Monday, November 17, 2008

Cellphones, privacy and the law

I know that many of us have read about how cellphones can be tracked to a given location by triangulating their bearings from cellphone towers. However, information that's recently been leaking out of the FBI shows that law enforcement agencies have another way to locate a phone - and, of course, the person using it.

The first public indication of this technology, known as (a) 'triggerfish', came during the arrest of Kevin Mitnick, a computer hacker, in the 1990's.

While they did not have the phone number, they had the characteristics of the phone signal, known as a MIN. This was enough for Shimomura to act on his own by using radio transmitters to isolate the signal from the cell phone to a more limited area. While listening to local cell phone traffic, Shimomura actually overheard Mitnick in a conversation. Now that he had the exact frequency, Shimomura simply had to follow the signal to its source.

Of course, because Shimomura was not a law enforcement officer, he had to wait for the FBI to arrive in the area. Shimomura and his staff staked out the area all night, waiting for the FBI to make it to the location. A two-man FBI team arrived late the next evening and set up a “Triggerfish,” which was similar to the signal detector Shimomura was using but much more powerful. The Triggerfish antenna was attached to a truck and used it to follow the frequency Shimomura had uncovered. The FBI scanners led the group to what they thought was Mitnick’s address. Suddenly, the cell signal was now coming from across town. Mitnick had succeeded in convincing the FBI that he was in a different location. Now the FBI had to wait for a new warrant to search the new address to where they were heading.

This time, Mitnick could not thwart the FBI technology. Being none two happy with running around, the FBI had the second warrant delivered to the new location with a squad of police. The FBI found Mitnick’s apartment and raided it. Mitnick began to vomit on the floor as the officers arrived.

'Triggerfish' are also known as cell site simulators or digital analyzers. They appear to trick cellphones into thinking that they're a cellphone tower. The cellphone then transmits its serial number, telephone number and other information to the 'triggerfish' device, just as it would to a cellphone tower. This enables the person using the device to 'home in' on their location.

Until recently, it was assumed that a 'triggerfish' could only be used once a cellphone service provider had given law enforcement the approximate location of the phone in question. However, it appears that law enforcement is no longer limited in this way.

This summer ... the American Civil Liberties Union and Electronic Frontier Foundation sued the Justice Department, seeking documents related to the FBI's cell-phone tracking practices. Since August, they've received a stream of documents—the most recent batch on November 6—that were posted on the Internet last week. In a post on the progressive blog Daily Kos, ACLU spokesperson Rachel Myers drew attention to language in several of those documents implying that triggerfish have broader application than previously believed.

As one of the documents intended to provide guidance for DOJ employees explains, triggerfish can be deployed "without the user knowing about it, and without involving the cell phone provider." That may be significant because the legal rulings requiring law enforcement to meet a high "probable cause" standard before acquiring cell location records have, thus far, pertained to requests for information from providers, pursuant to statutes such as the Communications Assistance for Law Enforcement Act (CALEA) and the Stored Communications Act.

The Justice Department's electronic surveillance manual explicitly suggests that triggerfish may be used to avoid restrictions in statutes like CALEA that bar the use of pen register or trap-and-trace devices—which allow tracking of incoming and outgoing calls from a phone subject to much less stringent evidentiary standards—to gather location data. "By its very terms," according to the manual, "this prohibition applies only to information collected by a provider and not to information collected directly by law enforcement authorities.Thus, CALEA does not bar the use of pen/trap orders to authorize the use of cell phone tracking devices used to locate targeted cell phones."

I don't know about you, readers, but this bothers me. It's even more worrying given the often cavalier attitude displayed by law enforcement agencies to legal restrictions on their activities. For example:

By now it's well known that FBI agents can't always be troubled to get a court order before going after a surveillance target's telephone and internet records. But newly released FBI documents show that aggressive surveillance tactics have even caused friction within the bureau.

"We deal mostly with the fugitive squad here, and, like in many other offices, these guys have a reputation for cutting corners," a surveillance specialist at the FBI's Minneapolis field office complained in an internal e-mail last year. "I'm not bashing them; it's the way they do business. Getting a court order is the absolute last step, if they have to.

"Before I had a blowup with a particular agent ... we were constantly asked to call our contacts at service providers to see if we could get various information without having to get a court order," the message continues. "This gets old, believe me. ... Doing this once or twice to help out turns into SOP (standard operating procedure) ... It's expected, and you're criticized as a tech agent if you refuse to do this later on."

The revelation is the second this year showing that FBI employees bypassed court order requirements for phone records. In July, the FBI and the Justice Department Inspector General revealed the existence of a joint investigation into an FBI counter-terrorism office, after an audit found that the Communications Analysis Unit sent more than 700 fake emergency letters to phone companies seeking call records. An Inspector General spokeswoman declined to provide the status of that investigation, citing agency policy.

. . .

Remarkably, when the technical agent began refusing to cooperate, other agents began calling telephone carriers directly, posing as the technical agent to get customer cellphone records.

Federal law prohibits phone companies from revealing customer information unless given a court order, or in the case of an emergency involving physical danger.

Our privacy is threatened enough by rapacious data-mining by marketing departments, intrusive Government bureaucracy, and fear-mongering anti-terrorism campaigns. When any law enforcement agency can isolate and home in on and listen to any cellphone, just because it feels so inclined, I start to get very angry. Who's protecting our right to privacy? And, as the Roman poet Juvenal famously asked: "Quis custodiet ipsos custodes?"



Unknown said...

No one, Peter. Those days are gone.

Thanks for posting this.

makeumdothechicken said...


The FBI isn't listening to my phone conversations or yours. We aren't fugitives from justice, terrorists, drug smugglers, purveyors of child pornography or sex slaves. If they listened to one of my phone conversations I'm sure they would become quite bored in short order. If they are able to use this technology to capture someone who is involved in the aforementioned activities I say it is a good thing for everybody except the one who got caught.

Additionally, we are not talking about agents tapping a landline, entering a residence or taking someones papers or property. They are intercepting a signal which is being transmitted in public across public airwaves. The expectation of privacy is greatly diminished. As the article states even a non-law enforcement person can accomplish this act.

As far as the ability to locate a cell phone based upon its relationship to towers, this technology has saved a lot of lives. I can speak personally of three different instances where this has been used to rescue people who very possibly may have died. One where an individual crashed her vehicle in a remote area, she was trapped in the car, unable to signal for help and did not know where she was. Another where a suicidal subject was sitting in a park calling 911 to report what he intended to do but refused to tell the operator his location. I saw it used one other time to locate the victim of a beating who had been dumped in a remote area and was able to call from the cell phone he had but did not know where he was and could not walk.

I certainly don't think that the interception of cell phone transmissions across public airwaves rises to the level of some great infringement of individual liberty or rights. People know when they are using any cordless device whether it be wireless internet, cordless or cellular phones that this is not a secure form of communication. Therefore the expectation of privacy is greatly diminished.

Crucis said...

All of those techniques are highly illegal without a court-order. In some states, even owning the equipment by an individual, is illegal unless it's for an express business purpose.

MIN = Mobile Identifier Number. Assigned by the manufacturer or cell provider. It's not the billing or dialed number.