Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

February 11, 2015

Cellphone Privacy for $$$?

Filed under: Cybersecurity,Privacy — Patrick Durusau @ 4:28 pm

Cyrus Farivar writes in: FBI really doesn’t want anyone to know about “stingray” use by local cops:

If you’ve ever filed a public records request with your local police department to learn more about how cell-site simulators are used in your community—chances are good that the FBI knows about it. And the FBI will attempt to “prevent disclosure” of such information.

Not only can these devices, commonly known as “stingrays,” be used to determine a phone’s location, but they can also intercept calls and text messages. During the act of locating a phone, stingrays also sweep up information about nearby phones. Last fall, Ars reported on how a handful of cities across America are currently upgrading to new hardware that can target 4G LTE phones.

The newest revelation about the FBI comes from a June 2012 letter written by the law enforcement agency to the Minnesota Bureau of Criminal Apprehension. It was first acquired and published by the Minneapolis Star Tribune in December 2014—similar language likely exists between the FBI and other local authorities that use stingrays.

As the letter states:

In the event that the Minnesota Bureau of Criminal Apprehension receives a request pursuant to the Freedom of Information Act (5 USC 552) or an equivalent state or local law, the civil or criminal discovery process, or other judicial, legislative, or administrative process, to disclose information concerning the Harris Corporation [REDACTED] the Minnesota Bureau of Criminal Apprehension will immediately notify the FBI of any such request telephonically and in writing in order to allow sufficient time for the FBI to seek to prevent disclosure through appropriate channels.

While the FBI did not immediately respond to Ars’ request for comment, privacy activists were dismayed to see this language.

“It’s remarkable to see collusion by state and federal agencies to undermine public records requests, which are clearly aimed at keeping the public in the dark about the use of Stingray technology,” Hanni Fakhoury, a lawyer with the Electronic Frontier Foundation, told Ars. “After all, any truly sensitive law enforcement details could be redacted under traditional public records act law. But the notion that the federal government would work to actively block disclosure of records seems clearly to have a chilling effect on obtaining information about this controversial surveillance tool.”

Coming to the attention of the FBI is a honor that puts you in good company, Lucille Ball, Truman Capote, Charlie Chaplin, John Denver, Walt Disney, Rock Hudson, Whitney Houston, Steve Jobs, Hellen Keller, Martin Luther King, Marilyn Monroe, Jackie Robinson, Anna Nicole Smith, George Steinbrenner, just to name some of the honorees.

But Hanni Fakhoury points out, the meek and mild are unlikely to ask, even if it means better protecting their privacy and the privacy of others.

Freedom of Information requests are a rope-a-dope strategy that relies on the largesse of government agencies in releasing details of their own misdeeds. Not to lessen the importance of Freedom of Information act like requests, shouldn’t we be more proactive, that is to say preventative, in the protection of our privacy?

For example, you use your cellphone ever day but most likely transition between a limited number of cell towers. Which cell phone towers? You can check any of these three sources: CellMapper.net, MapMuse.com, CellReception.com. (All from: Cell Phone Tower Locations by Michael Kwan.)

If you know your usual cellphone towers and you bother to check before sending text messages, you can eek out a little more privacy.

For searching purposes you can use “stingray” if you want to be confused with lots of entries about marine life (it does look like an FBI agent and cars (one of my favorites). Otherwise, use IMSI-Catcher (the privacy invading device) and/or IMSI-Catcher Detector (the defensive side). The Android IMSI-Catcher Detector (#AIMSICD) is an example of one IMSI-Catcher-Detector and they have a great list of other projects in the same area (software and hardware).

If you are afraid of being noticed by the FBI, I’m not sure having software on your phone to detect their snooping is the best option for you. For the moderately bolder, have a look. Contribute to the projects if at all possible.

Detecting IMSI-Catchers on your own is a great first step, but that doesn’t increases everyone’s privacy, just your own. What if there was a more aggressive way to protect your cellphone privacy and the cellphone privacy of others?

I ask because in reading the documentation at #AIMSICD, I ran across OpenCellID.

From the OpenCellID wiki:

OpenCellID is the world’s largest collaborative community project that collects GPS positions of cell towers, used free of charge, for a multitude of commercial and private purposes.

More than 49,000 contributors have already registered with OpenCellID, contributing more than 1 million new measurements every day in average to the OpenCellID database. Detailed statistics are available in real time.

The OpenCellID project was primarily created to serve as a data source for GSM localisation.
As of Jan, 2015, the database contained almost 7 million unique GSM Cell IDs and 1.2 Billion measurements.

OpenCellID provides 100% free Cell ID data (CC-BY-SA 3.0 license).
The OpenCellID database is published under a Creative Commons open content license with the intention of promoting free use and redistribution of the data.

All data uploaded by any of the contributors can also be downloaded again free of charge – no exceptions!

So, any GPS reading for a cell tower that is NOT registered with the FCC and that DOES NOT appear in OpenCellID (at least in the United States), is either a criminal or some government agency (is there a difference these days?) trying to invade your privacy. Reasoning than unregistered and cell towers that “move,” aren’t public structures delivering cellphone service.

Agreed?

Rather than asking the government for invoices for purchases of IMSI-catcher software, why not create listening posts for IMSI-catchers and de-dupe that data against the known (legitimate) cell towers and contribute the legitimate data back to OpenCellID under the OpenCellID license?

For a fee (think $$$ in your local currency), you can text warnings to your subscribers about IMSI-catchers that have been detected in their area.

For example, I want to visit the U.S. District Court in Atlanta and while near the courthouse, I want to send private text messages to a client and/or an attorney. Today, can I do that safely?

federal-court-atl

Judging from the map portion I have reproduced from OpenCellID, I would guess, remember, guess only, yes.

But that is a guess in the absent of any data on IMSI-catchers in the area.

How much would you pay to turn that “guess” into a fact?

For example, what if I had deployed sensitive IMSI-Catcher-Detectors in the area:

Traffic-Cone-200x300

(Amazing what a handful of asphalt and a traffic cone can conceal in plain sight.)

With a grid of IMSI-Catcher-Detectors in place, I can answer your question about texting a client or attorney in the vicinty of the U.S. District Courthouse with a fact-based YES or NO! For a fee.

IMSI-Catcher-Detectors in temporary, permanent or semi-permanent locations, deduped against the OpenCellID database, enables the creation of commercially valuable data to sell in real time to cellphone users who value their privacy. Moreover, with enough coverage, the history of such data will provide insights simply not possible to obtain from purchase dates of IMSI-catchers by criminals (governmental and otherwise).

Monetizing the right to privacy isn’t the only way to defend it but it could hardly do worse than civil libertarians have done over the past couple of decades.

Yes?

PS: You do realize that with enough granularity of tracking that IMSI-catchers can be tracked in real time with inferred GPS locations? Just in case you want to say “hello” to anyone trying to intercept your communications. Think of it as an “Eaves-Dropper-Near-Me” app. Certainly an additional fee item.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress