For those interested in the current state of position escrow technology (AKA FCC mandated E-911 emergency call location reporting), the April 1998 Issue of IEEE Communications Magazine is a special issue devoted to the subject of locating cellphones and other personal wireless devices that radiate rf. This technology, quietly ordered by the FCC, will measure the location of a caller accurate to within 125 meters at least 67% of the time. And the industry seems to be moving toward DTOA and other passive triangulation techniques rather than making cell phones simply contain a GPS receiver. This of course means that the network will be able to locate a cellphone whenever it radiates anything at all, rather than asking it for its position only under certain emergency circumstances such as an E-911 call. And all cell and PCS phones and some pagers can be interrogated by the network and commanded to silently respond with a registration message without user intervention or knowlage as part of the mechanism by which the cell system locates the correct cell site to put an incoming call for the phone on. Thus passive tracking of the location of any cellphone that is turned on with 125 meter accuracy will become a feature of most cell and PCS networks, a feature presumably subject to at least some law enforcement access via the CALEA mechanisms. And given that the cell and PCS systems will be capable of such tracking, is there any reason to believe that law enforcement and other more shadowy groups won't find the necessary "terrorist, drug dealer, etc" crisis to gain secret access to this capability ? -- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Dave Emery, at Die!Die!Die!@die!die!die!.cum, wrote:
For those interested in the current state of position escrow technology (AKA FCC mandated E-911 emergency call location reporting), the April 1998 Issue of IEEE Communications Magazine is a special issue devoted to the subject of locating cellphones and other personal wireless devices that radiate rf.
This of course means that the network will be able to locate a cellphone whenever it radiates anything at all, rather than asking it for its position only under certain emergency circumstances such as an E-911 call.
Does this mean that if a woman calls me in response to an ad I place in a 'Personals' column, that I can track her down and rape and murder her, even though she is using a mobile cellular phone for her own protection? Being a violent sexual pervert with a long history of sexual predetation I can certaily vouch for the fact that having a hard-on with no victim in sight is an emergency, regardless of whether or not THOSE CHEAP WHORES ARE TRYING TO HIDE BEHIND THE PHYSICAL ANONYMITY OF A CELLULAR PHONE!!!!!!!!!!!! Thank Dog that those in charge of monitoring the F(ucking) C(ock-teasing) C(unts) using cellular phones are finally providing myself and my cellmates with a way to locate THOSE STINKING BITCHES AND MAKING THEM *PAY* FOR THE SINS OF *ALL* THE MOTHERS WHO LEAD THEIR CHILDREN ON AND THEN REFUSE TO PUT OUT FOR THEM!!!!! Sincerely, Surreal Killer
This is a really difficult issue. Even the most diehard cypherpunk cannot doubt the usefulness of a cellular position reporting capability in an emergency situation, when the user *wants* the cops or whoever to know where he is. The big problem is how to keep it from being used (or abused) for "law enforcement" purposes without the consent of the user. The main reason GPS receivers are not being used is simple economics: as small and cheap as they're getting, they're still too big and expensive for a cell phone. It's not just the electronics, but the antenna too. And they don't work too well indoors. So the manufacturers are developing ways to locate the phone using complexity in the base station, where it can be shared. Various time-of-arrival schemes are being proposed. CDMA has an inherent capability because it (like GPS) uses spread spectrum, although there are near-far problems to be solved. I expect the main countermeasure to cellular position tracking will be the use of one-way pagers. Keep your cell phone turned off, and if you get a page when you're someplace you don't want them to know, wait until you leave before you return the page. Perhaps if the "just turn it off" approach is widely promoted, the carriers and vendors will see the threat to their business and press for some safeguards. Otherwise they just won't give a damn. Phil
On Tue, 21 Apr 1998, Phil Karn wrote:
This is a really difficult issue. Even the most diehard cypherpunk cannot doubt the usefulness of a cellular position reporting capability in an emergency situation, when the user *wants* the cops or whoever to know where he is. The big problem is how to keep it from being used (or abused) for "law enforcement" purposes without the consent of the user.
Usfull != good idea. If the information is available for some purposes, it is, or soon will, become available for other purposes. The only way to prevent this is to not make the information available for *any* purpose. I gladly take the cellphone without 911 locator over the cellphone with 24/7 postion escrow. Furthermore, I content that there is no middle ground between the two. Assuming of course the phone doesn't have an active locator device that can be enabled using a special 911 button. YMMV. -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
Well, given that I work in CDMA, and given that CDMA provides some inherent positioning capabilities, the possibility of defeating positioning by hacking the phone software to "dither" the return link signal timing has occurred to me. It wouldn't let you appear to be in a different cell than the one you're in, but it would certainly decrease the measurement precision. You could disable the dither if you want when you make an E911 call. What sweet revenge that would be against the government that inflicted Selective Availability on all us civilian GPS users. :-) Phil
On Tue, Apr 21, 1998 at 04:43:38PM -0700, Lucky Green wrote:
On Tue, 21 Apr 1998, Phil Karn wrote:
This is a really difficult issue. Even the most diehard cypherpunk cannot doubt the usefulness of a cellular position reporting capability in an emergency situation, when the user *wants* the cops or whoever to know where he is. The big problem is how to keep it from being used (or abused) for "law enforcement" purposes without the consent of the user.
Usfull != good idea. If the information is available for some purposes, it is, or soon will, become available for other purposes. The only way to prevent this is to not make the information available for *any* purpose.
I gladly take the cellphone without 911 locator over the cellphone with 24/7 postion escrow. Furthermore, I content that there is no middle ground between the two. Assuming of course the phone doesn't have an active locator device that can be enabled using a special 911 button.
I am afraid that I'm enough of a paraniod cynic to wonder as to the motives of the FCC in establishing this hard and fast requirement. I'm afraid the police state types who benefit have considerable access to and influence in such places as the FCC (which is in part a federal law enforcement agency), and clearly anybody who wants the capability for tracking the sheeple certainly had a golden opportunity to sell it as important for E911 and fraud control. The fact this has, in fact, been the public reason given doesn't convince me that darker possibilities aren't important factors. Mark my words, someone will turn up the memo explaining the strategy in some FIOA request in a few years. Certainly a cooperative protocol could have been used such that a mobile station would have the option of opting out of having its position determined, but apparently not doing this has been sold to the carriers as a business opportunity - namely charging different rates depending on where the caller is when making the call. This has been trumpeted as allowing carriers to charge low rates for cell calls at home where there is wired phone competition and gouging rates for calls from places where there is no alternative... -- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
This is a really difficult issue. And how. How does this interact with phones whose access (telephone) number is non-unique? Could where I am calling from be divorced from what instrument I am using to call? Is there a parallel between smearing the signal over a spectrum of radio frequencies and smearing the identifying information over a spectrum of numbers? Could calls to 911 carry no phone number but just "here I am" information -- a panic button function, in other words? I imagine I sound like someone calling in to an ASK THE EXPERTS radio show... --dan
I think you guys are worried about the wrong problem. The E911 stuff is still years off. Even when it is deployed, it will probably work only during a call, though this may depend on the exact method. In my opinion, idle cell registrations -- which are already standard cellular system practice -- represent the far more serious privacy threat. The cellular network uses registrations to locate mobiles so that page (incoming call) messages can be directed to the user's cell instead of being inefficiently "flooded" over the entire network. (I note that each AMPS paging channel is 10 kb/s while the usual one-way paging system operates in flood mode at something like .5 - 2 kb/s. But cellular phone calls have to go through in seconds, while pager messages often take minutes.) While these registrations are not quite as precise as the E911 locating stuff under discussion, they can be precise enough. They'll locate you to a given cell and sector, to say nothing of a given city. In many heavily populated places, cells are pretty small. And most importantly, registrations occur whenever the phone is on -- whether or not it's in a call. Even the most heavily used phones probably spend most of their time idle, and many less heavily used phones are probably idle for days at a time. While it would seem that a cellular carrier would have no reason to log these messages, many do. The main reasons, as I understand them, have to do with resolving roamer billing disputes and detecting cloning fraud. The FBI is already slobbering all over these registration logs and has been battling the CTIA to get them under CALEA -- even though Louie Freeh specifically disclaimed an interest in them during the Congressional hearings on CALEA. So far the CTIA has resisted. But knowing them, the problem is almost certainly about money and not anything as inconsequential as personal privacy. Phil
On Tue, 21 Apr 1998, Phil Karn wrote:
I think you guys are worried about the wrong problem.
The E911 stuff is still years off. Even when it is deployed, it will probably work only during a call, though this may depend on the exact method.
In my opinion, idle cell registrations -- which are already standard cellular system practice -- represent the far more serious privacy threat.
Wasn't Kevin Mitnick tracked down by triangulating the location of his cell phone? If the feds (or whoever) want to find someone's signal, it seems that the tools to do so are already out there.. Of course, idle cell registrations greatly expands the time someone is given to track down a signal.. If someone wanted to passively track everyone's position all the time, there would need to be at least two direction-sensitive cell towers covering each area, listening to the same calls all the time. There would need to be at least three to properly locate someone walking along the line between two towers.. That seems a bit expensive, unless enough overlapping tower ranges already exist to do something like that. The owners of the towers would probably much prefer that the cell phones come equipped with a GPS. On cell "remailers": Why resend the cell signal? Why not instead set up a generic phone call resender, which could be used by cell users and non-users alike? As long as you use the call resender for all of your important calls, the feds (and others) will find it very difficult to figure out what cell phone ID to triangulate or home phone number to tap :) -vermont@gate.net, revolting from the oppression of the sun
Wasn't Kevin Mitnick tracked down by triangulating the location of his cell phone? If the feds (or whoever) want to find someone's signal, it
Yes, but it was a very time-consuming manual process. *Any* radio signal can be located in this way. As a sport, radio hams have long conducted "fox hunts", aka "hidden transmitter hunts", where somebody hides with a transmitter and the rest try to find him. Mitnick was found with classic ham-style fox-hunting techniques. His level of activity was so high that he made it relatively easy. Nothing really can thwart this method, other than never using your phone. Its saving grace for our purposes is that it is so labor intensive that it cannot be done routinely.
If someone wanted to passively track everyone's position all the time, there would need to be at least two direction-sensitive cell towers
Almost. In CDMA, the mobile station locks its timing to the base station. This lets the base station easily measure the round trip time through the mobile and back and thereby the radial distance. With just one base station, you can locate the user to a circle around the base station. Defeating this is what I had in mind yesterday when I talked about dithering the mobile timebase a la Selective Availability. Somebody then pointed out in private email that dithering wouldn't defeat a differential timing measurement made by two or more base stations. This is true, but these measurements are easily made only when the mobile is in soft handoff (talking to two base stations at once). In CDMA, as in other digital cellular systems, handoffs are "mobile assisted". That is, the base station relies on "pilot strength measurement" reports from the mobile as to which neighboring cells it can hear so handoffs can be set up. If you hack the phone software to lie about these measurements, you can keep handoffs from being set up. Your service quality will definitely suffer, especially in the border regions between adjacent cells, but you will make it much harder (but still not impossible) for them to locate you. In analog, handoffs during calls are performed entirely by special scanners in each base station. The mobiles do not assist the process. Having only one receiver channel, they cannot look for adjacent base stations while in a call. CDMA receivers can do this because they have a "searcher" channel whose sole function is to look for pilot energy from any base station in range. While it would still be possible for CDMA base stations to cooperate as analog stations now do in locating an "uncooperative" mobile, this is not something that could be done routinely. There are also near-far considerations because every cell transmits on the same forward channel and every mobile transmits on the same reverse channel, and tight power control is used on both links to minimize co-channel interference. Phil
On cell "remailers": Why resend the cell signal? Why not instead set up a generic phone call resender, which could be used by cell users and non-users alike? As long as you use the call resender for all of your important calls, the feds (and others) will find it very difficult to figure out what cell phone ID to triangulate or home phone number to tap
Exactly. And I think this brings the remailing concept full circle. Wasn't the basic idea invented for telephones way back in (alcohol) Prohibition days? As I recall, a device called a "cheesebox" connected two phone lines. When a call came in on one line, it went back out on the other. You'd place a cheesebox in some third party's back room, e.g., a restaurant owner who was paid for the privilege and to keep his mouth shut. If the cops traced a call, it would lead them to the restaurant owner, who would tip off the bootleggers. Does anyone have any historical references for these things? I think it would be fun to see how an earlier age made use of anonymous remailers based on a much simpler technology. Phil
http://handel.pacific.net.sg/~seowjean/Mafia/mobname-c.html ... Callahan, Gerald Michael (AKA: Cheesebox Callahan), 1909- Gerald Callahan was born and raised on the tough Lower East Side of New York. His father was a corrupt Prohibition agent who took payoffs from bootleggers operating in lower Manhattan. Through his father, who had some loose ties to Tammany Hall, Callahan received his introduction to members of the criminal underworld. Gerry Callahan was good with his hands and proficient in electronics, talents that served him well in later life. After completing a two-year course in electronics at a small college in Texas, Callahan worked at Bell Laboratories, where he perfected his craft. Armed with a wealth of knowledge, he quickly earned a reputation as the man to see in the underworld if you needed a wire tapped or a phone bugged. In 1931 Al Capone brought him to Chicago where he was hired to tap into the racing wire, perfected by Mont Tennes who owned the Nationwide News Service. For years, Tennes and his associates had refused to allow the Capone gang a partnership or a cut of the take. The "wire," as it was known, disseminated race results to hundreds of poolrooms and bookie operations directly from the tracks. It was Callahan's job to tap into the phone boxes, enabling the syndicate men to disrupt Nationwide's service by sending along incorrect race results and payoff information to the poolrooms. Another favorite technique was to hold back results long enough for the Capone men to get a bet down at the parlor even though the race had been run. "We wrecked at least twenty bookies, all of them big operators," Callahan recalled. "We took a fortune from them. The big guy in Florida (Capone) was very happy, and I went back to New York with a suitcase full of green." Callahan completed at least 1,000 similar wiring jobs in his career and never spent a day in jail, though he was twice convicted of violating the New York wiretap law. In each instance he drew suspended sentences. In the 1950s Gerald Callahan earned the famous nickname he actually detested-- Cheesebox. Working from his kitchen table in Flushing, N.Y., he invented a small electronic device resembling a cheesebox. It was a bookie's dream. The cheesebox permitted a gambler to connect two telephones and speak with his customers from a remote location. This virtually guaranteed that a horse parlor would be free of police raids. Callahan installed his cheesebox at a cost of $250 per unit and charged $100 a week in rental. In 1960 he earned revenue from sixty of these devices functioning in the New York area. Callahan wore many hats in his day. He was a self-described card cheat, second-story man, and bookie. Though he was out of the business by 1972, the veteran wiretapper admitted that he would have enjoyed bugging the Watergate Hotel. "Only I wouldn't have used an army of men," he told a reporter in 1975. "I always worked alone. I would have taken out (tapped) every phone a distance away and set up recorders. There's no way I would have been trapped." His autobiography, Cheesebox, written with Paul Meskil, was published in 1975.
I think you guys are worried about the wrong problem.
The E911 stuff is still years off. Even when it is deployed, it will probably work only during a call, though this may depend on the exact method.
In my opinion, idle cell registrations -- which are already standard cellular system practice -- represent the far more serious privacy threat.
It's worse than you think. Most cellular base stations serve 7 cells, and each cell uses receive diversity (mutiple antennas for the same cell). There is also a designed overlap of the cells from basestation to basestation, otherwise you get blackout spots. Although the effort to use this information to locate a certain phone (provided the power is on) is not trivial, the hardware is all in place. Right now, the basestation must determine which cell the user is in, but the capability exists for it to narrow down the location and send that information back to the network. It probably won't (easily) have the resolution of GPS, but once you know that much, you can just home in on the phone's signal.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 04:43 PM 4/21/98 -0700, Lucky Green wrote:
On Tue, 21 Apr 1998, Phil Karn wrote:
This is a really difficult issue. Even the most diehard cypherpunk cannot doubt the usefulness of a cellular position reporting capability in an emergency situation, when the user *wants* the cops or whoever to know where he is. The big problem is how to keep it from being used (or abused) for "law enforcement" purposes without the consent of the user.
Usfull != good idea. If the information is available for some purposes, it is, or soon will, become available for other purposes. The only way to prevent this is to not make the information available for *any* purpose.
I gladly take the cellphone without 911 locator over the cellphone with 24/7 postion escrow. Furthermore, I content that there is no middle ground between the two. Assuming of course the phone doesn't have an active locator device that can be enabled using a special 911 button.
YMMV.
Regardless of the type of phone, the cell stations can be designed to do time-of-arrival comparisons on the signal transmitted from the phone and calculate a reasonably accurate position. If you don't want your location known, don't transmit. -----BEGIN PGP SIGNATURE----- Version: PGP for Business Security 5.5 iQA/AwUBNT4rmMJF0kXqpw3MEQJLDACeNIUGb/troVJOuJhvX1g4z8itgdsAoLPX WehkE2KpV3BTm9Z5w00ktqI4 =KzUa -----END PGP SIGNATURE----- Jonathan Wienke PGP Key Fingerprints: 7484 2FB7 7588 ACD1 3A8F 778A 7407 2928 3312 6597 8258 9A9E D9FA 4878 C245 D245 EAA7 0DCC Proud to be a charter member of the vast right-wing conspiracy! RSA export-o-matic: print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
On Wed, 22 Apr 1998, Jonathan Wienke wrote:
Regardless of the type of phone, the cell stations can be designed to do time-of-arrival comparisons on the signal transmitted from the phone and calculate a reasonably accurate position. If you don't want your location known, don't transmit.
From an atheistic viewpoint, it could be said that the natural state of
Or, delay the return signal and use a paraboloid reflector. This would limit a spy's knowledge to the angle from the tower that you were transmitting from, and the maximum distance from the tower that you could be sitting at. The paraboloid reflector would limit the ability for someone to triangulate your location, depending on how narrow the beam is focused.. Of course, if they really wanted to find you, they would walk along the line of transmission until they ran right into you :). Sure, the average joe is not going to go to the trouble of modifying his cell phone and using a paraboloid reflector.. and even if he did, a remailer type of system would be much more secure. I guess the average unaware joe is just going to have to get used to being shafted as a result of his ignorance. Isn't that how it's always been? Question: How could true anarchy be guaranteed for stupid people like Joe? the universe is anarchy; the current situation is a result of that anarchy. What me worry..
At 5:01 PM -0800 4/21/98, Dan Geer wrote:
This is a really difficult issue.
And how.
How does this interact with phones whose access (telephone) number is non-unique? Could where I am calling from be divorced from what instrument I am using to call? Is there a parallel between smearing the signal over a spectrum of radio frequencies and smearing the identifying information over a spectrum of numbers? Could calls to 911 carry no phone number but just "here I am" information -- a panic button function, in other words?
Part of the problem in devising technical fixes for this problem is that the technology needs some idea of position in order to operate. Even if we keep it to, "somewhere in cell X", there is incentive to make cells smaller as usage increases. One interesting, but unlikely possibility is an originate-only phone which pays for calls with cash (e.g. Digicash, or a prepaid phone activation card). Since it can't receive calls, it doesn't need an identity. What would come out of the system is, "Someone in cell X called telephone number Y." ------------------------------------------------------------------------- Bill Frantz | If hate must be my prison | Periwinkle -- Consulting (408)356-8506 | lock, then love must be | 16345 Englewood Ave. frantz@netcom.com | the key. - Phil Ochs | Los Gatos, CA 95032, USA
Part of the problem in devising technical fixes for this problem is that the technology needs some idea of position in order to operate. Even if we keep it to, "somewhere in cell X", there is incentive to make cells smaller as usage increases.
Very true.
One interesting, but unlikely possibility is an originate-only phone which pays for calls with cash (e.g. Digicash, or a prepaid phone activation card). Since it can't receive calls, it doesn't need an identity. What would come out of the system is, "Someone in cell X called telephone number Y."
There's already a way to do this: cloning. This is not always done just to avoid paying for service. Certain cloners are entirely able and willing to pay for cellular service, but they demand anonymity. Somebody should point out to the carriers that they could get rid of much of the incentive to clone phones if they simply offered a legit way to remain anonymous. Phil
One interesting, but unlikely possibility is an originate-only phone which pays for calls with cash (e.g. Digicash, or a prepaid phone activation card). Since it can't receive calls, it doesn't need an identity. What would come out of the system is, "Someone in cell X called telephone number Y."
There's already a way to do this: cloning. This is not always done just to avoid paying for service. Certain cloners are entirely able and willing to pay for cellular service, but they demand anonymity.
Somebody should point out to the carriers that they could get rid of much of the incentive to clone phones if they simply offered a legit way to remain anonymous.
Phil
This technology already exists in Britain (I don't know about any other countries), where you can buy a mobile without any subscription information off the shelf. To use the mobile, you go and purchase a 'token' which allows you to use the mobile on a pay-per-call basis much the same as a public phone. I don't know the method of token implementation. The police have started kicking up a fuss over this technology as they claim it hinders their investigation into criminal activity, because if they trace a cellular phone which turns out to be one of this type then they can't pull the info on the customer to go round knocking on doors. Geraint
This technology already exists in Britain (I don't know about any other countries), where you can buy a mobile without any subscription information off the shelf. To use the mobile, you go and purchase a 'token' which allows you to use the mobile on a pay-per-call basis much the same as a public phone. I don't know the method of token implementation.
The police have started kicking up a fuss over this technology as they claim it hinders their investigation into criminal activity, because if they trace a cellular phone which turns out to be one of this type then they can't pull the info on the customer to go round knocking on doors.
As usual, some of the important questions are scale, threat model, and economics. If you're in the Retail Pharmaceuticals business, trying to solve the problem for yourself and a few of your best customers, it's much simpler than solving the problem for The Masses. Steal some cellphones, or steal some credit cards and buy some cellphones, or hire a street person to rent a cell phone for you. If the cops know they're looking for cellphone 202-654-3210, they can call you, but they don't know who you are, and even direction finders may only tell them that the holder of that phone is somebody walking down Pennsylvania Ave. On the other hand, if the cops are looking for _you_, they may not have your phone number. The Cheesebox story was quite nice, and would work better today, with automated PBXs available - it would have worked even better 10 years ago, when PBX hacking was easier. Another small-scale solution is to use ham radio repeaters with phone patches, assuming they're still widely available. Tracing it tells the cops they need to go find an FCC RDF truck to drive around South Silicon Valley looking for someone with a pocket-sized 2m or 70cm handheld radio who doesn't talk more than 1 minute at a time, or maybe just listens. If they catch you, you could be in Big Big Trouble for using a ham radio without a license! Another part of the scale is that not only is tracing a lot of work, as others have pointed out, but not everybody goes taunting Tsutomo and continually reminding everybody that they haven't yet caught him, the way Dread Pirate Mitnick allegedly did. If you're just Yet Another Pot Dealer, the FBI, NSA and FCC will probably tell your local police that a 75-gram dope deal is less important that Cliff Stoll's 75-cent accounting difference. On the other hand, maintaining a professional level of paranoia all the time while doing business for a few years is more than most FBI Targets are willing to bother doing. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
On Wed, Apr 22, 1998 at 01:49:24PM -0700, Phil Karn wrote:
Somebody should point out to the carriers that they could get rid of much of the incentive to clone phones if they simply offered a legit way to remain anonymous.
Bellsouth do that here, sort of, with GSM SIMs. You buy SIMs with 'pre-pay' on them and after a certain amount of air time have to buy another one. Presumably these are regular SIMs and the expirey is done by the network. There should be lots of these SIMs around in theory... can anyone say STM? Check out http://www.bellsouth.co.nz/prepay/prepay.htm for details. -Chris
Regardless of the type of phone, the cell stations can be designed to do time-of-arrival comparisons on the signal transmitted from the phone and calculate a reasonably accurate position. If you don't want your location known, don't transmit.
Ultimately, this is true. But there's still a practical difference between having to do it with a labor-intensive manual process like "foxhunting" and making it automatic and routine on a large scale. Phil
At 03:08 PM 4/21/98 -0700, you wrote:
This is a really difficult issue. Even the most diehard cypherpunk cannot doubt the usefulness of a cellular position reporting capability in an emergency situation, when the user *wants* the cops or whoever to know where he is. The big problem is how to keep it from being used (or abused) for "law enforcement" purposes without the consent of the user.
Don't archive the information -- supply it as part of the CNID. If the user has disabled caller-ID don't supply the location info either. This depends on the integrity of the service provider and whether they have the balls to stand up against CALEA. --Mark "The condition upon which God hath given liberty to man is eternal vigilance which condition if he break, servitude is at once the consequence of his crime, and the punishment of his guilt." John Philpott Curran, speech on the Right of election of the Mayor of Dublin, 1790.
At 03:08 PM 4/21/98 -0700, Phil Karn wrote:
This is a really difficult issue. Even the most diehard cypherpunk cannot doubt the usefulness of a cellular position reporting capability in an emergency situation, when the user *wants* the cops or whoever to know where he is. The big problem is how to keep it from being used (or abused) for "law enforcement" purposes without the consent of the user.
Arguments about the "utility" of the technology are distracting - lots of things are useful in some rare circumstances, not in others. If I were held hostage in my apartment, I might wish there were hidden video cameras installed in every room so the SWAT team snipers would be able to shoot the bad guys without endangering me. If I were injured badly in a single-car accident in a desolate place, I might wish that the government had the means to track every automobile's location. The rest of the time, I think those technologies are very distasteful and unwelcome. People dying of thirst drink urine. It's not necessarily useful to use a worst-case scenario when deciding how we'd like to organize and technologize our ordinary lives. The question is not whether or not cypherpunks want cellphone-locating technology to be built - because it will be built. People who aren't happy with that, for whatever reason, must fight that technology with technology - arguments and proclamations are helpless against technology, as the ridiculous export control "debate" makes clear. Once the technology exists, it will be used. What we need are cellphone remailers - they'll accept cellphone traffic sent via nonstandard means (a different spread-spectrum arrangement/protocol, or different frequencies for analog, or ..) and relay it onto the ordinary (subject to surveillance) cell frequencies/spectrum. Third parties who want to use ordinary/automated cellphone tracking systems will get the physical address of the relay, not that of the phone. And (hopefully) the relay won't keep logs of its traffic, nor attempt to track down its users. (Operators of relays likely won't have access to nearly the number of antennae/base stations that the regular cellphone folks do, so it'll be harder for them to use trianguation and timing to derive physical location. At least that's what my relatively RF-clueless understanding is.) Do you (or other folks familiar with ham radio technology and repeater technology) have any comments on the ease/difficulty of building a cellular remailer? I assume it'd be necessary to modify a cellphone to use the nonstandard remailer setup, which may be difficult.
I expect the main countermeasure to cellular position tracking will be the use of one-way pagers. Keep your cell phone turned off, and if you get a page when you're someplace you don't want them to know, wait until you leave before you return the page.
But one-way pagers are a dying technology - and I'll bet that within 3-5 years, it'll no longer be possible to turn off cellphones, at least without removing the batteries. I think that change won't be driven by surveillance needs, but because the setup time required where the phone and the network do their handshaking is annoying. It's likely to get worse as crypto is added to cellphones, and if batteries get better it won't be crucial to have the phone turned off when not in use. Then again, you probably know a lot more about cellphone design than I do.
Perhaps if the "just turn it off" approach is widely promoted, the carriers and vendors will see the threat to their business and press for some safeguards. Otherwise they just won't give a damn.
If we want safeguards, we're going to have to build them ourselves. Laws won't help, neither will carefully crafted, reasonable arguments. -- Greg Broiles |History teaches that 'Trust us' gbroiles@netbox.com |is no guarantee of due process. |_Kasler v. Lundgren_, 98 CDOS 1581 |(March 4, 1998)
I expect the main countermeasure to cellular position tracking will be the use of one-way pagers. Keep your cell phone turned off, and if you get a page when you're someplace you don't want them to know, wait until you leave before you return the page.
The best countermeasure is to reduce its usefulness to law enforcement by reducing its success rate. If there's enough press coverage of the fact that the capability exists, then clueful crooks will not use cell phones. Just like with escrowed crypto, you'll only catch the really DUMB terrorists. All technology aside, the best way to make progress in this area would be if the next James Bond movie shows the capability being used. Then even clueless crooks and drug dealers will do the equivalent of "gosh, well, I saw it on TV!" and will believe the threat. Hmmmm.... Makes me think that a great way to make progress is for cypherpunks to start submitting scripts to hollywood about presidents who get in massive trouble when their personal communications are subpoenaed and crypto keys are de-escrowed to prove that they had sex with office staff.... Nah, that's too stupid... mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Too stupid? Consider that the original SPECIES movie was sold as "Aliens with tits" <A quote from the recollections of a person at the meeting where the script was sold>! *I* don't think it's too stupid. | Hmmmm.... Makes me think that a great way to make | progress is for cypherpunks to start submitting scripts to hollywood | about presidents who get in massive trouble when their personal | communications are subpoenaed and crypto keys are de-escrowed to | prove that they had sex with office staff.... | | Nah, that's too stupid... | | mjr. | -- | Marcus J. Ranum, CEO, Network Flight Recorder, Inc. | work - http://www.nfr.net | home - http://www.clark.net/pub/mjr
At 3:08 PM -0700 4/21/98, Phil Karn wrote:
I expect the main countermeasure to cellular position tracking will be the use of one-way pagers. Keep your cell phone turned off, and if you get a page when you're someplace you don't want them to know, wait until you leave before you return the page.
Perhaps if the "just turn it off" approach is widely promoted, the carriers and vendors will see the threat to their business and press for some safeguards. Otherwise they just won't give a damn.
Another, more sophisticated measure is to replace the omni with a directional antenna (corner reflectors are pretty small at analog cellular frequencies and above and can have excellent gain and front-to-back ratios). The disparity of your received signal between different cell sites, plus the near-far problem for CDMA systems, could make accurate location much more difficult. --Steve PGP mail preferred, see http://www.pgp.com and http://web.mit.edu/network/pgp.html RSA fingerprint: FE90 1A95 9DEA 8D61 812E CCA9 A44A FBA9 RSA key: http://keys.pgp.com:11371/pks/lookup?op=index&search=0x55C78B0D --------------------------------------------------------------------- Steve Schear | tel: (702) 658-2654 CEO | fax: (702) 658-2673 Lammar Laboratories | 7075 West Gowan Road | Suite 2148 | Las Vegas, NV 89129 | Internet: schear@lvdi.net ---------------------------------------------------------------------
participants (20)
-
Bill Frantz -
Bill Stewart -
Cereal Killer -
Chris Wedgwood -
Dan Geer -
Dave Emery -
Dave Emery -
Geraint Price -
Greg Broiles -
Illuminatus Primus -
Jonathan Wienke -
Kurt Buff -
Lucky Green -
Marcus J. Ranum -
Mark Armbrust -
Marty Levy -
Matt Crawford -
Phil Karn -
Phil Karn -
Steve Schear