Hey. Someone who briefly worked on the Stingray team here.
I left the company that develops the stingray (who’s name is mentioned in the article but I shall not say it) because I didn’t feel comfortable with the ethics of how it could potentially be easily abused without legal permission and/or repercussion. I fear these technologies will become more commonly used against Americans by low level law enforcement without good reason and without responsible usage.
What kind of NDAs did they force on you? It's one thing to walk away silently, but you know they just filled your role with someone else with less morals.
The other option is scorched earth similar to the recent news articles where there were blog posts publicly shaming the company. Wondering what kind of in between options are available. Anonymous posts are a start at least to get the inquisitive types to look in that direction and/or add some weight to previous anonymous posts.
Edit: just read further down the list, and see others have essentially asked the same thing
"A low level enforcement employee used unauthorized tools to locate our suspect. He has been reprimanded. However, once we surveilled the suspect we had the evidence to prove he was guilty unrelated to any prior cause. Case closed."
- In your opinion, is there a difference between an innocent person being materially and demonstrably harmed ("harmed," i.e. tort) by a stingray deployment and an innocent person harmed by any other tool misused in this way by the government?
- Do you think there's a better alternative to tort that could as clearly limit the tools government uses to fight crime?
- If harmless mass surveillance replaces concretely and plainly harmful mass surveillance (e.g. stop and frisk), did we come out ahead?
I'm not a blowhard and obviously do not want to live in a surveillance state. I'm not even advocating for the status quo. It's okay if the answer to these questions are basically, "I don't know."
Or go on and argue that stingrays in isolation of a malevolent government somehow materially harm people in some concrete way. It would be awesome to hear your perspective if that's the case.
I hope more people will follow your example and question their work. Not only at Harris Corporation, but in every part of what is called surveillance capitalism.
To whomever flagged the sibling comment by throwaway_drt2: they were not being crude, they were referring to the cell site simulator called the Dirtbox. [1] Don't be so trigger-happy.
Pro-tip: If you want fairly good OPSEC when going to a protest, get a burner Android phone, put it on airplane mode with WIFI only. Then purchase a couple of Comcast / Xfiniti logins off the web, and use those to connect to "xfiniti-wifi" hotspots. Most cities have them, the speeds are fairly decent too.
In Portland hundreds of demonstrators used the mesh-networking app Bridgefy, and some affinity groups used goTennas which even served streaming movies, music, and documentaries that spoke to the revolutionary tenor.
If you have gapps installed (every stock ROM unless you're in china), you should probably assume google is tracking your location through wifi networks. As such, you should probably install lineageos for additional security.
I remember this being described in Bruce Schneier's book. When I first read it, I was terrified. Now, seeing them in action, I'm closer to dejected. Most methods of avoiding them aren't easy or practical enough to be used by the layman, hell, most laymen don't even know what stingrays are. These are incredibly tough to protect against on a mass scale.
I used to work for DRT, they make the "dirtbox" mentioned in the article. I would really encourage journalists to dig more into this company and their products.
You could contact https://twitter.com/KenKlippenstein via Signal with any information you didn't see in the article which should be. He seems to be a journalist interested in related fields.
No one is going to know unless the people who worked there reach out.
> I would really encourage journalists to dig more into this company and their products.
I guess journalists' disinterest in invasive surveillance is because reporting on it is harder, than reprinting the same 7 headlines as every other news org.
It's been a bit better since Edward Snowden dragged news orgs away from authoritarian-friendly journalism and into the surveillance age. However, journalists still seem to do about the bare minimum, while their reporting gives LEO/Gov endless benefit of the doubt.
> stingrays can force phones to downgrade to 2G, a less secure protocol, and tell the phone to use either no encryption or use a weak encryption that can be cracked.
Can android, iOS, or an open phone os prevent 2g communication?
Hey, I used to briefly work on the device in question. It’s capabilities go far beyond just downgrading cellular service. I obviously can’t say much more about it but I am a huge proponent of creating strong laws regarding who can use such a device and when. Putting such devices in the hands of low level law enforcement officers to use against their communities for trivial reasons can only turn out poorly.
It happens within the OS for the baseband processor, not within the OS of the actual phone. Unsurprisingly, the details of how the baseband processor work are a highly guarded secret, and trying to reverse engineer anything around it will end up with a heft lawsuit thrown at you.
This is probably something that the baseband radio processor decides. Depending on the firmware/software on the chip the host OS might be able to instruct it to don't ever downgrade to 2G.
Turns out that "Stingray" is also the name of a system for air-blown optic fiber installation.
Personally I would have avoided the reuse of that particular name for anything in telecommunications because it has somewhat dark connotations already!
Wi-Fi Calling while in Airplane mode would not be subject to Stingray interception, and would protect IMEI data from airborne bulk capture.
Authorities can still set up open SSIDs to capture limited information about phones, but the "fly an airplane over" capture model doesn't work well with Wi-Fi.
Title is "How Cops Can Secretly Track Your Phone" on my end. Assuming that was the original one, some comments here seem to suggest they only read the custom title without checking out the actual article.
FWIW you can do much the same thing with your own SDR setup. One of the more surprising things for me was that the feature that a phone work "internationally" means that a nominally "4G" phones will still answer a GSM tower (talking on a GSM frequency) when the tower says hello. Some phones will let you turn that off.
But that said, most smartphones will tell you their WiFi MAC address if you tell them you are an access point. It is more difficult to track a MAC address back to its owner, but it is easy to see if it shows up again near you. My Cisco access point did a variant on this when MAC address filtering was on, it would send you reports of "unknown" MAC addresses which you could log and then later associate with people visiting the office.
Bottom line though seems to be to treat protests like DefCon events if you don't want to leak PII. Get a burner phone for such trips.
Almost no agencies upgraded to 4G, way too expensive, about $500k.
If on android you can enter a code on device to force ONLY 4G to be used by the device.
TL;DR it's a radio in your pocket that constantly announces its identity. I'm quite interested in the fact that people don't realize this. Is it a generational split between people who can remember when we did not all have radios in our pockets and those who can't, or ??? The fact that an always-on radio you carry everywhere can be used to track you seems like the #1 most obvious thing about the technology.
Slightly off topic: Why don't cell networks get shut down more often during large protests etc.?
It seems that police use cell phones for internal communications pretty extensively -- Even when there are encrypted radio systems or channels.
My guess is that UX of encrypted radio is generally terrible, and that it's a nightmare to distribute keys to all multiple agencies that might be operating in an area. So departments configure encrypted radio for internal use, but when there's large scale activity they need to fall back to cellphones for guaranteed un-eavesdroppable comms
Is there a way to go back and check you phone and see any evidence that it had connected to a stingray or dirtbox? Or is it really untraceable from the user end??
[+] [-] jdefr89|5 years ago|reply
I left the company that develops the stingray (who’s name is mentioned in the article but I shall not say it) because I didn’t feel comfortable with the ethics of how it could potentially be easily abused without legal permission and/or repercussion. I fear these technologies will become more commonly used against Americans by low level law enforcement without good reason and without responsible usage.
[+] [-] throwaway_drt2|5 years ago|reply
[+] [-] dylan604|5 years ago|reply
The other option is scorched earth similar to the recent news articles where there were blog posts publicly shaming the company. Wondering what kind of in between options are available. Anonymous posts are a start at least to get the inquisitive types to look in that direction and/or add some weight to previous anonymous posts.
Edit: just read further down the list, and see others have essentially asked the same thing
[+] [-] MacSystem|5 years ago|reply
[+] [-] seebetter|5 years ago|reply
"A low level enforcement employee used unauthorized tools to locate our suspect. He has been reprimanded. However, once we surveilled the suspect we had the evidence to prove he was guilty unrelated to any prior cause. Case closed."
Mistakes were made but lies were never told.
[+] [-] an_opabinia|5 years ago|reply
- Do you think there's a better alternative to tort that could as clearly limit the tools government uses to fight crime?
- If harmless mass surveillance replaces concretely and plainly harmful mass surveillance (e.g. stop and frisk), did we come out ahead?
I'm not a blowhard and obviously do not want to live in a surveillance state. I'm not even advocating for the status quo. It's okay if the answer to these questions are basically, "I don't know."
Or go on and argue that stingrays in isolation of a malevolent government somehow materially harm people in some concrete way. It would be awesome to hear your perspective if that's the case.
[+] [-] goodluckchuck|5 years ago|reply
[+] [-] sargun|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] kome|5 years ago|reply
I hope more people will follow your example and question their work. Not only at Harris Corporation, but in every part of what is called surveillance capitalism.
[+] [-] ColanR|5 years ago|reply
[1] https://en.wikipedia.org/wiki/Dirtbox_%28cell_phone%29
[+] [-] GaryNumanVevo|5 years ago|reply
We're truly living in the panopticon
[+] [-] AftHurrahWinch|5 years ago|reply
[+] [-] samschooler|5 years ago|reply
[+] [-] rsync|5 years ago|reply
I don't have a use for such a thing, but if I did, I think I would get an Apple iPod touch which has no cellular capabilities at all ...
[+] [-] gruez|5 years ago|reply
[+] [-] refurb|5 years ago|reply
[+] [-] helios_invictus|5 years ago|reply
[+] [-] nick_kline|5 years ago|reply
[+] [-] omarchowdhury|5 years ago|reply
[+] [-] BelleOfTheBall|5 years ago|reply
[+] [-] Mirioron|5 years ago|reply
[+] [-] myroon5|5 years ago|reply
http://www.washingtonpost.com/world/national-security/nsa-gr...
https://slate.com/technology/2013/07/nsa-can-reportedly-trac...
[+] [-] alain94040|5 years ago|reply
[+] [-] throwaway_drt2|5 years ago|reply
[+] [-] ideals|5 years ago|reply
No one is going to know unless the people who worked there reach out.
[+] [-] WarOnPrivacy|5 years ago|reply
I guess journalists' disinterest in invasive surveillance is because reporting on it is harder, than reprinting the same 7 headlines as every other news org.
It's been a bit better since Edward Snowden dragged news orgs away from authoritarian-friendly journalism and into the surveillance age. However, journalists still seem to do about the bare minimum, while their reporting gives LEO/Gov endless benefit of the doubt.
[+] [-] thimkerbell|5 years ago|reply
[+] [-] rhplus|5 years ago|reply
https://komonews.com/archive/fbi-behind-mysterious-spy-aircr...
https://bgr.com/2015/06/03/fbi-dirtbox-stingray-spy-plane-pr...
[+] [-] seniorsassycat|5 years ago|reply
Can android, iOS, or an open phone os prevent 2g communication?
[+] [-] jdefr89|5 years ago|reply
[+] [-] shakna|5 years ago|reply
[+] [-] boring_twenties|5 years ago|reply
edit: You gotta be kidding me with this formatting. Replace backslashes with asterisks.
[+] [-] WarOnPrivacy|5 years ago|reply
Some android installs can turn off 2g here: Settings -> Mobile Networks -> Network Mode
However - 2G & 3g networks appear to be going away. https://1ot.mobi/resources/blog/a-complete-overview-of-2g-3g...
AT&T killed 2g in 2017 https://www.pcmag.com/news/att-kills-2g-cutting-off-original...
T-Mobile is in the process of turning off 2g https://www.alarmgrid.com/blog/t-mobile-and-rogers-2g-networ...
[+] [-] fulafel|5 years ago|reply
[+] [-] myself248|5 years ago|reply
Nothing newer gives you any sort of control, as far as I know. Would love to learn more.
[+] [-] pas|5 years ago|reply
[+] [-] arsome|5 years ago|reply
[+] [-] Negitivefrags|5 years ago|reply
Picture here: https://imgur.com/a/P1nPSD2
Turns out that "Stingray" is also the name of a system for air-blown optic fiber installation.
Personally I would have avoided the reuse of that particular name for anything in telecommunications because it has somewhat dark connotations already!
[+] [-] floatingatoll|5 years ago|reply
Authorities can still set up open SSIDs to capture limited information about phones, but the "fly an airplane over" capture model doesn't work well with Wi-Fi.
[+] [-] throwaway0a5e|5 years ago|reply
[+] [-] kmfrk|5 years ago|reply
[+] [-] ChuckMcM|5 years ago|reply
But that said, most smartphones will tell you their WiFi MAC address if you tell them you are an access point. It is more difficult to track a MAC address back to its owner, but it is easy to see if it shows up again near you. My Cisco access point did a variant on this when MAC address filtering was on, it would send you reports of "unknown" MAC addresses which you could log and then later associate with people visiting the office.
Bottom line though seems to be to treat protests like DefCon events if you don't want to leak PII. Get a burner phone for such trips.
[+] [-] t0mmyb0y|5 years ago|reply
[+] [-] sandstrom|5 years ago|reply
Also, I found this SIM card which seems to be doing IMEI randomization:
https://omertadigital.com/blogs/news/encrypted-sim-cards-wha...
[+] [-] jeffbee|5 years ago|reply
[+] [-] xkcd-sucks|5 years ago|reply
It seems that police use cell phones for internal communications pretty extensively -- Even when there are encrypted radio systems or channels.
My guess is that UX of encrypted radio is generally terrible, and that it's a nightmare to distribute keys to all multiple agencies that might be operating in an area. So departments configure encrypted radio for internal use, but when there's large scale activity they need to fall back to cellphones for guaranteed un-eavesdroppable comms
[+] [-] vanusa|5 years ago|reply
Is there anything one can carry around that acts like "phone" but is somehow less trackable?
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] onenuthin|5 years ago|reply