I've lived in Fort Worth, TX for about a year. I was already aware of the existence of these devices. I had no clue that my local PD was spending such an insane amount of money on surveillance. It's also worth mentioning that our population is only 792K.
I've lived in Texas most of life and in general I think the people here are great. However, Texans do have a tendency to blindly support anything the Military and Police want to do, while at the same time complaining about big government.
I guess I'd better start bringing this up in my circles. I don't think many people are fully aware of what's going on.
> It's also worth mentioning that our population is only 792K.
Most of the homeland security money funding surveillance is likely tied to DFW being along a major drug distribution corridor coming up from Mexico, and has nothing to do with the local population.
>However, Texans do have a tendency to blindly support anything the Military and Police want to do, while at the same time complaining about big government.
I did observe that. Why is that so? Historically was the police or sheriffs independent from the government?
It's not just Texas. I've lived in big and small cities in several east coast states and the blind support is always something I just can't grok. the only difference over here is nobody has an issue with big government.
So what is the move if you are caught with your pants down, and a LEO is requesting access to your actual phone? Does a factory restore wipe all data, or is in necessary to wipe, fill up with bunk data, wipe again?
I don't know about everyone else but my phone is has data including me talking about controversial opinions, intimate photos, and various other data that I would not want anyone else to have.
In the US, use passwords to protect your phone. Passwords have been held by courts to be testimony and thus protected by the 5th Amendment. Patterns, swipes, facial recognition and fingerprints have been held by courts to be the equivalent of "keys" and you can be required to turn them over upon being ordered by a lawful authority (such as a police officer demanding them). Passwords require a court order and if you have a competent attorney, they can argue that revealing the password would result in self-incrimination (and this can spend a lot of time in court before anything happens).
First, it would vary by phone -- but if LEO is requesting your phone and do not have a warrant (yet), they could still seize the phone citing exigent circumstances. The exigent circumstances being that if they left the phone in the custody of the subject, then they will likely delete the contents or at least could delete the contents. Once the phone is in LEO possession then they can take the time to apply for a warrant to search the device.
So -- if you get to the point of LEO requesting your phone and you have data on your phone, then it is too late.
In the US, unless we are talking about a border search, LEO will still need a warrant to search your phone. I'm unsure if this is what you meant by "pants down" tho :)
'Cellebrite "Pro Series" purchases all appear to include the firm’s Cloud Analyzer tool, which extracts “private-user cloud data” by "utilizing login information extracted from the mobile device.'
Chilling that is can be done without a warrant e.g. arrested protesters or to citizens crossing the US border.
Does this mean that as long as you use different strong passwords for everything (via say, 1Password), and do NOT use a fingerprint unlock, Cloud Analyzer wouldn't work?
Or is it extracting login info in some other manner that would still function?
I would venture to say that a search warrant for a device, would not cover the contents stored in the cloud. While the cellebrite does have this feature I would presume a separate warrant would be required to obtain the cloud data, which is located in another physical location.
“Criminals tend to try and make tracking their data more difficult, so this kind of mass collection of telephony data will more easily find our political activists, our civil society leaders, and just regular people,” he says. “If the courts—if the public—knew how powerful these tools were, they would move to restrict their use.”
The mass surveillance system is about control, not security, and I think time and time again that is being proven. On the constitutional post-warrant data anlysis tools I have these issues:
1) This is local law enforcement wising up and playing a similar game to the big three letters.
2) I have concerns about the privacy protections for those associated with suspects, and see ripe abuse potential for guilt by association or even "using data from a warrant to get the data on the person you really want but can't get the warrant" type of situations.
3) I have concerns with the level of data sharing between the LEA's, and the post shared protections of said data.
4) I have concerns with private companies providing these services because private companies often have sub-par data security practices, and often have strange third-party data selling loopholes so they often end up "scrubbing" data and selling it, but most of us know it's not that hard these days to "unscrub" that kind of data.
All of this is assuming we are just talking about constitutional methods too. What I find even more insidious and dangerous is the unconstitutional tools like imsicatchers and others being used for parallel construction.
Bottom line is this: the LEA's and LEO's need to remember that they swear an oath:
"I, [name], do solemnly swear (or affirm) that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same;"
The problem as I see it, is that I tracked down the law that punishes congress for a few specific violations of oath of office (5 U.S. Code § 7311), but I have yet to find any law for punishing people in the executive branch for violation of oath of office. If anyone knows of such, please let me know. IANAL, so perhaps 5 U.S. Code § 7311 could apply to the executive and I just misunderstand it.
Holy passive voice, Batman. Surely a better title would have been "Local Police Departments Buying Loads of Cellphone Spy Tools", since it's not like the damn things are mysteriously appearing unbidden...
I think the only thing that can prevent the US from spiraling into a dictatorship is a successful Netflix show about US spiraling into a dictatorship. Maybe it is too late for that too.
hackingteam breach has shown that law enforcement are among the biggest customers of HackingTeam. They supply not just the tools but also a subscription (to the constantly changing) payloads to breach a target. Kind of a poor man's TAO for the "neighborhood" police-unit. These tools make planting evidence just as easy so it is a massive change in the amount of trust put into individuals working in LE. This is even more scary when you think of how little the average cop knows about the tech they use from some questionable outside private vendor.
I think it's not just the Govt and Police who involves in spying on people's data. Multiple spy apps i.e. TheOneSpy, PhoneSherif, FlxiSpy, and much more are readily available in the online market to spy on anyone's data through his/her smartphone. In my point of view first, we should ban these data and privacy breach apps in our state then move on the other Governmental monitorings and protect our privacies.
Do the cell site simulators spoof existing towers? How hard would it be to write an app to detect when you connect to another tower and shut the phone down. Unless Google and Apple don't let you programmatically shut down the phone.
Stingray's inner workings are supposedly not disclosed but it is said to mimic a nearby cell tower. I bet the device just echoes & amplifies the signal to trick your phone to connect.
If that's how it works, then If you know what each tower relative strength from that given position must be and you note a new surge in strength, that will tell you. You could also use triangulation with cooperating devices.
I'm inclined to say there's no reliably secure mobile platform, though idlewords (Maciej Ceglowski) and tptacek (Thomas Ptacek) are presently recommending iPhone or iPad.
(I'm writing this on an Android device I fear, dread, and detest.)
So if the Washington D.C. police, or anyone who can afford it, are tracking protesters, or merely tracking, near the White House, they may inadvertently intercept calls from all those insecure, non-presidentially locked phones carried by top White House aides, and by the President?
I have no idea how this works. Can someone explain the site simulators? When the site simulators intercept the traffic, they can see all the data. If it's encrypted, can they still read it or decrypt it somehow?
Site simulators aren't very new technology. Police departments have had these devices for so long that they were even mentioned in The Wire (2002) with the exact brand name (StingRay).
Handsets will always connect to the basestation with the strongest signal, there is no authentication involved. They then "exploit" (it's really by design) a feature of GSM where you can simply tell the handset not to use any encryption, and since the interface between baseband chip and application processor (the ARM that runs your Android or iOS) is more akin to a cold war curtain than actual information exchange, your device won't ever notify you. Even if they enable the old A55 encryption, that can be cracked in realtime nowadays.
One popular use is to mount them on a drone, wait for it to detect a particular IMSI and then bomb the general area. That is the reality of the so called "precision strikes" in Afghanistan or Iraq.
Yes, your calls would be traveling over an encrypted tunnel to the carrier instead of the (simulated) cell tower, thus preventing the Stingray/site-simulator from carrying and listening in on your call.
However, it would not stop someone from listening to the call at any point over the rest of the path since the call itself is not encrypted, only the transport between the carrier and your phone.
[+] [-] sh-run|9 years ago|reply
I've lived in Texas most of life and in general I think the people here are great. However, Texans do have a tendency to blindly support anything the Military and Police want to do, while at the same time complaining about big government.
I guess I'd better start bringing this up in my circles. I don't think many people are fully aware of what's going on.
[+] [-] dsl|9 years ago|reply
Most of the homeland security money funding surveillance is likely tied to DFW being along a major drug distribution corridor coming up from Mexico, and has nothing to do with the local population.
[+] [-] sreenadh|9 years ago|reply
I did observe that. Why is that so? Historically was the police or sheriffs independent from the government?
[+] [-] tastythrowaway2|9 years ago|reply
[+] [-] jjawssd|9 years ago|reply
[+] [-] troncheadle|9 years ago|reply
I don't know about everyone else but my phone is has data including me talking about controversial opinions, intimate photos, and various other data that I would not want anyone else to have.
[+] [-] Tangurena2|9 years ago|reply
[+] [-] nawtacawp|9 years ago|reply
So -- if you get to the point of LEO requesting your phone and you have data on your phone, then it is too late.
[+] [-] mhays|9 years ago|reply
[+] [-] Too|9 years ago|reply
[+] [-] jakelarkin|9 years ago|reply
Chilling that is can be done without a warrant e.g. arrested protesters or to citizens crossing the US border.
[+] [-] shostack|9 years ago|reply
Or is it extracting login info in some other manner that would still function?
[+] [-] nawtacawp|9 years ago|reply
[+] [-] arca_vorago|9 years ago|reply
The mass surveillance system is about control, not security, and I think time and time again that is being proven. On the constitutional post-warrant data anlysis tools I have these issues:
1) This is local law enforcement wising up and playing a similar game to the big three letters.
2) I have concerns about the privacy protections for those associated with suspects, and see ripe abuse potential for guilt by association or even "using data from a warrant to get the data on the person you really want but can't get the warrant" type of situations.
3) I have concerns with the level of data sharing between the LEA's, and the post shared protections of said data.
4) I have concerns with private companies providing these services because private companies often have sub-par data security practices, and often have strange third-party data selling loopholes so they often end up "scrubbing" data and selling it, but most of us know it's not that hard these days to "unscrub" that kind of data.
All of this is assuming we are just talking about constitutional methods too. What I find even more insidious and dangerous is the unconstitutional tools like imsicatchers and others being used for parallel construction.
Bottom line is this: the LEA's and LEO's need to remember that they swear an oath:
"I, [name], do solemnly swear (or affirm) that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same;"
The problem as I see it, is that I tracked down the law that punishes congress for a few specific violations of oath of office (5 U.S. Code § 7311), but I have yet to find any law for punishing people in the executive branch for violation of oath of office. If anyone knows of such, please let me know. IANAL, so perhaps 5 U.S. Code § 7311 could apply to the executive and I just misunderstand it.
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] al2o3cr|9 years ago|reply
[+] [-] dandare|9 years ago|reply
[+] [-] DyslexicAtheist|9 years ago|reply
https://media.ccc.de/v/30C3_-_5439_-_en_-_saal_1_-_201312292...
https://www.technologyreview.com/s/543991/the-growth-industr...
[+] [-] theonespy|9 years ago|reply
[+] [-] JustSomeNobody|9 years ago|reply
[+] [-] spyder|9 years ago|reply
https://play.google.com/store/apps/details?id=de.srlabs.snoo... ( requires a rooted device with Qualcomm chipset)
Cell Spy Catcher:
https://play.google.com/store/apps/details?id=com.skibapps.c...
https://play.google.com/store/apps/details?id=kz.galan.antis...
[+] [-] 2_listerine_pls|9 years ago|reply
If that's how it works, then If you know what each tower relative strength from that given position must be and you note a new surge in strength, that will tell you. You could also use triangulation with cooperating devices.
[+] [-] multidelo|9 years ago|reply
[deleted]
[+] [-] M_Grey|9 years ago|reply
[+] [-] simplyluke|9 years ago|reply
[+] [-] dredmorbius|9 years ago|reply
I'm inclined to say there's no reliably secure mobile platform, though idlewords (Maciej Ceglowski) and tptacek (Thomas Ptacek) are presently recommending iPhone or iPad.
(I'm writing this on an Android device I fear, dread, and detest.)
[+] [-] Jill_the_Pill|9 years ago|reply
https://www.linkedin.com/jobs/view/245927769 http://www.nypdrecruit.com/statistician-level-1/
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] a3n|9 years ago|reply
[+] [-] analogmemory|9 years ago|reply
[+] [-] revelation|9 years ago|reply
Handsets will always connect to the basestation with the strongest signal, there is no authentication involved. They then "exploit" (it's really by design) a feature of GSM where you can simply tell the handset not to use any encryption, and since the interface between baseband chip and application processor (the ARM that runs your Android or iOS) is more akin to a cold war curtain than actual information exchange, your device won't ever notify you. Even if they enable the old A55 encryption, that can be cracked in realtime nowadays.
One popular use is to mount them on a drone, wait for it to detect a particular IMSI and then bomb the general area. That is the reality of the so called "precision strikes" in Afghanistan or Iraq.
[+] [-] dsp1234|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] lfender6445|9 years ago|reply
[+] [-] ParadoxOryx|9 years ago|reply
However, it would not stop someone from listening to the call at any point over the rest of the path since the call itself is not encrypted, only the transport between the carrier and your phone.
[+] [-] Jill_the_Pill|9 years ago|reply
[deleted]