Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Feds Can Locate Cell Phones Without Telcos

Posted by kdawson on Mon Nov 17, 2008 07:31 PM
from the marco-polo-if-you-can dept.
Privacy Communications Government News
schwit1 sends along an Ars Technica report covering the release of documents obtained under the FOIA suggesting that the Justice Department may have been evading privacy laws in their use of "triggerfish" technology. Triggerfish are cell-tower spoofing devices that induce cell phones to give up their location and other identifying information, without recourse to any cell carrier. "Courts in recent years have been raising the evidentiary bar law enforcement agents must meet in order to obtain historical cell phone records that reveal information about a target's location. But documents obtained by civil liberties groups under a Freedom of Information Act request suggest that 'triggerfish' technology can be used to pinpoint cell phones without involving cell phone providers at all. The Justice Department's electronic surveillance manual explicitly suggests that triggerfish may be used to avoid restrictions in statutes like CALEA that bar the use of pen register or trap-and-trace devices..." The article does mention that the Patriot Act contains language that should require a court order to deploy triggerfish, whereas prior to 2001 "the statutory language governing pen register or trap-and-trace orders did not appear to cover location tracking technology."
+ -
story

Related Stories

Firehose:Feds can locate cell phones without telcos by schwit1 (797399)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Feds Can Locate Cell Phones Without Telcos 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Just one question (Score:3, Funny)

    by Joe Snipe (224958) on Monday November 17 2008, @07:34PM (#25794367) Homepage Journal

    Yeah, patriot act, rights violations, unecessary power, etc etc...

    Where can I get one?

  • batteries ftw (Score:3, Insightful)

    by MoFoQ (584566) on Monday November 17 2008, @07:41PM (#25794457)

    step 1, remove batteries.

    or get a potato chip (mylar) bag and stuff it inside. (who know that the movie "Enemy of the State" would be so handy).

    • Re:batteries ftw (Score:5, Funny)

      by mobby_6kl (668092) on Monday November 17 2008, @07:49PM (#25794583)

      >step 1, remove batteries.*

      *Does not apply to iphone owners

    • Re:batteries ftw (Score:5, Informative)

      by zippthorne (748122) on Monday November 17 2008, @07:53PM (#25794641) Journal

      For your Faraday cage to be effective, it has to be very conductive. The higher the resistance, the worse it works.

      A thin layer of metallised Mylar is not going to attenuate the signal very much. Certainly not enough to prevent my receiving a call just now. I even tried sealing the end with aluminium tape (which, btw, is much better than duct tape for almost everything, especially ducts).

      If you want to make sure some piece of electronics isn't transmitting/in a position to be heard, there are only a few tools that are up to the task. If you're in a hurry: hammer. If you want to be sure: nuke from orbit.

      • Re:batteries ftw (Score:4, Informative)

        by Anpheus (908711) on Monday November 17 2008, @07:52PM (#25794619)

        No, most cell phones have one and only one battery.

        And for low power EMF (cell phones) even very thin cages can be used, I wouldn't be surprised if most aluminum foil were more than sufficient.

        • Re:batteries ftw (Score:5, Funny)

          by QuantumRiff (120817) on Monday November 17 2008, @08:06PM (#25794847)

          I wouldn't be surprised if most aluminum foil were more than sufficient.

          And to think people laughed at me when I put a pocket in my tinfoil hat!

          • Re:batteries ftw (Score:5, Insightful)

            by Tiger4 (840741) on Monday November 17 2008, @09:03PM (#25795523)

            Some cell phones work INSIDE a closed elevator box. Creating a good shielded enclosure is not a casual thing to do.

            The only way to be sure, besides nuking from orbit, would be to seal up the phone, then call it. If it doesn't answer, you have *probably* got it right. But no guarantees.

      • Re:batteries ftw (Score:5, Informative)

        by Fastolfe (1470) <david@fastolfe.net> on Monday November 17 2008, @08:26PM (#25795097) Homepage

        Just as RFID tags do not require batteries to give disclose their location and unique identifiers, modern cell phones also have similar functionality batteries or not...

        Do elaborate, please. RFID does, in fact, require power. It's just that that power is provided by the reader when in proximity to the tag. Are you suggesting there are RFID tags embedded into "modern cell phones"? Or something else? If you're suggesting that cell towers have the ability to blanket a region with an electric field capable of getting all of the cell phones to respond (loudly enough) to a "ping" for their location, I'm afraid I'm going to have to call BS. So what is this "functionality" that you claim allows cell phones to be identified and located without a battery?

      • Re:batteries ftw (Score:5, Informative)

        by IorDMUX (870522) <(moc.liamg) (ta) (3namremmiz.kram)> on Monday November 17 2008, @08:41PM (#25795283) Homepage

        Just as RFID tags do not require batteries to give disclose their location and unique identifiers, modern cell phones also have similar functionality batteries or not...

        I am a cell phone designer, and a phone reporting *anything*, even just a handshake, to a tower thousands of meters away takes significant power.

        It is possible that the little coin cell battery in most phones could handle the receiving of a signal, and then wake the phone up and have it reply with the main battery, (though to the best of my knowledge we don't let phones do that [and yes, I design power systems]), but if the main battery isn't there, that's a no-go.

        Passive RFID is a completely different batch of apples than active cellular communications. Passive RFID has a maximum range of around 10 meters (phased array antennas notwithstanding, but seriously...). You would need a specially designed phone to use some sort of active RFID when the battery is removed, and we don't make those.

        Now, this isn't to say that I'm not pissed at the Feds for doing something like this--perhaps even more so than the average user. I can see how they are taking advantage of perfectly innocuous and functional code and systems designed by my co-workers to agreed standards, and then using those standards to make our customers lose their privacy.

        *sheesh*

  • With the more advanced phones.... (Score:3, Interesting)

    by Bomarc (306716) on Monday November 17 2008, @07:43PM (#25794503) Homepage
    Can a program be written to notify if it's information is being 'given' out? Anyway, this is one more reason to NOT get one (cell phone). I was finally going to break down, and get one. With this report, it one more reason to just say no.

    • Re: (Score:3, Insightful)

      by ColdWetDog (752185)

      Anyway, this is one more reason to NOT get one (cell phone). I was finally going to break down, and get one. With this report, it one more reason to just say no.

      Well, if you're planning on the overthrow of Western Civilization or other misdemeanors, good idea.

      If you just want to talk to people, perhaps this isn't such a problem.

      • Re:With the more advanced phones.... (Score:5, Insightful)

        by pithen (912739) on Monday November 17 2008, @08:04PM (#25794797)

        Sure, what is the problem with gradually eroding civil liberties and ever increasing surveillance of the populace. Why don't we just throw the Constitution right in the garbage while we're at it?

        All in all, its almost as much a problem as this "If you've got nothing to hide, what are you worried about?" attitude that we're seeing more and more.

    • The thing is, you don't have control over the GSM/CDMA radio - it's controlled by a completely separate processor, and get access to the microphone, speakers, and a serial link to the main processor, so that the processor powering the phone's OS doesn't cause spurious radio transmissions.

      Some data goes back and forth, yes, but you probably won't be able to tell when it's doing this versus a legit cell tower connection...

  • this is news? (Score:3, Interesting)

    by DM9290 (797337) on Monday November 17 2008, @07:48PM (#25794551) Journal

    The sentence "Courts in recent years have been raising the evidentiary bar law enforcement agents must meet in order to obtain historical cell phone records that reveal information about a target's location. But documents obtained by civil liberties groups under a Freedom of Information Act request suggest that 'triggerfish' technology can be used to pinpoint cell phones without involving cell phone providers at all. " is weasily.

    How does triggerfish lower the evidentiary bar required to authorize law enforcement to use special sensing technology to search for a cell phone?

  • McNulty and Co. used "trigger fish" to collect info after the Barksdales moved to disposable cell phones. The devices would collect info without the use of pen registers and obviated the need for a lot of paperwork such as search warrants.

    But this is like going through the trash. It's clearly an end-run against privacy laws, but I don't see where the deviousness is. If you carry a cellphone around that emits radio waves, you probably don't have a great expectation of privacy if you leave it on all the time. And it's not like the triggerfish are recording the conversation.

    • Re:This Was In HBO's The Wire (Score:5, Funny)

      by Red Flayer (890720) on Monday November 17 2008, @08:29PM (#25795133) Journal
      This isn't like going through the trash at all. Besides, where are your manners? This is Slashdot, and the decision to opt for a trash analogy instead of a car analogy is just plain rude.

      This is like you're driving down the highway, listening to tunes and shit, and some dude on the side of the highway is using x-ray vision, man, X-RAY VISION, to look at the driver's license in your wallet to see who you are...

      Except he's got a bunch of machines to do it for him, and get this -- with three machines, he can not only see who you are, but he can also see exactly *WHERE* you are, dude. He's all violating Heisenberger's Uncertainty Principle or something... and the worst part is, he can ALSO tell if you're alive or dead *before* he gets a warrant, so he's violating the fundamental laws of physics not once, but twice.

      Put that in your trashcan.

      Besides... The Wire? As a source of tech knowledge by a Slashdot reader? What is the world coming to?

  • Patriot act (Score:5, Funny)

    by bluefoxlucid (723572) on Monday November 17 2008, @07:54PM (#25794655) Journal
    The article must be in error. Bush passed the patriot act to allow this to happen without warrants, not to impose the need for warrants, right?

  • Triggerfish...? (Score:4, Funny)

    by AdamTrace (255409) on Monday November 17 2008, @07:56PM (#25794687)

    I wonder why they didn't use the Hawaiian name, "humuhumu-nukunuku-a-pua'a"...

    *shrug*

  • Get an IMSI Catcher from Rohde and Schwarz (Score:5, Interesting)

    by gd23ka (324741) on Monday November 17 2008, @09:09PM (#25795569) Homepage

    http://www2.rohde-schwarz.com/en/products/radiomonitoring/product_categories/signal_intelligence/overview/ [rohde-schwarz.com]
    Click on the GC128 datasheet. They have a firmware for that device that turns it into an IMSI Catcher. There is
    also a portable suitcase version of the device.

    IMSI Catchers basically work by impersonating the cell tower of the network the subscriber is on, forcing his
    handset to it by protocol and higher signal strength and then (this is important) flipping whatever calls are
    made into non-encrypted mode. Some phones have a debug mode that will show you whether encryption is activated
    or not so if you're making a call and encryption is suddenly off - you know what to do at least I hope.

    Basically an IMSI catcher is a still a device that is used on the levels of industrial espionage or espionage
    by foreign services that don't have access to the normal national monitoring - which incidentally _all_ (cell)
    phone networks are hooked into. The claim US intelligence services are not plugged into their telcos and have to
    go outside for surveillance by using a device like this is what it is: Disinfo.

    • Re:Feds can track my cell phone... (Score:5, Funny)

      by bill_mcgonigle (4333) * on Monday November 17 2008, @07:38PM (#25794435) Homepage Journal

      any time, I just flushed it down the toilet. Trigger this fish tracking...

      Dude, your septic tank is only 50 feet from the house.

            • Re:Feds can track my cell phone... (Score:5, Interesting)

              by bill_mcgonigle (4333) * on Monday November 17 2008, @09:08PM (#25795565) Homepage Journal

              rural != modern

              Well, you're comparing traits on multiple axis, but to your point, individualistic remote living requires a higher level of technology than living in cities does. We probably went hunter/gatherer-tribes -> cities -> 'modern' agriculture -> rural individuals, though there's debate about which came first, cities or agriculture. n.b. sanitary sewers are rather new in the history of cities.

              More concretely, you'd have a hard time arguing with the farmer running giant gps-guided irrigation robots or my friend who has linux boxes with webcams as shepherds, that rural != modern, but really any rural home is going to be packed full of technology to make life more enjoyable.

    • Re:Privacy is an antiquated notion. (Score:5, Insightful)

      by zippthorne (748122) on Monday November 17 2008, @08:02PM (#25794771) Journal

      Privacy is not explicitly spelled out, though. I mean, there are the ninth and tenth amendments, but they're exactly the kind of thing you'd expect politicians to ignore due to their unambiguous, but unspecific language (and ironically, one of the more prominent "pro-privacy" rulings pretty much ignored the tenth amendment). Whittling at the weapons first, that's what's unexpected.

    • Re:Why are cell phones so lame? (Score:5, Insightful)

      by John Hasler (414242) on Monday November 17 2008, @08:35PM (#25795195)

      > Why are cell phones designed to be so insecure?

      For the same reason bank accounts, Web sites, etc. are. Not more than one user in a million cares.

    • Billing and e911 (Score:4, Interesting)

      by pavon (30274) on Monday November 17 2008, @09:33PM (#25795813)

      As far as I know, phones don't transmit call logs. But the reason they transmit it's serial number and phone number and GSM IDs, is because they need to have a unique identifier to hand off call from one cell tower to another, and that ID must be traceable to an account in order to bill it properly. So you can't really opt out of this even if you controlled the hardware, although I suppose you might be able to filter the towers that the phone will talk to.

      The rest of the privacy invading features are intended to provided a more accurate triangulation for use with the e911 system. This could be evaded except it's against the law to manufacture/distribute a phone without e911 support.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.