Schneier on Security
A blog covering security and security technology.
« Eavesdropping Through a Wall |
| Australia's New Anti-Terrorism Legislation »
October 27, 2005
Cell Phone Surveillance
Missouri will track people's movements through their cell phones.
Posted on October 27, 2005 at 7:48 AM
• 51 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I guess I'm turning off my cell phone when I drive through Missouri.
From the article: "The system also records the speed of each vehicle, opening up another potential ticketing technology."
Actually, no, it cannot record the speed. It can differ the estimates of position and of time, and then divide to estimate speed, but it cannot sense speed directly.
Assuming the timing is fine, the question is how large the positional errors are compared to positional differences. If the errors are negligible, the speed estimates can be close to the truth. If the errors are large, the speed estimates are useless.
My GPS handheld will occasionally estimate my top speed over 15 km/hr when I am walking, and this is a neighborhood of one-story buildings with few trees. I have never tried the unit in the 'concrete canyons' of a big city, so I have no idea how wild the results can be. And GPS is pretty good at positioning and timing, mind you.
Imagine the consternation of someone whose car breaks down in on a Missouri highway and who then uses his cell phone to call for roadside service, and that call, with a poor SNR, becomes the incriminating evidence to ticket him for speeding at the time he's standing beside the disabled car. Imagine trying to defend him in court.
I suppose that isn't the full story, but would there be any safeguards against this being used for ticketing etc, or tracking people generally?
I mean if you find someone's phone you could switch it on then scream down the nearest motorway/highway and 120mph and get them ticketed.
If that were the case I can imagine a lot of people would either be losing their phones, or not being contactable while driving.
does the state have any legal right to this information? It sounds like that signal is the IP of the phone company and a case could be made challenging unauthorized use of that signal.
Actually, no one can ever tell speed directly, Mr. Smartypants (Heisenberg's uncertainty principle and what not). So what? All that matters is average speed when ticketing someone. What I'm more interested in is using mobile phones to pinpoint human locations and combining that with data mining to determine clusters of other mobile phone using people you hang out with. I might find out that you tend to hang out with a bunch of anti Fox News tree hugging activists (or was that insurgent?).. I guess I'd better lock you up just to be safe. After all, it's for everyone's protection.
Why has it not been done before?
We are upset and complaining over the problems with RFID, while we have a complete monitoring solution, only needing some extra software to get running. The hardware is out there, everybody has an active tracking beacon, and in most cases there is also a database linking each person to their mobile phone. And try to live and work in the modern society without a mobile phone.
Just thinking about the amount of information that could be mined from the location data is staggering. Here (in Sweden) we have had cases where the police have used the automatic tracking of mobile phones to prove that some people were involved in a robbery and other people involved in a murder. The step to requiring that the phone companies store and make this information available “to combat violent crime and terrorism��? isn’t a large one. And then, when it’s available it could of course be used to stop other crimes. Speeding? Theft? Medical Insurance Fraud? Or any crime where the movements of a suspect is interesting. Unlike wiretaps this data doesn’t require a large amount of human resources to handle, as a matter of fact visualisation systems for this kind of data are well developed.
Combine this with the new laws that require the telecommunication companies to store information about who you communicate with through SMS, Internet and Telephone that are being rolled out in the EU.
Tinfoil hat? Perhaps. Still I am not sure if I would trust the goodwill of a mobile phone company, or the good will of the state with that kind of information. It seems like only the technologically savvy will have any sort of privacy if we go down this path. Time for new privacy laws?
I would assume that the phone company has to be involved somehow. Or, it might be part of the E911 service that they already provide to the Government.
I hope that it is being implemented as Mike notes. I've been pulled over for doing 7 MPH over, but it was right after passing two semis. My average speed for the entire 200+ mile trip was spot-on the speed limit, but the officer was at the "right place at the right time" in my case. :( This cell-phone based solution would have said that my overall average speed was only 65.1 MPH for my entire trip across the state, rather than that short burst of 72 MPH.
This smacks of an infringement of freedom. Has this not been challenged in the courts?
Actually, living and working without a mobile phone is not just easy, it is fun.
Mobile phones increase accessibility, are expensive, noisy, and generally create more work for people. When I am done my work day I go home, and enjoy myself, and if someone wants to get ahold of me, they can.
If I am busy, they can leave a message!
The only real difference is that in an emergency I can't call someone. This is fine, I use pay-as-you go style disposable on business trips, and when at home, if my car breaks down, this city is only 465.16 Km², approximately 21.5x21.5 km. There are enough payphones within walking distance that I can walk to one in under 10 minutes.
Now, I could get a cell phone, do more work, get aggravated by interruptions, get brain cancer( if the activists are to be believed), pay a second phone bill, get SMS viruses (rare, so far), run Windows on yet another device (blech), be tracked by the government, or anyone else who convinces my cell provider, and trust proprietary encryption that has routinely been broken (academically at least, to my knowledge).
No thanks. Consider me a luddite, but I guarantee my blood pressure is lower than yours ;)
Kinda OT but the next article on that website is
"Oregon Introduces Emissions Tracking Transponder"
where the state hooks up a transponder to the ODB-II port of your car and then you don't have to go for regular emissions testing afterwards since they're monitoring your data from various roadside locations.
Beside the same anonymity concerns as the posted topic, does anyone know how strong the authentication is on that port is, if it exists at all? Without authentication, anyone could just unplug Oregon's monitor and plug it into a spoofing circuit always appearing to be a really clean engine... I wonder if it even would be a crime to do so.
--No thanks. Consider me a luddite, but I guarantee my blood pressure is lower than yours ;)
Actually I have a phone and leave it off until I break down. Thus, I avoid the 10 minute walk in the rain to the pay phone. Given a break down in the rain, I bet my blood pressure is lower than yours :).
Havvok - the same and more can be acheived by owning a mobile and setting it to divert to voicemail.
As to the main point, I can't see this being used to ticket speeders - how do you know the owner of the phone is driving (or even in) the car? But it could probably be used to locate them.
The real question, of course, is whether they will be retaining any personally-identifiable data. If they're not doing that, then you can only applaud them for their ingenuity.
Is anybody bothered by the fact that this work is being done by a Canadian company. Wasn't the Boston parking monitoring (a short time back) also being done by a Canadian company? Would this be equivalent to off shoring of the Secure Flight database to avoid being held accountable by U.S. laws? Next, the FBI and CIA will be off shoring their data for the same reason (if not already).
Issuing tickets based on cell phone tracking would not make any sense. The data could be fed to law enforcement in order to have an officer look for the offender. The problem with tracking cell phones is that you're just getting information about the cell phone and inferring the rest.
The first thing that came to my mind is radio controlled aircraft that can fly over 100MPH. I'd love to get a ticket where the accuser could neither identify the vehicle or any occupants. A person in a small plane could leave their phone on and fly over a highway to create the same signature.
Another thought is that one could strategically locate hardware near each cell tower such that the system would register the "phone" travelling near the speed of light. I would be proud to get a ticket where I was accused of violating the laws of physics.
.. Without authentication, anyone could just unplug Oregon's monitor and plug it into a spoofing circuit always appearing to be a really clean engine... I wonder if it even would be a crime to do so.
Actually I don't know if the engine sensors can be reliably used for this application. Many pollution failures are due to faulty sensors not sending back the correct info to the computer.
In the meantime I'm continuing to drive my non ODB, non catalytic, carburetted (4 bbl), point-condenser ignition, 35 year old vehicle.
"If that were the case I can imagine a lot of people would either be losing their phones, or not being contactable while driving."
This is a bad thing? Fewer drivers on cellphones can only be an improvement. Law of unintended consequences actually doing some good for once?
Not that it justifies the privacy concerns.
Ticketing based on tracking would not be reasonable, but it would be sensible given government greed. If the courts would back this, it would give a huge ROI, even though it would aggravate a lot of innocent people. (There would be exceptions for important people, so only nobodies would have to pay the fines.)
A nice prank would be to steal someone's cell phone and stick it to the 'roof ornament' of a state police cruiser. In a day's time the victim will have thousands of dollars in fines. And no legal leg to stand on. Where's his proof?
Trying to sting the system with a near-light-speed test, I think will fail. The service provider will put in an arbitrary upper limit to avoid the giggle factor. Remember, they're in it for the money too.
We could count on the courts to back this because every mercenary's first allegiance is to his paymaster. Government revenue pays the cops, the DAs, and the judges.
I think you are all missing the real threat here. Speeding tickets would most certainly be challenged by an outraged population if this were to happen. I do not think that they could hold up in court for reasons that have already been explained.
What I am frightened about is the fact that police (and whoever else with special security powers) will decide that access to this database is required to "maintain a safe society".
You will see cases like with the fellow in the UK that had his Grocery Store loyalty card records accessed by police to prove that he was in the store at a certain time.
The police will be able to say "We do not keep a record of all your movements via your cellphone" without lying, however their access to this information will mean that they do. It is the perfect system for them. Never having to answer as to why they would keep this information. No overhead for keeping these systems up and running, yet access to whatever they want whenever they want.
My concern about this is directly proportional to the amount of data they're distilling and keeping. If they're only paying atention to where cell phones are as an indicator or traffic trends, then this is no different from the embeded sensors the article cites, except that it doesn't involved road destruction and is probably much cheaper to impiment.
If detailed records, traceable to individuals are being compiled and kept, that's a different story.
I'm sure they'd only "keep detailed records, traceable to individuals" if this was necessary in order to keep preserve freedom. :^(
I guess they call MO the "Show me state" for a reason.
There are so many holes in the system that greed cannot overcome without outright corruption and malice on the parts of law enforcement and the courts. For example, if you carpool and have a phone, your speed is not your fault if you're not driving. Current traffic laws cite the driver for exceeding the speed limit. It's even worse if you ever leave your cell phone in someone else's car.
In order to make such a system work, they would have to justify holding passengers equally liable for the actions of the driver.
Going back to greed as a motivator, I don't think the revenue from the tickets would outweight the political capital it would cost. If they actually ticketed based on cell phone positioning, I want to start a campaign to be governor of Missori. My slogan will be "Vote for me, because tyranny is unamerican."
If the purpose is to track the number of vehicles going over a paved area...
What about the people without cell phones or those with their cell phones turned off? Are they going to add a "fudge" factor that X percent of people on the road have a cell phone, have it with them, and have it turned on?
If so, how will they come about this fudge factor? A study? Will they redo the study every few months to see if the fudge factors has changed? (as it likely will as the Cell Phone Market grows or declines). Not to mention cell phones are more popular in some areas than others! Not to mention the possibility of two cell phones in one vehicle.
What I see from this is:
Either inaccurage data due to a bad fudge factor (VERY possible)
Spending more tax payers money funding said studies.
Cell phones doesn't seem to be a good way to track traffic...but that's just me.
I'm not surprised, really. Missourians apparently still believe that the Quantrill Raiders should be considered heroes of the Civil War:
"William Quantrill developed a style of guerrilla warfare that terrorized civilians and soldiers alike. [...] The climax of Quantrill's guerilla career came on August 21, 1863, when he led a force of 450 raiders into Lawrence, Kansas, a stronghold of pro-Union support and the home of Senator James H. Lane, whose leading role in the struggle for free-soil in Kansas had made him a public enemy to pro-slavery forces in Missouri. Lane managed to escape, racing through a cornfield in his nightshirt, but Quantrill and his men killed 183 men and boys, dragging some from their homes to murder them in front of their families, and set the torch to much of the city."
Just imagine if they had been able to track Lane by his cell-phone.
Texas wanted to install GPS receivers in all cars (at owners' expense) to allow automated billing for a road use tax. Somebody imagined it could also be used for automatic citation for speeding tickets.
Theirs was a horrible idea. So is the cell system triangulation ticketing idea.
My hope is that blogs like this (thanks to The Bruce) -- an aboveground underground truly-free free-press -- will shoot down horrible ideas before they get visited on us.
Mike, I would not be surprised if already this morning some government slug has copied your comments to pass them off as his own.
What I think will happen is that when they announce that Sprint is turning over cell phone data to the police to do whatever they want with it, suddenly Sprint will have a lot less customers. Spy-free phones would have real value in the market. Of course, this assumes that this does not become required.
Smoke and mirrors. Tracking cell phones to count the number of cars is silly. As has been mentioned earlier in this post, how can you track cell phones when some are off and others don't even own one. What happened to putting a rubber hose connected to a counter across the road? Not only will that catch every person crossing, but will also do the most important thing when counting traffic and that is counting the number of axels on the road.
"Texas wanted to install GPS receivers in all cars (at owners' expense) to allow automated billing for a road use tax. Somebody imagined it could also be used for automatic citation for speeding tickets."
I remember this being debated in Australia many years ago. The idea seemed to be that whereever it's too costly to station a booth or speed trap (e.g. remote and desolate roads where the revenue is insufficient to pay a salary) automated trap technology could be used instead (sensors, cameras, mailers, etc.).
An amusing alternative was shown in Wim Wenders' 1991 movie "Until the end of the world", where drivers were coddled along by a navigation link but they could also chose to disable it and go "off the grid".
"a rubber hose connected to a counter across the road"
Don't you mean a pair of hoses spaced apart in order to calculate speed with one attached to an IR camera with a wireless uplink?
A way to avoid privacy issues is to impose to the system that it uses the phone number only for the time needed and only internally. If the system only wants to keep track of trips, it should remember and display only that.
Assuming phone number 0485279925 travels from A to B to C at 10AM on wednesday.
The system could remember someone travelled from A to B to C at 10AM on wednesday. Having used 0485279925 internally only to detect that.
"Federal law enforcement attempts to use cell phones as tracking devices were rebuked twice this month by lower court judges, who say the government cannot get real time tracking information on citizens without showing probable cause."
I think they're looking for real-time data on traffic congestion. If you see 600 cell-phones on a short stretch of freeway, with an average speed of 10km/hr, you conclude that the traffic is badly backed up.
For this purpose, you don't need to know the true number of vehicles (although I bet you could get a pretty good estimate from an average-number-of-cell-phones-per-vehicle conversion factor) nor do you need accurate speeds, so long as the measurement is unbiased, so you can accurately measure the average speed of many vehicles.
The speed-ticketing bit looks to me like pure speculation by a journalist.
The system could be implemented such that any data more than a few minutes old has been irrevokably diassociated from any cell phone ID. But I bet they won't.
I love my mobile phone, so this might be a bit biased.
Still, I can't understand the mobile as a source of stress unless you are somehow required to answer it. In which case, if you were mobile-less you'd probably be required to have some other equally-intrusive devicec (pager?).
This is the beauty of the functions known as 'silence phone' and 'caller ID'. If I don't want to be bothered by anyone, I silence my phone. I can always look at my call history and see who called, even if they chose not to leave a message. Usually though, I let it ring or vibrate (depending on my surroundings) and check to see who is calling.
This way, I am reachable in an emergency. Since my provider will let a messager send a numeric page instead of or in addition to their voice message, I can feel free to ignore calls from UNKNOWN or BLOCKED while knowing that I will get a paged if it's an emergency. Considering that I have a wife who commutes an hour through evil traffic, I'm much more relaxed knowing that she can get hold of me if she breaks down, needs a ride, or is going to be extremely late.
It causes no stress, however, when my boss tries to call me off hours. I simply don't answer, and if I'm feeling charitable I might check the voicemail to see if it's something I care to deal with.
As for "a second phone bill", my mobile is the only phone I choose to have. No telemarketer problems. ;-)
I wouldn't be too concerned about what they are doing with the data (spead tickets are obviously out of question). What is frightening about this news is the absolute absence of any privacy culture. "There are data out there that the state might find useful for whatever purpose? So the state will have those data." No further questions asked. No permission necessary. No legal justification required. Depressing. Don't you think it's time for the revolution?
Glad I don't have a cell phone.
"Don't you mean a pair of hoses spaced apart in order to calculate speed with one attached to an IR camera with a wireless uplink?"
Thank you. I forgot the gub'mnt wanted to catch speeders for revenue enhancement. I was looking at collecting traffic data for road repair, bottlenecking fixes, new road routing, etc to help the people. Silly naive me.
you're all on notice by now that your cellphone is potentially an enemy of your privacy. keep the damn thing turned off unless you're making a call. keep it in a faraday shoebox (or for you ladies, a handsome leather faraday clutch baguette) when you're not using it.
If the system is to be use for traffic speed enforcement, how does it tell the difference between the following four situations:
1) I am driving in my car along the highway (I am the driver)
2) I am a passenger in a bus that is speeding along the highway.
3) I turn on my mobile phone just before my plane lands. The runways happens to be very near and runs parallel to a local highway.
4) I am taken to hospital in an ambulance, and my mobile phone is one during the high-speed drive into the emergency department.
Do I get a ticket if I am a passenger? An officer on the street is capable (should be) of determining the difference between the 4 cases in less than 2 seconds. A computer estimating changes in the location of the signal source from my mobile phone has no clue about the above differences.
@S.Salomons: You would have to clear that up yourself in court, then... and god bless you to have hard evidence for your 'excuses' at hand...
When a mobile is 'off', well, IS it? My Nokia can wake me up in the morning despite being turned off when I go to bed. The only way to be sure is to remove the battery.
Well, at least in Italy tracking people with cell phones is pretty normal (!) in post facto anticrime activities. And no surprise, if someone told me, you're a dangerous treehugging activist, know that you're under permanent control each time your cell is on. But i guess here things are somewhat different, people are much less bothered by privacy invasions :(
I don't care if everything about my life is under constant surveillance, so long as
1) Said surveillance is unobtrusive and
2) Checks and balances are in place to ENSURE that surveillance data collected will only be viewable to proper authorities *after* a warrant has been obtained.
This would include a measure which required all surveillance devices to encrypt data prior to writing it to any physical medium (using symmetric keys distributed to the devices on a periodic basis from the judicial branch of the government via wireless SSH communications).
The entire setup would be automated, right until the executive branch requires data from a particular device. In this case, the law enforcers would:
1) Do what's known as "police work" to establish probable cause
2) File a PUBLICLY ACCESSIBLE (with release delays, if appropriate) warrant requesting access to surveillance data
3) Receive only surveillance data from devices and time-lines approved by a judge
4) Using said data to assist in investigating only the crime in question (the police could not issue me a jaywalking infraction ticket if I happened to walk by the camera 5 minutes before a murder happened)
5) Fully disclose all retrieved surveillance to the accused after an arrest has been made.
With these checks in place (and a justice branch department dedicated to maintaining the integrity of the system), I would have no reservations about having my every move tracked by an unobtrusive device. Would anyone else?
I would. I do not want do be spied at, even if it is by the Good Guys.
I seem to recall the electronic toll collection data (I-Pass) here in Illinois being deemed unusable/inadmissable as evidence for determining vehicle speed because it is a form of self-incrimination. The ability to not testify against oneself is a protected right, at least at the moment. Using cel phone data for issuing speeding tickets would be a similar form of self-incrimination.
Besides, as others have said, even though millions of people have cel phones, having a cel phone does not equate to owning or operating a vehicle. There are plenty of ways to achieve the goal that would apply to the entire vehicle population and not a subset.
Regarding the post about using the data to determine traffic congestion, there are usually already cameras or other sensors strategically placed where congestion is a possibility; that problem is 'solved'. (Now, if they'd work on solving the congestion problem itself, it'd be an even better world)
And as for determining mileage for road tax purposes, cel phones would be dismal. Far easier is to simply have people report annually to a DMV location where the odometers are read.
Missouri might want to be a bit cautious about spending too much money on this, since two federal courts have ruled this sort of thing unconstitutional (see the Wired article linked above, or http://www.washingtonpost.com/wp-dyn/content/...
At least that should discourage drivers from talking on the cell phones whilst driving, as they'll all be turned off! ;-)
It does beg the question 'why?'. As usual with these things, the bad guys will turn them off, or steal someone elses, and Mr J. Public, get the inconvenience and the bills.
The point of this surveillance is not speed tickets, or criminal investigations - it's traffic control. The problem is the lack of a privacy culture.
Apparently the system will only work when the person is ON A CALL - only then does the network know where the cell phone is. [At least for CDMA networks.] ["monitoring the signal sent from the cell phone as it is handed off from one cell tower to the next".]
Don't know how effective this will be.
(Technology do exist to "ping" the phone to get it's location. But that involves an active approach, rather than the passive one indicated in the article.)
Try this. (You'll need to use a phone that you won't need to use for a few weeks.) Fully charge a mobile phone. Turn it "off". Check it occacionally (every couple of days) to see if it turns in. Most recent phones eventually won't. When that happens, charge it up again, and remove the battery. Let it sit for at least as long as it took to run down. Heck! Wait twice as long. Pop the battery in, and turn it on —which, unless the battery is fried, it will).
I have an about 5yo unsubscribed Kyocera that i keep around as a 911 module. In "off" mode, it ran its battery down in a couple of weeks. The battery has been disconnected from it for a few months now, and it still turns on if i connect it.
It should be obvious from this that the phone is never truly off. What's it doing?
Given that current models allow surreptitious listening and viewing, i assume that it's listening for such instruction, and maybe even occasionally getting a fix and squirting its location off to be cached somewhere.
Paranoid? Not at all. The eavesdropping feature is known, and being exploited, not only by government and private investigators, as well as the occasional just plain evil bastard.
Apparently the things are wide f'g open.
(Oh yeah, they can do it with OnStar, too.)
Have a nice day. :s
does anyone know if phone companies are actively storing tracking data today? if so how long might they keep it? i mean could law enforcement in theory at some point go back and search a database to see who has been speeding down a road and send out a million tickets (as the technology becomes more precise)? or ask the phone company for a persons whereabouts on a given day (rather than tracking real time?) anyone know? seems scary.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.