[Infowarrior] - Feds can lojack mobiles without telco help

[Richard Forno]

FOIA docs show feds can lojack mobiles without telco help

By Julian Sanchez | Published: November 16, 2008 - 10:45PM CT

http://arstechnica.com/news.ars/post/20081116-foia-docs-show-feds-can-lojack-mobiles-without-telco-help.html

Courts in recent years have been raising the evidentiary bar law  
enforcement agents must meet in order to obtain historical cell phone  
records that reveal information about a target's location. But  
documents obtained by civil liberties groups under a Freedom of  
Information Act request suggest that "triggerfish" technology can be  
used to pinpoint cell phones without involving cell phone providers at  
all.

Triggerfish, also known as cell-site simulators or digital analyzers,  
are nothing new: the technology was used in the 1990s to hunt down  
renowned hacker Kevin Mitnick. By posing as a cell tower, triggerfish  
trick nearby cell phones into transmitting their serial numbers, phone  
numbers, and other data to law enforcement. Most previous descriptions  
of the technology, however, suggested that because of range  
limitations, triggerfish were only useful for zeroing in on a phone's  
precise location once cooperative cell providers had given a general  
location.

This summer, however, the American Civil Liberties Union and  
Electronic Frontier Foundation sued the Justice Department, seeking  
documents related to the FBI's cell-phone tracking practices. Since  
August, they've received a stream of documents—the most recent batch  
on November 6—that were posted on the Internet last week. In a post on  
the progressive blog Daily Kos, ACLU spokesperson Rachel Myers drew  
attention to language in several of those documents implying that  
triggerfish have broader application than previously believed.

As one of the documents intended to provide guidance for DOJ employees  
explains, triggerfish can be deployed "without the user knowing about  
it, and without involving the cell phone provider." That may be  
significant because the legal rulings requiring law enforcement to  
meet a high "probable cause" standard before acquiring cell location  
records have, thus far, pertained to requests for information from  
providers, pursuant to statutes such as the Communications Assistance  
for Law Enforcement Act (CALEA) and the Stored Communications Act.

The Justice Department's electronic surveillance manual explicitly  
suggests that triggerfish may be used to avoid restrictions in  
statutes like CALEA that bar the use of pen register or trap-and-trace  
devices—which allow tracking of incoming and outgoing calls from a  
phone subject to much less stringent evidentiary standards—to gather  
location data. "By its very terms," according to the manual, "this  
prohibition applies only to information collected by a provider and  
not to information collected directly by law enforcement  
authorities.Thus, CALEA does not bar the use of pen/trap orders to  
authorize the use of cell phone tracking devices used to locate  
targeted cell phones."

Perhaps surprisingly, it's only with the passage of the USA PATRIOT  
Act in 2001 that the government has needed any kind of court order to  
use triggerfish. While previously, the statutory language governing  
pen register or trap-and-trace orders did not appear to cover location  
tracking technology. Under the updated definition, these explicitly  
include any "device or process which records or decodes dialing,  
routing, addressing, and signaling information."