Schneier on Security
A blog covering security and security technology.
« The Security Implications of Windows Volume Shadow Copy |
| Friday Squid Blogging: Squid Showerhead »
December 3, 2009
Sprint Provides U.S. Law Enforcement with Cell Phone Customer Location Data
Wired summarizes research by Christopher Soghoian:
Sprint Nextel provided law enforcement agencies with customer location data more than 8 million times between September 2008 and October 2009, according to a company manager who disclosed the statistic at a non-public interception and wiretapping conference in October.
The manager also revealed the existence of a previously undisclosed web portal that Sprint provides law enforcement to conduct automated "pings" to track users. Through the website, authorized agents can type in a mobile phone number and obtain global positioning system (GPS) coordinates of the phone.
From Soghoian's blog:
Sprint Nextel provided law enforcement agencies with its customers' (GPS) location information over 8 million times between September 2008 and October 2009. This massive disclosure of sensitive customer information was made possible due to the roll-out by Sprint of a new, special web portal for law enforcement officers.
The evidence documenting this surveillance program comes in the form of an audio recording of Sprint's Manager of Electronic Surveillance, who described it during a panel discussion at a wiretapping and interception industry conference, held in Washington DC in October of 2009.
It is unclear if Federal law enforcement agencies' extensive collection of geolocation data should have been disclosed to Congress pursuant to a 1999 law that requires the publication of certain surveillance statistics -- since the Department of Justice simply ignores the law, and has not provided the legally mandated reports to Congress since 2004.
Sprint denies this; details in the Wired article. The odds of us ever learning the truth are probably very low.
Posted on December 3, 2009 at 7:18 AM
• 52 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
> "Sprint denies this".
No it doesn't, at least according to the article. Quote :
"But a Sprint Nextel spokesman said that Soghoian, who recorded the Sprint manager’s statements at the closed conference, misunderstood what the figure represents. The number of customers whose GPS data was provided to local, state and federal law enforcement agencies was much less than 8 million, as was the total number of individual requests for data."
They only deny that 8 million customers were (or are) being watched.
I'm not overly surprised.
In the UK there are a number of comercial services that alow you to track a mobile phone.
At one point the only autherisation required was an SMS message that could be easily spoofed.
I'm not sure if there was any transfere of agremant details to the phone survice supplier.
So arguably the phone companies in the UK and I suspect many other places have jut been giving the data no questions asked, in return for some consideration (what I have no idea).
I think people should work on the theory that there location privacy is not possible these days much as we would wish otherwise.
The "pro" lobby will fight tooth and nail to stop the revenue tap being turned off. And Politicos will never go against "to protect the children"...
So it is just going to be one type of abuse party after another.
Do you realy think that the Sprint portal actualy checked that the LEO's it allowed to use it's system had lawfull authority or just assumed it for ease and conveniance?
As a law enforcement officer we can get this information from any cellular carrier...all they require is for us to fax an "exigency" affidavit....from experience I can say that the vast majority of times law enforcement uses this service they are attempting to locate victims, victim's property or missing teenagers. I have personally worked a kidnapping in which the kidnappers were using the victim's cellular telephone to contact the family.
It makes the whole concept of personal privacy something of a joke.
Not that I'm surprised. But what is a unsettling is that News Corp and others probably have equal access to these 'tracking services' as the law enforcement people do.
Given the extensive use of tapping through PI middlemen http://www.bloomberg.com/apps/news?...
Hello all -
a couple of comments:
William - while there are possibly many legitimate uses in law enforcement, there is still no reason not to request a court order *first*! And 8,000,000 requests is starting to sound more like voyeurism than legitimate law enforcement. (assuming the number is accurate).
Of course - I can now set up an alibi: leave my phone behind in a restaurant or bar, go commit a crime and then return. During discovery, I then ask for those records to be entered showing that my phone at least was not at the scene of the crime. Short of some physical evidence of my presence, there's a lot of reasonable doubt generrated - by prosecution evidence.
A couple of things: it is unlikely that they are keeping databases of customer locations, but rather have access to this information in real time. A general policy of archiving customer location would create a tremendous liability, not least in the requirement that they deliver it on subpoena.
Second, note that the Kindle uses Sprint's network, although it doesn't have a GPS, of course.
James Bamford's excellent books on the NSA reveal a long history of extra-legal surveillance and an increasingly technological society needs to be aware of increasing opportunities for unwanted observation. Regulatory change will never anticipate technological advance: this was the problem of Napster years ago. Moral arguments aside, Napster did legitimately fall into a legal gray area, exploiting fair use provisions that never anticipated the economics of digital publishing. We should anticipate more and more regulation arbitrage, as new technologies change the implementation of old activities.
The DoJ reports that Chris analyzes in his blog post don't include surveillance carried out under national security letter (NSL) authority.
But the eight-million number he caught Sprint boasting about may very well include NSLs.
We know from the DoJ Inspector General's report that NSL authority has been abused.
When Sprint says 'lawful' that doesn't necessarily mean an Article III judge.
Let's put this in perspective. The 8,000,000 number is the number of web portal hits over 13 months, not the number of people followed. The system can be set to track, in which case it automatically generates a new ping every 3 minutes. If the police tend to use this tracking feature then the numbers indicate that at any given time about 42 people are being tracked, across the entire Sprint network of 48,000,000 customers. This seems consistent with the quote in the article from the telco attorney who said that each of the major carriers get about 100 location requests a week, with the tracking lasting a few days.
I can still get privacy about my location. I leave my phone at home*, carry cash, and use public transportation. This is, after all, how people did it in the old days.
Cell phones have to report where they are, to receive incoming calls. If you're going to carry one, you inevitably have to live with the fact that somebody can find out more or less where it is. From that point on, location privacy is a social issue, not a technical one.
*The battery on an iPhone is not easily removable, although it can be done. I'd rather just leave it at home.
I once read that a good rule to give kids about keeping secrets is that 'good' secret is one that is to be eventually reveals. e.g. what someone's getting for Christmas. 'Bad' secrets are secret forever.
I'd love it if the cops track my cellphone if I've been kidnapped. But once I'm found, there's no reason they can't tell me about it. And if they're tracking me because they think I'm doing something illegal, then there's no reason they can't tell me within some reasonable amount of time, whether or not I've been charged with anything.
While privacy is certainly an issue, the exigency issues allow law enforcement to track a cellular telephone without benefit of a court order. I wonder how many of the requests quoted were as the result of a court issued subpoena or search warrant?
I am more inclined to believe the 8 million numbers tracked rather than the Sprint spokespersons explanation that it referred to the number of "pings" reported.
If Sprint were served with a court order, they _would not_ respond with a "single ping" and then require law enforcement to contact the Sprint Electronic Surveillance team for another ping -- and if you read the quote in the Wired article that is what they would have you believe.
It sounds like they set up an account for an agency and then let them use it as they see fit... Would love to hear confirmation from the rest of the "Gang of Four" if there is or is not similar back doors in place to their real-time data feeds.
How many requests were authorized by a court? That's a good question.
In a related issue, I hope you didn't miss the part of Chris' post where he talks about pen register reports.
> In addition to the fact that they are far easier
> to obtain, pen register orders are also not
> included in the annual US courts wiretap
> report. Not to fear though -- a 1999 law
> requires that the Attorney General compile
> annual statistics regarding DOJ's use of pen
> register orders, which he must submit to
> Unfortunately, the Department of Justice has
> ignored this law since 2004 -- when five
> years worth of reports were provided to
> Congress in the form of a single document
> dump covering 1999-2003. Since that one
> submission, both Congress and the
> American people have been kept completely
> in the dark regarding the Federal
> government's extensive use of pen registers.
"Ignoring the law" -- that's kind of like breaking the law, isn't it?
The DoJ is breaking the law.
Where's the bigger privacy hit. Law Enforcement or private commerce?
Rambam's talk (his very depressing "privacy is dead, get over it" talk) at Last Hope outlined several projects about (minute 68) underway to map cellphone activity against local enviornment and warehouse the data for analysis.
cooking capsuls (location aware)
We would NEVER allow our government to hang digital tracking transmitters on us but if it's got bluetooth we pay for the priviledge to let people who are in it ONLY for profit.
>I can still get privacy about my location.
- cameras installed in public transportation
- cameras installed at public transportation stops
- cameras in and around locations you frequent
- cameras in cell phones
- cameras both film an digital but not cell phones
- people who recall faces and more details about
the person often better or similar to a camera's capability
- any other digital items you may be carrying
it's a brave new world!
Remember that law-abiding citizens do not commit crimes and the criminals do not use their own portables; they hire others to get the phone service for them.
This makes it hard for law enforcement to connect the dots.
One can think the large number may represent many queries at given times where a suspect WAS at a known location, and "pinging" multiple phone numbers would "possibly" let them know if it was associated to the crook.
Abuse is another plausible explanation as well.
"During discovery, I then ask for those records to be entered showing that my phone at least was not at the scene of the crime. Short of some physical evidence of my presence, there's a lot of reasonable doubt generrated - by prosecution evidence."
In the UK it has already been done.
An ex Consrvative Party MP and his wife where accused by a delisional woman of having performed a number of criminal acts against her at a flat.
The Police interviewed the couple who had an alibie as to where they where (at dinner) more than one News Paper under the guidence of a well known Media Publisist working for the delisional woman published various stories actually naming the couple.
Unfortunatly the Police decided to not issue a statment about the alibi and chose to make further unwarented investigation of the couple.
They got their phone records from their mobile phone supplier and went to another newspaper with the evidence and statments from their witnesses. The newspaper revieled the information but because the Police carried on with a pointless investigation (the woman had a previous history of making unfounded complaint to the police) Some news papers continued to print her aligations. Thus there editors where I guess not surprised to receive legal letters inviting them to court to explain themselves.
It is now known that in London Youth criminals swap their phones travel cards and "distinctive hoodie" tops with their similar sized mates who travel around giving them an alibi...
Eventually the evidence of a phones location will be regarded as just that, not the location of the owner, untill that time the criminals will benifit and the inocent will be accused...
Belive it or not but there have been sugestions to pull phone location data when a serious crime is commited so that "witnesses" can be found.
My thought is it is more likley to pull innocent and vulnerable people in as "suspects".
Why is this such a big news?
CALEA has been around for 10+ years and I don't think Sprint or anyone will try to fight it -- and generally these are approved taps.
Twitter does the same thing -- albeit with the senders consent; but what about millions who MUST know where tweet is coming from.
What's the probability nothing untoward happened? of course it is abused. kind of like the example of infinite typing, monkeys and shakespeare.
The real result..they destroyed the typewriters, crapped in them, and mainly typed the letter "s".
I would love to see a discussion of the fallacies of probabilities. everyone seems to just toss out probabilities from global warning to DNA. A hint from anyone?
"Remember that law-abiding citizens do not commit crimes"
I agree with you, except for this. There is no such thing as a law-abiding citizen.
How long do you think it will take for people to start getting speeding tickets from data collected by this sort of thing?
From Sprint's Twitter rep:
we always adhere to state/fed law req which require either court order, subpoena or direct customer consent. Hope that helps.
Even the movie, Enemy of the State, is dated, compared to what is really going on today.
There is no privacy on the grid. Fact of so called L I F E.
Competition becomes ruthless for legal income, and life becomes like the movie, Minority Report, for others.
Enjoy. Happy Holidays.
The danger isn't this being used in court, it's the data mining for 'suspicious' behavior which then gets recorded as unofficial 'notes' on records but never tested.
Suppose you regularly park near a school but don't have kids. You could be carpooling, or taking a little old lady to the park. But when a kid goes missing you could be a suspect, you probably wont be interviewed but will have a little note about suspected pedophile on your record.
Enhanced CRB checks required for working with 'vulnerable' children or adults can already take into account suspicions even if it didn't lead to any actions.
Or imagine you regularly take a shortcut through a bad neighborhood to avoid traffic. Nice car, registered at a nice address in that neighborhood = probable drug dealer.
"Remember that law-abiding citizens do not commit crimes"
@law abiding citizens:
> 18 USC § 3126. Reports concerning pen
> registers and trap and trace devices
> The Attorney General SHALL ANNUALLY
> REPORT to Congress on the number of pen
> register orders and orders for trap and trace
> devices applied for by law enforcement
> agencies of the Department of Justice, which
> report shall include information concerning—
> (1) ....
> (2) ....
> (3) ....
> (4) ....
> (5) ....
What part of "shall annually report" do you think the Attorney General has a problem with?
How come the Attorney General isn't a law-abiding citizen?
Is there any trust-worthy phone company? Or at least one that has committed the least violation of privacy? Would seem like a strong reason to partake in their business.
They are tracking more than 8M people, would seem to be all their customers, all the time, at all places.
Have you not seen their TV commericals? Scary.
1. The main threat to your property and freedom has always been the government of wherever you happen to be.
2. The politicians will usually use their power to get more power for themselves.
The big picture has not really changed in the last 100+ years. Nor have the bromides: "we can't do anything about it", "law-abiding people have nothing to fear", &c.
@william - as long as you have an affidavit or similar legal instrument then fine otherwise no. The problem you face as an LEO is that there has been far too much abuse of this type of thing and after the NSA fiasco's and the absolute trashing of the Constitution by the Bush administration no one believes for a second that law enforcement sticks by the rules. Get your warrant, get your data, otherwise forget it. Warrants are not hard to get.
If I felt I could trust the agency and/or companies collecting my personal data, I really won't worry about it. But since many organization have been maliciously hacked or just careless with customer/citizen data, this kind of thing worries me.
I have a hard time believing there are eight millions of suspected criminals that need tracking, let alone 8M Sprint customers. I'd say that this is a strong argument against using Sprint, except the technology _and permissions_ are doubtless in place for the other providers as well.
I've had to field calls from purported LE callers to have specific info provided, and routed them to the approved channels, stating, if necessary, SOX is the law I must abide by. Social Engineers are not above using the LE dodge to obtain information.
But, Eight Million Times?
Sounds more like nosey curiosity instead of Law Enforcement action.
"I Have Nothing to Hide"
- Winston Smith
Why did you say "The odds of us ever learning the truth are probably very low."?
I can't think of any reason that would be true. The government has no reason to lie to us after they've been found out.
Given that fact that there is no GPS involved at all in the whole process (the cell company simply cannot access the GPS receiver in a phone remotely, even if the phone is so equipped in the first place), but rather simple triangulation of the phone's location relative to the base stations (cell towers), I would dare to say that none of of the parties involved have a clue what they're even talking about. GPS does not equal geographical coordinates.
If they can't even get that right, then the numbers involved are highly dubious. Maybe the web page of that "ping" portal has been accessed 8 million times - probably including crawlers and would-be hackers trying if they can log in using the "admin" / "password" combo.
Don't trust any statement (or denial either) of anybody who doesn't know s**t from Shinola...
8 million times. Hmm... how about 8 million pings? A ping every 4 minutes gives gives roughly 22000 /day or around 60 per year. Give or take some time for not pinging or end of survaillence and it boils down to maybe some hundred phones being tracked at any given time. Does not seem this much to me.
"I can't think of any reason that would be true."
That is just a statement about the limitations of your imagination. It has nothing to do with the post you're commenting on.
The government habitually conceals facts from the people. It doesn't need any further reason.
There is one further risk that seems to have not been recognised; should the software behind this be compromised in the manner that Greece's vodafone network was in 2006, then an unknown organisation could have access to real-time track the location of anybody. For those who are unfamiliar, the Greek case involved all calls to and from the cellphones of 100 senior people (including the president) being intercepted. This went on for many months until it was discovered by accident and the perpetrators were never clearly identified. The risks of tracking data falling into the wrong hands need little further elaboration.
Frank Bitterlich : Don't trust any statement (or denial either) of anybody who doesn't know s**t from Shinola...
That's funny I thought Shinola was....
"Second, note that the Kindle uses Sprint's network, although it doesn't have a GPS, of course."
Cell-Sector triangulation - don't need GPS.
Is there any trustworthy telecom provider? Maybe Qwest. After 9/11, when most US telecom providers bent over for the feds and shared tons of data on their customers with the government, Qwest was the only one who declined to do so in the absence of a court order. (There are credible allegations that, in return, the Qwest CEO got screwed: got screwed on govt contracts, and was subject to a criminal investigation.)
possible that sprints manager did not know the correct numbers, quoted a wrong one or exaggerated the numbers (selfimportance?). wheter it's millions of pings or customers only they know
i've had a long call to sprint support about 10 years ago because of wrong charges on my bill - they admitted back then a computer glitch, the calls on my bill were made a thousand miles away and cancelled those
after a long tech discussion how they knew they reluctantly stated that it's possible to know a customers location from cell tower's logfiles - news to me back then ...
every logfile can and will be used against you!
Department of Justice is ignoring the law?
And then U.S. media (or U.S. government) talks about other countries governments doing this or that. They should clean their own house first.
Wonder how many of those 8 million (which is likely a real number, contrary to what Sprint says) are 'celebrities' searched by paparazzis.
United States Senate, 94th Congress, 2d Session
Select Committee to Study Governmental Operations with Respect to Intelligence Activities
Senator Frank F. Church, Chairman
Senator John G. Tower, Vice Chairman
April 26 (legislative day, April 14), 1976
BOOK II : Intelligence Activies and the Rights of Americans
E. POLITICAL ABUSE OF INTELLIGENCE INFORMATION
The Committee finds that information has been collected and disseminated in order to serve the purely political interests of an intelligence agency or the administration, and to influence social policy and political action.
(a) White House officials have requested and obtained politically useful information from the FBI, including information on the activities of political opponents or critics.
(b) In some cases, political or personal information was not specifically requested, but was nevertheless collected and disseminated to administration officials as part of investigations they had requested. Neither the FBI nor the recipients differentiated in these cases between national security or law enforcement information and purely political intelligence.
(c) The FBI has also volunteered information to Presidents and their staffs, without having been asked for it, sometimes apparently to curry favor with the current administration. Similarly, the FBI has assembled intelligence on its critics and on political figures it believed might influence public attitudes or Congressional support.
(d) The FBI has also used intelligence as a vehicle for covert efforts to influence social policy and political action.
Elaboration of Findings
"The government has no reason to lie to us after they've been found out."
If that is how you think they would probably lie to you by denying the truthfullness of the findings. And you would think they are telling the truth.
"Given that fact that there is no GPS involved at all in the whole process (the cell company simply cannot access the GPS receiver in a phone remotely, even if the phone is so equipped in the first place)..."
Modern cell phones are equipped with an internal GPS to allow emergency personnel to locate the user after a call. If the emergency personnel is able to get that data why not the cell phone company.
Note that the person did not say that they had provided information on 8 million users.
He also did not say that the web page of that "ping" portal had been accessed 8 million times.
He said that Sprint had provided the customer location data more than 8 million TIMES.
He also did not say that that was through the web portal. As it is in Bruce's posting:
"The manager ALSO revealed the existence of a ... web portal"
The provision of the data and the web portal can as well be two separate issues here.
Members of GNAA couldn't be reached for comment.
They lie until they are found out, then they admit it and say it is authorised previously and dig up the bit of small print that they had passed ten years ago and that nobody noticed.
This is after they are found out, not before they are found out.
There are undoubtedly things they are denying now that are true but not yet proven.
For instance, the real meaning of TIA was not total information awareness, but taxpayer income assessment. That they are still lying about.
Go to www.cryptome.org to see the Telecom spy documents! You'll change providers.
Isn't cryptome a disinfo site?
Good information and the evidence documenting this surveillance program comes in the form of an audio recording of Sprint's Manager of Electronic Surveillance, who described it during a panel discussion at a wiretapping and interception industry conference, held in Washington DC in October of 2009.
Don't worry. Google says it's all okay as long as you have nothing to hide.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.