"He reasoned that the government had to have a gadget that masqueraded as a cell tower, tricking his AirCard into handing over its IMSI, which was then matched up to the IMSI connected to all his online phony tax filings. It was all inference, at first, but if it was true, that would be enough for him to make the case that what was done to his AirCard was an illegal search."
I'll bet all my money he'd have been called a crazy conspiracy theorist before Snowden, etc.
Drives me nuts. When the government starts embodying the worst of conspiracy theories, I become a lot less comfortable dismissing conspiracy theories.
I'm not sure an IMSI catcher would be needed. Cellphone companies CAN triangulate his location for E911 purposes with reasonable accuracy. All LEO would need is to put the apartment block under surveillance for a few days and figure out which resident is home when the laptop connects to the network. This is even easier if he moved around with his laptop.
Yes. You would need a warrant for that. I meant in this case they could have easily obtained one. The had the IP, which is how they got IMSI.
I imagine you'd use Stingrays when you want to cast a broad net, i.e. who are the persons who are within X distance of the tracker and were also around at a previous location.
So I can't imagine why they would have wanted to use the Stingray here.
You only need the warrant if you want to use the information you obtained in court. If you just want to figure out how to nail somebody... which is often the hardest part... you just quietly listen in and figure out what things you should be getting warrants for.
>You only need the warrant if you want to use the information you obtained in court. If you just want to figure out how to nail somebody... which is often the hardest part... you just quietly listen in and figure out what things you should be getting warrants for.
That still sounds illegal. "Fruit of a poisonous tree" and all that:
Fruit of the poisonous tree is a legal metaphor in the United States used to describe evidence that is obtained illegally. The logic of the terminology is that if the source (the "tree") of the evidence or evidence itself is tainted, then anything gained (the "fruit") from it is tainted as well.
Yes, and this has been side stepped around for decades.
You find another way of entering evidence that doesn't mention any illegal surveillance. Since you've been watching, you know where it is. Construct a situation in which it is found legally.
See the Snowden revelations and what the DEA has to say about how it does investigations.
Surveillance doesn't necessarily require a warrant, if it's something like watching who's coming and going from a public vantage point. Wiretapping, reading mail, other eavesdropping would.
> Soghoian isn’t optimistic. “The FCC is sort of caught between a rock and a hard place,” he says. “They don’t want to do anything to stop the devices that law enforcement is using from working. But if the law enforcement devices work, the criminals’ devices work, too.”
It's telling that law enforcement priorities work out this way. They're not terribly concerned about what hijinks highly-educated hackers get up to or the occasional tech-savvy stalker, they would much rather be able to nab the untrained- the working-class dropouts who own a cellphone but don't know how it works- as quickly and efficiently as possible. Nevermind that the average citizen is much more concerned about identity theft than someone smoking weed on a street corner.
What are the incentives for law enforcement? How are they 'graded' at the end of the year? What do they need to do to keep their jobs?
They have to catch criminals. You can pick apart what each of the words in that sentence means, but that's the deal. If those are all low key guys, like the know-nothing drug dealing kid in your 8th grade English class, so be it. They are paid all the same, it's all about the number going up every year.
> It's telling that law enforcement priorities work out this way. They're not terribly concerned about what hijinks highly-educated hackers get up to or the occasional tech-savvy stalker, they would much rather be able to nab the untrained- the working-class dropouts who own a cellphone but don't know how it works- as quickly and efficiently as possible. Nevermind that the average citizen is much more concerned about identity theft than someone smoking weed on a street corner.
Yeah, law enforcement is graded on quantity rather than quality baring a truly unusual situation. This leads to them having a preference to permitting broken systems abused by criminals to remain in place so they can catch the uneducated and the uninformed.
It is sadly the same trick they use with child porn. They'd rather distribute it and catch low hanging fruit than shut it down to do more legwork.
> Participating in the distribution of child pornography is a federal crime. But that’s exactly what the F.B.I. did in this case. In order to identify more than 1,000 people suspected of trading in child pornography, the F.B.I. operated a child pornography website for nearly two weeks. During that period, more than 23,000 images of child pornography were available for viewing, downloading and endless reproduction in ways completely beyond the F.B.I.’s control. In short: The government has criminalized an activity and acted to further the commission of just that crime.
> If the government is going to break the law in order to enforce it, it must justify how any resulting benefits outweigh any harms. When the government participates in the distribution of contraband, it has little control over who will use those illegal guns, drugs or child pornography, and little ability to protect victims from these harms.
They aren't interested in the ethics of it. They just want to increase their numbers.
If people were openly doing drugs on the streets of my parents' stuffy suburb, the homeowners association would have a conniption. Way bigger deal than identity theft.
I've been personally involved in a 5-car 8 man police search of my vehicle where the initial officer illegally searched my car and found some cocaine residue on a mirror under the passenger seat.
You would have thought I just robbed a bank at gunpoint or something.
Aside from the ability to pinpoint a location, this just returns us to where we were in the 80s.
Any fool with a scanner could listen in on police, fire, the neigbour's cellphone before GSM, their wireless landline phone, and any number of other things. Almost no one cared. Anyone who did was a tinfoil wearing nutcase.
So whilst I can hope, I doubt much will change. Not enough for things like Signal to become mainstream, or for there to be general pushback against privacy invasion. Now if a few politicians get outed in the inconsistency of their public/private beliefs or an affair or three, perhaps. Though they will probably demand a new phone network for public figures only, with secure encryption and vast cost. :)
The difference is that you had to have a human physically listening in. Now with the right access, a half-dozen people, and a few thousand dollars, an entire small town could be surveiled.
The fact that it's always been possible doesn't change the fact that it's only recently become practical.
This is really interesting. I know the old "Attacks always get better; they never get worse." but I've never thought about "Tools and technology always get cheaper and easier to use" before as it applies to security.
As Dan Geer warned[1], technology changed the balance of powers when
the cost tends towards zero:
The central dynamic internal to government is, and always
has been, that the only way for either the Executive or the Legislature
to control the many sub-units of government is by way of how much
money they can hand out.
...
Suppose, however, that surveillance becomes too cheap to meter,
that is to say too cheap to limit through budgetary processes. Does
that lessen the power of the Legislature more, or the power of the
Executive more? I think that ever-cheaper surveillance substantially
changes the balance of power in favor of the Executive and away
from the Legislature. While President Obama was referring to
something else when he said "I've Got A Pen And I've Got A Phone,"
he was speaking to exactly this idea -- things that need no
appropriations are outside the system of checks and balances.
The "power of the purse" doesn't mean much when technology drives prices towards zero.
While a bit banal in this regard, it bring to mind the notion i have had that copyright was not strongly enforced previously in part because it would necessitate a cop in every home.
Now however there is at least one cop in every home, or at the very least a snitch. This thanks to internet connected computing devices.
There was a thread around here a few days ago about armed micro drones. What happens when you can build an autonomous assassination device and launch it from a mile away for under a thousand dollars? Soon politicians may be unable to ever appear in public or travel outdoors without their own "drone fog."
Privacy is dead also cuts both ways. Say goodbye to undercover policing.
The other interesting technology vector related to security is cost of storage. I ran some numbers on storing 100 bytes of location metadata per minute per person. Assuming 85% compression and using current S3 storage costs of $0.03 GB per month it costs about $0.03 to store ten years worth of personal location data.
Extrapolating out to a population of 300M that gives you a yearly cost of about $8.5M, which appears to be the same cost as building 2.5 miles of freeway in California.
Basically there's no longer an economic barrier to storing almost unlimited amounts of metadata for individuals. The fact is we just don't generate that much. And the costs will only decline over time.
(Would love it if somebody could run the same numbers and see if the result is replicated.)
Note that S3 is extremely expensive. Pure storage media cost with hard disks is around 0.001 USD per GB-month unreplicated--and replication might not necessarily be a priority, depending on the goals one has with that data collection.
Also, that would give you about 1 m precision at one second intervals, which might be excessive (or not).
Really, there is no longer an economic barrier to storing "real" (as in "non-meta") data. 24/7 audio recording in telephone quality with ten year retention would cost about 4 USD/year in pure storage cost at current prices per person. Or in other words: storing all phone calls forever doesn't really cost anything. Actually, it's so cheap one can expect that the NSA is already doing it.
I wonder how the various "powers-that-be", from politicians to lobbyist to bureaucrats to federal agents, don't see that within a decade they will be as vulnerable. Anyone who wants to know everything they do will be able to cyberstalk them with utter effectiveness. Including reporters and dangerous nutjobs with guns. The Secret Service can't protect them all.
I'll bet all my money he'd have been called a crazy conspiracy theorist before Snowden, etc.
Drives me nuts. When the government starts embodying the worst of conspiracy theories, I become a lot less comfortable dismissing conspiracy theories.