sure: nuke from orbit.
Parent
Re: (Score:2)
For your Faraday cage to be effective, it has to be very conductive. The higher the resistance, the worse it works.
Pringles can? Gotta love a dual-use cantenna.
Re: (Score:3, Informative)
Just so you know, here in Southern California, where the FasTrak system the parent mentions is, most toll roads that I'm aware of do not take cash. You must have the FasTrak, or presumably they will photograph your license plate and you will pay a hefty fine.
Here it's different than most places, of course; there are usually alternate routes you can take just as easily that don't have a toll. It'll just take you a little longer; the main difference being that the free route will have our notoriously heavy tr
With the more advanced phones.... (Score:3, Interesting)
Re: (Score:3, Insightful)
Well, if you're planning on the overthrow of Western Civilization or other misdemeanors, good idea.
If you just want to talk to people, perhaps this isn't such a problem.
Re:With the more advanced phones.... (Score:5, Insightful)
Sure, what is the problem with gradually eroding civil liberties and ever increasing surveillance of the populace. Why don't we just throw the Constitution right in the garbage while we're at it?
All in all, its almost as much a problem as this "If you've got nothing to hide, what are you worried about?" attitude that we're seeing more and more.
Parent
Re:With the more advanced phones.... (Score:5, Informative)
The thing is, you don't have control over the GSM/CDMA radio - it's controlled by a completely separate processor, and get access to the microphone, speakers, and a serial link to the main processor, so that the processor powering the phone's OS doesn't cause spurious radio transmissions.
Some data goes back and forth, yes, but you probably won't be able to tell when it's doing this versus a legit cell tower connection...
Parent
Re: (Score:3, Insightful)
Can a program be written to notify if it's information is being 'given' out? Anyway, this is one more reason to NOT get one (cell phone). I was finally going to break down, and get one. With this report, it one more reason to just say no.
What? No, this is a reason not to vote for people that don't understand basic civil rights. The cell phones are not the problem. Do you also not have any bank accounts, a car, any credit/bank cards, or any taxable income? Because if someone wants to track you, there are plenty of ways.
You seriously don't own a cell phone? On purpose? I mean, i know some people can't afford them, but you're telling me that you can afford one (i'm assuming that part) but you choose not to buy one because... what? Because the
Re: (Score:3, Interesting)
Who needs a program? Just set your GSM phone near an FM radio. Every time the damned thing checks in with the tower, the radio starts buzzing.
There's an outfit that makes a little LED gadget that flashes whan your cell phone goes active, receiving a call, etc. These also flash a little when the phone contacts a tower.
Rule of thumb (Score:2)
this is news? (Score:3, Interesting)
The sentence "Courts in recent years have been raising the evidentiary bar law enforcement agents must meet in order to obtain historical cell phone records that reveal information about a target's location. But documents obtained by civil liberties groups under a Freedom of Information Act request suggest that 'triggerfish' technology can be used to pinpoint cell phones without involving cell phone providers at all. " is weasily.
How does triggerfish lower the evidentiary bar required to authorize law enforcement to use special sensing technology to search for a cell phone?
Re: (Score:2)
Because a using a triggerfish means they don't need to produce a warrant to a third party before executing the warrant. This leaves a big opportunity for a compliant judge to issue a predated warrant after the fact.
It's not that I think telcos are going to act in the public service by refusing to comply with non-warrant requests... it's that there are now negati
Re: (Score:3, Insightful)
but this is a mobile, non-documented technology, so the information gathered would be hearsay, not enough to be evidence and not enough for a real warrant.
You're kidding, right? All they need to get a warrant is to tell the judge that the request is "based on information and belief" or due to "a reliable informant". The judge is unlikely to ask hard questions, even less likely to go back and check afterward to see if what they were told was true, and unheard of for there to be any consequences (to the pol
Re: (Score:3, Interesting)
The theory, in Australia at least, is this: (With some background info)
I first heard about these kinds of devices in 1997. (From a tin foil hat kind of person) At the time they were said to be the size of a regular briefcase and were used largely in airports or places where interesting people might be seen nearby. The reason for their use was simply to ID a specific handset of interest, tie it to an individual, then do the actual grunt work via all the little black (beige really) boxes installed at various
This Was In HBO's The Wire (Score:4, Interesting)
McNulty and Co. used "trigger fish" to collect info after the Barksdales moved to disposable cell phones. The devices would collect info without the use of pen registers and obviated the need for a lot of paperwork such as search warrants.
But this is like going through the trash. It's clearly an end-run against privacy laws, but I don't see where the deviousness is. If you carry a cellphone around that emits radio waves, you probably don't have a great expectation of privacy if you leave it on all the time. And it's not like the triggerfish are recording the conversation.
Re: (Score:3, Insightful)
"If you carry a cellphone around that emits radio waves, you probably don't have a great expectation of privacy if you leave it on all the time. And it's not like the triggerfish are recording the conversation."
Maybe I'm underestimating the average individual, but I'm not so sure that the "normal" person would see it that way.
Anecdote: I'm taking a driver's ed course and the instructor was casually asking where everyone goes to school / does for a living. I told her that I'm in online advertising and she sa
Re:This Was In HBO's The Wire (Score:5, Funny)
This is like you're driving down the highway, listening to tunes and shit, and some dude on the side of the highway is using x-ray vision, man, X-RAY VISION, to look at the driver's license in your wallet to see who you are...
Except he's got a bunch of machines to do it for him, and get this -- with three machines, he can not only see who you are, but he can also see exactly *WHERE* you are, dude. He's all violating Heisenberger's Uncertainty Principle or something... and the worst part is, he can ALSO tell if you're alive or dead *before* he gets a warrant, so he's violating the fundamental laws of physics not once, but twice.
Put that in your trashcan.
Besides... The Wire? As a source of tech knowledge by a Slashdot reader? What is the world coming to?
Parent
Re: (Score:3, Funny)
The show actually used the term "trigger fish" when referring to the devices. Apparently, they were sitting in a storage room somewhere, a part of a federal grant that none of the other police officers had the sophistication to use. The Baltimore PD wanted to borrow a trigger fish from the FBI when the FBI agent said, you have one! We gave it to you.
Re: (Score:3, Insightful)
But this is like going through the trash. It's clearly an end-run against privacy laws, but I don't see where the deviousness is. If you carry a cellphone around that emits radio waves, you probably don't have a great expectation of privacy if you leave it on all the time.
If it is illegal to receive broadcast signals like satellite television, then logically this sort of interception should be illegal too.
And it's not like the triggerfish are recording the conversation.
No, they are going one step further. Recording the conversation would be simply passive - in this case they are gaining unauthorized access to a computer (the one in the phone).
A similar goose and gander comparison comes to mind - if it is illegal for joe blow to gain unauthorized access to a computer, then it should be illegal for the government to gain unauthorized acces
Patriot act (Score:5, Funny)
Triggerfish...? (Score:4, Funny)
I wonder why they didn't use the Hawaiian name, "humuhumu-nukunuku-a-pua'a"...
*shrug*
Re: (Score:3, Funny)
Get an IMSI Catcher from Rohde and Schwarz (Score:5, Interesting)
http://www2.rohde-schwarz.com/en/products/radiomonitoring/product_categories/signal_intelligence/overview/ [rohde-schwarz.com]
Click on the GC128 datasheet. They have a firmware for that device that turns it into an IMSI Catcher. There is
also a portable suitcase version of the device.
IMSI Catchers basically work by impersonating the cell tower of the network the subscriber is on, forcing his
handset to it by protocol and higher signal strength and then (this is important) flipping whatever calls are
made into non-encrypted mode. Some phones have a debug mode that will show you whether encryption is activated
or not so if you're making a call and encryption is suddenly off - you know what to do at least I hope.
Basically an IMSI catcher is a still a device that is used on the levels of industrial espionage or espionage
by foreign services that don't have access to the normal national monitoring - which incidentally _all_ (cell)
phone networks are hooked into. The claim US intelligence services are not plugged into their telcos and have to
go outside for surveillance by using a device like this is what it is: Disinfo.
Re:Feds can track my cell phone... (Score:5, Funny)
any time, I just flushed it down the toilet. Trigger this fish tracking...
Dude, your septic tank is only 50 feet from the house.
Parent
Re:Feds can track my cell phone... (Score:5, Interesting)
rural != modern
Well, you're comparing traits on multiple axis, but to your point, individualistic remote living requires a higher level of technology than living in cities does. We probably went hunter/gatherer-tribes -> cities -> 'modern' agriculture -> rural individuals, though there's debate about which came first, cities or agriculture. n.b. sanitary sewers are rather new in the history of cities.
More concretely, you'd have a hard time arguing with the farmer running giant gps-guided irrigation robots or my friend who has linux boxes with webcams as shepherds, that rural != modern, but really any rural home is going to be packed full of technology to make life more enjoyable.
Parent
Re: (Score:3)
I wonder how a sceptic tank works.
Re: (Score:3, Funny)
I wonder how a sceptic tank works.
Isn't a sceptic tank the opposite of a think tank?
Re: (Score:3, Interesting)
I think it's because they want the public to THINK the courts are working, and that the government spies are having to bust their asses to do their jobs. But, they probably are 5 steps ahead, but then get outed. I wonder if anyone else is outing that Predator/drone/RPV that (almost) nightly buzzes/hovers over Glen Park BART Station with such a loud buz that it is annoying as hell. The police i talked to say they know nothing of it. They recommend I write the police chief/commissioner/city mayor.
Whatever nut
Re:Privacy is an antiquated notion. (Score:5, Insightful)
Privacy is not explicitly spelled out, though. I mean, there are the ninth and tenth amendments, but they're exactly the kind of thing you'd expect politicians to ignore due to their unambiguous, but unspecific language (and ironically, one of the more prominent "pro-privacy" rulings pretty much ignored the tenth amendment). Whittling at the weapons first, that's what's unexpected.
Parent
Re:Can it be rescinded by Bulk Executive Order 1? (Score:4, Funny)
You have no idea as to what I'm hoping, Comrade.
Parent
Re:Why are cell phones so lame? (Score:5, Insightful)
> Why are cell phones designed to be so insecure?
For the same reason bank accounts, Web sites, etc. are. Not more than one user in a million cares.
Parent
Billing and e911 (Score:4, Interesting)
As far as I know, phones don't transmit call logs. But the reason they transmit it's serial number and phone number and GSM IDs, is because they need to have a unique identifier to hand off call from one cell tower to another, and that ID must be traceable to an account in order to bill it properly. So you can't really opt out of this even if you controlled the hardware, although I suppose you might be able to filter the towers that the phone will talk to.
The rest of the privacy invading features are intended to provided a more accurate triangulation for use with the e911 system. This could be evaded except it's against the law to manufacture/distribute a phone without e911 support.
Parent
Re: (Score:3, Insightful)
What part of "surveillance of American citizens without judicial oversight is illegal" do they not understand?
I'd guess that they probably do understand that, where by "they" we presumably mean the top guys in the current US administration. But in their own words, such laws are "quaint" and "irrelevant".
To put it in some sort of perspective, such laws have historically only been relevant when the government actually wants to take you to court, since illegally collected evidence is usually not accepted by t