This is all under a warrant. Of course police can and do get location records from cell companies with a warrant, and it doesn't seem like a huge stretch for a warrant to require the cell company to "ping" to get the most quality location data.
The problem here is the judges granting the warrants.
Judges in Virginia are chosen by legislatures [1], which means they're accountable to political establishment who in turn have good political cover from being responsible for judicial actions.
Judicial oversight and judicial elections are needed.
Warrants to get a third party to take actions to make your devices do things that can be logged is another.
There is, at the very least, a very significant difference between the two cases. Whether we can all agree to pretend that there is non is certainly a political question.
I’ve helped get judges elected in Manhattan. The primaries swung by tens of votes in some cases, usually no more than a few hundred. A few clubs, or one large tenant association, could decide the vote. (Counterfactual: judicial elections attract disproportionately-informed voters if they happen off cycle and without party affiliations, which in the context of primaries, applies.)
The unfortunate reality is that law enforcement can track you 24/7 without a warrant. A warrant is only necessary if they use the location data against you in court. Otherwise, it is open season. The tech companies, etc have shown many times that there is a revolving door between advertisement/surveillence, and so on. Often they maintain very close relationships.
Even if it isn’t that bad now, and a warrant is absolutely required without proving the case in court, a warrant could still obtain historical data. So the end result is the same. We are being tracked all of the time and it is stored and sold, sometimes illegally.
Finally, consider the pratice of parallel construction in law enforcement and how easily this entire process can take away your basic constitutional rights.
Good luck proving any of this by the way. Gaslighting is becoming the norm when rights are violated.
> Judicial oversight and judicial elections are needed.
If you think judicial elections will produce less authoritarian judges, you probably fail to realize that most of the people who care deeply about electing judges are a tough-on-crime light-on-civics bloc.
Agreed. I think we need to put as much blame on the carriers providing these capabilities to anyone, let alone the police. That the police are publicly funded and are buying this data with my money is also a huge issue to me, but if I had to pick one thing to change, I’d make selling this data illegal. That way, no one could have it.
Trying to steer this thread back on topic. This article is incorrect. Cellular services aren't polling GPS data from the device, they're using imei and subscriber identification triangulation from the towers which the FBI and law enforcement overlay on google maps.
It works with big providers albeit I feel like this parlour trick becomes tougher if your target is using a resell carrier like mint or cricket.
Devices can and will report AGPS positions to carriers, it's part of several 3GPP protocols. Other people in comments have mentioned location sharing with emergency services, but it's also used for network quality telemetry. It's implemented at the baseband firmware level and there's nothing you can do about it.
As sibling comment has pointed out the protocol for a cellular service to request GPS data directly RRLP, is part of the LCS (LoCation Services) section of 3gpp.
And if you run your own cellular service using OpenBSC you can try it out...
> RRLP is not just a theoretical feature specified in the GSM/3GPP specs. It is implemented by
numerous high-end smartphones. There is no authentication of the network. There is no notification of the user. There is no way for the user to disable this [mis]feature.
> Impact: Public debate about this feature is needed. Operators probably need to consider working on
some terms about how they use this feature in their privacy policy.
Does anybody have info on how this works on a technical level? I.e., is it an actual report of the phone’s GPS position, or is it tower-side triangulation? If the former, do all devices support it?
Both, depending on what features are supported by the handset and/or network. Earlier phases of e911 compliance did it with triangulation, and later phases do it with GPS location.
It's possible the technical details were lost on the journalist. I mean, maybe this secret ping really exists or perhaps they're just using the tower based phone location system that they developed for Phase I of e911 support.
Simple improvement: ban carriers from charging for this surveillance. Could even introduce it as a pro-cop anti-corporate measure, which should take care of the political fringes. That removes the incentive to make it easy.
Next, some manner of heightened threshold for more than N consecutive tracking requests or M requests in a twelve-month period. Maybe probable cause? This will be harder, politically, particularly in a law & order cycle. (Maybe it could be accomplished through rulemaking at the FCC.)
> Simple improvement: ban carriers from charging for this surveillance. Could even introduce it as a pro-cop anti-corporate measure, which should take care of the political fringes. That removes the incentive to make it easy.
I like the idea of motivating cell companies to be less of a pushover, but reducing cost does _directly_ reduce the disincentive to the police to make these requests.
> Next, some manner of heightened threshold for more than N consecutive tracking requests or M requests in a twelve-month period. Maybe probable cause?
These requests already have a warrant, so meet probable cause.
Not surprising, since the entire telecommunications industry continues to work hand in hand with all the alphabet agencies to gobble up as much data on everyone that they can. Laws and rights to the government are but mere suggestions.
As someone who has read a fair number of granted search warrants, I can attest to the fact that 100% had obvious technical, logical, or factual errors (under penalty of perjury) that were granted by the judge anyway.
The bar/basis to successfully receive a search warrant is hilaribad. It's pretty close to a rubber stamp. The courts just believe whatever crap the cops spew out.
Ok, ok, I get it. Next time I'll go commit a crime, I'll leave a cellphone at home. Or will give it to my accomplice to taxi it around at a significant distance from a location where I'll engage in some heinous activity.
Chesterfield County, Va. can be generally understood as one of the most, if not the most, pro-cop (densely populated) counties in the whole country. You don’t want to be arrested there
Edit: not sure the reason for the downvotes, this fact is useful context and first-hand
Virginia as a whole has some pretty absurdly pro police laws, at least re: driving.
The lesser of either 20 over the speed limit or any speed over ~80~ 85 miles an hour (thanks jmisavage) in Virginia is a misdemeanor, and at least one auto journalist has been jailed in Virginia. https://jalopnik.com/never-speed-in-virginia-lessons-from-my...
It's also the only state to prohibit radar detectors.
Can you elaborate? What does "pro-cop" mean in this geographical context and why do I not want to be arrested here versus somewhere else (assuming I wanted to be arrested)?
I'm assuming the police is primarily using GPS to prove guilt, but are there any recorded cases of someone using GPS to "prove" their innocence, as an alibi?
That's a good question. There are plenty of people who have proved the GPS is wrong.
For instance, I am on 24/7 GPS/cell tower surveillance because I am poor. The police regularly (3 times this week) come to my home, pull me out onto the street, cuff me up and arrest me because they believe (from the GPS data) that I am not in my home. Then they will have me stand on the street corner in handcuffs until the GPS matches what they see with their eyes.
Those of us who are under constant surveillance for our poverty have taken to installing cameras that record onto the cloud so that we can later prove in court we were where we said we were (not where the GPS thinks we are):
Why are drug dealers still using an easily trackable phone number for communication? Why not a 3rd party messaging and voice app like Matrix/Element? Am I incorrect in assuming that local police would not be able to easily track it?
You are going to miss out on potential sales asking people to download and figure out some weird app and honestly the likelihood of getting caught is pretty low. I know people who have been selling drugs without even so much as changing numbers for many years.
Also even using these apps you are still on the cell network and there are methods for determining your phone number / IMSI. You wouldn't be immune to this type of tracking.
"We recognize you are attempting to access this website from a country belonging to the European Economic Area (EEA) including the EU which enforces the General Data Protection Regulation (GDPR) and therefore access cannot be granted at this time."
Oooh, wait until they hear about CCPA... (but anyway, I'm sure the 'secret GPS pings' are just plain-old stealth SMS, and we're all better off not reading TFA in any case)
And look who takes the cake again this time: "Sprint offered the cheapest prices to report locations back to law enforcement, charging a flat fee of $100 per month."
No, it looks like a 2 years location dragnet warrant issued against someone for merely being around someone experiencing an overdose. IMO, this should be completely unconstitutional.
I never understood these concerns in the US, for US web sites. What do they even care about our laws?
If there was a US law stating something similar for people connecting connecting to my French site from the US I would just smile and live on. I do not expect the CIA to kidnap me and bring me in front of a US court.
I agree that laws and procedures should be tighter, but I don't expect any change. I don't even know the number attached to my SIM card. I bought it anonymously for $16 a month. I rarely turn off airplane mode. I pay $1 a month per number at VoIP.ms. Privacy and security is cheaper for me.
Yes, this functionality is required by law and is done at the chipset firmware level these days. And even before phones supported this, it was done by triangulation at the carriers towers.
People brought phones to Jan 6th protest, thats how many of the 800 people have been found and imprisoned. Should be a lesson to future political protestors.
> Held: RFRA’s express remedies provision permits litigants, when appro-
priate, to obtain money damages against federal officials in their indi-
vidual capacities. Pp. 3–9.
RFRA is an Act of Congress. Looking just the quote above, what SCOTUS found isn't a constitutional right but a statutory right, which means the statue can be amended or repealed, for example, and also that the statutory right is limited to whatever the statute says (or SCOTUS read in it). Without reading the rest of the opinion or the Act itself, I am probably justified in imagining that the right doesn't extend to violations of any constitutional rights so much as to violations of constitutional rights relevant to "religious freedom", which is mainly 1st Amendment rights, and maybe some others. I wonder, for example, whether RFRA would protect one's right to refuse a mandatory vaccine for religious reasons -- it might, though I don't have time to go read it (and related case-law) and find out (plus IANAL).
Sounds like they're doing it with court-issued warrants with probable cause, so it's not as horrifying as the title makes it sound. It's "secret" to the suspect but it's not like the police department has taken it onto themselves to start a new cellphone tracking program.
advisedwang|3 years ago
The problem here is the judges granting the warrants.
Judges in Virginia are chosen by legislatures [1], which means they're accountable to political establishment who in turn have good political cover from being responsible for judicial actions.
Judicial oversight and judicial elections are needed.
[1] https://ballotpedia.org/Judicial_selection_in_Virginia
cryptonector|3 years ago
Warrants to get a third party to take actions to make your devices do things that can be logged is another.
There is, at the very least, a very significant difference between the two cases. Whether we can all agree to pretend that there is non is certainly a political question.
JumpCrisscross|3 years ago
These aren’t a panacea.
I’ve helped get judges elected in Manhattan. The primaries swung by tens of votes in some cases, usually no more than a few hundred. A few clubs, or one large tenant association, could decide the vote. (Counterfactual: judicial elections attract disproportionately-informed voters if they happen off cycle and without party affiliations, which in the context of primaries, applies.)
Threeve303|3 years ago
Even if it isn’t that bad now, and a warrant is absolutely required without proving the case in court, a warrant could still obtain historical data. So the end result is the same. We are being tracked all of the time and it is stored and sold, sometimes illegally.
Finally, consider the pratice of parallel construction in law enforcement and how easily this entire process can take away your basic constitutional rights.
Good luck proving any of this by the way. Gaslighting is becoming the norm when rights are violated.
vkou|3 years ago
If you think judicial elections will produce less authoritarian judges, you probably fail to realize that most of the people who care deeply about electing judges are a tough-on-crime light-on-civics bloc.
actionablefiber|3 years ago
colpabar|3 years ago
radicaldreamer|3 years ago
nimbius|3 years ago
It works with big providers albeit I feel like this parlour trick becomes tougher if your target is using a resell carrier like mint or cricket.
hocuspocus|3 years ago
Maxious|3 years ago
And if you run your own cellular service using OpenBSC you can try it out...
> RRLP is not just a theoretical feature specified in the GSM/3GPP specs. It is implemented by numerous high-end smartphones. There is no authentication of the network. There is no notification of the user. There is no way for the user to disable this [mis]feature.
> Impact: Public debate about this feature is needed. Operators probably need to consider working on some terms about how they use this feature in their privacy policy.
https://web.archive.org/web/20160106074623/http://openbsc.os...
542458|3 years ago
flotzam|3 years ago
kube-system|3 years ago
https://en.wikipedia.org/wiki/Enhanced_9-1-1#Wireless_locati...
bonestamp2|3 years ago
JumpCrisscross|3 years ago
Next, some manner of heightened threshold for more than N consecutive tracking requests or M requests in a twelve-month period. Maybe probable cause? This will be harder, politically, particularly in a law & order cycle. (Maybe it could be accomplished through rulemaking at the FCC.)
advisedwang|3 years ago
I like the idea of motivating cell companies to be less of a pushover, but reducing cost does _directly_ reduce the disincentive to the police to make these requests.
> Next, some manner of heightened threshold for more than N consecutive tracking requests or M requests in a twelve-month period. Maybe probable cause?
These requests already have a warrant, so meet probable cause.
TheWill|3 years ago
duxup|3 years ago
That seems like way too low of a bar.
sneak|3 years ago
The bar/basis to successfully receive a search warrant is hilaribad. It's pretty close to a rubber stamp. The courts just believe whatever crap the cops spew out.
blt|3 years ago
Interpreted precisely, this sentence doesn't rule out the possibility that they use unlawful tools too.
istjohn|3 years ago
1. https://en.wikipedia.org/wiki/Parallel_construction
kube-system|3 years ago
But it also is just a statement about something else.
Andrew_nenakhov|3 years ago
hammock|3 years ago
Edit: not sure the reason for the downvotes, this fact is useful context and first-hand
eganist|3 years ago
The lesser of either 20 over the speed limit or any speed over ~80~ 85 miles an hour (thanks jmisavage) in Virginia is a misdemeanor, and at least one auto journalist has been jailed in Virginia. https://jalopnik.com/never-speed-in-virginia-lessons-from-my...
It's also the only state to prohibit radar detectors.
daenz|3 years ago
jason-phillips|3 years ago
DevX101|3 years ago
kingcharles|3 years ago
For instance, I am on 24/7 GPS/cell tower surveillance because I am poor. The police regularly (3 times this week) come to my home, pull me out onto the street, cuff me up and arrest me because they believe (from the GPS data) that I am not in my home. Then they will have me stand on the street corner in handcuffs until the GPS matches what they see with their eyes.
Those of us who are under constant surveillance for our poverty have taken to installing cameras that record onto the cloud so that we can later prove in court we were where we said we were (not where the GPS thinks we are):
https://news.wttw.com/2022/03/16/designed-reduce-cook-county...
sneak|3 years ago
Rufhfhs3747rhe7|3 years ago
throwaway48375|3 years ago
Also even using these apps you are still on the cell network and there are methods for determining your phone number / IMSI. You wouldn't be immune to this type of tracking.
orthoxerox|3 years ago
mdb31|3 years ago
Oooh, wait until they hear about CCPA... (but anyway, I'm sure the 'secret GPS pings' are just plain-old stealth SMS, and we're all better off not reading TFA in any case)
flotzam|3 years ago
> I'm sure the 'secret GPS pings' are just plain-old stealth SMS
Worse: https://news.ycombinator.com/item?id=28991641 (depending on the carrier)
And look who takes the cake again this time: "Sprint offered the cheapest prices to report locations back to law enforcement, charging a flat fee of $100 per month."
buildbot|3 years ago
BrandoElFollito|3 years ago
If there was a US law stating something similar for people connecting connecting to my French site from the US I would just smile and live on. I do not expect the CIA to kidnap me and bring me in front of a US court.
lmkg|3 years ago
Actually Virginia has its own data privacy law now, modelled on CCPA.
ClumsyPilot|3 years ago
egberts1|3 years ago
It is only an alerting mechanism, nothing avoidance there (as far as I can read of their marketing papers go).
https://www.armadillophone.com/
kornhole|3 years ago
woem|3 years ago
kube-system|3 years ago
orangepurple|3 years ago
Also, separately, https://en.wikipedia.org/wiki/SMS#Silent_SMS
callalex|3 years ago
dukeofdoom|3 years ago
therealbilly|3 years ago
unknown|3 years ago
[deleted]
mohamez|3 years ago
This is frightening.
Sohurt00|3 years ago
cryptonector|3 years ago
RFRA is an Act of Congress. Looking just the quote above, what SCOTUS found isn't a constitutional right but a statutory right, which means the statue can be amended or repealed, for example, and also that the statutory right is limited to whatever the statute says (or SCOTUS read in it). Without reading the rest of the opinion or the Act itself, I am probably justified in imagining that the right doesn't extend to violations of any constitutional rights so much as to violations of constitutional rights relevant to "religious freedom", which is mainly 1st Amendment rights, and maybe some others. I wonder, for example, whether RFRA would protect one's right to refuse a mandatory vaccine for religious reasons -- it might, though I don't have time to go read it (and related case-law) and find out (plus IANAL).
JumpCrisscross|3 years ago
This…has always been the case? It’s a raison d’être for SCOTUS.
steve76|3 years ago
[deleted]
no_no_no_no|3 years ago
[deleted]
usrn|3 years ago
[deleted]
IAmGraydon|3 years ago
[deleted]
StopDarkPattern|3 years ago
[deleted]
mdoms|3 years ago
JumpCrisscross|3 years ago
It appears to be a lower standard; reasonable suspicion, perhaps.