I wonder if other crims are paying attention and planning to use this loophole as a Get Out of Jail Free card.
Prosecutors in St Louis, Missouri, have dropped a criminal robbery case to avoid revealing details of a controversial mobile phone surveillance program, a defense attorney has claimed. The St Louis Post-Dispatch reported that the state dropped more than a dozen charges against three defendants just one day before police were …
The crims don't have to pay attention. Their attorneys do and you can bet your bippy they are paying attention. I don't think this is first case dropped and it won't be the last. I wonder like others, where will the line be drawn? A single murderer? Serial killer? Massive terrorist attack?
The problem is, this will soon be common knowledge, if it's not already. So how long will the FBI, etc. play this game? Or will just pull the equipment back and tell the local police to go screw themselves?
Ah questions and more questions with every new reveal....
"I wonder like others, where will the line be drawn? A single murderer? Serial killer? Massive terrorist attack?"
IANAL but I suspect, however, that the process is illegal so the evidence would be chucked out and the case lost. I guess it's meant to provide a heads up rather than be relied on in court; cf visiting a suspect disguised as ISP repair men.
There was case in the UK in the 80s when a school girl was kidnapped and the police were appearing on TV appealing for help where they claimed they couldn't track the phone calls because BT's new all digital system-X didn't allow calls to be traced.
This raised a few eyebrows on the computer security sites.
With police operating more and more in secret, you'll never, ever know.
How a public agency is able to get away with this is beyond puzzling.
While I agree with the sentiments expressed, having the police publish a step by step playbook of their actions would rather make it easy for criminals to avoid detection. The counterpoint to my own argument is that fingerprinting has been known technology for around 100 years and still criminals forget to wear gloves.
There has to be some balance between operational secrecy and public interest. I make no claim on which way that balance is tipping currently, nor on where the optimal balance may be found - it's a complicated issue to which I've not given sufficient thought.
Cobblers. There is a major difference between operational security and capability. The former should legitimately be kept secret during a case. The latter should be fully disclosed, they work for society not the other way around.
This is just a way of generating fear and uncertainty in the populous in general - not just the criminal fraternity, and is just a variant of security through obscurity anyway.
Are these devices even legal anyway? Do they have a spectrum license or exception? I suspect the whole reason its kept secret is that these devices are operating in a very grey area of the law.
The cops need to be seen as totally compliant with the law - not seeking to exploit it. Especially since in most cases these are being used to catch your garden variety criminals.
There is a major difference between operational security and capability. The former should legitimately be kept secret during a case. The latter should be fully disclosed, they work for society not the other way around.
Disclosure of the latter will always compromise the former. It has to. The only way phone tracking works is if the criminal doesn't believe you can and will do so, and lacks the means to circumvent it.
Look beyond your own petty prejudices and you'd see the impossibility of surveillance if everyone was well versed in counter-surveillance. Not all surveillance is morally or ethically wrong - its neccessary to be able to find some criminals.
This is just a way of generating fear and uncertainty in the populous in general
Cobblers. The tinfoil hatters are already afraid and uncertain - there is little, nay, there is nothing, that will change that. Most of the rest of us manage to function just fine.
I care not how the police are able to track criminals, only that they are. Having been a victim of extremely violent crime, finding those people IS a priority for society, and that priority significantly outweights any right to privacy the criminal perceives over the phone they've just stolen.
Are these devices even legal anyway?
For you? No. Possibly not specifically for the police, but I'll bet your life there's an exemption under one of the powers of some of the alphabet soup of TLAs that allows the police to use these in some agency capacity or other.
The cops need to be seen as totally compliant with the law - not seeking to exploit it.
The police have exemptions from so many areas of law it's impossible for a layman to enumerate them. From speeding, to use of force or posession of offensive weaponry, through to powers of arrest and the compusion of information. The reason they have these is that they need to catch criminals - that function of their role overrides many areas of the law as it applies to the public.
In short, your right to privacy when using the phone you just stole from me is trumped all day long by my right to have you caught for the robbery and my phone retrieved. It just is. And that is the crux of the case about which this thread is focussed.
> your right to privacy when using the phone you just stole from me is trumped all day long by my right to have you caught for the robbery and my phone retrieved. It just is.
But this case *isn't* about a phone being stolen, it's about the Police very probably using illegal methods to snoop on phones in the same way that GCHQ and NSA want to snoop on what everyone does online in the hope that, in the massive haystack of data they collect, there may be a needle.
Yes, in certain *specified* situations, the Police have been given exemptions from certain laws, but, for instance, they can only speed when it's an emergency situation and they're using lights and sirens, not any time they just feel like it.
These exemptions, however do not "override" the law, nor do they have the right or the power to decide what the law is or isn't just depending on how inconvenient it may be and I, for one, want it to stay that way because I don't want us to live in a Police State.
"But this case *isn't* about a phone being stolen, it's about the Police very probably using illegal methods to snoop on phones in the same way that GCHQ and NSA want to snoop on what everyone does online in the hope that, in the massive haystack of data they collect, there may be a needle."
But when the needle's made of explodium so it doesn't react to magnets or x-rays, making it indistinguishable from the haystack, how do you find it before it explodes, takes hundreds of people with it, and YOU get the blame for not finding it in time?
the issue is that you not only compromise the privacy of the criminal(which i have no problem with whatsoever), You compromise the privacy of everyone within range. We know that these systems scoop up information of every phone, and not just the one the criminal has in his/her posession. Furthermore what we do not hear about is how many times they go searching for a criminal and find that he/she was smart enough to have disposed of the known phone in favor of a burner. I mean come on even criminals watch TV.
I don't even believe it's a grey area. I seriously doubt the cell companies, who pay billions of dollars for their spectrum, agree to someone manufacturing a device that purposely operates in their spectrum for the purpose of disrupting legitimate customers communications. Every piece of evidence gathered under one of these devices would be tossed out in an instant if they had to operate a device illegally under federal law to obtain it.
The FCC has clear statutes that prohibit the interception or jamming of wireless telephony signals. This is why it is illegal to sell or own cellular jamming equipment in the USA, and why people who were caught snooping on the telephone calls of politicians in the past have been thrown in jail.
Of course, us proles will never enjoy the sort of privacy protections that the parasi...er, politicians enjoy.
Jennifer Joyce is the Circuit Attorney (chief prosecutor) for St Louis. She threatened an ethics complaint against a lawyer who said on Twitter that her office had dropped the charges in this case to protect Stingray information.
How's that working out for you Jen?
Correct. This is called "parallel construction," in order to make it sound more appealing. If found out in court, though, it is still poisoned fruit that will be excluded from trial.
It's just that police have gotten better at hiding those connections, aided by the up-front knowledge that what they're doing is strictly illegal.
They would've got a warrant first, right guys?
This is what I have been wondering about. It ought to be fairly straightforward for the FBI to claim that the details of how the tool works are classified(IANAL) and avoid giving out details that might interfere with catching baddies while at the same time providing the intercepted data. So if operational details are not the issue, what might the problem be?
It ought to be fairly straightforward for the FBI to claim that the details of how the tool works are classified
The tool is a femtocell and a PC which simulates the home network. All femtocell vendors have been shipping such toolkits to law enforcement since before the femtocell as such came to be (in the days when it was just a base-station over IP). I worked in this area and our first paid orders where not from SPs - they were from law enforcement and "you do not need to know this customer" 2-3 years before the first basestation over IP (not even a femtocell yet) trials.
The secret "sauce" is how exactly does it simulate (if at all) the phone network. In order to do it successfully you need have the correct encryption keys for the correct mobile. While in theory it is possible to allow/reject mobiles based on IMSI that does not work very well, so the real secret of Stingray is not the cell part of the technology, it is the "talk to the home network" portion. In order to be as idiot friendly and as prevalent in law enforcement use, it has to be talking back to the mother ship(s). It has to cooperate actively with the home networks including radio management. Otherwise, its deployment will show up as disruption in mobile and people sooner or later will notice.
This is the interesting bit and it will have to be disclosed in court, because it will be a part of the proof that the suspect phone was indeed traced (encryption keys).
"In order to do it successfully you need have the correct encryption keys for the correct mobile. "
Popular folklore is that Stingrays do not present encryption keys - and there are a number of android tools to detect that the mobile network in use is not using crypto and flag up warnings.
My enduring suspicion is that the "secret sauce" and the highly illegal part of Stingrays is the use of forged or stolen crypto certificates belonging to telcos.
The existence and general usage practices of Stingrays is so well known there's no need to have the paranoid levels of secrecy around them.
However if it officially comes out that the the USA security industry has actively backdoored telco wireless security in the USA, the implications would be that ALL telco wireless security is compromised _worldwide_.
It would be "rather interesting" if an interested group manages to lay hands on a unit and reverse engineers it.
Popular folklore is that Stingrays do not present encryption keys - and there are a number of android tools to detect that the mobile network in use is not using crypto and flag up warnings.
This is flagged up on ALL phones on the status bar. It is not an icon you see very often. It used to be visible only in Russia and ex-CIS in the late 90-es and early naughties when they were being sold GSM kit without encryption licenses.
My enduring suspicion is that the "secret sauce" and the highly illegal part of Stingrays is the use of forged or stolen crypto certificates belonging to telcos
Certificates are not in use in GSM and 3G - read the spec. It is not a public key encryption (as most of the Internet). The keys are generated based on the HLR actually knowing your key - it is a form of shared key crypto. So whatever device the cops use if it is to demonstrate encryption has to talk to the home network HLR first.
4G, if memory serves me right, ditches that in favour of public key encryption and the phone now will also identify the basestation (Enode-B).
>So if operational details are not the issue, what might the problem be?
The system may allow them to generate fake calls or a fake handset location on the network.
So if the evidence in a totally unrelated case is that your cell phone was recorded at the scene you might get it thrown out if you can show that the police routinely fake cell phone locations using this piece of kit.
"They would've got a warrant first, right guys?"
USA judges have shown increasing levels of disquiet over the use of Stingrays and in particular the use of misleading language to obtain search warrants which use them.
As a result, many judges have taken to specifically excluding use of Stingray-style technology when issuing warrants and others are demanding greater disclosure of how they work before allowing warrants to be issued.
Both tactics have resulted in a marked reduction in the "free for all" use of Stingrays in areas where judges have adopted this stance - and also a marked increase in "judge shopping" by LEOs in order to find one who is naive enough to issue warrants.
FOIA requests against local police about how the things work have been repeatedly blocked by the _federal_ govt.
Techdirt and others have been covering this for a while:
"We've got this great surveillance technology that's a bit questionable legally, but it sure catches criminals! But occasionally, to protect the questionable legality of our methods we have to release dangerous criminals that we caught!"
Makes perfect sense if you bang your head on your desk a dozen or so times before thinking about this.
I mean seriously IMSI catchers aren't high tech any more. You can use OpenBTS for that. And faking another network essentially means setting your network identifier to the one of that network. Actually as far as I know, when you get an experimental GSM licence (yes you can get that, costs around 200 Euros for the first year, and 20 Euros for every following year) it is not specified what network identifier you have to use.
"I mean seriously IMSI catchers aren't high tech any more. "
They aren't IMSI catchers. They're a way of making a complete endrun around wiretap and pen register laws.
Existing Cellco equipment is more than adequate to gather evidence or locate phones to within 100m or less. Stingrays are being used for surveillance and monitoring purposes, not just to locate IMSIs.
A 100m radius within a city is still a lot of buildings, plus what if the target building is a skyscraper which means the third dimension is involved as well? In this case, the accuracy has to be within 2 meters to nail it down to a specific place on a specific floor. Given that phones don't use tower data for high-accuracy location, I don't think the cell companies can provide information that precise.
Plea bargains are very common in the US, it's how public prosecutors manage to get 1000s of convictions without having to waste time in court.
Plead guilty to possessing this small amount of drugs, otherwise we will claim you are a major dealer and we will arrange for a 25year sentence.
The defendant is guaranteed the right under the Constitution to confront one's accuser, so an "anonymous tip-off" can only be used as secondary evidence. The StingRay evidence in this case was the linchpin of the whole case which meant the defense would be entitled to question the police who used it.
If you are a freedom fighter/terrorist/cultural organisation involved in a civil war against a Nato level military and you don't assume your phone is bugged you are an idiot who deserves everything you get.
If you are a peaceful democratic political party with nearly enough support to get your home rule referendum passed - you should probably also assume the same thing.
ditto for union leaders, journalists, anti-war protestors etc etc
"The suitcase-sized gadgets allow authorities to spoof a mobile base station in order to collect locational information on nearby phones."
Probably not. If location were all that was needed, that's trivially and quickly obtained through an ordinary warrant, direct from the cellular carriers.
The secrecy surrounding stingrays strongly suggests that something far less legal is involved. Possibilities include: insertion of malicious software onto phones; activation of microphones and cameras for additional surveillance; access to local, even air-gapped networks via WiFi; siphoning of the phone's data content, like its contact lists and other databases.
They're sure not using them for the purpose of location detection and monitoring. There's no point at all in keeping such activities a closely guarded secret.
Ars Technica has been following Stringray stories for a while.
This article shows that the FBI are involved in a country-wide plan to hide the capabilities of Stingray. And this article shows that the FBI would rather prosecutions were dropped rather than details of Stingrays be revealed.
To me, there's a lot of effort going into hiding what Stingray can do, which doesn't bode well for what Stringray really can do.
The problem law enforcement are going to start having, is as more questions are asked in court (and cases dropped to avoid answering them) the less the cops are going to be able to use them. Their real problem is when a Stingray is used in a high-profile case: Drop the case and have public condemnation or reveal what Stingray actually does.
"Their real problem is when a Stingray is used in a high-profile case: Drop the case and have public condemnation or reveal what Stingray actually does."
This has come close to occuring already. A cop was threatened with contempt charges by the judge when he refused to disclose how Stingrays work whilst in the witness box after the judge directed him to.
The prosecution dropped the case on the spot, and the judge rescinded the requirement to disclose, however there's no obligation on the judge to do so if (s)he feels it is in the public interest for things to come out in open court.
But was the defendant faced with a mucho-seriouso charge such as attempted murder? That's going to be the acid test. A high-profile case like a rampant murderer will mean lots of attention being placed on the defendant, meaning the police will be under tremendous pressure to nail a conviction: especially if the victims' families have been vocal to the media (especially if it's a hate- or race-motivated crime). It would mean Charybdis has now joined the Scylla of the FBI and the DA may not be able to abide with the direction for fear of a riot (not to mention a possible suit against the state for gross miscarriage of justice).
afaik we couldn't hold the trial in secret over here as the UK FBI equivalent in cases other than spying/terrorism is NOT MI5 and thus unlikely to be able invoke an "in the interests of National Security" clause.
We're not quite that far gone (yet).
Catch 22, evidence gathered via illegal means is invalid.
Gather the *exact same* evidence using a legitimately-obtained-by-court-order wiretap and its "Go directly to Jail, do not pass Go".
Apparently a certain resident of Gitmo has been snarled up by this particular gotcha, the evidence on which he was placed there was obtained by marginally legal means but because there was enough obtained after they got the court order he is still in there.
AC, because just discussing this on a public forum is "giving information to terrorpedials" or whatever the current laughable excuse for a Thoughtcrime is.
(scuttles off to defect to Russia a la Snowden)
Biting the hand that feeds IT © 1998–2020