http://www.wired.com/dangerroom/2011/07/global-phone-tracking/all/1/ Meet the bKeyzer Sozeb of Global Phone-Tracking By Spencer Ackerman July 18, 2011 | 7:00 am | Categories: Crime and Homeland Security Chances are youbve never heard of TruePosition. If youbre an AT&T or T-Mobile customer, though, TruePosition may have heard of you. When youbre in danger, the company can tell the cops where you are, all without you knowing. And now, itbs starting to let governments around the world in on the search. The Pennsylvania company, a holding of the Liberty Media giant that owns Sirius XM and the Atlanta Braves, provides location technology to those soon-to-be-merged carriers, so police, firefighters and medics can know where youbre at in an emergency. In the U.S., it locates over 60 million 911 calls annually. But very quietly, over the last four years, TruePosition has moved into the homeland security business b worldwide. Around the world, TruePosition markets something it calls b location intelligence,b or LOCINT, to intelligence and law enforcement agencies. As a homeland security tool, itbs enticing. Imagine an b invisible barrier around sensitive sites like critical infrastructure,b such as oil refineries or power plants, TruePositionbs director of marketing, Brian Varano, tells Danger Room. The barrier contains a list of known phones belonging to people who work there, allowing them to pass freely through the covered radius. b If any phone enters that is not on the authorized list, [authorities] are immediately notified.b TruePosition calls that b geofencing.b As a company white paper explains, its location tech b collects, analyzes, stores and displays real-time and historical wireless events and locations of targeted mobile users.b bThe capability of doing mass tracking is possible.b It can also work other ways: pinging authorities when a phone used by a suspected terrorist or criminal enters an airport terminal, bus station or other potential target. And it works just as well in monitoring the locations of phones the suspectbs phone calls b and who they call and text, and so on. For the past four years, TruePosition has quietly taken that tracking technology global. In the U.S., Varano says, TruePosition sells to mobile carriers b though itbs cagey about whether the U.S. government uses its products. But abroad, it sells to governments, which it wonbt name. Ever since it came out with LOCINT in 2008, he says, b Ministries of Defense and Interior from around the world began beating down our door.b Thatbs got some surveillance experts and mobile activists worried. Keeping suspected terrorists away from nuclear power plants and discovering their networks of contacts is well and good. But in the hands of foreign governments b not all of whom respect human rights b TruePosition tech can just as easily identify and monitor networks of dissidents. For a company that can do so much to find out where a mobile user is, few outside of the surveillance industry know much about TruePosition. Thatbs a deliberate strategy on the companybs part, to keep a b low profile from jump,b Varano says. It grants few interviews b a little-noticed Fox News story from 2009 is a rare exception b and discloses little about its foreign clients. Several surveillance experts contacted for this story were unfamiliar with the company. The result, says Christopher Soghoian, a graduate fellow at Indiana Universitybs Center for Applied Cybersecurity Research, is to make TruePosition the most important global geolocation company youbve never heard of. b Itbs like that line about Keyser Soze from The Usual Suspects b the greatest trick the devil ever pulled was convincing the world he didnbt exist,b Soghoian says. b Theybve done the same thing. Staying entirely below the radar.b Except TruePosition is hardly satanic. Its b Enhanced 911,b or b E-911,b services save lives. In one case the company cites, a corrections officer in Ohiobs Hamilton County was abducted by a recent parolee and stuffed into the trunk of his car. Her family had no idea where she was. But because her cellphone was turned on and her carrier used TruePositionbs location tech, police were able to locate the phone along a Kentucky highway. They set up a roadblock, freed the officer and arrested her captor. Herebs how it works. TruePositionbs location tool, known as Uplink Time Difference of Arrival or U-TDOA, calculates the time it takes a signal travelling from a mobile device to reach sensitive receivers installed in the transceiver station of a cell tower. (The receiver itself is said to resemble a pizza box.) Determining the difference in time it takes for the signal to reach receivers in different towers, determined by servers called Wireless Location Processors, calculates the phonebs location. The company says it has receivers installed in about 75,000 cell towers around the country. Notice that the location tech here has nothing to do with GPS. Itbs network-based, rather than dependent on a GPS receiver inside a handset. Itbs not reliant on any line of sight to a satellite. Thatbs a point of pride within TruePosition. GPS has accuracy and precision woes in dense urban areas and the indoors. Or inside the trunk of a car. For the better part of the decade, TruePosition has had contracts to provide E-911 services with AT&T (signed originally with Cingular in 2001, which AT&T acquired) and T-Mobile (2003). As more and more 911 calls came from mobile phones b by definition not linked to a fixed address b the Federal Communications Commission required wireless providers provide precise location data to emergency call centers. The accuracy requirements for E-911 top out at 300 meters. TruePosition says U-TDOA is accurate to within 50 meters. (The FCC met on Monday to consider changing the standard b the reason, Varano says, he granted me an interview.) bWe can figure out which phone disappeared at the time of the detonation. We can find the triggerman.b But TruePosition soon saw a growth market in a field where U-TDOA had relevance: the expanding, globalized field of homeland security. b It really was recession-proof,b Varano explains, b because in many parts of the world, the defense and security budgets have either maintained where they were or increased by a large percentage.b That realization led the company to explore U-TDOAbs potential for as a security tool, as itbs the rare terrorist or criminal who doesnbt have a mobile device. LOCINT was born in October 2008. Imagine, a LOCINT primer on TruePositionbs website explains, b An explosion destroys an oil refinery b who, exactly, was inside the facility prior to the explosion?b If theybve got a mobile device, U-TDOA-enabled geofences can answer the question. Or consider the value that U-TDOA could have for finding networks that build and detonate homemade bombs. If the bomb is detonated with a cellphone b as Iraqbs bombs were, before jamming tech neutralized them b b we can go back into the cellular network and figure out which phone disappeared at the time of the detonation,b Varano says. b We find which phone called that phone b thatbs our triggerman. Then we find which phones they called b the initial suspects. If they held onto that phone, webd be able to see who that phone contacted.b And where they are now, in real time. This isnbt something TruePosition does itself. It had nothing to do with the b location-gateb scandals that plagued Apple and Google earlier this year, when both companies conceded they collected and stored geodata from iPhone and Android phone customers. All the company does is enable a geolocation security system for its clients to use. How they use it is up to them b and the relevant laws of the countries that employ it. But geofences might be legally problematic inside the United States. Law enforcement canbt just set up blanket location surveillance of mobile phones around a particular area; courts have to sanction surveillance around specific phones. The fences, however, would approve specific authorized phones; but any unauthorized phone that enters the fence triggers an alert. b It would be hard for the companybs tool to distinguish the terrorist from the tourist,b says Greg Nojeim, a senior counsel with the Center for Democracy and Technology in Washington. And what if the governments using TruePositionbs gear arenbt so scrupulous about following laws, or respecting the civil liberties of their citizens? In the U.S., even after the Patriot Act and the FISA Amendments Act, law enforcement and intelligence agencies still donbt have unfettered abilities to turn a cellphone into a homing device, or to trace a web of connections between callers or SMS recipients. If, say, Syriabs Bashar Assad had TruePositionbs technology, could he use it to determine whobs participating in anti-government protests? b Correct,b Varano says, b if it was deployed in that region.b He adds, however, b webve never run into anything like that.b Varano wonbt specify which governments use TruePositionbs LOCINT tools. b I have to be nebulous about where itbs actually being deployed,b he says. That includes inside the United States. b We do not disclose who is currently using TruePosition LOCINT,b Varano says, but adds, b U.S. government [agencies] have not bought anything from us, and donbt write a check to us.b But, he says, the companybs various outposts (London, Dubai, Miami) pitch LOCINT solutions to countries from Europe to the Middle East to Latin America to the Carribean. And if some repressive governments are in that mix, TruePositionbs position is that what they do with LOCINT is on them. b Webre providing this tool to governments and itbs the governmentsb onus to adhere to laws on its use,b Varano says. In western countries, he says, warrants, court orders and other safeguards prevent LOCINT abuse. But surveillance works differently elsewhere: b Itbs not being used like that in the U.S. or western societies, but in other parts of the world, the capability of doing mass tracking is possible.b bIt would be hard for TruePositionbs tool to distinguish the terrorist from the tourist.b Thatbs what worries advocates for foreign dissidents. b This seems to be integrated a little bit deeper and the operator is fully complicit in the situation. It makes it more difficult for activists, for sure,b says Nathan Freitas of the Guardian Project, which designs anonymity tools for mobile users. b Vodaphone Egypt would only go so far to violate the rights of the Egyptian people b it shut the network down, but beyond that, they donbt have a fire hose out of a data center. U-TDOA could be a firehose-type product.b Again, Varano says the companybs never encountered such a situation. An FBI spokesman, Christopher Allen, was unfamiliar with TruePosition, and invited Danger Room to file out a Freedom of Information Act request. Department of Homeland Security officials didnbt respond to repeated requests for comment. AT&T didnbt respond to an inquiry. T-Mobile USAbs director of external communications, Hernan Daguerre, confirmed the companybs relationship with TruePosition but wouldnbt comment beyond saying, b Webll continue to monitor and evaluate advances in all E-911 location solutions to ensure the safety of our customers.b Federal contractor databases donbt show any contracts between TruePosition and government agencies, with the exception of a 2006 deal with the General Services Administration (cancelled in 2009) for computer services that appears never to have been actualized. Varano, initially unfamiliar with the contract, explains, b We originally signed up to be part of the GSA in 2006, but nothing ever came from it.b Joining the GSA Schedule is what allows companies to compete for federal contracts. Varano didnbt directly answer whether TruePosition intends to seek U.S. government contracts or is content to peddle LOCINT abroad while remaining an e-911 company at home. At home, the courts are currently deciding whether geolocation tracking by law enforcement requires a warrant, and therebs legislation moving on Capitol Hill to settle the question in the affirmative. Should U.S. homeland security or intelligence officials make use of TruePositionbs LOCINT, they may have to go through a judge first. But for this global geolocation company, the worldwide interest is piling up. b We do go to a lot of defense and security trade shows,b Varano says. b Once people hear about the capabilities b they know cellphones are being used by bad guys doing bad things b their eyes widen and jaws drop. Typically, the deals grow in terms of the geographical area they wanna cover and the number of government agencies that want access to this type of intelligence.b Photo: Flickr/al-Jazeera English; Flickr/Seattle Municipal Archives; Flickr/William Hook