Tag Archives: cell phones

Editor’s Pick, Featured, Privacy, Technology

The Spy in Your Pocket

2 Comments

By NICOLE KARDELL, JOSEPH S. DIEDRICH

Does the government need a search warrant to know where you’ve been? Not if your cell phone provider knows. If you don’t like how that sounds, there may be ways to change it.

Take the case of Quartavious Davis, a Florida man convicted of robbing at gunpoint a pizzeria, a gas station, a drugstore, an auto parts store, a beauty salon, a fast food restaurant, and a jewelry store. The prosecution offered multiple lines of evidence, but there was one in particular that Davis’s lawyers objected to: records the government obtained from Davis’s cell phone provider, MetroPCS.

The records, which MetroPCS kept in its normal course of business, showed “the telephone numbers for each of Davis’s calls and the number of the cell tower that connected each call.” From this information, police concluded that “calls to and from Davis’s cell phone were connected through cell tower locations that were near the robbery locations, and thus Davis necessarily was near the robberies too.”

Prosecutors got their hands on the MetroPCS cell tower records using a court-ordered subpoena. In criminal cases like Davis’s, courts may grant subpoenas on “specific and articulable facts showing that there are reasonable grounds to believe” that the records sought “are relevant and material to an ongoing criminal investigation.” Although this standard is higher than that for typical subpoenas, it’s lower than the Fourth Amendment’s probable cause standard.

Not Even a Search

On appeal, Davis argued that the cell tower records were obtained in violation of the Fourth Amendment’s prohibition on unreasonable searches and seizures. But the 11th Circuit — the federal appeals court encompassing Alabama, Georgia, and Florida — disagreed (United States v. Davis).

In fact, the government’s actions weren’t even a “search,” according to the court. In legal terms, a search occurs only when police invade a person’s reasonable expectation of privacy. For example, you have a reasonable expectation of privacy in the content of your phone conversations — what is actually said during your call — so eavesdropping on the conversation would constitute a search.

In Davis’s case, though, the police didn’t eavesdrop on his conversations. Nor did they use GPS to track his precise movements while he was making them. Because they merely obtained business records from a third party, the court says that the police didn’t invade Davis’s privacy:

[quote_box_center]Davis has no subjective or objective reasonable expectation of privacy in MetroPCS’s business records showing the cell tower locations that wirelessly connected his calls at or near the time of six of the seven robberies.… Instead, those cell tower records were created by MetroPCS, stored on its own premises, and subject to its control. Cell tower location records do not contain private communications of the subscriber. This type of non-content evidence, lawfully created by a third-party telephone company for legitimate business purposes does not belong to Davis, even if it concerns him.[/quote_box_center]

Because there wasn’t a “search,” the Fourth Amendment didn’t even apply.

Outdated Doctrine Meets Modern Society

Despite the court’s logic, something about this case still makes many observers feel uneasy. Even AT&T filed a brief in the case, arguing that the government’s actions were illegal. We all turn over huge amounts of information to third parties every day, and almost all of our activities can be tracked through our “smart” devices. And as the amount of data that businesses collect on us grows, so do concerns over the government’s ability to access that data.

[bctt tweet=”As the amount of data that businesses collect on us grows, so do concerns over the government’s ability to access that data.”]

So when the 11th Circuit focused its decision in Davis on something called the third-party doctrine, there was reason for a little gasp. The third-party doctrine was developed by the Supreme Court in the 1970s to draw a line between a person’s “reasonable” expectation of privacy and the information that person voluntarily shares with third parties. Back then, the Supreme Court held that a person has no reasonable expectation of privacy over his or her bank records, because that information was voluntarily provided to the bank. Nor can you have a reasonable expectation of privacy over the phone numbers you dial, because you furnish those numbers to the phone company in order to place calls. And so the government may subpoena these records from the business collecting them without meeting heightened standards under the Fourth Amendment.

The Davis court discussed these cases to support the premise that when people turn over their data to third parties by virtue of using those parties’ services, that information falls outside Fourth Amendment protection. A breathtakingly low point can be found in one of the judges’ concurring opinions:

[quote_box_center]If a telephone caller does not want to reveal dialed numbers to the telephone company, he has another option: don’t place a call. If a cell phone user does not want to reveal his location to a cellular carrier, he also has another option: turn off the cell phone.[/quote_box_center]

In other words, if you want your information protected by heightened privacy standards, go off the grid.

Today, that position is practically untenable. And this is what makes the 11th Circuit’s opinion troubling: it allows the government easy access to your data by virtue of your participation in modern society. The court’s holding helps grease the slippery slope that takes us away from historically reasonable expectations of privacy.

The court attempted to soften the blow by categorizing the subject information as noncontent data. In other words, the data in the Davis case was less private because it was not the actual substance of phone calls, texts, or other communications. Instead, it was the nonsubstantive cell-tower data that allowed the government to track where Davis was when he made or received calls. But we all know that a precise record of our movements reveals a lot about us, as the dissenting judge in the Davis case pointed out:

[quote_box_center]A person who knows all of another’s travels can deduce whether he is a weekly church goer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups — and not just one such fact about a person, but all such facts.[/quote_box_center]

Toward Privacy

There is still a chance that the Supreme Court will reverse the 11th Circuit’s holding. Even if it doesn’t, other options exist. As mentioned in the Davisdecision, Congress can still legislate greater privacy protections.

The market provides another option. Although a court order forced MetroPCS to provide its records, “federal law did not require that MetroPCS either create or retain these business records.” As technology changes, and as we all become more attuned to privacy issues, we will look to the market for options. When this happens, cell phone providers will benefit from offering an “enhanced privacy” version of their services. Some customers will prefer that their data not be collected at all — or that it be anonymized. Providers could charge a higher price for anonymous services, or customers could forego certain personalized services.

By providing customized levels of privacy, the market can create de facto immunity from third-party “searches.”

 

 

 

“Reprinted from FEE with permission under Creative Commons Attribution License”

Civil Liberties, Government Accountability, Police Accountability, Privacy, Technology

Department of Justice to Reveal New Details Of ‘StingRay’ Cellphone Surveillance

1 Comment

The Department of Justice plans to begin revealing details on the use of Stingray cellphone tracking tools, according a new report from the Wall Street Journal.

Officials with the Justice Department told the WSJ that they have launched a review into how law-enforcement agencies use the controversial technology.

StingRays are the name of a brand of cell-site simulators, a tool which allows law enforcement to trick a phone into sending its cell signal (and associated data) to the device rather than a cell tower. This gives authorities the ability to gather location, numbers dialed, length of calls, and in newer models, the actual contents of conversations and texts.

Devlin Barrett, the WSJ reporter behind the story, tweeted that the internal review began before Attorney General Eric Holder left office. A DOJ spokesman stated that the department is, “examining its policies to ensure they reflect the Department’s continuing commitment to conducting its vital missions while according appropriate respect for privacy and civil liberties.”

The announcement from the DOJ comes as the Federal Bureau of Investigations (FBI) released thousands of pages of heavily-redacted documents related to Stingrays. The document dump came in response to a Freedom of Information Act request from MuckRock’s Alex Richardson. One of the redacted documents is titled “Cellphone Tracking for Dummies.”

Although the content of the documents is censored, the recipients of the communications indicate that the FBI has been passing on information on Stingrays to state and local departments around the country.

Details of how exactly the devices work remains shrouded in secrecy, but that trend seems to be changing as the public questions the use of these tools. In late March, a heavily redacted edition of a 2010 manual for the StingRay was released.

The manual was released through Freedom of Information Act (FOIA) requests sent to the Federal Communications Commission (FCC) by The Blot Magazine. This marked the first public release of the user manual which covers the Harris Corporation’s StingRay, StingRay II, and Kingfish devices.

The manual provides a view into how the technology operates and highlights the level of secrecy Harris Corp, the manufacturer of the Stingray, and government agencies are employing. Past documents have shown that most police departments have been granting themselves authorization without first getting a warrant based on probable cause. When the departments do pursue a warrant through a judge, they often do not specifically mention the Stingray specifically but rather use vague and generic terms.

The promises of the DOJ and the document release from the FBI could hint at a more transparent policy towards the technology. However, not everyone is impressed. The American Civil Liberties Union writes:

“Federal law enforcement’s move toward using warrants for this invasive technology is welcome and long overdue, as is the promise of increased transparency. But major questions remain.

First, the Wall Street Journal reports that the Justice Department is slow-walking the move toward decreased secrecy around Stingrays because it doesn’t “want to reveal information that would give new ammunition to defense lawyers in prosecutions where warrants weren’t used.” If that is so, the promise of greater transparency is a sham. Law enforcement agencies have been violating the rights of defendants and non-suspects for years by failing to get warrants and then hiding the fact and details of Stingray use from defense attorneys and courts. Trying to insulate these violations from challenge by maintaining secrecy until pending cases have concluded will perpetuate the government’s outrageous conduct.”

While the federal government promises more accountability, several states are seeking to pass legislation that would require a clear process for the use of Stingrays and similar devices. On April 23, New York State Senator Michael Ranzenhofer became the latest representative to introduce a bill that would require law enforcement agencies to obtain a judicial order before deploying a “mobile phone surveillance device or system.”

For more information check out this Guide to Stingray Technology.

Police State, Technology

New Snowden Documents Reveal American and British Spies Hacked SIM Card Manufacturer

2 Comments

New documents from whistleblower Edward Snowden reveal the National Security Agency (NSA) and the British GCHQ hacked into a SIM card manufacturer in the Netherlands and now has access to encryption keys that allow monitoring of voice calls and metadata.

The Intercept released the new documents which detail the existence of the Mobile Handset Exploitation Team (MHET), a team formed in April 2010 to study and target cellphones and hack computer networks of manufacturers of SIM cards. The team specifically targeted  Gemalto, a SIM card manufacturer based in the Netherlands that produces SIM cards for 450 wireless companies, including AT&T, Sprint, T-Mobile, and Verizon. Gemalto has operations in 85 countries around the world. 

Internal slides from the NSA and GCHQ show that the team was after encryption keys that “live in” the SIM cards. By possessing these keys the spy agencies are able to access wireless networks without leaving any clues and without the need for a warrant. Beyond simply accessing current communications, accessing “authentication servers” allows the agencies to unlock past encrypted communications they may not have had the ability to decrypt. One agent wrote on a slide that he was “very happy with the data so far and [was] working through the vast quantity of product.”

The 2010 document refers to this as “PCS Harvesting at Scale,” or harvesting large amounts of encryption keys as the data passed between the wireless providers and the “SIM card personalisation centres,” such as Gemalto. The NSA boasted at having the ability to process 12 to 22 million keys per second. The spy agency was aiming to process more than 50 million per second. These keys are processed and made available for use against surveillance targets.

Indeed, the GCHQ specifically targeted individuals in key positions within Gemalto and began accessing their emails in hopes of following their trail into the SIM card manufacturers servers. The team of spies even wrote a script which allowed them to access private communications of employees for telecommunication and SIM “personalization” companies in search of technical terms that might be used in assigning encryption keys to cellphone customers.

Paul Beverly, a Gemalto executive vice president, told The Intercept he believed,“The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years.”

More than likely the NSA and the GCHQ violated international law every time they covertly accessed the emails of employees in foreign nations. Dutch officials are already calling for an investigation into who knew the American and British agencies were conducting such a program, and if so, under what doctrine is such a policy allowed.

As Edward Snowden continues to unveil disturbing uses of surveillance against innocent users of the technology, it is important to remain educated and informed about the way global governments target their own citizenry. Learning to encrypt your communications and watch what you say on the phone becomes largely useless when the government has access to the SIM card itself. What is a free person to do in the Surveillance State of 2015? How can we find balance between freedom and security?

Leave your thoughts below.

 


Featured, Technology, US

Florida Judge Orders Release of Details on Stingray Cell Phone Tracking Technology

11 Comments

Tallahassee, Florida – On June 3 a Florida judge ruled in favor of the American Civil Liberties Union, forcing the release of  new documents related to police use of “stingray” cell phone tracking technology.

The ruling deals with a case where Tallahassee police used stingray to locate a suspected rapist’s apartment without first getting a warrant. When the police officer involved in tracking the suspect testified in court, the federal government stepped in to demand secrecy, the court obliged, closed the hearing and sealed the transcript. After the ACLU asked the judge to unseal the court transcript based on constitutional First Amendment access to court proceedings, the government attempted to invoke national security privilege by invoking the Homeland Security Act.

The ACLU was able to convince the judge to release the transcript, providing more details about the law enforcement tool that was first revealed last Summer by former NSA contractor Edward Snowden. The Stingrays work by mimicking a cellphone tower and tricking cell phones into registering their location and other identifying information with the device rather than cell phone towers in the area.

The new documents confirm that cell phones can be tracked as long as the phone is on, whether or not you are making or receiving calls. Also, the stingrays force cell phones to send data to the device “at full signal, consuming battery faster.”  For an activist or journalist a constantly dying battery could be a sign that you are being tracked.

The court transcript also reveals a case where the police drove around with a vehicle-based stingray until they located the apartment complex where their suspect was staying. Upon locating the complex the officers switched to a handheld device and went to “every door and every window in that complex” until the phone transmitting the signal was located. A police officer testified that as far back as 2007 the device were being used. He estimated between Spring of 2007 and August 2010 the police used the stingrays around “200 or more times.”

These latest details fill in the gaps regarding the United States’ governments growing obsession with spying on it’s own citizens. With the revival of the Domestic Extremism Task Force and the news that the Obama Administration is fighting the release of information about Stingrays, it is obvious the government views it’s citizens as worthy of constant surveillance and scrutiny.