Hey. Someone who briefly worked on the Stingray team here.
I left the company that develops the stingray (who’s name is mentioned in the article but I shall not say it) because I didn’t feel comfortable with the ethics of how it could potentially be easily abused without legal permission and/or repercussion. I fear these technologies will become more commonly used against Americans by low level law enforcement without good reason and without responsible usage.
The majority of us are well aware how these devices create a MITM attack against your phone, but is there anything you found particularly interesting or egregious that we should know about? Especially how LE are using them to abuse every group who desperately needs protection from these devices.
What kind of NDAs did they force on you? It's one thing to walk away silently, but you know they just filled your role with someone else with less morals.
The other option is scorched earth similar to the recent news articles where there were blog posts publicly shaming the company. Wondering what kind of in between options are available. Anonymous posts are a start at least to get the inquisitive types to look in that direction and/or add some weight to previous anonymous posts.
Edit: just read further down the list, and see others have essentially asked the same thing
Just a reminder that illegal contracts are unenforceable. An NDA to cover-up a conspiracy to infringe on civil rights by agents of the state won't stand up in court.
"A low level enforcement employee used unauthorized tools to locate our suspect. He has been reprimanded. However, once we surveilled the suspect we had the evidence to prove he was guilty unrelated to any prior cause. Case closed."
- In your opinion, is there a difference between an innocent person being materially and demonstrably harmed ("harmed," i.e. tort) by a stingray deployment and an innocent person harmed by any other tool misused in this way by the government?
- Do you think there's a better alternative to tort that could as clearly limit the tools government uses to fight crime?
- If harmless mass surveillance replaces concretely and plainly harmful mass surveillance (e.g. stop and frisk), did we come out ahead?
I'm not a blowhard and obviously do not want to live in a surveillance state. I'm not even advocating for the status quo. It's okay if the answer to these questions are basically, "I don't know."
Or go on and argue that stingrays in isolation of a malevolent government somehow materially harm people in some concrete way. It would be awesome to hear your perspective if that's the case.
Legality is, in general, a matter of fact. The legality or constitutionality of a matter is determined in the courts.
Morality is a matter of opinion, and, I believe, pretty much independent of legality.
That means a law can be both immoral and legal, depending on your perspective.
Policing technology is a constantly evolving marketplace and technologies that strike some as immoral frequently are tested in court where their legality is determined.
Many folks weighing in see the act of developing Stingray technology as an immoral act, and it seems that thereby, those who engage in such development are immoral people.
In my opinion, labeling others as immoral for engaging in something you don't approve of is a double edged sword and the more you wield it, the more jeopardy you put yourself in. Anyone who works for a mainstream technology company can have that same finger pointed at them for some facet of their employer's actions.
People who believe that this technology should not be deployed would find it just, if not moral, to pursue a political change rather than shaming those who see a valid purpose for what they are developing.
>Legality is, in general, a matter of fact. The legality or constitutionality of a matter is determined in the courts
This makes absolutely no sense. If it is a matter of fact, it should be independently provable not require courts to decide.
Legality is supposed to be the public's opinion of the morality of an action, but in reality it is the ruling class' opinion of how the action impacts them.
An employee knowingly assisting their company commit immoral acts should try to stop them, though a concern about you or your families well-being is a legitimate reason to just try and walk away. Don't delude yourself into thinking tools will be used legally so it is acceptable.
> This makes absolutely no sense. If it is a matter of fact, it should be independently provable not require courts to decide.
It makes plenty of sense once you realize that it's a fact that if a court decides something is illegal, the government may use its monopoly of force to enforce it. Don't confuse scientific fact with legal fact. Also don't confuse legal fact with a court's opinion as to whether the law was actually violated.
Supreme Court decisions come with majority and minority opinions because these things are clearly not facts. The government arbitrarily uses it's monopoly on force to entrench itself, leaving these "facts" to differ over time or by case.
I hope more people will follow your example and question their work. Not only at Harris Corporation, but in every part of what is called surveillance capitalism.
Is it enough that a few people like this simply turn their backs and walk away to different work? I would think their vacancies would be quickly and easily filled.
Is there really a shortage of people willing and able to do this kind of work for these companies and government agencies? I'm asking because I truly don't know.
And if not, could we think of some other ways people in these positions could exert some influence for change, even if it's only after they leave those jobs?
I understand that in principle it could have an effect, and I understand how.
I'm questioning whether that market for developers really is tight enough to matter, whether employers and top policy makers would even notice that some number of people withhold their skills in protest.
I'm wondering if perhaps there are other more powerful ways for these developers to exert their influence, whether in these positions or outside of them.
I was under the impression that lack of talent does matter- if top talent doesn't want to work for you, you can't replace top talent with less-top talent and expect to maintain your competitive edge. Especially if said top talent is now working for a competitor.
Would you please stop posting generic ideological comments to HN? It looks like you've been doing it repeatedly. It's against the site guidelines because it leads to repetitive threads which are tedious at best and nasty at worst. This site is supposed to be for curious conversation and those things are not compatible.
> Would you please stop posting generic ideological comments to HN?
If you explain to me how the comment I replied to isn't just as generic, and what you mean by "ideological" that is present in my comment and not in the parent, sure.
You allow a claim, coated in "wondering", an old chestnut trotted out time and time again -- and don't the clear refuting of it, by one of the greats in the field? There are no principles here you are applying fairly, it's utterly arbitrary. My point stands. Graying it out just adds the data that some people would rather bury and smear it, than learn. That's on them.
And no, it doesn't lead to any conversation of any kind, because agreement is expressed in upvotes, and I doubt anyone can muster a coherent rebuttal. I don't see you trying either, you just say what would have happened, if you hadn't made replying impossible. Weizenbaum is correct, and apparently, some people cannot let that stand.
> It's against the site guidelines because it leads to repetitive threads which are tedious at best and nasty at worst.
Which part of them?
> This site is supposed to be for curious conversation and those things are not compatible.
Saying "it" and "those things" doesn't make up for a clear definition of them.
Actually I missed that you were linking to a 1985 article by Weizenbaum. I agree, that's more interesting. Had I seen that I probably wouldn't have replied to you here.
On the other hand:
(1) "You can't change rape by being a good rapist" is just flamebait. Please don't.
(2) Your account has mostly been posting in ideological arguments and it all looks pretty generic to me. Please don't do that either.
If you want an explanation about why we don't want generic discussion on HN, and above all not generic ideological discussion, there are plenty at these links:
(For whatever it's worth, I was sincerely wondering because I don't know what the actual labor constraints on these companies/agencies might be. I suspected they aren't enough to make much of a difference when developers walk away in protest, and so I asked.)
(Also, I think it was clear that I was questioning strategy not morality.)
If a rapist stops being a rapist, does someone immediately turn around and pay someone else to become a rapist? No? Then the rape analogy isn't a perfect fit. The question is still valid, IMO.
To whomever flagged the sibling comment by throwaway_drt2: they were not being crude, they were referring to the cell site simulator called the Dirtbox. [1] Don't be so trigger-happy.
Pro-tip: If you want fairly good OPSEC when going to a protest, get a burner Android phone, put it on airplane mode with WIFI only. Then purchase a couple of Comcast / Xfiniti logins off the web, and use those to connect to "xfiniti-wifi" hotspots. Most cities have them, the speeds are fairly decent too.
In Portland hundreds of demonstrators used the mesh-networking app Bridgefy, and some affinity groups used goTennas which even served streaming movies, music, and documentaries that spoke to the revolutionary tenor.
If you have gapps installed (every stock ROM unless you're in china), you should probably assume google is tracking your location through wifi networks. As such, you should probably install lineageos for additional security.
This is more reason then ever to flash a generic android image.
Google does track your wifi and have amassed a huuuuuge library of SSID name, freq, mac addresses and this is what they use alongside IP geo location for google maps and other services.
It's good and also bad. And if you restrict these things, you "look" like a bot so you have increased friction to accessing information!
The looking like a bot, makes sense I get that and ddos prevention but it goes in a circle, doesn't it?
iPhone is not the answer either, but an iphone w/ no google apps doesn't mean you're free from the ecosystem.
> This is more reason then ever to flash a generic android image.
This doesn't really exist. It's not like a Linux distro, each specific device requires a specific device-tree, a separate image. postmarketOS and others are trying to change this.
> To reduce this privacy risk, iOS 14, iPadOS 14, and watchOS 7 include a feature that periodically changes the MAC address your device uses with each Wi-Fi network. This randomized MAC address is your device's private Wi-Fi address for that network—until the next time it joins with a different address.
Realistically nothing, however if they're using a Stingray to target large swaths of people, you're more likely to avoid getting your phone pinged on WIFI. Not to mention going after specific MAC info from Xfinity takes a long time.
Then again, what would happen to a protestor that actually protested in a non-violent manner? Let's specify in the US as I can only guess it would be much more dangerous to protest in a country without a protected constitutional right to do so. So a US citizen brings their cell phone to a protest, non-violently marches with their signs, sings some songs, yells some, gets dispersed in a violent manner and/or gets arrested. If their cell phone gets pinged in a Stingray sweep, what happens? What's the negative repercussions?
Their name goes in a file and they get added to various lists. Depending on which list you are on (and who else was at the protest) you will be eligible for further scrutiny. (Remember, everyone breaks dozens of laws a day, as none are meant to be enforced 100%.) Depending again on which lists you wind up on, you may find yourself unable to fly, ineligible for pre check, blocked from a government contract, failing an fbi background check, the target of yellow journalism, victim of police harassment, always missing flights due to random checks, or always being greeted by an entourage of your own at points of arrival. Have fun!
This is exactly why I'm 100% against the idea of using the "do not fly" lists to block citizens from firearm purchases.
Imagine being denied your Second Amendment rights because you went to a perfectly legal political protest the previous year and you're now on a list that you can't get off of.
I think the trump government has proven that the executive can do whatever it wants, and you're lucky when governments follow the constitution.
Following examples of different behaviour from the past 20 years:
The US can kidnap you,
Ship you off to Guantanamo,
Torture you,
Assasinate you with a drone based missile
I read an interview with CBP folks where they consider the Portland protestors "enemy combatants" which is the same designation as "civilian killed by drone strike" in the middle east
From a low level, more likely perspective, they might leak your information to white supremacist groups, and then choose not to press charges when they do something bad to you? This is assuming you're black, mind you.
Cops can still come and harass you by coming to your house if they can find you or you filmed something they don't like. One person who filmed apparent police violence in seattle had 5 cops come to his to arrest him for something random about another protest. They may have found him from the account he posted it on. In either case, there will be attempts to find some people who weren't involved in violence.
It would certainly seem as if far and away the easiest and best opsec is to not have your phone on you or at least not turned on. Have people really become so dependent on their phones that the thought of being somewhere without one doesn't even come up as an option? I'd certainly at least turn my phone or a burner phone off before depending on not being compromised.
People are pretty dependent on their cell phones. It's our maps, ways out of places. You can even do bus tickets on them. It's our way to call for help, see if someone is okay. So it's weird not to have my phone on me.
Arrested for "your cell phone said you were at the protest" not so much. Arrested for "you were photographed throwing a molotov wearing a limited edition etsy shirt for which you left a review using the same handle as your instagram account" yeah. HN kinda considers that to be the same thing though.
I remember this being described in Bruce Schneier's book. When I first read it, I was terrified. Now, seeing them in action, I'm closer to dejected. Most methods of avoiding them aren't easy or practical enough to be used by the layman, hell, most laymen don't even know what stingrays are. These are incredibly tough to protect against on a mass scale.
The bar is already pretty low in the US. The FBI has trained cops to hide the use of stingrays from judges, so who really knows how many times these were illegally used to incriminate someone while telling judges they got anonymous tips or whatever.
Unless you can physically disconnect the battery, your phone may not actually be fully off.
For example, on my Android phone should I drain the battery into oblivion ( let the phone die ) and let it sit for about a week in that state, takes about 90 seconds to become fully functional to the lock screen from the moment it is plugged into a charger.
On the other hand if I do hard power off of a phone followed by powering it on, it takes ~35-40 seconds for a phone to get to the lock screen. Out of curiosity I tested several more handsets with similar results. I can only explain that difference by phone not being completely powered off when the battery is inserted unless it does not have any juice at all.
I had assumed phone hardware generally won't power on until the battery has charged to 5% or so, ostensibly to prevent power drops. Not sure which idea is more accurate without a mobile electronics engineer chiming in.
That is correct. The phone waits until it has enough power to ensure it won't die during startup because a lot of modern phones (and ultralight laptops) require tapping into battery reserves because the direct pathway from the wall wart to the device was not designed to provide sufficient power to operate at full speed/capacity for more than a brief turbo boost and startup requires more than that.
I suppose the timing depends on if you have one of the anemic iphone ones or a full 2.4+ amp USB charger. Given that charging status is unreliable at low charges and charge tends to "come back" a bit when not actively drawn.
My current phone has an old battery and can go directly from 40% to 70% charge in one refresh cycle (10-30 secs?) after plugging in to my ikea charger.
Yeah. The big question is "Just how much of the device is 'warm' while waiting for a warm boot?" I _suspect_ many people here could make reasonable guesses about the warm/cold states of the OS rebooting, but I'm sure far fewer people have the required knowledge/experience to even reason credibly about the state of the cellular radios (and probably the GPS receiver) when a phone is "warm".
(I could, I suppose, sit a spare handset next to an SDR rx, and watch it for cellular transmissions as the phone sits in "presumed warm" state. But a negative result there would not convince me it isn't still in some sort of "active receive" state where it could be remotely woken up by sending it somesorty of Wake On LAN equivalent in the cellular radio world...)
You can use a non-linear junction detector, and triangulate on the signal it forces the target radio to give off. They are not very selective, so it’s easier to track when there are very few radios in the area under illumination.
The easier way is to compromise the phone and have it pretend to be off.
Turn on "showdead" in account settings. This will show comments from banned users.
I am only guessing they were autobanned. Comment history from the time of the banning doesn't show anything particular egregious that would trigger a manual ban.
I used to work for DRT, they make the "dirtbox" mentioned in the article. I would really encourage journalists to dig more into this company and their products.
You could contact https://twitter.com/KenKlippenstein via Signal with any information you didn't see in the article which should be. He seems to be a journalist interested in related fields.
No one is going to know unless the people who worked there reach out.
> I would really encourage journalists to dig more into this company and their products.
I guess journalists' disinterest in invasive surveillance is because reporting on it is harder, than reprinting the same 7 headlines as every other news org.
It's been a bit better since Edward Snowden dragged news orgs away from authoritarian-friendly journalism and into the surveillance age. However, journalists still seem to do about the bare minimum, while their reporting gives LEO/Gov endless benefit of the doubt.
Not when accessing https resources but the safe answer is yes otherwise. Unless your phone is infected, of course. Baseband isn't as confined as you think.
> stingrays can force phones to downgrade to 2G, a less secure protocol, and tell the phone to use either no encryption or use a weak encryption that can be cracked.
Can android, iOS, or an open phone os prevent 2g communication?
Hey, I used to briefly work on the device in question. It’s capabilities go far beyond just downgrading cellular service. I obviously can’t say much more about it but I am a huge proponent of creating strong laws regarding who can use such a device and when. Putting such devices in the hands of low level law enforcement officers to use against their communities for trivial reasons can only turn out poorly.
It happens within the OS for the baseband processor, not within the OS of the actual phone. Unsurprisingly, the details of how the baseband processor work are a highly guarded secret, and trying to reverse engineer anything around it will end up with a heft lawsuit thrown at you.
> trying to reverse engineer anything around it will end up with a heft lawsuit thrown at you.
Is there an example of that? I can't imagine how reverse engineering anything would get a hefty lawsuit thrown at you. Maybe if you were to publish the results with your name under it, but just the act of reverse engineering?
These low-level systems can be good attack vectors, on our computer systems if you can attack the BIOS (Intel ME or AMD PSP) it doesn't matter much what defenses the operating system has.
Luckily, most of our computers aren't easily remotely connectable, but phone modems are another story.
Before I entered a random string into my phone I did a quick search which pulls up a bunch of other dialer commands for Android. It's pretty interesting
I really, really hate that so many platforms use proprietary markup languages. I think the Google products have several slightly different ones, HN uses something completely proprietary (https://news.ycombinator.com/formatdoc), and even markdown has variants that can be pretty annoying to deal with.
Nah. People use legacy devices for a long time. The 2G modem installed in 2006 to control a highway sign works just fine, and won’t get touched until they turn it off.
This is probably something that the baseband radio processor decides. Depending on the firmware/software on the chip the host OS might be able to instruct it to don't ever downgrade to 2G.
Anecdotally from listening to police scanners, whenever there's an areawide BOLO notice or anything exciting involving a known party, they always say where the last "cellphone ping" was. E.g. "Look out for a Black male driving a white Nissan, last cell ping was on the north side of Lowell 15 minutes ago." Not sure if a warrant is required, but it happens pretty quickly
That data is typically from the cell phone network provider themselves, not stingray and dirtboxes. It's part of the Enhanced 911 system in the United States.
They will need a warrant usually even with stingray. I worked at said company on said technologies and left because I was comfortable with controls in place that prevent law enforcement from abusing it.
Not sure why you’re getting downvoted, the other words in GP’s comment, along with his other comment here [1], clearly indicate that you’re right. Unfortunately it looks like 30 minutes have gone by.
Not to mention the logical discontinuity in “I left because I was comfortable” - I’d expect one to stay if they were comfortable. I would expect them to leave if they were not comfortable. But regardless of my expectations, I certainly could have been wrong.
According to several other comments of theirs, discomfort drove them out. So I didn’t believe I was incorrect. It’s been awhile since I commented, so I hadn’t even noticed any downvotes.
An active mode IMSI capture device (eg, a Stingray) can:
Extracting stored data such as International Mobile Subscriber Identity ("IMSI") numbers and Electronic Serial Number ("ESN")
Writing cellular protocol metadata to internal storage
Forcing an increase in signal transmission power
Forcing an abundance of radio signals to be transmitted
Forcing a downgrade to an older and less secure communications protocol if the older protocol is allowed by the target device, by making the Stingray pretend to be unable to communicate on an up-to-date protocol
Interception of communications data or metadata
Using received signal strength indicators to direction find the cellular device[9]
Conducting a denial of service attack
I wish I had any confidence that "need a warrant" didn't just mean "Do it without a warrant, and never admit you did it. Parallel reconstruct a different chain of evidence if it pans out." - and then later from court transcripts we read "The defendant got pulled over in a traffic stop for a broken tail light, and the officer discovered {{badthing}}"...
Turns out that "Stingray" is also the name of a system for air-blown optic fiber installation.
Personally I would have avoided the reuse of that particular name for anything in telecommunications because it has somewhat dark connotations already!
Wi-Fi Calling while in Airplane mode would not be subject to Stingray interception, and would protect IMEI data from airborne bulk capture.
Authorities can still set up open SSIDs to capture limited information about phones, but the "fly an airplane over" capture model doesn't work well with Wi-Fi.
You may be underestimating people's lack of care about what open access point people connect to. The traffic itself may be encrypted, but DNS queries, phone hardware addresses, and background traffic might not be.
I’m not trying to offer a comprehensive solution for avoiding government monitoring. I’m just offering a solution for avoiding cellular Stingrays while retaining cellular service.
For a more comprehensive solution, you would need to at minimum not carry any electronic devices (signal detection), wear a mask and IR-blocking glasses (face detection), and wear shoe inserts (gait detection) — and even then, they can still seize you and overcome those obstacles at will.
The context of this article is "Cops tracking your phone", of which the parent comment does not prevent in any meaningful fashion. The rest of the remedies presented here are also mostly unrelated to phone tracking.
Your summary of the context is broader than that of the article. The context of the article is "cops interacting with your cellular radio" in order to capture IMSIs and perform other interactions, using Stingrays and Dirtboxes.
Not carrying devices with radios is sufficient to prevent you from being tracked by them. I concede that if you carry a radio-less device and hardwire it to a network, then as in Battlestar Galactica, you have now removed some of the safety that the absence of a radio provided.
Absence of normal phone activity which correlates with prohibited activities can also arouse suspicion. If I wanted to prevent the spooks from thinking I was away from my phone, I'd probably use some sort of robot to move the phone around and randomly unlock it using a fake fingerprint. If you do that, your phone actually turns into an alibi, placing you somewhere other than where you actually are.
Title is "How Cops Can Secretly Track Your Phone" on my end. Assuming that was the original one, some comments here seem to suggest they only read the custom title without checking out the actual article.
FWIW you can do much the same thing with your own SDR setup. One of the more surprising things for me was that the feature that a phone work "internationally" means that a nominally "4G" phones will still answer a GSM tower (talking on a GSM frequency) when the tower says hello. Some phones will let you turn that off.
But that said, most smartphones will tell you their WiFi MAC address if you tell them you are an access point. It is more difficult to track a MAC address back to its owner, but it is easy to see if it shows up again near you. My Cisco access point did a variant on this when MAC address filtering was on, it would send you reports of "unknown" MAC addresses which you could log and then later associate with people visiting the office.
Bottom line though seems to be to treat protests like DefCon events if you don't want to leak PII. Get a burner phone for such trips.
Almost no agencies upgraded to 4G, way too expensive, about $500k.
If on android you can enter a code on device to force ONLY 4G to be used by the device.
> Anyone know of any progress in 6G, that would improve privacy in this area?
One of members of numerous 6G working groups is Huawei. If you remember, they recently proposed to replace the whole IP protocol with one where every packet must be cryptosigned by ISP.
This SIM feels like a complete BS. IMSI is managed by the phone, not SIM.
TL;DR it's a radio in your pocket that constantly announces its identity. I'm quite interested in the fact that people don't realize this. Is it a generational split between people who can remember when we did not all have radios in our pockets and those who can't, or ??? The fact that an always-on radio you carry everywhere can be used to track you seems like the #1 most obvious thing about the technology.
I feel like you're ignoring a key point here, which is that these stingray devices can MitM your phone by forcing it to send essentially unencrypted messages. That's both more technically complicated and more serious than passive tracking.
I don't think OP is ignoring any points. It is a statement of fact that we've been carrying around what ultimately amount to high power RFID surveillance devices in our pockets for about 20-30 years now (en masse). There are also many on this board at this very moment who can remember life before any of this technology or concern was a thing.
In 1990, if you walked to the store without telling anyone where you were going, you were basically a ghost as far as anyone else was concerned. In 2020, even if you leave all of your digital electronics at home, you will probably be detected by someone else's electronics.
OP is sort of shrugging off the information in this article by saying that it should be common sense that by carrying a phone you are trackable. I don't really disagree with that. But a major point of the article is that not only are you trackable, but you can be actively surveilled or even have your text messages spoofed, which is not common knowledge and isn't really encapsulated by the "radio in your pocket" analogy
> Earlier Harris equip did that by forcing 2g mode but 2g is being turned off
Even if the carriers switch off all their 2G towers (which happened here in .au years back), I wonder how many handsets will still happily connect to a Stingray-type device that offers it a 2G connection?
Well, why not? How can we improve general technological literacy? I don't want people to memorize the protocols, but I do want them to have the foundation of knowledge that would allow them to conclude that if the phone company can connect calls to your mobile handset, then they can also figure out roughly where it is. I'd also like for people to have the basic knowledge required to understand that GPS does not track you. It's the other way around. I'd like everyone to understand that mass and energy are conserved, the Earth orbits the Sun, etc.
Every professional, expert, specialist, or technician feels this way about the stuff they know. "Why don't people know [basic thing about their work]? What a bunch of uneducated morons." The answer is because if they knew all the basic stuff about all those fields to be what those experts judge to be informed consumers, and took the time to apply that knowledge, they wouldn't have any time left to 1) actually buy products and services, or 2) learn what they need to know about their own field. Also because being an uninformed consumer works out more-or-less OK much of the time, largely because regulation prevents the worst sorts of abuses.
In the specific case of tracking/spying I'd imagine lots of people (not most, but many) have considered the possibility, then dismissed it without looking into it any further because it seems like something that would obviously already be illegal, and assuming things that seem like they ought to already be illegal are already illegal often gets one to the correct conclusion—just not this time. Those sorts probably assume that if a law enforcement agency gets a warrant or something then they might start tracking locations using cell phones, but not that the cell phone company is already doing that 100% of the time to everyone, since, again, it really seems like something that'd be illegal. I think a lot of the "information economy" falls in this blind spot—that credit card companies would be selling your purchase history or google/your-ISP would be recording every single website you visit also seem, intuitively, like things that'd be very illegal, for example.
I guess we will disagree on what is or should be obviously illegal. What your phone does is the functional equivalent of you walking down the street shouting your phone number. It does not strike me as obviously wrong for people to hear it.
I just mean that it's the kind of thing many people who have some concept of how cell phones work might assume is illegal because tracking a bunch of people and storing all that info, or broad, non-tightly-targeted-and-regulated use of things like stingrays, and the various other things service providers and law enforcement do to spy on people really do seem pretty similar to stalking and warrantless search and various other activities that are illegal (so, obviously that would be too, how could it not be, one might reason), and so they might be surprised that a capability they know or suspect exists in the technology is used the way it is and to the extent that it is by both private parties and law enforcement. Their not thinking about their cell phone as a device that spies on them or is otherwise very untrustworthy might not be because they don't know what the tech might do but because they've assumed exercising those capabilities would be illegal.
I suppose similar reasoning is how we arrive at our judgements on most questions of legality, personally, when deciding how to behave and what to worry about others doing day-to-day. Like, I definitely can't show you the statute that says driving the wrong way on the highway is illegal, rather than just a very bad idea, and I'm not sure I've even ever been told specifically that that is illegal let alone done the research to makes sure it's illegal—but nonetheless, I'm pretty sure it is. So, I would guess some people surprised that their cell phones spy on them in certain ways are more surprised that they are being used that way and not that they could be used that way.
[EDIT] to stretch the analogy further, if I were surprised to learn that some delivery company had found a way to reduce delivery times by driving the wrong way on the highway, the fact that vehicles are technically capable of driving the wrong way on the highway wouldn't be the part that I found surprising.
In a general sense, our problem isn't surveillance but disproportional surveillance. It's generally appropriate for LEO to have access to the same data that all of us do. The problem is when 'privacy' or security laws restrict you and I from data but not the people who regularly exercise their exclusive powers to ruin lives.
the article also goes into the fact that these stingray devices can send text messages from your phone number and listen to your phone calls in real time. I dont think your analogy really captures that, and it's hard to imagine an argument for that being legal (at least without a warrant)
You've misrepresented my premise by quoting it without the context.
Funding incapable teachers can't advance your goal. As long as the plan is "Fund schools." and nothing at all follows the period "." then students will have properly funded incapable teachers.
Source: Father to 5, who've attended 25 years of well funded and less funded schools. That's well over 100 teachers I've met with & learned about. Zero teachers understood technology on a level that would enable them to teach the nuances of technology safety. Many (if not most) would have been handicapped by the misunderstandings they held about tech.
Funding alone won't fix the decades of neglect, social norms built around that dysfunction, and the incompetent leadership many schools systems suffer with. But it's a necessary first step. If you don't fix the other pieces though, even higher pay won't keep the people around who should be there. I have known some teachers who tried their damnedest and were very competent, but burned out quickly.
The median IQ is 100, meaning half of all people have IQs below 100. Many of them did not grow up in an environment that pushes lifelong learning. Lots of people do what they've been trained to do and nothing more, which is good! Our society needs people like that. But expecting people like that to think for themselves is a sure way to become needlessly frustrated.
The measure that describes what you state would be the median, which is defined as the point at which there are as many values above as below.
Averages will skew with large outliers on either side. E.g. if Bezos and I are alone in a room together, the average person in that room has $95B dollars. (Granted, in an n=2 situation, the median isn't meaningful either)
>would allow them to conclude that if the phone company can connect calls to your mobile handset, then they can also figure out roughly where it is
To be fair, people have trouble concluding they can be tracked or found when they sign in to a service and are asked repeatedly if said service can have access to their location, then use said service to check in or announce their location publicly.
Abstracting away all of the details underlying the tech is a double edged sword. On one side, you get massively higher adoption due to a lower barrier to entry. On the other, you now have a massive population of folks who don’t understand the the “fundamentals”.
I’m not sure we “need” to improve the general understanding. I mean how many ppl know how to change their own car tires or oil? If anything you just keep creating niches for ppl to make livings in.
"Why does anyone need to know" is a restrictive premise.
In my experience, what follows it are less rights, less ability, greater compliance & increased malleability (eg: susceptibility to "election meddling").
Maybe I'm not translating correctly "sounding beacon", but I would assume that what you see was just an (I don't know the exact term) "electronic tag". This is standard procedure in ecology, veterinary and animal husbandry. We did it sometimes. Is a rice grain size object, and does not left any noticeable scar in fishes.
The odds of someone targeting you (just for kicks) aren't that high.
But don't tell Glenn Greenwald that cause then he has to go find something else to scare you with, to capture your attention in our current useless "state of fear" preserving info tsunami ecosystem.
But anyway lets do the math...
The US has 200 cops per million. Lets say 1% of that million are born douchebags and there is another 1% who have turned douchebagy for whatever reason.
So you have 200 cops to deal with 20000 bad guys per million. So in general they have enough going on keeping them occupied.
Now even if you assume they don't spend any time doing their job and all of them spend all their time fixating on you and no one else, the chances of them picking on you out of the million other options are still pretty low.
What makes it even lower is if you apply the 2% douchebag rule to the cops themselves, you get probably 2 bad apples in that 200.
But to indulge you lets apply it also to anyone who has access to the same privacy violating tech - bank managers, google engineers, telco engineers, the military, rich ppl etc. Keep adding whatever category you feel like and applying the 2% rule. You wont raise the odds too badly.
Your comment comes off pretty condescending and dismissive, which clouds a valid point. It's not likely you will be individually targeted by law enforcement.
The scarier proposition to me is bulk collection and latent analysis.
I think you can change that to "if you are not politically active, you are unlikely to be targetted"
On the other hand, if you are known to criticise police actions, it's likely that they will be targetting you. The BLM leaders probably haven't connected to a real cellphone tower in years
Slightly off topic: Why don't cell networks get shut down more often during large protests etc.?
It seems that police use cell phones for internal communications pretty extensively -- Even when there are encrypted radio systems or channels.
My guess is that UX of encrypted radio is generally terrible, and that it's a nightmare to distribute keys to all multiple agencies that might be operating in an area. So departments configure encrypted radio for internal use, but when there's large scale activity they need to fall back to cellphones for guaranteed un-eavesdroppable comms
Well for one it would be very disruptive and hard to justify. It would interfere with 911 and calling family and would scare and inconvenience the populace turning them against them and a certain safe 'status quo' apathy is what they depend upon. Social dynamics aside more people on the streets makes their job harder regardless of their demeanor - which they will if they need to go in person to check on others.
The disruption to service would also be very expensive to businesses which would be encourage flight.
"And we lost this multi-million dollar contract sale because the cell service to reach us anywhere went down for three days, a worse case for the company than even if rioters burnt down the whole office. Why are we located in this shithole again?"
you could try to prevent the phone from attaching to the fake cell tower, and only attach to a whitelisted cell tower... that method isnt that easy to do with most phones
Is there a way to go back and check you phone and see any evidence that it had connected to a stingray or dirtbox? Or is it really untraceable from the user end??
If you're running e2e encryption, it won't be able to.
I imagine that's why the various governments want to bad Huawei -- with Huawei in the base infrastructure, more communications will use E2E encryption and the government mitm attacks will stop working
Protests should shift to "choose-your-own-adventure" style where a blockchain decides which branch to take. Just have a small selection of, say, 4 styles to choose from, where the most extreme includes potential branches with Ghandi-level long-term economic disruption.
That way the stingray offers no advantage over the protesters; law enforcement and protesters get the next chapter at exactly the same time, and no single protestor or group of protestors may be targeted to disrupt the decision-making process.
That pushes law enforcement either back to pre-protest prevention measures (which won't work for a spontaneous protest like BLM), or to disrupt internet connectivity altogether (which, for the Ghandi-level protest has its own economic implications).
I left the company that develops the stingray (who’s name is mentioned in the article but I shall not say it) because I didn’t feel comfortable with the ethics of how it could potentially be easily abused without legal permission and/or repercussion. I fear these technologies will become more commonly used against Americans by low level law enforcement without good reason and without responsible usage.