8 Million Reasons for Real Surveillance Oversight.
December 3, 2009 8:17 AM   Subscribe

8 Million Reasons for Real Surveillance Oversight. "Sprint Nextel provided law enforcement agencies with its customers' (GPS) location information over 8 million times between September 2008 and October 2009. This massive disclosure of sensitive customer information was made possible due to the roll-out by Sprint of a new, special web portal for law enforcement officers."
posted by chunking express (38 comments total) 13 users marked this as a favorite
 
I already assumed this. This is why I take the battery out of my cell phone when I meet with the international council of anarchists.

Seriously.

They can also use the phone's mic to surreptitiously monitor what's happening around the phone.
posted by fuq at 8:27 AM on December 3, 2009 [1 favorite]


Thanks for linking to my research.

The Electronic Frontier Foundation has also done a good writeup of some of the more weedy legal issues involved.
posted by genome4hire at 8:30 AM on December 3, 2009 [8 favorites]


Quick, I need a thousand pre-paid phones, a thousand mp3 players loaded with the spoken word rendition of the Echelon keyword list and a thousand weather balloons.
posted by loquacious at 8:32 AM on December 3, 2009 [9 favorites]


FFS, America.
posted by DU at 8:34 AM on December 3, 2009


This should require a court order. Especially the mic thing. If they get the court order, fine. But not without a court order.
posted by Ironmouth at 8:37 AM on December 3, 2009


For anyone who doesn't want to be broadcasting their location to their wireless carrier all the time, most phones have an option to turn the GPS to "911 only." That will make sure that the GPS functionality is only turned on when 911 is dialed, and stays off the rest of the time. That is also the default setting for most products as far as I know, so I'm not sure how many of these 8 million requests for GPS locations actually came back with useful results.
posted by burnmp3s at 8:42 AM on December 3, 2009


The associated research is far more interesting than just the tidbit of 8 million GPS pings. This is excellent work, genome4hire, and I hope that your research gains more traction in the media.

They're profiting from breaking the law and being paid by our tax dollars.
posted by Revvy at 8:54 AM on December 3, 2009


Most cell phones can be used as covert listening devices. You turn off the ringer and set it to auto-answer. Then you can call the phone and eavesdrop on whoever is nearby. I believe this idea morphed into the urban myth of government agents eavesdropping on you through your phone, even when not on a call.

(At least I think it's just a myth. I guess I wouldn't be too surprised at this point.)
posted by ryanrs at 8:56 AM on December 3, 2009


I assume the other providers offer a similar interface to law enforcement?
posted by These Premises Are Alarmed at 8:59 AM on December 3, 2009


If you were dedicated, you could create a cell phone co-op where you and a bunch of friends grab a different phone from a bucket of pre-paids every day, and just forward your google voice number to that phone on a daily basis. I'm sure google would give up the forwarding tables to law enforcement also, but it might be less real-time.
posted by These Premises Are Alarmed at 9:02 AM on December 3, 2009


If you are under surveillance and "they" eavesdrop you by turning on your microphone, even though your phone is turned off (which I still don't believe) for hours on end - who pays the cellular airtime?
posted by jeffmik at 9:02 AM on December 3, 2009 [1 favorite]


They can also use the phone's mic to surreptitiously monitor what's happening around the phone.

I'm not without a paranoid streak, but this is not happening...yet.


Um... actually, it's been happening for years.
posted by hippybear at 9:04 AM on December 3, 2009 [8 favorites]


Weird. I contacted Sprint moments after my daughter was robbed at gunpoint and three different tiers of people refused to help me or the officer on the line locate her phone at all. They said it was a policy. However, if I had been paying for their parental stalking plan, I could have located it online myself.
posted by simbiotic at 9:08 AM on December 3, 2009 [1 favorite]


I'm not without a paranoid streak, but this is not happening...yet.

What a bullshit statement. Totally unfounded. I logged in just to post what hippybear posted. How would you even claim to know what they aren't doing? Stop spreading misinformation.
posted by fake at 9:09 AM on December 3, 2009 [5 favorites]


This is why when I'm not using my cell phone I play it an endless mashup of FOX news, Jonas Brothers, and Sarah Palin speeches at top volume, all in a special wheeled box, and pay a small dog to drag it around and around the nearby Donut Hut.
posted by chronkite at 9:24 AM on December 3, 2009 [4 favorites]


I'm not without a paranoid streak, but this is not happening...yet.

I have worked on contracts for commerical enterprises that have been doing this to understand the market penetration of audio from tv and radio advertising. At the time (4 years ago) the battery life of a phone constantly transmitting was the big hurdle.

Make sure to always read your user agreement for your cell phone. This company's plans was to hide this activity in the EULA, and give the user no idea from the hardware that this was happening.
posted by YoBananaBoy at 9:25 AM on December 3, 2009 [3 favorites]


Have any of your more classic conspiracy theories/delusional systems not been substantiated at this point? There's, what, lizard people and chemtrails and that's about it. I remember whan M-x spook was a joke.
posted by enn at 9:33 AM on December 3, 2009


We'll protect our freedoms from those who would take them from us, by destroying them first! You can't take what we don't have!
posted by yeloson at 9:39 AM on December 3, 2009


I think I'm paraphrasing William Gibson here; once the infrastructure is in place, the laws can be changed overnight.

Back in 2000 I had an odd experience with a Nextel phone provided by my employer. The phone would ring showing no number and when I answered it there was what amounted to an open mic on what I eventually learned was a co-workers identical work phone. I learned of the phone's owner simply by evesdropping on the conversation and recognizing voices from the room. The behavior continued for like nearly a week. I eventually contacted the co-worker and they assured me that they weren't dialing me and that the phone wasn't getting accidentally bumped or something to trigger dialing me. When I repeated back parts of their conversation that happened in a separate building they were shocked. Nextel customer service either didn't know how to investigate this or didn't believe me. I never did get an explanation from them. Even if this was just some kind of bug in the system it immediately demonstrated to me that the capability for this kind of surveillance was there and somebody would be using it eventually.

I would imagine that criminals have already figured out how to exploit some of these methods. It's not just law enforcement that will have exclusive access to the surveillance capabilities of modern phones.
posted by well_balanced at 10:42 AM on December 3, 2009


Just never say anything worth listening to. Simple!
posted by chavenet at 10:55 AM on December 3, 2009 [1 favorite]


This is why I take the battery out of my cell phone when I meet with the international council of anarchists.

You're Wednesday, right? I'm Thursday... wait, are we all spies here?
posted by GuyZero at 10:57 AM on December 3, 2009 [3 favorites]


Back in 2000 I had an odd experience with a Nextel phone provided by my employer.

It wasn't the walkie-talkie "Push-to-talk" (PTT) functionality of Nextel? That's one of their differentiation points.
posted by GuyZero at 10:59 AM on December 3, 2009


UPDATE 12/3/2009 @ 12:20PM: I received a phone call from an executive at TeleStrategies, the firm who organized the ISS World conference. He claimed that my recordings violated copyright law, and asked that I remove the mp3 recordings of the two panel sessions, as well as the YouTube/Vimeo/Ikbis versions I had embedded onto this blog. While I believe that my recording and posting of the audio was lawful, as a good faith gesture, I have taken down the mp3s and the .zip file from my web hosting account, and removed the files from Vimeo/YouTube/Ikbis.

Oops...looks like a little too much MeFi exposure forced him to take down some good content.

Bummer.
posted by VicNebulous at 11:26 AM on December 3, 2009


"Our pricing schedules reveal (for just two examples) that upon the lawful request of law enforcement we are able to [redacted by USMS]. In cooperation with law enforcement, we do not release that information to the general public out of concern that a criminal may become aware of our capabilities, see a change in his service, correctly assume that the change was made at the lawful request of law enforcement and alter his behavior to thwart a law enforcement investigation."

Got that? If you're under investigation, you're already a criminal.
posted by LordSludge at 11:28 AM on December 3, 2009 [4 favorites]


Burhanistan, my reaction was intense because I have spent many years being poo-poohed as "paranoid" with similar factual-sounding but unfounded statements when in fact, such abuses were happening at unprecedented scales. Pushes my buttons. Sorry.

YoBananaBoy's comments prove we have more to worry about than just an out-of-control government. What blows my miind is the price that we pay, as consumers, to fund these network capabilities. Much of this must be funded from that two-year contract.

It strikes me that it would be simple to make a small switch that electrically disconnects the microphone, leaving the rest of the phone active for call reception and... surreptitious GPS tracking. I think I'll mod my N900 in this manner when I receive it.
posted by fake at 11:59 AM on December 3, 2009


Regarding the covert-listening thing, what I have heard (from sources I consider mostly reliable but not without all doubt) is that it's done via an OTA firmware push, or by physically gaining access to the phone and inserting a hacked firmware onto it. It only works on certain phones, it's expensive, and probably not that widely used. (If indeed it has ever been used at all, as opposed to more conventional "wires" disguised as cellphones or pagers.) You'd be able to detect it fairly easily too, bec
ause the battery life would sudddenly go to hell.
posted by Kadin2048 at 12:00 PM on December 3, 2009


He claimed that my recordings violated copyright law

Ahhh, the DMCA: nothing like a questionable copyright claim to get embarrassing material removed (at least from US ISPs). Scroll down through the comments--the files are already available elsewhere.
posted by fogovonslack at 12:04 PM on December 3, 2009


It wasn't the walkie-talkie "Push-to-talk" (PTT) functionality of Nextel?

It was but PTT caused like a squawk tone for the receiver whereas I would get a ring like an incoming call. At one point I called my co-worker on a landline whilst the mic was open. They assured me the phone was sitting on the desk and they hadn't touched it. Unless they were messing w/ me they seemed genuinely baffled as to how the phone was active.
posted by well_balanced at 12:47 PM on December 3, 2009


Is the only way around this taking out the battery?

Having a very basic cell phone in which you know there is absolutely NO GPS capability (including functionality which may be hidden to the consumer) is another way around this. Even then, you're possibly going to be tracked by cell triangulation.

The best way around this is to not carry a cell phone at all.
posted by hippybear at 2:20 PM on December 3, 2009


I actually saw this linked somewhere the other day. Oh it was mentioned on Bruce Schneier's blog.

I also came across this lately, about yahoo:
Yahoo writes in its 12-page objection letter (.pdf), that if its pricing information were disclosed to Soghoian, he would use it “to ’shame’ Yahoo! and other companies — and to ’shock’ their customers.”

“Therefore, release of Yahoo!’s information is reasonably likely to lead to impairment of its reputation for protection of user privacy and security, which is a competitive disadvantage for technology companies,” the company writes.
We can't tell you, because if we did, you wouldn't trust us.
posted by delmoi at 2:31 PM on December 3, 2009 [1 favorite]


(oh the FOIA request to yahoo was issued by the same guy, Christopher Soghoian)
posted by delmoi at 2:33 PM on December 3, 2009


I knew about the case where the phones were used to nail the guys in the Genovese family, suspected that the capability 'might' be there and it was, just wasn't made public until that trial came up, who knows how many times it's been used prior and/or since. I'm not techie at all, leave that to you guys that know how this could be done; clearly it can be done.

It's like the deal with inkjet printers -- no one knew that there was a code in yellow ink put onto every sheet of paper printed out until it came out in a court case, I think a mass murderer. I mean, yeah, great, there's a good use of it, for sure. But who knows how many times it's been used prior, and/or since.

Call me a tin-foil hat if you want -- though you certainly wouldn't do that F2F, so easy to hide behind a screen and a keyboard -- but since the Bush Cheney administration I do not have any trust in any branch of our government at all.

The long nose of the law...
posted by dancestoblue at 3:52 PM on December 3, 2009


Great stuff... Some days I think I'm too paranoid, but then realize I'm actually pretty well calibrated to the times.
posted by kaibutsu at 6:40 PM on December 3, 2009 [1 favorite]


If you check out the comments on the main article, someone has posted a mirror of the mp3's. I recommend extracting key bits and then using the excerpts in a humorous mash-up with a Beatles song (say, Revolution #9?), thus virally informing the public and establishing fair-use all in one blow.
posted by kaibutsu at 6:50 PM on December 3, 2009


See also: the stuff we (US tech companies) are selling to other countries for tapping.
posted by bhance at 8:55 PM on December 3, 2009


What the what? This was my 200th post on MetaFilter. Well, assuming you ignore all the ones that got deleted. They will be missed.
posted by chunking express at 12:47 PM on December 4, 2009 [1 favorite]


If anyone's still following this, TPM had a blurb about it today.
posted by gimonca at 3:21 PM on December 7, 2009


>: This is why I take the battery out of my cell phone when I meet with the international council of anarchists.

I did that when I went to an anarchist meetup, but I'm pretty sure there were various moles there already, particularly the one kid nobody knew who showed up wearing a brand-new black sweatshirt, black carhartts, and boots.
Always look at the shoes.
posted by dunkadunc at 9:02 PM on December 28, 2009


« Older Great Lakes to be filter-fed to carp   |   Upload this to your alien spacecraft. Newer »


This thread has been archived and is closed to new comments