I work in the field of cell network security research and want to help clear up some misinformation I'm seeing in these comments.
First, I just want to highlight that reason cell site simulators (the more general term for StingRays/IMSI-catchers) exist is because cell phones cannot authenticate all messages coming from cell towers. I'm seeing some vague comments about "a lack of encryption", but it's primarily more of an authentication issue.
There are some interesting proposals for fixing this lack of authentication using a certificate-based PKI system, the most promising being this paper from Purdue: https://relentless-warrior.github.io/index.php/publications/.... This solution is very far from production-ready, but it's a much-needed step in the right direction.
We have SIM cards for 30 years to authenticate unique users to the network, but those same cards can't authenticate the network? No, this is entirely by choice and could have been trivially solved. They just forgot the "server certificate" part.
I'd say it's less a "choice" than an "oversight". SIM cards solve the problem of "how do we know if Random Phone is attached to an account and the bill is paid?" The question of "how does the phone know it's talking to a real tower" was never even ASKED, as the very idea would have seemed preposterous.
This happened with networked OSes too. There was a time when Ethernet jacks were trusted unconditionally and hosts could be authenticated by their IP address or worse. NIS used to use the "honor system." Great fun in college in the 90s :-)
The movie War Games came out 36 years ago, so the claim that no-one was even asking themselves about the value of authentication in public services all these years seems preposterous.
This would make features like free roaming much more difficult to implement. If given the choice, most people would probably opt for coverage over security.
Between this example and “no knock” warrants (where people get killed, including police) I think it seems obvious that people have forgotten what the point of a warrant is.
A warrant is suppose to prevent either of the two cases from resulting in lengthy court battles or death from confusion, and it’s very simple:
YOU SHOW THE PERSON BEING SEARCHED THE WARRANT IN ADVANCE!
That is how you gain authorization... somehow people are being searched and the warrant is either kept secret entirely or not shown to them prior to the search!
That’s literally the fundamental purpose of a constitutional warrant!
Things are so backwards now, search then warrant, shoot first then ask questions, execution before trial...
I'm not sure where you are getting this definition of the purpose for warrants, but it's not based on any historical fact that I'm aware of.
The way I'm aware of history, a warrant simply allows for an individual or group to take an action on behalf of the state, specifically by statement from a judge, which would have otherwise been illegal. For some individuals and groups, specifically sworn Law Enforcement officers, they fall within warrant exceptions or broad granted "warrant authorities."
It has no relation to a suspect being notified of a warrant and there is no legal mandate to notify the suspect as far as I am aware.
Well if you’re not suppose to search me without the warrant, the difference between following that rule and not following it is producing the warrant... otherwise I must assume the duty to defend my family/children and my property for I am being waylaid... the risk the risk of not making that assumption may be very dire circumstances.
The definition they use follows from the definition you use, but is dependent on the times. If you are given authority to act on a warrant by the state, then you show that to the person you're investigating so they don't shoot you for being on their property.
Without the warrant, they have every right to shoot a strange person walking through their property without permission. Since this was before the concept of Law Enforcement officers (I feel like people forget cops haven't always been a thing in the U.S.), people wouldn't just accept some nobody in a uniform as a person of authority.
There weren't cops, so the warrant was the only way to show you had the authority of the state.
Then in the 1700s you identified yourself as the postman so you didn't get shot. I imagine a uniform and some familiarity had a lot to do with it.
For god's sake I'm not saying this is good, or this is how I want the world to work. I sure as hell don't and I'm not some conspiratorial militiaman.
Historically, i.e. in early America. There were no pigs, so you defended your own property. Typically with a gun. Warrants partly exist to stop someone from doing that, which is what the parent comment is all about.
Generally speaking you never had the right to shoot people walking on your property in America. You could tell them to get lost. Home invasion is a different matter.
So I am sitting in my living room at 12:25 in the middle of the night in Brooklyn right now. If I look up from my phone and I see someone standing unexpectedly in my kitchen, I should give them the benefit of the doubt and not assume I am in mortal danger?
It's not about a death sentence, but about staying alive yourself. If a stranger's inside of your home, there is a significant chance they're going to murder or grievously harm you or others in your house. I think this is true whether or not you're in a country where guns are commonplace.
Even if their goal was purely to steal something, things progress very quickly in chaotic situations like those; especially when their state of mind could be affected by drugs or mental illness. And you have no idea what their goals actually were or are.
Milliseconds matter, so there isn't really a better way to handle that situation, in my opinion. It'd be nice if there existed non-lethal weapons which could incapacitate as effectively as lethal ones, but they don't seem to exist yet.
If it were a death sentence, then you'd be allowed to shoot someone in the back after they've exited the house and are running away. And obviously you aren't; that'd be murder.
> If a stranger's inside of your home, there is a significant chance they're going to murder or grievously harm you or others in your house.
Why would you assume this? Do you have any studies that back this up? My default assumption, way more logical I'd say, would be that they want to steal stuff. Stealing is logical and rational, under some circumstances. Attacking someone (so putting yourself at risk as the attacker) or killing someone (again, putting yourself at risk immediately and after) are not rational.
Why would you assume that they want to kill or harm you? I'd say that I have Occam's razor on my side with this one. Stealing stuff makes waaaay more sense and again, can be quite logical in many circumstances.
This person is already doing something irrational, you can't expect them to do the most rational thing once they find someone inside. If they were inside just to steal, they would have a plan if they find they are not alone. Now GP's situation had someone staring at them in their kitchen. So the assumed thief has not run away yet. Why would you assume best intentions? Why is it irrational/illogical to attempt to defend yourself at this point?
Occam's razor involves rationalizing based on the fewest assumptions. The thing is, I do not feel at liberty to make any assumptions at all about the stranger in my house. There is no sense in tolerating intrusion and I will act with haste and lethal force if there is no other relevant context. If the intruder makes an effort to explain themselves, though, I'll listen for any reason to understand what's going on and de-escalate
There are too many variables and too many possibilities which could end in you and/or your loved ones dying.
Of course it's not in their rational interest to kill anyone, but what if they're suddenly surprised by a homeowner armed with a baseball bat while they have a gun? They're probably going to shoot and kill the homeowner.
And there is a significant chance they're not in any sort of rational state of mind at that time.
So even if they don't want to kill or harm anyone, they easily may end up doing so due to the circumstances. And then there's the added possibility that they want to steal but would also not turn down the opportunity to sexually assault someone while they're there. And then also the additional possibility that they do intend to harm or kill people while there. That's far too great a risk to treat it as anything but a lethal threat.
> Even if their goal was purely to steal something, things progress very quickly in chaotic situations like those
You are perpetuating that danger. Now the would-be thief knows you will attack him if you see him, so he has to be ready to shoot you. By powertrippig and "protecting" your home, you are making a banal situation more dangerous for everyone, including yourself.
If you didn't have a gun you might do the more logical thing. Calm the intruder down, and run away.
And giving in to intruders isn't training them to fearlessly rob? Don't understand how removing any impediment to stealing, can help the situation.
Its hard for some to imagine standing up for themselves. They fantasize about retreat; rational conversations with thieves; happy outcomes when one has already broken all social constraints.
Finally, by definition, an intruder who's shot on sight isn't going to know, later, that you're going to shoot them. They'll not be robbing anybody, later.
What do you think happens when someone just wants to steal your stuff and runs into property owners in the process?
1/4 of the time when a person is present for their burglary they are assaulted, robbed, raped, or murdered.
If someone breaks into your home and you shoot them to death they have zero chance of harming your family.
Decreasing the risk of breaking into people's homes incentivizes human trash to convert your valuables to drugs and put your family at risk in the process. Even junkies can grasp that housebreaking is dangerous which is why they try to at least avoid people most times.
I agree with you that lethal force is the only reasonable option in that situation, but a human doesn't become "garbage" simply because they fall victim to addiction to a substance which causes them such suffering during withdrawal that they feel like they have no other choice but to try to steal to end the withdrawal. If you were in that same situation after some friends got you hooked, you might steal something to stop the pain, too.
In my opinion, providing legal drugs and rehabilitation to addicts, free of charge, would significantly reduce these kinds of thefts and break-ins, in addition to a lot of other huge societal benefits. The system works by only allowing the addict to consume the drug under supervision; they can't take anything outside of the clinic. It seems to work very well in some European countries.
Sorry, but I'm going to fall on the side of the law abiding citizen here.
If you can't know the intent (and you can't), then you must assume the worst intent and act accordingly. Anything else is naive.
Because I promise you one thing, I look up and see a stranger in my house, I'm attacking them immediately with no thought towards anything except protecting myself and everyone in the house. There will be no questions until it's over with.
If they were just looking to steal something for drugs, that can be sorted out once I've subdued them.
As stated in my first sentence, I agree with you. I think lethal force is the only reasonable option here.
I was just saying drug addicts aren't necessarily garbage. They face lethal force because they've broken into one's home; not because "they're garbage".
If you provide free drugs what's stopping the person from just using drugs until they eventually die? I don't think most such programs actually provide the drugs can you provide an example?
Sorry buddy, but there around millions of people around the world that go through very painful withdraws and don't break into people houses. The withdraws don't make them bad people, the criminal neglect for others does.
Sure, but many of them feel they have to resort to stealing something, whether or not it's from a break-in. Of course break-ins and theft are extremely unethical; I'm just saying that the full circumstances should be considered, and they're not necessarily irredeemable human beings just because they're committing this crime.
A spree shooter killing innocent people in cold blood is garbage, and a terrorist blowing up a building is garbage, but a drug addict in awful pain due to terrible decisions acting purely on impulse to stymie the pain isn't garbage. They take their life in their hands if they break into someone's home, because that's how any break-in has to be treated, but that doesn't make them subhuman.
See, that's where we probably don't think the same way. I consider few people "human trash". Drug addicts I don't count as "human trash", they're just victims of an addiction and in need of help.
People who are not drug addicts and are just plain evil, those would be "human trash" in my eyes (think Mengele).
The words we choose to frame a situation are important. Your mindset comes from a very aggressive mindset, at least that's how it seems to me.
I know plenty of drug addicts that don't break into people's homes putting themselves and others at risk. Hurting other people to benefit yourself is exactly the type of person that is just asking to be categorized as 'human trash'.
Meta-lesson: Not only are some people complete and total garbage, utter tools that have nothing to contribute to society aside from constant regurgitation of a corporatized and hateful memecomplex, but you have responded to one; grandparent is human trash.
I have sympathy for people who made bad choices. I believe in helping them get better and make better ones in the future. I don't think the time is when their presence represents a threat to one's family.
I also regard violation of a family home as such a crime as to render the person difficult to redeem. The kind of people that make such choices aren't just high right now they are also bad unethical people.
The poster above made a conjecture that it was incorrect to assume one was in mortal danger from a robber and that shooting such a person was an overreaction.
I considered that. Actual stats say that 1/4 robbers that break in while individuals are home victimize the people therein and 39% had a weapon.
> In the original context, at the top of the thread, we are talking about whether it is reasonable to respond to police executing a no-knock warrant with deadly force
I don't think anyone suggested that it was reasonable to respond to the police executing a no knock warrant with bullets. In fact a massive downside of no knock warrants is that a police search may be mistaken for a home invasion.
In a home invasion one can in most places render your home safe by shooting an invader but in most places shooting the cops will result in a very long prison sentence. We segwayed into a discussion of what the right thing to do in the event of an actual intruder. Perhaps you didn't notice?
> you may presume that you have done something to convince them that you are worth the effort of going above and beyond what is otherwise reasonable, as most jurisdictions with no-knock warrants require a reason for the surprising entry.
You presume wrongly about the cause of no knock warrants. Most are for drugs. Most find no drugs. 10% in new york city actually involved kicking down the wrong door.
As opposed to much worse happening to you and your family. Someone willing to break into a home is not thinking clearly and willing to do much worse more than likely, that might even be their original intent: do much more harm.
> If someone breaks into your home and you shoot them to death they have zero chance of harming your family.
Unless you miss, and take out your family member (or others) yourself.
Also, if you do take out someone in your house... they likely have relatives too. Who may become fairly interested in you and/or your family afterwards. Aka that "violence begets violence" thing. :/
You are confusing criminal punishment with self-defense. In the US people are allowed to use deadly force for self-defense. As far as I know, even in states where there is no death penalty for any crime.
For example, "Manson Family" could not get death penalty for the murder of Sharon Tate and others because California banned death penalty at the time of their trial.
Would you really argue that, if they had means to kill the intruders, victims had no right to do so because whatever happened to them was not punishable by death?
> you can only use deadly force against an imminent deadly threat
This varies by locale. In Texas, in a situation where the use of force is permitted, the use of deadly force is permitted to stop arson, burglary, robbery, aggravated robbery, theft during the nighttime, or criminal mischief during the nighttime.
Most states permit the use of deadly force to protect against serious injury, not just a deadly threat.
Self-defense and defense of property are related, but not the same. The castle doctrine doesn't change the rules on self-defense; it permits similar use of force in non-self-defense scenarios.
Specific facts of each case will matter, but things that cause serious injury tend to get into the life-threatening realm.
I am not arguing how simple or complex it is. I am arguing against the claim that "you cannot kill a perpetrator who, most likely, was committing a crime, which does not warrant a death penalty". If you make such an argument you also must agree that in a state without death penalty you have no right to kill any perpetrator during any crime, which seems like an extremely ridiculous position to me.
Do you lock your doors and windows? In what scenario does someone who has bypassed your domicile's security at night have anything other than malicious intentions?
And you are willing to gamble the lives of yourself and your loved ones on the assumption that the intruders' only intentions are theft? Why? To protect the intruders' physical wellbeing?
I dislike the term 'bleeding heart liberal', but I think it applies here. There's a difference between 'love thy fellow man' and 'worry about the health of an intruder in your home at 3am'.
What if the intruder isn't perpetrating this "most likely" case of theft? The other possibilities aren't exactly great alternatives for the occupant. That seems like a very risky gamble to me.
drunk person confused wandered in house via open door unexpectedly?
Is New York a state where you are allowed to shoot someone for just being on your property or do they have show some hostile behavior. You should probably find out the relevant law before you tell someone he was standing in my kitchen unexpectedly and I shot them, it's self-defense because it might not pass the test.
A foundational right essential to a free society. It's your home, you have dominion over it - people can't enter uninvited and while you can't just start blasting from nothing, ultimately you have the right to protect yourself at your own home, which can end up in death.
To expand, the castle principle is what this is called, and it is seen as much as an obvious default in the USA as a horrifyingly violent monstrosity basically everywhere else.
Yup agreed. It's not good. Made sense in a frontier without any cops. Doesn't make much sense anymore. Don't know why you use that historical fact as a springboard for some weird soapbox though.
FYI. My opinion is you don't shoot people on your property. It's bad.
When seconds count, the police are only 15 minutes away.
When I was growing in a less than ideal neighborhood, someone purporting to be police rang the doorbell at around midnight on a Saturday night. My father opened the door with his .22 rifle in hand. These supposed cops were "looking for a missing child." My dad wasn't buying it and they left in a hurry, never taking their eyes off the rifle. My father called the police department afterwards and it turns out no child had been reported missing in the area. No, my father didn't shoot anyone - but you can be sure he was ready to do so if necessary.
If someone rings my doorbell in the middle of the night, they're going to meet me with a gun in hand. If someone is so bold as to break into my house while my loved ones are home - I'm not going to wait for the police to show up to protect them. The rational assumption is these individuals are a threat to the safety of my family. I'd rather go to jail than see my family hurt. While rare, home invasions are a thing - this is probably the worst/most-gruesome example:
I don't agree with the castle doctrine in a modern context but I'm talking about the 1700s, chill. Back then it made a lot of sense. Nowadays we have cops instead. You gave that power to the cops who shoot the person on your property instead.
I'm simply explaining the reasoning behind warrants back then. They were a lot more important because you had to explain "What the hell are you doing here, and what gives you the right?"
The cops will arrive when they feel like it. It is well established that they have no legal obligation to respond in a timely fashion even where they in theory could do so.
Response time in an emergency in major cities ranges from 5-10 minutes. Longer the further out from the city.
In the context of "Back then [the castle doctrine] made a lot of sense. Nowadays we have cops instead", discussing the response time and obligation of the purported replacement seems perfectly relevant to me.
In many cases, you could call the cops and then make yourself a hamburger, eat it, and finish up the dishes before they arrived.
>Nowadays we have cops instead. You gave that power to the cops who shoot the person on your property instead.
This is not a great strategy for defence. You should defend yourself first if you are not able to get away. Or here in my state you may stand you ground and protect your life and property with deadly force. Anyone who truly feels in danger should not call the cops and wait for them to come shoot a stranger in their home...
Shoot first and ask questions later goes both ways, if an armed assailant in all black breaks into my house in the middle of the night without properly identifying themselves at my door.
Someone tried breaking into my apartment just a few months ago in the middle of the night. I fear for my safety. Surely that's something these people can relate to.
Unfortunately the only way around this is to donate to the ACLU and have every single case thrown out no matter how egregious until the police learn their lesson.
Gay Marriage, Citizens United, Whistleblower protections, Encryption, Net Neutrality, warrantless surveillance...
It's actually hard to think of an issue where Republicans have been on the right side of protecting Civil liberties in recent history other than gun control.
Are the ACLU leftists or are leftists the ones protecting civil liberties? Sort of a chicken and the egg situation.
TLDR; 1700's English (Latin origin words) was closer to their true Latin definitions.
You realize that the term regulated is different than governed or ruled. The closest approximation for regulated would be to supply in a measured fashion or a pattern which follows a rule. It is from the Latin Regula. A SCUBA regulator does not rule you, it supplies, in measured order, breathable air, which your lungs survival depends on the supply by the regulator.
You need armed men to supply a militia or army. Regulated does not imply government run or even being associated with a militia it implies having armed men available should the militia (we had no standing army at that time) need them.
for reference:
"A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed."
This also has the side benefit that even with our more organized military of today, if invaders were all over US soil, the citizens could rise up as one unified militia as well to protect the country. Not something I ever hear anybody discuss much, but absolutely nothing is going to stop citizens from protecting themselves if a war breaks out in US soil.
I'm curious how this doesn't qualify as wiretapping if they can read the calls without a warrant. Does that make it legal for anyone to operate a StingRay?
If it does, another option would be malicious compliance. Have anyone who's interested run their own StingRay and collect information on Law Enforcement and government representatives. I think the laws around it would change very quickly if you leveraged the loophole against the government.
The police has absolutely no influence on the situation in almost all western countries. It is a legislative error that enables them. And it is a consequential result if policy makers increased all forms of state control since some decades, especially regarding surveillance.
Seems related but not the same. Looks like Kyllo took up the case all the way to the Supreme Court. I think the only way for this Sting Ray stuff to be ruled unconstitutional is if a specific case against it was brought forth.
> Kyllo then petitioned the Supreme Court for a writ of certiorari, which was granted.
The only secure option is using an external WiFi or cellular data router for Internet connectivity. The router can of course be geolocated. And adversaries may gain some access. But it should be possible to prevent access through it to the phone. That is, it's a firewall.
Then do end-to-end encrypted Internet stuff, messaging and VoIP. And by using some mix of VPNs and Tor, adversaries won't even see most metadata. Except for communication timing, of course.
Edit: But this still doesn't protect from some third party with root rights on the phone. For Android, the Copperhead OS might be enough. But I don't know enough to know. And for iOS, I suspect that you're stuck trusting Apple.
Belated edit: I forgot to mention that you must also prevent cellular and WiFi connectivity on the phone itself. The Tor Project article recommends airplane mode on Android. But it mentions the option of wiping baseband firmware. Which apparently also takes out GPS. Probably risky, though.
iOS's only security issue is users not updating and being vulnerable to well known vulnerabilities. Neither iOS nor Android will survive a truly targeted nation state attack, but for most people 0-days aren't worth protecting against.
The only exception to this is the checkm8 vulnerability, which can be performed on an A11 and older chips (so iPhone XR/XS/XS+ and 11/11 pro/11 pro max aren't vulnerable) from DFU mode, which doesn't need the device passcode.
Carrier updates might have some power i'm not aware of on iOS (they pop up saying "do you want to update carrier settings" with simple yes/no options), but regular iOS software updates do require connection to Apple servers and the firmware itself also has to be signed by Apple.
The carrier setting thing hasn't ever been use for a jailbreak exploit AFAIK so chances are it's not a good attack vector.
From your other comment:
> But it mentions the option of wiping baseband firmware
iOS also has signature verification for its baseband, since trying to load an incompatible one during a downgrade[0] breaks Face ID / Touch ID.
But ya, this is all "trust apple to not do anything". They've made a good stance with refusing the FBI request[1], but the FBI got into the phone anyways[2].
I guess that a key question is whether one can trust iOS airplane mode to fully take the phone offline.
And under what circumstances does the phone leave airplane mode, and go back online.
But even if that were solid, you'd still be ~unable to install apps that Apple doesn't provide. Unless you play the developer game, and I gather that's limited in app number, and how long they'll stay functional.
> whether one can trust iOS airplane mode to fully take the phone offline.
I mean, if Apple says airplane mode turns off the cell radio, that’s a falsifiable claim, so you don’t have to take it entirely on faith. It might be possible to hide it in the UI, but you can’t hide a radio signal.
GPS matters because it's important that the phone doesn't know where it is. I mean, if it doesn't know where it is, there's no need to worry that adversaries will access the information.
> You can turn location services off.
Off entirely? Even for the OS? Or for rogue apps?
> Turning it on doesn't transmit your location to anyone.
No, but it generates location information that could leak. And if the phone uses WiFi to supplement GPS, it necessarily communicates with some remote server.
>GPS matters because it's important that the phone doesn't know where it is. I mean, if it doesn't know where it is, there's no need to worry that adversaries will access the information.
So your threat model is that you can't trust the device itself? If that's your threat model, you'd probably need a phone with hardware kill switches. Also, if you can't trust the device itself, why would you be carrying the device around? What would you use it for?
>No, but it generates location information that could leak. And if the phone uses WiFi to supplement GPS, it necessarily communicates with some remote server.
On android you can explicitly disable that ("device only" in location settings). There's no such option on ios, although you could still disable wifi/bluetooth and still have working gps.
> So your threat model is that you can't trust the device itself?
Yes. I don't trust a phone OS where I lack root privileges. And I entirely don't trust the baseband.
> If that's your threat model, you'd probably need a phone with hardware kill switches.
Yes. Or with disabled GPS, baseband and WiFi. And with Internet connectivity via external WiFi router, or cellular modem/router.
> Also, if you can't trust the device itself, why would you be carrying the device around? What would you use it for?
I'd use it as a phone. Albeit just using VoIP.
And if I had all the iffy stuff in a separate device, connected via USB, I could trust the phone as much as I trust the host machine I'm using now.
I mean, I'm working in a Debian VM that hits the Internet through a nested VPN chain. And the Debian host has no access to GPS or WiFi. So I'd want to replicate that on a phone.
One of the key functions of a cell tower is to know what devices are connecting to it. This is important information for things like routing calls, delivering messages, etc. As you say, all of that can and should be encrypted.
With that in mind, there's not really any kind of reasonable way to hide what devices are connecting to what tower. This is where location information comes from. It's really an inescapable part of how cellular devices work.
Inbound / outbound numbers are something that has to be available for similar reasons. There's also clear legal precedent making those accessible to law enforcement and not requiring a warrant. There's little to be gained by trying to encrypt them, even if it was possible.
Call and text comments are the things here that can be encrypted. It's not something the phone companies are in a rush to do.
> With that in mind, there's not really any kind of reasonable way to hide what devices are connecting to what tower. This is where location information comes from. It's really an inescapable part of how cellular devices work.
The comment from mirimir elsewhere in this thread reminds me that this is kind of an overstatement, or at least that the details are complicated.
You could gain a lot of privacy in this regard by separating mobile data services from telephony and identity. For example, you could imagine paying for mobile data anonymously, either using existing prepaid mobile data services or using a hypothetical future service with blinded payment tokens and only extremely-ephemeral device identifiers. Then you could imagine getting all of your identity and communications services from someone totally independent of your mobile data provider. If the mobile data provider cooperated with your application-layer communications service provider more than you wanted, you could try to create your own service instead, or try to route at least the messaging setup part of the process via Tor or other proxies, so that the mobile data operator and application-layer intermediaries didn't even know about the connection.
I'm not sure anyone other than privacy advocates would consider this progress relative to the current situation; certainly carriers and governments would like it a lot less (it might already be illegal in some jurisdictions in various ways), and most users would probably find that it increased cost while decreasing reliability and usability of some services. It could also make it harder to use the network to investigate or deter device theft, as well as harder to investigate application-layer fraud and account hijacking.
To be clear about what could change, it's true that towers will always know which devices are connecting to them at a particular moment, but this could in principle be separated from billing, identity, and any kind of persistent identifier. So they don't have to know that a particular device is being used by you, or that a particular device is being used by the same person who uses a particular application-layer identity.
The other problem in trying to get there right now without carriers' and governments' cooperation is that, since you can't rotate hardware identifiers on GSM interfaces, a carrier can see your movement patterns for the lifetime of your use of a particular device, and can probably determine that those movement patterns are similar enough to another device's movements that they're probably used by the same person.
Sometime I hope to write a long article on possible non-metadata-collecting mobile communications futures. It's a really interesting topic.
If I had a choice between a full recording of all their phone calls, or a trace of their movement with 50 meter precision? Good chance I'd go for the second one to be honest - unless I knew for sure they made a lot of voice calls.
Metadata from one person isn't worth anything, but the graph of who's contacting who is very useful. Plus, it's computationally feasible to do that graph analysis on everyone, while listening to every call wouldn't be.
It’s actually more a case for authentication. Why don’t our phones authenticate cell towers when connecting to them? Why are providers so lax at enforcing that?
Because then stingrays wouldn't work. Cellular carriers are much more beholden to the government than to the very small subset of users who knows what "authenticate with the cell tower" even means.
Even if your phone insisted that each cell tower authenticate itself as an authentic Verizon Tower(TM), then Verizon would just provide 500 extra authentic tower keys to various police agencies for their use. shrug emoji
You can't trust cell companies to help you against the government.
>then Verizon would just provide 500 extra authentic tower keys to various police agencies for their use. shrug emoji
I don't buy this reasoning. It suggests that cell companies will roll over to any law enforcement demands. If that's the case, why don't law enforcement ask cell companies for their cell tower logs directly? Why spend thousands of dollars on equipment when the same information is an email away?
As I understand it, cellphone infrastructure is intentionally simplistic so that it works the same everywhere. If the US implemented some kind of end to end encryption or authentication, Canada might not, and then everyone who crosses the border would have a brick.
the simple solution is for cell phones to have a whitelist of cell towers that they connect to with GPS locations of those towers, it could even compare against known databases of towers [0]... Until some software like that gets implemented, this will keep happening.
great idea...I wonder if a 3rd party app could enable this or if that type of access is currently closely held? I'd only consider software that has super low level hardware access so you could basically control electrical access to that part of the phone's circuitry (so backdoor features can't be built that make sneaky connections).
Probably this isn't technically possible but here is a possible way to collectively authenticate cell towers:
A service which receives information from an app reporting which cell towers are in range of the phone. The server triangulates the positions of cell towers and updates users about their authenticity.
I don't understand how those work but they seem different from what I am suggesting. I am saying to use the strength of the cell tower signal received by many phones in order to detect where authentic cell towers are.
Where I live I see police SUVs driving around with these types of devices on their roofs, this is a couple of times per day occurrence. I was wondering strictly for research purposes what kind of attacks are these devices vulnerable to? Could one for example spoof enough phones/connections to cause some DoS like affect.
Those devices are license plate readers. They use them to scan plates for “hits”. I’ve heard of units in police departments that use stingray but they are detached with the feds and are on NDA’s. How’s that legal I don’t know. You should be more worried about who agencies give body cam videos to and plate reader data too. I can tell you this if you dig it won’t be good news. Axion is a for profit company pretty sure facial recognition is in there plans.
Do y'all remember the (likely fake, but widely reported) news about Israeli stingrays in DC a few months back, in September of this year? Whatever happened to that story? It was memory holed very quickly, which makes me suspicious that those weren't actually Israeli stingrays.
Sounds implausible to me. In their useful (active) mode these things emit. The FCC (not to mention the other TLAs) can easily track this shit down and shut it down. Except of course if those are NSA/FBI/CIA stingrays.
This gets into some interesting legal law. If you are a normal private citizen, wiretapping without the the caller's permission is always a crime.
However, The Government can apparently wiretap if:
1. There is an executive order allowing it from the president directly. This may or may not be a national secret. This may or may not be a 4th amendment violation. But if it's a secret, how would you know whether or not it's a 4th amendment violation?
2. There is congressional authorization (by law) in place that allows the government to perform warrantless wiretaps.
3. There is an existing wiretap warrant in effect that allows the recording of an individual or organization's telephones. This is how the FBI, DEA, etc, get their wiretaps typically.
4. A court has held the wiretapping on each of the three instances above was legal.
Edited to add:
Before 9/11 the government typically respected the 4th Amendment in day to day operations ("Look before you leap"). After 9/11 the respecting the 4th amendment was seen as "pre-9/11 thinking" and forced a shift to early interception ("Easier to ask forgiveness than permission").
Telcos don't do real time analysis of which IMEI/IMSI are currently connected to a Base Transciever Station. Historical pattern of life data is useful to make a case of where someone has been (or at least their phone), but if you're trying to arrest someone you want to know where the a suspect handset is with almost no latency.
I understand the case being made, but these kind of systems work by identifying broadcast messages from handsets by providing a stronger Cell Reselect Offset path and a handful of other parameters that make the phone register with the "tower."
It's the same conceptually as if you were broadcasting a low power AM radio signal and the police tuned to your station. Your broadcast signal isn't private. Maybe it should be, but I'm not sure how that would work with GSM/CDMA systems as designed.
That requires a warrant. Surprised the FCC allows them to tamper with peoples phones tbh. Its all sketchy as heck and flawed if cases are dismissed when they question how the tech works.
Last I heard the FCC doesn't. When people complained the devices were not licensed the FCC issued licenses "for emergency use only". That's probably because interference with radio communications is against the law and the FCC as a mere regulator is subject to that law.
All rather moot as these things are mostly used for various forms of illegal surveillance. The police have to keep their activity as secret as possible. That includes the fact that they are using them in the first place.
This whole issue isn't new. The police normally do, or get others to do, surveillance that is illegal in various ways. The existence of these sorts of devices is an expression of a kind of desperation. Privacy is getting too good. So this might actually be a good thing if this forces a long overdue discussion.
They're probably using it for parallel construction rather than gathering actual evidence for a court case. In other words, it will help them understand how/where to look for evidence that will be admissible in court.
It’s tough to see how a court would rule. Existing privacy law cares a lot about whether what you’re doing is some kind of trespass. In this case, it would be trespass on chattel. I wouldn’t have guessed that a court would accept this reasoning for property in a public space, but that’s happened this year in Taylor v. Saginaw, the tire chalking case. The stingray is eventually going to go to SCOTUS and I’m not sure how they’ll rule. Modern conservatives don’t like trespass, but they do like law enforcement.
First, I just want to highlight that reason cell site simulators (the more general term for StingRays/IMSI-catchers) exist is because cell phones cannot authenticate all messages coming from cell towers. I'm seeing some vague comments about "a lack of encryption", but it's primarily more of an authentication issue.
You can read more about why it's primarily an authentication issue + how some of the relevant types of cell network attacks work in this technical post I wrote for EFF: https://www.eff.org/wp/gotta-catch-em-all-understanding-how-...
There are some interesting proposals for fixing this lack of authentication using a certificate-based PKI system, the most promising being this paper from Purdue: https://relentless-warrior.github.io/index.php/publications/.... This solution is very far from production-ready, but it's a much-needed step in the right direction.