I've lived in Fort Worth, TX for about a year. I was already aware of the existence of these devices. I had no clue that my local PD was spending such an insane amount of money on surveillance. It's also worth mentioning that our population is only 792K.
I've lived in Texas most of life and in general I think the people here are great. However, Texans do have a tendency to blindly support anything the Military and Police want to do, while at the same time complaining about big government.
I guess I'd better start bringing this up in my circles. I don't think many people are fully aware of what's going on.
> It's also worth mentioning that our population is only 792K.
Most of the homeland security money funding surveillance is likely tied to DFW being along a major drug distribution corridor coming up from Mexico, and has nothing to do with the local population.
and what happens when you're a department that takes in $x million in federal funds but you aren't raking in as many criminals as projected (or you rake them in, and there aren't any left) ? Have to make use of that budget somehow, or else you'll lose all your cool high-tech toys. I know, let's point the surveillance at people not suspected of a crime. We can certainly find criminals if we search hard enough, and thanks to Parallel Construction, they never even know how we found them.
It's been back and forth since the start of the drug war.
Sure, people walk it over occasionally. They have submersibles, tunnels dug waiting to be completed North Korean style, functional tunnels, etc. I'd bet they have drones, or are R&Ding drone smuggling.
Cars and trucks coming through the border, decoy cars and trucks meant to be discovered so that something bigger gets through. Trap doors in sedans, faked shipments in trucks, shipping containers in ports with falsified information hidden among the masses of imports.
These guys are not going to pack up shop and sell bars of soap because of a wall. Where there is a will, there is a way.
If you were joking, I'm sorry for assuming otherwise. Poe's Law, I suppose.
My point is that the demand is incredibly high. Drugs that are worth very little along that corridor are worth much, much more on the streets of the US.
People will continue to risk life and limb, as well as take life and limb, as long as the War on Drugs continues. The potential profit is too great.
>However, Texans do have a tendency to blindly support anything the Military and Police want to do, while at the same time complaining about big government.
I did observe that. Why is that so? Historically was the police or sheriffs independent from the government?
I wouldn't discount the possibility of people simply failing to think it through and tribally repeating statements ("get your government hands off my medicare"). But historically there's been a faction that very preferred local law enforcement to Federal law enforcement, because of a particular set of interventions made about 50 years ago by the Feds in response to popular protests in the South.
I never understand why America spends an obscene amount of money to make technology to kill other people. Education is suffering, public transportation and healthcare is ridiculously behind western nations but military still gets an insane budget.
I would like Google and Apple to really up their game on security.
It might be part and parcel with the American Dream. Believing that society is a meritocracy -- that your success or failure is primarily a function of the effort you put in (plus whatever sui generis "merit" you personally have) is another version of a just world. And if you have a just world, well, surely if you've commanded the attention of the police or ire of the military, you've done something to deserve it, right?
Let the US pullout of NATO and see how the EU long the EU will remain with 226 bln.
Most NATO members defense budgets and contribution are below NATO requirements.
And again this has nothing to do with spending, France, Germany, the UK, Spain, Italy, Sweden and the Netherlands combined export more arms than the US while having approximately the same population.
Overall the EU as a whole exports more arms per capita than the US, you might not like buying guns but you sure love selling them.
According to [1], the volume of arms exports in 2015 (at least) was lower for the countries you mentioned (a sum of USD 7755M for France + Germany + UK + Spain + Italy + Sweden + Netherlands) when compared to USD 10484M in the US.
It's been the world hegemony since World War II. US protects the oil supply, particular factions of Islam, and Europe and sells outdated versions of our weapons to foreign countries. A peek at American military base locations will give a clue.
This does seem to me to be a little bit of a to easy explanation. Is it really so that this can be tied back to the founding roots of the country, when the setup of the population nowadays can be tied back to so many different influences from different parts of the world?
I never understood the "fetish" of Hollywood for the lone ranger and bullet slinging revenge guy. Or the idea that guns are a valid protection.
Non the less - there are other parts of the world that maybe have the same (or even higher) amounts of guns in private possession without the military and police fetish.
I am even not sure, that this is a valid correlation. Private gun ownership and police/military spending/fetish.
My experience here in Houston (Spring) is that the police will come down hard on people who are breaking laws regarding endangering others, moving large amounts of drugs, or general asshat'dness. But otherwise, they let stuff slide with maybe a stern lecture. So the public I'm familiar with trusts the law enforcement. Maybe I'm naive, but I've not witnessed abuse of power or Barney Fife'ness like I did in Ohio.
When it comes to the military or anything coming from Washington, everyone's inner Dale Gribble comes out.
It was never very uniform, but parts of Texas were quite violent in the post-Civil War period. Parts of the culture kind of got stuck there. The documentary about Todd Willingham goes into it at some depth.
So far as the Federal government goes, Texas has an active secession movement. They don't seem very dangerous.
It's not just Texas. I've lived in big and small cities in several east coast states and the blind support is always something I just can't grok. the only difference over here is nobody has an issue with big government.
There are options between stop it and do nothing. I would assume cellphone companies can easily give access to any conversation from their internal network so that's probably a more cost effective solution at all levels. The question becomes, why do police feel the need for other tools?
Cellphone companies is one more layer in their trust circle. It's easier to just bypass them and collect the data yourself. Warrants only really became a requirement in 2015. And police were misleading judges on Stingray usage to hide the tech.
Casual ad hoc surveillance can be very useful for law enforcement. It can save a tremendous amount of time and money keeping track of where people are and where they are planning to be. The fact that the information gained is not admissible in court is not important. From the article:
>“You guys picking up any information? Where they're going, possibly?"
Law enforcement has become somewhat dependent on this sort of access and would not be able to do their job as effectively without it. Hence the desperation shown by the use of things like Stingrays where the network is actively attacked in what is arguably a straight up illegal way.
It doesn't matter if the claim is objectively true just as long as law enforcement people continue to believe it. ... and it is obvious from comments coming out of that community that they do.
What has to happen now is that law enforcement has to come clean and there has to be a public discussion about this stuff. Otherwise the private and public hand wringing will continue indefinitely and things will continue to get worse. The general public is ultimately responsible here as they are effectively the boss of the law enforcement people. We need to take the time to understand why our employees are acting the way they are.
So what is the move if you are caught with your pants down, and a LEO is requesting access to your actual phone? Does a factory restore wipe all data, or is in necessary to wipe, fill up with bunk data, wipe again?
I don't know about everyone else but my phone is has data including me talking about controversial opinions, intimate photos, and various other data that I would not want anyone else to have.
In the US, use passwords to protect your phone. Passwords have been held by courts to be testimony and thus protected by the 5th Amendment. Patterns, swipes, facial recognition and fingerprints have been held by courts to be the equivalent of "keys" and you can be required to turn them over upon being ordered by a lawful authority (such as a police officer demanding them). Passwords require a court order and if you have a competent attorney, they can argue that revealing the password would result in self-incrimination (and this can spend a lot of time in court before anything happens).
First, it would vary by phone -- but if LEO is requesting your phone and do not have a warrant (yet), they could still seize the phone citing exigent circumstances. The exigent circumstances being that if they left the phone in the custody of the subject, then they will likely delete the contents or at least could delete the contents. Once the phone is in LEO possession then they can take the time to apply for a warrant to search the device.
So -- if you get to the point of LEO requesting your phone and you have data on your phone, then it is too late.
In the US, unless we are talking about a border search, LEO will still need a warrant to search your phone. I'm unsure if this is what you meant by "pants down" tho :)
'Cellebrite "Pro Series" purchases all appear to include the firm’s Cloud Analyzer tool, which extracts “private-user cloud data” by "utilizing login information extracted from the mobile device.'
Chilling that is can be done without a warrant e.g. arrested protesters or to citizens crossing the US border.
Does this mean that as long as you use different strong passwords for everything (via say, 1Password), and do NOT use a fingerprint unlock, Cloud Analyzer wouldn't work?
Or is it extracting login info in some other manner that would still function?
Presumably it'd require passwords or cookies to be downloaded from people's phones to work. With those credentials they could login to FB / Twitter / GMail etc and snoop about, downloading whatever data they can find there too.
I doubt they could do that passively. It would probably require them physically taking your (unlocked) phone and imaging it. (Which I suspect is becoming standard practice when they arrest people, if they can get away with it.)
If thats the case then 1Password would only keep your credentials safe while you aren't actually logged in to the services in question on your phone.
I would venture to say that a search warrant for a device, would not cover the contents stored in the cloud. While the cellebrite does have this feature I would presume a separate warrant would be required to obtain the cloud data, which is located in another physical location.
“Criminals tend to try and make tracking their data more difficult, so this kind of mass collection of telephony data will more easily find our political activists, our civil society leaders, and just regular people,” he says. “If the courts—if the public—knew how powerful these tools were, they would move to restrict their use.”
The mass surveillance system is about control, not security, and I think time and time again that is being proven. On the constitutional post-warrant data anlysis tools I have these issues:
1) This is local law enforcement wising up and playing a similar game to the big three letters.
2) I have concerns about the privacy protections for those associated with suspects, and see ripe abuse potential for guilt by association or even "using data from a warrant to get the data on the person you really want but can't get the warrant" type of situations.
3) I have concerns with the level of data sharing between the LEA's, and the post shared protections of said data.
4) I have concerns with private companies providing these services because private companies often have sub-par data security practices, and often have strange third-party data selling loopholes so they often end up "scrubbing" data and selling it, but most of us know it's not that hard these days to "unscrub" that kind of data.
All of this is assuming we are just talking about constitutional methods too. What I find even more insidious and dangerous is the unconstitutional tools like imsicatchers and others being used for parallel construction.
Bottom line is this: the LEA's and LEO's need to remember that they swear an oath:
"I, [name], do solemnly swear (or affirm) that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same;"
The problem as I see it, is that I tracked down the law that punishes congress for a few specific violations of oath of office (5 U.S. Code § 7311), but I have yet to find any law for punishing people in the executive branch for violation of oath of office. If anyone knows of such, please let me know. IANAL, so perhaps 5 U.S. Code § 7311 could apply to the executive and I just misunderstand it.
Holy passive voice, Batman. Surely a better title would have been "Local Police Departments Buying Loads of Cellphone Spy Tools", since it's not like the damn things are mysteriously appearing unbidden...
I think the only thing that can prevent the US from spiraling into a dictatorship is a successful Netflix show about US spiraling into a dictatorship. Maybe it is too late for that too.
hackingteam breach has shown that law enforcement are among the biggest customers of HackingTeam. They supply not just the tools but also a subscription (to the constantly changing) payloads to breach a target. Kind of a poor man's TAO for the "neighborhood" police-unit. These tools make planting evidence just as easy so it is a massive change in the amount of trust put into individuals working in LE. This is even more scary when you think of how little the average cop knows about the tech they use from some questionable outside private vendor.
I think it's not just the Govt and Police who involves in spying on people's data. Multiple spy apps i.e. TheOneSpy, PhoneSherif, FlxiSpy, and much more are readily available in the online market to spy on anyone's data through his/her smartphone. In my point of view first, we should ban these data and privacy breach apps in our state then move on the other Governmental monitorings and protect our privacies.
Do the cell site simulators spoof existing towers? How hard would it be to write an app to detect when you connect to another tower and shut the phone down. Unless Google and Apple don't let you programmatically shut down the phone.
Stingray's inner workings are supposedly not disclosed but it is said to mimic a nearby cell tower. I bet the device just echoes & amplifies the signal to trick your phone to connect.
If that's how it works, then If you know what each tower relative strength from that given position must be and you note a new surge in strength, that will tell you. You could also use triangulation with cooperating devices.
Note that cell providers will install perfectly legitimate temporary towers to handle increased demand, so simply looking for a surge in signal strength over "normal" levels doesn't necessarily indicate surveillance.
who has publicly stated that they're mining the metadata, and does not by default notify you when one end's keys change (say if the phone were compromised).
Note that with cell phone spoofing, someone could impersonate you to OWS. All your contacts would get messages stating that your key ('secret numbers,' I think is the term they use) has changed, and all messages would then go to the imposter.
I'm inclined to say there's no reliably secure mobile platform, though idlewords (Maciej Ceglowski) and tptacek (Thomas Ptacek) are presently recommending iPhone or iPad.
(I'm writing this on an Android device I fear, dread, and detest.)
Looking at the price for 0-day exploits for phones one would also conclude that iPhones are the more secure option. Right now an Android 0-day root exploit fetches up to $200.000 while one for the iPhone goes for $1.500.000.
I believe Android is ok, IF you flash LineageOS (previously CyanogenMod) on it or buy a new phone every two years. The biggest problem with Android is that they stop giving you updates after two years and are too slow within those two years.
Use of Google as a third-party authentication service authorises transfer of all my contacts to the site to which I'm authenticating.
Or, alternatively: Any fuckwit I've shared contact information with might share my contact information with a third-party site by opting into the same type of auth mode.
How the holy hell did this ever seem like a good idea?
So if the Washington D.C. police, or anyone who can afford it, are tracking protesters, or merely tracking, near the White House, they may inadvertently intercept calls from all those insecure, non-presidentially locked phones carried by top White House aides, and by the President?
I have no idea how this works. Can someone explain the site simulators? When the site simulators intercept the traffic, they can see all the data. If it's encrypted, can they still read it or decrypt it somehow?
Site simulators aren't very new technology. Police departments have had these devices for so long that they were even mentioned in The Wire (2002) with the exact brand name (StingRay).
Handsets will always connect to the basestation with the strongest signal, there is no authentication involved. They then "exploit" (it's really by design) a feature of GSM where you can simply tell the handset not to use any encryption, and since the interface between baseband chip and application processor (the ARM that runs your Android or iOS) is more akin to a cold war curtain than actual information exchange, your device won't ever notify you. Even if they enable the old A55 encryption, that can be cracked in realtime nowadays.
One popular use is to mount them on a drone, wait for it to detect a particular IMSI and then bomb the general area. That is the reality of the so called "precision strikes" in Afghanistan or Iraq.
> One popular use is to mount them on a drone, wait for it to detect a particular IMSI and then bomb the general area. That is the reality of the so called "precision strikes" in Afghanistan or Iraq.
Holy crap. Do you have a good source for that? I've somehow never heard this before.
"It should be noted that, while cell phones do use encryption for content, the encryption can be turned off easily by a cell-site simulator itself, and there’s no notification that encryption is no longer operating."
The incompetence of telecom companies / chipmakers knows no bounds. Of course, it could be by design.
It is absolutely by design. The GSM standard recommends that, if encryption is disabled, the user be notified. This feature is called the "chiphering indicator". However, practically none of the available handsets do so.
oops, "ciphering" ... also, even if the handset supports ciphering indication the SIM can disable it. Oh, and you're not permitted to reconfigure that part of the SIM either.
I don't think this is malice. This is more likely an artifact of a history where encryption was not initially part of the protocol, and seamless fall back had to be supported.
No production basestation ever used the "no encryption" mode. No handset should ever accept using it, just as no browser will accept to using the NULL cipher. So what is the justification 25 years on?
They stop working maybe because the stingray is only collecting identifiers instead if conducting a true MITM attack and forwarding any calls por SMS's. In any case, I suspect they could only do a MITM to outgoing traffic, so any incoming traffic/data would not be delivered, like the phone is out of service/no network.
Yes, your calls would be traveling over an encrypted tunnel to the carrier instead of the (simulated) cell tower, thus preventing the Stingray/site-simulator from carrying and listening in on your call.
However, it would not stop someone from listening to the call at any point over the rest of the path since the call itself is not encrypted, only the transport between the carrier and your phone.
I've lived in Texas most of life and in general I think the people here are great. However, Texans do have a tendency to blindly support anything the Military and Police want to do, while at the same time complaining about big government.
I guess I'd better start bringing this up in my circles. I don't think many people are fully aware of what's going on.