Here's an article that goes into a lot of the law that is relevant to the investigative techniques mentioned: http://www.michiganlawreview.org/assets/pdfs/107/4/kerr.pdf. Note: the article makes a case in support of the third party doctrine, which justifies many of those investigative techniques, but is very well-researched and presents a pretty balanced view of what the law is in addition to defending that status quo.
Matt Blaze is a really excellent person, and this is a research focus area for him.
For more in the same vein, try "The Eavesdropper's Dilemma" (http://www.crypto.com/papers/internet-tap.pdf). This paper is dear to me for reasons obvious to those who worked with me in the 1990s.
I don't understand. I hold your opinion in high regard, because your views are almost always well-researched and supported; if not with evidence, then usually with experience. For what it's worth, I strive to express my views with the same quality and clarity as your expressions.
So your reply is somewhat disconcerting, because it seems to indicate that you think the claims are bogus. And if you think so, then you have good reason to feel that way, since almost all of your views are, well, reasonable. (An aside: would you please write something articulating your deep hatred for Soylent? It was shocking to discover you felt that way, and that I didn't see anything wrong with Soylent, so I've been silently hoping to someday see a writeup from you in order that I may find reasons to change my own view.)
In short, I accepted long ago that there's roughly zero chance of going through life without unintentionally believing in crazy things. Everyone does, at some point. Therefore the most important thing is to keep my eyes open for evidence of my own crazy beliefs, so that I can constantly reevaluate them.
So your reply seems to be strong evidence that someone I respect thinks I'm being a bit bogus regarding cell phone tracking. If that's the case, then I'd love to hear your thoughts on the subject so that I can revise my own.
Off = powered down = no broadcasting or receiving.
Now, in most devices these days you can't be sure "Off" is actually "Off." I bet many Android phones lie about "turning off" and just go into a low-power-with-quick-reboot sleep mode.
If you successfully redefine Off to be Maybe Off, nobody can argue with you because you changed the terms of reality.
To be clear, the claim is the following: There is reason to believe phones have been remotely hacked by law enforcement using carrier credentials to leave the cellular radio running and registering with the cell network even after the off button has been pushed and the phone appears to be off. Starting point for further reading:http://www.brighthub.com/electronics/gps/articles/51103.aspx
He seems to have a pretty good grasp of reality, and he's more intimately familiar with the electronics than most of us.
I also presented some circumstantial evidence indicating that law enforcement does in fact use this capability in practice, the last time this came up: https://news.ycombinator.com/item?id=6722519
If there's fault with this, then I'd like to understand why.
There is at least fault with presenting all that assertion and speculation as "Law enforcement absolutely has that capability".
The first bit that approaches being evidence is the CNet article linked from the link, and it says
Details of how the Nextel bugs worked are sketchy. Court documents, including an affidavit (p1) and (p2) prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a "listening device placed in the cellular telephone." That phrase could refer to software or hardware.
So the absolute proof is a court document that doesn't provide any details about the mechanism used to compromise a dumb phone in 2003.
The "off != off" is a good point, but that's still redefining Off a bit.
The "capability in practice" you link to is slightly questionable because we have A Dumb Bad Guy claiming they turned their phone off. We don't know the entire story.
Regardless of everything here: you are right that phones are out of our control at this point. If you don't want to be found, don't keep anything capable of emitting RF around you (including, but not limited to: phones, laptops, tablets, anything with RFID/NFC embedded, toll collecting car passes, tires with embedded RF transmitters for authentication or tire pressure checks, bluetooth headsets, bluetooth speakers, wifi/bluetooth digital scales, bluetooth hearing aids, ...).
I don't have an opinion. I haven't researched this topic. I'm just pointing out that Blaze seems skeptical about the idea that phones can be monitored when powered off. Blaze clearly has researched the topic.
I don't have a deep-seated hatred of Soylent, but it is clearly not my favorite YC startup. It's aesthetically incompatible with me, but I think there are valid scientific concerns about the approach as well.
I think Thomas is referring us to the discussion pursuant to that tweet, rather than just the tweet itself. Correct me if I'm wrong :)
That discussion goes into the definitions of "off" as they apply here, and Matt Blaze acknowledges (circuitously) that what we think of as "off" could conceivably leave the radio powered.
My iPad is sitting on the table across the room. Everybody I know, if asked, would say it's off. But it still receives push notifications. Crazy, right?
It may be rooted in reality. Not that they can turn on microphone on any phone, but that they were able to hack someone's phone to download firmware, for example.
Every webcam should have a hardware light that indicates when it is on, as the ones built into Apple laptops do. The light cannot be disabled through software, it's just wired into the power connection to the camera and always comes on when the camera is turned on.
If you pause and think about it, cell phones don't have in-series recording lights on either front or rear or side or underside cameras.
Few people think "cell phone out" = "camera on" unless somebody is holding the phone "as a camera." It's easy to hack how you hold a phone to get around that.
The argument for switching to a soft-phone only on a laptop looks even stronger now compared to the liability of tracking and interception of cell phones. Convenience is the gotcha.
Some don't have a light at all, and as you suggest, some are controlled entirely in software (like the LEDs on the Kinect, for example). How would one go about convincing manufacturers to include mandatory activity indicators in all consumer webcams? Is there a reason why that would be a bad thing?
Rather than a light, every camera should have a lens cover. Some opaque object easy to slide in and out of place. A tiny piece of circular plastic would do. Along with the light which, as you mentioned, should be required to be hard-wired with the camera connection so that the camera cannot work without the light, perhaps the little sliding piece of plastic could work as an on/off switch.
Imagine if every laptop & phone (and now, television) had one of these?
Heck, right now I have countless electronic eyes staring at me ... television, laptop, phones that happen to be in the room. Can I be sure that nobody's watching me remotely? Hell no.
Here's a thought. Remember that whole parallel construction thing everybody was freaking out about?
The NSA passes the FBI a tip. The FBI needs to get this tip admitted into evidence, so they claim they overheard it on the phone. One snag: the target's cell phone was turned off when the conversation took place. Solution: a magic bug that can listen even when it's turned off.
It seems to be a fact, but have a little imagination. Your phone is leaking lots of data, data that is so useful to investigators that they'd prefer not to listen to you because they'd have to assign someone to interpret what was meant minute by minute.
Just to put it to rest: This whole theatre in movies where you have to stay on the line sufficiently long enough to be able to trace their location is bull?
'Cellular phones work by periodically scanning for and "registering" with the nearest base station (generally the one with the strongest radio signal).'
This is not true. A handset registers when it enters a new zone. A city is typically broken down into several zones. The handset does not register itself with every new cellsite ("tower") it encounters. If one's phone stays in the same area, it will never transmit while idle. This is the basis for its long battery life.
There was a DEFCON talk two years ago in which the presenter assembled large antennas and ran open-source software that allowed him to mimic a base station. Everyone who was using phones on a specific network (I don't remember which -- I want to say AT&T) connected to his base station within a few minutes, and he proved the concept by hijacking outgoing calls.
>If one's phone stays in the same area, it will never transmit while idle.
Maybe phones used to do this, but nowadays I'm not so sure.
CDMA also has optional timer-based registration, with intervals between ~12 sec and ~55 hours (depending on what the base station wants; search 3gpp2 C.S0005 for REG_PRD for the gory details), or the base station can send a Registration Request Order message (which does what you might expect) to the phone of interest.
I'm not sure that's true for dense urban zones like NYC. I'm pretty sure my phone registers with many different towers frequently.
There's a tower on almost every other building in New York, and sometimes even within buildings and underground.
Considering that smart phones are particularly promiscuous, especially in the presence of poorly conceived and opportunistic apps (downloaded by my rotten teenage kids), my phone is probably a shining beacon of electromagnetic activity, constantly transmitting high-score updates, and my entire contact list and GPS coordinates to web servers hosting silly JSON APIs.
Am I missing something, or where is the http://www.trueposition.com tech included in this link? At least for the gsm networks, they can generally locate you with cross tower triangulation within 60 meters or so, far more accurate than just the nearest tower. Useful for e911 without GPS working. I'm not sure if they have any non gsm customers.
Before GPS hardware was commonly available in phones, some CDMA carriers offered phone-based navigation services that relied on tower triangulation. Thus, it's highly likely that triangulated location data was available to emergency services and law enforcement from CDMA networks as well.
Imagine if you had data on all cell phones, including location at time of call - wouldn't it be remarkably easy to match a disposable phone with it's predecessors based on when and where it was used, and who it was used to contact? For how, see this article: http://justsecurity.org/2013/10/11/nsa-call-records-database...
> The [Hemisphere project] slides emphasize the program’s value in tracing suspects who use replacement phones, sometimes called “burner” phones, who switch phone numbers or who are otherwise difficult to locate or identify.
Here's an article that goes into a lot of the law that is relevant to the investigative techniques mentioned: http://www.michiganlawreview.org/assets/pdfs/107/4/kerr.pdf. Note: the article makes a case in support of the third party doctrine, which justifies many of those investigative techniques, but is very well-researched and presents a pretty balanced view of what the law is in addition to defending that status quo.