Police using StingRay to collect cellphone data and location

Discuss various technical topics not related to Mozilla.
Post Reply
User avatar
Gingerbread Man
Posts: 7735
Joined: January 30th, 2007, 10:55 am

Police using StingRay to collect cellphone data and location

Post by Gingerbread Man »

Does cellphone-sweeping "StingRay" technology go too far? | CBS News
November 27, 2017

NEW YORK — New York City, Los Angeles, Chicago and Las Vegas are among scores of police departments across the country quietly using a highly secretive technology developed for the military that can track the whereabouts of suspects by using the signals constantly emitted by their cellphones.

Civil liberties and privacy groups are increasingly raising objections to the suitcase-sized devices known as StingRays or cell site simulators that can sweep up cellphone data from an entire neighborhood by mimicking cell towers. Police can determine the location of a phone without the user even making a call or sending a text message. Some versions of the technology can even intercept texts and calls, or pull information stored on the phones.

Part of the problem, privacy experts say, is the devices can also collect data from anyone within a small radius of the person being tracked. And law enforcement goes to great lengths to conceal usage, in some cases, offering plea deals rather than divulging details on the StingRay.

[…]
User avatar
Grumpus
Posts: 13239
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Re: Police using StingRay to collect cellphone data and loca

Post by Grumpus »

There's a couple of more issues with Stingray setups - One is they can glom onto any wireless device, routers, portable Mifi, dongles, etc. and attempt a redirect to the tower being used. The towers they try to switch to can be identified and the IPs which become evident during an attempt (if you are monitoring your IP traffic) can be blocked. In some cases the attempt may trigger an ISP's admin screen, best to record the IP which attempts the reroute and block it with a firewall if you aren't a drug dealer or other ne'er-do-well. It will be different than the IPs which are normally used for your ISP connection and system.
Lastly, for some reason and don't ask me how, if they are targeting an area the habeus grabbus signal will interfere with some channels of standard over the air broadcast television which is one of the reasons the FCC won't deal with the interferences. If there is an area under surveillance there's an underlying data transmission signal which can be heard when the sound of the television is muted. Some of this was originally thought to be wireless security systems, IoT and aircraft beacons but it's none of those.
It's kind of promiscuous and really sloppy and in my opinion is a direct violation of Miranda and subject to a great deal of abuse.
Worst of this is the technology is in the wild so anyone, terrorists, gangsters or anyone with the technical ability can utilize it.
Doesn't matter what you say, it's wrong for a toaster to walk around the house and talk to you
User avatar
Omega X
Posts: 8225
Joined: October 18th, 2007, 2:38 pm
Location: A Parallel Dimension...

Re: Police using StingRay to collect cellphone data and loca

Post by Omega X »

The silver lining is that judges are increasingly throwing out that scraped data in court as evidence because the company that makes them want to keep how it works secret as long as possible.
User avatar
Reflective
Posts: 2283
Joined: February 15th, 2007, 11:13 am

Re: Police using StingRay to collect cellphone data and loca

Post by Reflective »

You think that's bad. On this side of the Pond Mozilla wants to distrust certificates issued by the Dutch State due to a dragnet surveilance law due to take effect on January 1, 2018.

Part of the new powers the police will have will be to infect users devices with spyware in order to gather intelligence on their online behaviour. The problem here is that innocent users may be targeted if they communicate with someone under surveillance. Their friends then become targets as well.

Opponents of the Act have won the right to hold a referendum on the subject and that will take place on March 21 next year, but it won't be binding and the Dutch government can choose to ignore it. But we'll have to wait and see what happens I guess.
User avatar
Grumpus
Posts: 13239
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Re: Police using StingRay to collect cellphone data and loca

Post by Grumpus »

First thought on this is will they be doing this to anyone who connects to a Dutch site/page?
Even if you distrust the certificates is their anything showing how they are accessing since certificates can be disguised and compromised.
, , , or how users from another country can protect themselves from the infection or access?
Or do they actually think they have the authority and right to perform such actions outside of becoming labeled a despised police state like all the other countries who engage in these types of shennaighans?
Doesn't matter what you say, it's wrong for a toaster to walk around the house and talk to you
Post Reply