[Infowarrior] - Feds can lojack mobiles without telco help
Richard Forno
rforno at infowarrior.org
Tue Nov 18 01:13:02 UTC 2008
FOIA docs show feds can lojack mobiles without telco help
By Julian Sanchez | Published: November 16, 2008 - 10:45PM CT
http://arstechnica.com/news.ars/post/20081116-foia-docs-show-feds-can-lojack-mobiles-without-telco-help.html
Courts in recent years have been raising the evidentiary bar law
enforcement agents must meet in order to obtain historical cell phone
records that reveal information about a target's location. But
documents obtained by civil liberties groups under a Freedom of
Information Act request suggest that "triggerfish" technology can be
used to pinpoint cell phones without involving cell phone providers at
all.
Triggerfish, also known as cell-site simulators or digital analyzers,
are nothing new: the technology was used in the 1990s to hunt down
renowned hacker Kevin Mitnick. By posing as a cell tower, triggerfish
trick nearby cell phones into transmitting their serial numbers, phone
numbers, and other data to law enforcement. Most previous descriptions
of the technology, however, suggested that because of range
limitations, triggerfish were only useful for zeroing in on a phone's
precise location once cooperative cell providers had given a general
location.
This summer, however, the American Civil Liberties Union and
Electronic Frontier Foundation sued the Justice Department, seeking
documents related to the FBI's cell-phone tracking practices. Since
August, they've received a stream of documents—the most recent batch
on November 6—that were posted on the Internet last week. In a post on
the progressive blog Daily Kos, ACLU spokesperson Rachel Myers drew
attention to language in several of those documents implying that
triggerfish have broader application than previously believed.
As one of the documents intended to provide guidance for DOJ employees
explains, triggerfish can be deployed "without the user knowing about
it, and without involving the cell phone provider." That may be
significant because the legal rulings requiring law enforcement to
meet a high "probable cause" standard before acquiring cell location
records have, thus far, pertained to requests for information from
providers, pursuant to statutes such as the Communications Assistance
for Law Enforcement Act (CALEA) and the Stored Communications Act.
The Justice Department's electronic surveillance manual explicitly
suggests that triggerfish may be used to avoid restrictions in
statutes like CALEA that bar the use of pen register or trap-and-trace
devices—which allow tracking of incoming and outgoing calls from a
phone subject to much less stringent evidentiary standards—to gather
location data. "By its very terms," according to the manual, "this
prohibition applies only to information collected by a provider and
not to information collected directly by law enforcement
authorities.Thus, CALEA does not bar the use of pen/trap orders to
authorize the use of cell phone tracking devices used to locate
targeted cell phones."
Perhaps surprisingly, it's only with the passage of the USA PATRIOT
Act in 2001 that the government has needed any kind of court order to
use triggerfish. While previously, the statutory language governing
pen register or trap-and-trace orders did not appear to cover location
tracking technology. Under the updated definition, these explicitly
include any "device or process which records or decodes dialing,
routing, addressing, and signaling information."
More information about the Infowarrior
mailing list