Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy United States

Tech Tool Offers Police 'Mass Surveillance On a Budget' (apnews.com) 56

Local law enforcement agencies from suburban Southern California to rural North Carolina have been using an obscure cellphone tracking tool, at times without search warrants, that gives them the power to follow people's movements months back in time, according to public records and internal emails obtained by The Associated Press. schwit1 shares a report: Police have used "Fog Reveal" to search hundreds of billions of records from 250 million mobile devices, and harnessed the data to create location analyses known among law enforcement as "patterns of life," according to thousands of pages of records about the company.

Sold by Virginia-based Fog Data Science LLC, Fog Reveal has been used since at least 2018 in criminal investigations ranging from the murder of a nurse in Arkansas to tracing the movements of a potential participant in the Jan. 6 insurrection at the Capitol. The tool is rarely, if ever, mentioned in court records, something that defense attorneys say makes it harder for them to properly defend their clients in cases in which the technology was used.It relies on advertising identification numbers, which Fog officials say are culled from popular cellphone apps such as Waze, Starbucks and hundreds of others that target ads based on a person's movements and interests, according to police emails. That information is then sold to companies like Fog.

This discussion has been archived. No new comments can be posted.

Tech Tool Offers Police 'Mass Surveillance On a Budget'

Comments Filter:
  • In other words⦠(Score:5, Insightful)

    by Sebby ( 238625 ) on Thursday September 01, 2022 @11:43AM (#62843629)
    Police departments have become Privacy Rapists.
    • by TWX ( 665546 )

      Or one could pretty easily argue that people have traded privacy in their persons, papers, and effects for convenience features, without understanding the profound implications of what they've done.

      It should be understood that a device that allows one to receive personal, direct calls over a carrier network is by its very nature a tracking device. Anyone who commits a crime tied to a specific location while carrying a functioning tracking device is a fool.

    • Paying for them to rape you is some masochistic shit.

  • Delete your MAID (Score:4, Interesting)

    by Kernel Kurtz ( 182424 ) on Thursday September 01, 2022 @11:47AM (#62843643)
    On recent Android and iOS versions anyway.

    https://www.androidpolice.com/... [androidpolice.com]

    https://www.howtogeek.com/7329... [howtogeek.com]
    • Or, at least, regularly/randomly Reset the Ad ID -- not sure if Deleting or Resetting is better ...

      • Or, at least, regularly/randomly Reset the Ad ID -- not sure if Deleting or Resetting is better ...

        Depends if you want targeted ads or not. That is the only thing it is there for (well, that and police tracking you I guess).

        • Or, at least, regularly/randomly Reset the Ad ID -- not sure if Deleting or Resetting is better ...

          Depends if you want targeted ads or not. That is the only thing it is there for (well, that and police tracking you I guess).

          I was thinking more along the lines of if there are other things that could be used along with the MAID to track you. In which case, having your ID set to all zeros would help less than having it change often... Thinking less about targeted ads and more about tracking in general.

  • by Chris Mattern ( 191822 ) on Thursday September 01, 2022 @11:53AM (#62843661)

    for 40% off!

    • by suss ( 158993 )

      Some people would probably welcome that, if it's an Ugg Boot. Fashionable Fascism and all that.

  • by alvinrod ( 889928 ) on Thursday September 01, 2022 @11:58AM (#62843697)
    Too many people just give this information away. It's hard to get people to care about the kind of shit the NSA or similar organizations might be up to when they're spewing all kinds of information out into the public space without a seeming care in the world.
    • The only ways to not "give it away" is to use someone elses phone or not have one in the first place. I find any tools that are designed to mask location and ip highly questionable since they can still triangulate, combine data, and accumulate metadata.
      • by wierd_w ( 1375923 ) on Thursday September 01, 2022 @12:29PM (#62843809)

        Cell towers already track this data, and have done so since the very earliest days of cellular as a technology.

        It is necessary for phones to be able to hand-off between towers, and for cell service operators to coordinate traffic.

        There is some value in the device retaining some very recent triangulation and vectoring data, as allows the phone's firmware to determine if you are heading away from one tower, and toward another, and thus be able to pre-empt and prepare for a tower handoff. Useful if you want the phone to not drop calls, or stall a data communication session.

        It does not need to remember several days worth of that data. 5 minutes worth is MORE than adequate.

        Moreover, it does not need to commit it to nonvolatile storage. Smartphones are by and large, based either on Linux (android and pals), or Unix (iOS and pals). Both of those pedigrees have a very convenient ram backed filesystem driver called tmpfs, which is fully configurable to allocate only a fixed size. (to prevent the data from growing so large that it starves the rest of the phone.)

        Implementing a simple log culling and rotation schema with a FIFO approach, would facilitate tower handoffs just fine, would prevent the phone's flash memory from getting burned up by incessant writes to the location log, and would secure user privacy from this kind of local attack, since it would straight up just evaporate from the device on a reboot.

        Police could still get the data from the carrier (since they also keep track of the tower handoffs, and triangulation data for devices within their networks, and need to do so, for their networks to function. Getting law enforcement that data is just a regex away), assuming they have a subpoena or other court order.

        I agree that tools that claim to eliminate this data are of dubious distinction though. This would be very important data that gets used by pretty deep level processes inside the smartphone. Allowing ordinary users to just do whatever they want with it is a massive attack surface just waiting to get used and abused. If I were designing this, I would make sure it could only be accessed by a secured root process. (I would also put it on volatile storage.)

        Unless you have rooted your phone, it is unlikely that you have access to this data.

        Unless you want your cellphone to drop calls, and corrupt/terminate downloads, it is unlikely you are spoofing it.

        Again, I would put this on volatile storage. In Ye Olden Days, it would have been fairly easy to alter the vold file, and tell the android based smart phone to put a tmpfs mount there on bootup, and thus cause the phone to write on ram instead of flash.

        Google, however, has decided that you should not be allowed to mess with mountpoints like that anymore, and has made the process considerably more difficult to intercept and control in recent versions of Android.

        I cannot comment meaningfully on iOS.

        • by Anonymous Coward

          Cell towers already track this data, and have done so since the very earliest days of cellular as a technology.

          It is necessary for phones to be able to hand-off between towers, and for cell service operators to coordinate traffic.

          Up to a point, and at least part of it is due to the design of the protocols in use. IOW, with different design, less location data might be necessary. The thing is, nothing gets engineered for "least data needed"; they're not even trying. They're trying to solve a different problem.

          Police could still get the data from the carrier (since they also keep track of the tower handoffs, and triangulation data for devices within their networks, and need to do so, for their networks to function. Getting law enforcement that data is just a regex away), assuming they have a subpoena or other court order.

          I'd be okay with carriers coughing up whatever they have provided the police have a warrant. But if they're allowed to sell the data to data brokers then the police can just buy the data. And, uhm, I'm not okay with either.

          I'm

        • by PPH ( 736903 )

          It is necessary for phones to be able to hand-off between towers, and for cell service operators to coordinate traffic.

          Even earlier than that, POTS companies used to include a statement in your service agreement to the effect that they would be collecting your call data for the purposes of billing. The key words here are "your call data". You (the customer) owned it. And the companies were seeking permission to collect it for a limited and well defined purpose.

          IIRC, that changed in the 1990s. A telecommunications sponsored bill changed the ownership of that data from the customer to the company. It was even taken to court,

        • Cell towers already track this data, and have done so since the very earliest days of cellular as a technology.

          Your phone does not give out your IMEI to anyone who asks though, only the cell towers should get that and that info typically requires a warrant, and/or an IMSI catcher (eg Stingray).

          Your wifi MAC address is often used for tracking purposes as well. You can change that regularly if you like, but it will make connecting to hotspots that use it less convenient (not automatic).

          The MAID has no purpose except serving you ads. Whether you need that or not is up to you.

      • Or leave your phone at home when you go out to commit whatever crime. Of course it's better when people don't commit crimes in the first place. You can get on with your life without abusing or killing someone and just breaking up with them.
        • The problem, dear sir, is that many people "commit crimes", and do so both unknowingly, and unintentionally, and do so quite frequently.

          Some estimate it to be about 3 felonies daily.
          https://ips-dc.org/three-felon... [ips-dc.org]

          Just giving law enforcement a blank check to send you through a corrupt plea bargain process, is not my idea of a functional society.

          If they have suspicion that you have committed a severe crime, then they can go through the proper motions, get a search warrant or court order, and then subpoena t

        • you forgot to mention in your list of things to avoid having an opinion that is not popular, a religion that is not held by the majority, a sexual preference or religion that might invite discrimination or tracking, or in fact anything that could be objectionable to someone who holds the ability to track you. the FBI tracked and threatened Mt. Luther King Jr because they disagreed with his opinions on equality and other subjects, going as far as to send letters threatening to expose an alleged affair and
      • The only ways to not "give it away" is to use someone elses phone or not have one in the first place. I find any tools that are designed to mask location and ip highly questionable since they can still triangulate, combine data, and accumulate metadata.

        From TFA it seems ad networks are generating this information not tracking from the mobile carriers.

        If it were carriers belching this information (in)directly to LEA without a warrant that would be a different story especially after supreme court rulings protecting such records from warrantless search.

    • Too many people just give this information away.

      I would argue these data are taken, not given. It is systematically collected, stored, archived, and sold.

      When there's money involved like this, you know it is intentional.

      It is unfair to blame the individual user. Your choices are basically: A) Use this product and we get all your data, or B) Be a tech recluse with no YouTube, no maps, no GPS, no phone, no email, no watch. What choice does the individual consumer really have? Solutions require policy action and maybe even an amendment to the Bill of Ri

  • FFS, if we're going to allow corporations to track this data, share this data, aggregate this data and make it available to folks with the right amount of money, why not allow the cops to use it at that point? This has become sorta like drawing the line at getting a hooker to go back to a hotel, do the nasty for hours and then crying "have you no decency" when she left the lights on.

    • by Anonymous Coward

      FFS, if we're going to allow corporations to track this data, share this data, aggregate this data and make it available to folks with the right amount of money, why not allow the cops to use it at that point?

      Because cops are the local-use armed forces of the State. We have laws that govern evidence gathering, privacy, and due process.

  • I can see why the cellphone would need to keep track of where it has been, to help facilitate tower handoffs.

    That should not be retained on nonvolatile storage though. A tmpfs mount would be immeasurably more sensible as a place to store this, with a FIFO style handling of the data to keep the mount from becoming full.

    It would magically erase itself on a reboot.

    If law enforcement wants that information, it can get a subpoena, and ask the carrier for the tower logs for that device.

    Why the fuck is this data b

  • It relies on advertising identification numbers

    I had no idea what this was so I looked it up.

    Advertising ID

    The advertising ID is a unique, user-resettable ID for advertising, provided by Google Play services. It gives users better controls and provides developers with a simple, standard system to continue to monetize their apps. It enables users to reset their identifier or opt-out of personalized ads (formerly known as interest-based ads) within Google Play apps.

    So it's specific to anyone using Google Play. Non-android OSes are not impacted.

    Google Play services update in 2021

    As part of Google Play services update in late 2021, the advertising ID will be removed when a user opts out of personalization using advertising ID in Android Settings. Any attempts to access the identifier will receive a string of zeros instead of the identifier.

    So you can disable it completely.

    • Non-android OSes are not impacted.

      Apple has the same thing. https://developer.apple.com/do... [apple.com]

      • But we don't care about Apple so their users deserve to get tracked.

      • by tsqr ( 808554 )

        Non-android OSes are not impacted.

        Apple has the same thing. https://developer.apple.com/do... [apple.com]

        For IOS and iPadOS versions 14.5 (released in April, 2021) and later, it returns all zeros.

        • For IOS and iPadOS versions 14.5 (released in April, 2021) and later, it returns all zeros.

          Yes, unless you give the app permission to use it. Unfortunately many people click yes to whatever permissions an app asks for.

    • you can assemble a unique identifier from a phone by looking at what is installed in it; app version numbers, for instance. it's not as precise at the google play number but for mass surveillance, it would work pretty well. and i'm going to ignore obvious stuff like MAC addresses or cookies installed by apps that are unique ids themselves. in fact, I don't really know how many id numbers there are on your phone right now. hundreds?
  • The easy availability of the information, and how the cops get it, makes me think it's not an "unreasonable search," so I just can't support any of the 4th Amendment objections. Using publicly-available information isn't any different than noticing that the guy who just walked by you on the public sidewalk happened to be wearing a burglar mask and is carrying a bag with a dollar sign on it.

    If we're going to have policy to prevent this, then the policy should be geared toward preventing the information from

  • Where are all the grass-roots and principaled "small government" types that whisper in lawmakers' ears and engineer decades-long agendas to roll certain things back to the 1900s?

    Seems like this should be a topic on their list . . .

  • but they don't have to. Just like a drug sniffing dog that takes cues from it's handler and learns to find what's not there, or those magic rods we used in Iraq to find bombs, this is theater to create probable cause for a search.

    This isn't going to stop unless and until we stop voting for "Tough On Crime" political candidates. And we're probably not going to do that because, well, it feels good to vote for them.
  • Tech Tool Offers Police 'Mass Surveillance On a Budget'

    That "fiscal responsibility" politicians keep (disingenuously) yammering about -- oh wait ...

  • by MeNeXT ( 200840 ) on Thursday September 01, 2022 @01:11PM (#62843953)

    that our tracking data is stripped of any identifying markers? This was always a lie and we need to stop regurgitating these lies. Personal identifying information is always collected and IS used.

    • by wierd_w ( 1375923 ) on Thursday September 01, 2022 @01:28PM (#62843987)

      More importantly, anonymizing the data does not work.

      It is trivially easy to de-anonymize the data. This has been demonstrated experimentally.

      https://www.nytimes.com/2019/0... [nytimes.com]

      The only real remedy, is to outlaw retention.

    • that our tracking data is stripped of any identifying markers? This was always a lie and we need to stop regurgitating these lies. Personal identifying information is always collected and IS used.

      One of the most common "dark patterns" in the privacy legalese. They will always say something like your personal data will not be used.... without explaining all of the things that they don't consider to be personal data they are collecting which effectively amounts to a distinction without a difference.

  • by joe_frisch ( 1366229 ) on Thursday September 01, 2022 @02:17PM (#62844161)
    There are too many technologies for surveillance to efficiently regulate. I think its a much better aproach to regulate what can be done with surveillance data no matter how it is obtained. Under what conditions can police track / record a persons location, image, conversations, online history etc.

    Its gradually becoming possible to track everything almost everyone does. The issue is who get access to that data: Govt? Advertisers? Available for sale to anyone who pays? Foreign governments?
  • You still can't take your cellphone to work if you're a criminal.

  • On a budget means that it is so cheap that their will be limited if any oversight.

    If a "Premium" check costs the police department $3,000, then each use of it will be questioned by the accounting department and any cop that uses it to check on all his neighbors, girlfriend, ex-girlfriends, guy that flipped him off, etc. will be investigated and punished for wasting police resources.

    But for "Budget" tools, nobody will ever track who uses it or why. Honest cops won't use it, but any corrupt officer will abus

  • Don't carry a phone. The police will never find you. They will be too busy chasing everyone else.

Whoever dies with the most toys wins.

Working...