Mobile phone tracking, pagers, etc
Regarding the tracking of mobile phones, are all current types of phones susceptible? There was a recent post here regarding tracking of GSM phones. TDMA/CDMA, analog/digital, PCS-band, etc, are they all equally capable of being tracked? However pagers are not, correct? They just broadcast an entire area to page instead of the pager keeping the network informed of their location. One thing I have long wondered: Why don't they make phones that "wake-up" by a paging signal and then accept the call? It might increase the connect time significantly, but it would also increase the potential stand-by time indefinitely, and the location of the user is only exposed when calls are in progress, not while the phone is on stand-by. Are there any paging services (particularly alpha paging) that work on a global scale? You would think daily pager rental service (esp. at airports) would be popular. You could have an email address, even a static phone number, that could re-route messages to any pager that you happen to have at the time (PSTN-IP-PSTN, or even easier if the pager service gives SMTP addresses, which most do these days). Similarly a PSTN-IP-PSTN interface for voice could give you a static phone number that you could dynamically forward anywhere untraceably. BTW, why are most businesses so hostile to pseudonyms? I go to rent a mailbox, paid 1 yr. in advance with cash, and they still want two pieces of photo ID to copy. Matt
At 11:56 AM 9/17/98 -0700, Matthew James Gering wrote:
BTW, why are most businesses so hostile to pseudonyms? I go to rent a mailbox, paid 1 yr. in advance with cash, and they still want two pieces of photo ID to copy.
Where do you live? In the US, the Post Office has rules against anybody running mailbox services without making sure that the customers sign some forms - you not only have to acknowledge that the Post Office doesn't forward first class mail addressed to mailbox companies (semi-reasonable), but also (unreasonably) demonstrate to the Post Office's satisfaction that you really are the you living at some other location and you don't mind having mail addressed to you sent to this mailbox. Exactly what that means is up to the local Postmaster; one town where I've rented a mailbox really doesn't care, and another had a control freak Postmistress. But if you live in California, it's worse. There was a law passed in about 1994 (AB185 or AB187?) that asserted that 1) Many businesses in California are run from mailboxes 2) Many businesses in California have committed fraud 3) Therefore, we'll force anybody who rents a mailbox, business or not, to identify their True Name and True Address and appoint the mailbox service as an agent for service of process so we can bust them in case they use the mailbox for fraud. The wording of the law was actually more blatantly annoying than that. The exact amount of ID you have to produce is tied to the local Post Office regulations, but also requires a picture ID. The PO will accept major credit cards and SSN cards as ID, and my mailbox vendor didn't really want either of those, because she didn't want the liability of having private financial data around in a file she has to keep readily accessible for inspection. A year or two ago, California was also having problems with women who were battered or otherwise trying to avoid violent ex-husbands and ex-boyfriends being tracked to where they lived through their mailbox addresses, and some legislator was pushing a program that would get Certified Endangered Women a mailbox using some kind of cutout program that would give them some privacy. Would have made much more sense just to dump the recent law, so everybody could have some privacy. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
On Thu, Sep 17, 1998 at 11:56:02AM -0700, Matthew James Gering wrote: There are some distinctions between CDMA, GSM, analog and TDMA (non GSM), in respects to exactly how easy it is to implement precision location meeting the FCC spec passively and on all calls at all times. Apparently CDMA with its very tight power control to minimize the near-far problem makes it fairly awkward to reliably triangulate position from multiple sites since the mobile may be only detectable at one site at any time... What this means in practice is that some wireless technologies are more likely to require some definate active firmware intervention to do precision location, whilst others may allow it with no special intervention. If the FCC allows this intervention to be enabled by a user, this may provide some opportunity for location privacy.
If you can get hold of the older, analog, 'transportable' cell phones (like Motorola used to make) which have an antenna connector, its relatively easy to spoof the cell ranging system. Just connect a directional antenna (<$75) to the port (corner reflectors which have excellent front-to-back ratios are particularly good). You should easily be able to fool their signal strength based equipment into thinking your in an adjacent cell. If you can find high ground so much the better.
Wireless phones do currently work this way. They listen to the forward control channel for a paging message that says they have got a call coming in and only then do they transmit. The amount of power used in transmitting would quickly use up the battery if they continuously broadcast. The problem with cellphone location is that they can also be paged with a registration request that does not cause them to ring or show any evidence of transmitting, but sends back a brief message burst (not using much battery). This can be made to happen every so often, or only when polled.
Universal, an early U.S. analog cellular mfg. built this sort of unit in the early '90s. It was an idea ahead of its time.
Similarly a PSTN-IP-PSTN interface for voice could give you a static phone number that you could dynamically forward anywhere untraceably.
The LEAs don't like this concept, and one of the provisions of the CALEA wiretap stuff is providing tracing of calls forwarded so you can't do this....
Yhis is a great cypherpunk service. Allow our fellows to make free local, VoIP, calls from our PC/PSTN links. --Steve --------------------------------------------------------------------- reply to schear - at - lvcm - dot - com --- PGP mail preferred, see http://www.pgp.com and http://web.mit.edu/network/pgp.html RSA fingerprint: FE90 1A95 9DEA 8D61 812E CCA9 A44A FBA9 RSA key: http://keys.pgp.com:11371/pks/lookup?op=index&search=0x55C78B0D ---------------------------------------------------------------------
On Thu, Sep 17, 1998 at 11:56:02AM -0700, Matthew James Gering wrote:
Regarding the tracking of mobile phones, are all current types of phones susceptible?
There was a recent post here regarding tracking of GSM phones. TDMA/CDMA, analog/digital, PCS-band, etc, are they all equally capable of being tracked?
All the wireless standards I am aware of allow for registration and polling phones to find out if they are on and available without ringing them. This provides silent location information to the nearest cell of a phone merely turned on, location which may be hundreds of feet in tightly congested urban areas and tens of square miles in suburban and less populated areas. Some system operators apparently use this feature with all active phones to relieve congestion on paging channels, while others do not actively track phones not being used except in certain situations or parts of the network. Of course location to a cell is always available during a call... The FCC has mandated that this cell-granularity location information be made available to E-911 centers on emergency calls, and there may be some situations in which it is currently made available to domestic law enforcement under other circumstances, though CALEA restricts such availability without warrents. Whether and under what circumstances law enforcement can request a poll be transmitted (re-registration) to locate a silent but powered phone is less clear. It would seem that CALEA forbids this, but what in fact is the practice by such agencies as the FBI working quietly with cell carriers in places such as NYC is less clear. In the future FCC rules will require that all E-911 calling wireless phones be located to 125 meters 67% of the time. There are proposals to do this with differential time of arrival (DTOA) or other direction finding techniques (apparently a hard problem in cities with lots of multipath propagation due to reflections) that work passively on some or all cell calls and registrations (thus allowing tracking of everybody), or by cooperation with the cellphone handset that could be only turned on when the user wished to be located (an E-911 emergency) and disabled otherwise. One version of this would use GPS rather than ranging or other techniques to determine position relative to the cell sites. Of course all the user disaablable techniques such as GPS and DTOA done in the handset firmware only will work with future cell firmware and hardware and not legacy handsets, and because of this may not be acceptable to the FCC. There are some distinctions between CDMA, GSM, analog and TDMA (non GSM), in respects to exactly how easy it is to implement precision location meeting the FCC spec passively and on all calls at all times. Apparently CDMA with its very tight power control to minimize the near-far problem makes it fairly awkward to reliably triangulate position from multiple sites since the mobile may be only detectable at one site at any time... What this means in practice is that some wireless technologies are more likely to require some definate active firmware intervention to do precision location, whilst others may allow it with no special intervention. If the FCC allows this intervention to be enabled by a user, this may provide some opportunity for location privacy.
However pagers are not, correct? They just broadcast an entire area to page instead of the pager keeping the network informed of their location.
The one way pagers work this way. The guaranteed delivery two way pagers do support registration and will know the location of the pager after a page has been sent to it and any time the system wants to determine it. This location will be quite coarse with current two way (reFlex) pagers with cell sites some distance apart, but DF techniques are quite possible and could be implemented by law enforcement or spooks or other interested groups. Unlike wireless phones there is no current FCC requirement for positioning information distribution or precision positioning infrastructure, so two way pagers aren't likeyly to be routinely located accurately any time soon. Of course most modern wireless phones support paging message delivery, so more and more people will be using wireless phones with the FCC mandated tracking accuracy for paging...
One thing I have long wondered: Why don't they make phones that "wake-up" by a paging signal and then accept the call? It might increase the connect time significantly, but it would also increase the potential stand-by time indefinitely, and the location of the user is only exposed when calls are in progress, not while the phone is on stand-by.
Wireless phones do currently work this way. They listen to the forward control channel for a paging message that says they have got a call coming in and only then do they transmit. The amount of power used in transmitting would quickly use up the battery if they continuously broadcast. The problem with cellphone location is that they can also be paged with a registration request that does not cause them to ring or show any evidence of transmitting, but sends back a brief message burst (not using much battery). This can be made to happen every so often, or only when polled.
Are there any paging services (particularly alpha paging) that work on a global scale? You would think daily pager rental service (esp. at airports) would be popular. You could have an email address, even a static phone number, that could re-route messages to any pager that you happen to have at the time (PSTN-IP-PSTN, or even easier if the pager service gives SMTP addresses, which most do these days).
There are nationwide pager services that broadcast your pages over very wide areas or depend on registration to locate you down to a smaller area. But yes, you can get paged anywhere in the US and several other countries. And the new LEO satellite technology will allow paging over whole continents or potentially anywhere in the world.
Similarly a PSTN-IP-PSTN interface for voice could give you a static phone number that you could dynamically forward anywhere untraceably.
The LEAs don't like this concept, and one of the provisions of the CALEA wiretap stuff is providing tracing of calls forwarded so you can't do this.... -- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
At 08:13 AM 9/18/98 -0400, Chip Mefford wrote:
Actually,
there seems to be a screw up out there.
Right now, one can go down the 7/11, and pay cash for a prepaid cellphone, and renew it with cellphone time cards also purchased with cash.
No paperwork, NONE.
I have one.
I pointed this out two years ago when the first prepaid cellular phones appeared in NYC. This is an example of the problem with regulations that depend on keeping "bad" people from having bank accounts, net accounts, phone accounts, etc. These depend on *all* sellers of these account services conspiring with the government in a cartel to deny services (a Government Denial of Service attack). But such a cartel (even if backed by law) is impossible to maintain. There is too much profit in breaking it. DCF
From Wednesday's WSJ:
"In a depressing turn for law-enforcement authorities, prepaid service has caught on with drug dealers and other criminals. With no contract and no bills, there is no paper trail -- a feature that also makes the service attractive to tax evaders." September 16, 1998 Prepaid Plans Start to Open Up The Cellular-Phone Market By GAUTAM NAIK Staff Reporter of THE WALL STREET JOURNAL Warren Pippin, a police officer in Savannah, Ga., ditched his traditional cellular-phone contract two years ago. "I couldn't stand paying bills every month," he says. "This is so much simpler." Now he uses prepaid cellular-phone service, a plan that was hatched in Portugal four years ago, took Europe by storm and is finally catching on in the U.S. A user simply buys an off-the-shelf phone, along with a card representing a certain financial value. The phone is activated by dialing a phone number and a personal identification number printed on the card. When the money runs out, the card can be replenished via a fresh payment. Those are just the basics. In Portugal, refinements let prepaid users replenish their cards at automated teller machines. And wherever it is used, the prepaid method is democratizing a product and service long confined to the well-heeled. Although only 2% of America's 54 million wireless subscribers use prepaid service today, most are people who otherwise wouldn't dream of owning a mobile phone: inner-city residents, students, people with poor credit. While rates for prepaid service are generally higher than regular cellular plans, users have no 12-month contracts or monthly fees to contend with. All told, compared with regular "leisure" users, prepaid customers spend roughly 15% to 25% less per month. "Prepay is enabling people that have wanted wireless phones for a long, long time to finally get one," says Terry Hayes, a marketing executive at Omnipoint Corp., which recently launched a "no monthly fee" prepaid offering. The company, which operates from Maine to Maryland, sells prepaid phones in colorful packages at gas stations, Duane Reade drugstores and its own outlets. Every second Omnipoint customer has prepaid service. 'Best Thing for Kids' Page Tel, a wireless-service reseller in Detroit, has signed up 85,000 prepaid mobile-phone users, most of them students and inner-city residents. One popular product costs $39, and includes a Motorola flip phone. "It's the best thing for kids," says Laith Korkis, the owner of Page Tel. "They buy a $39 phone and a $10 prepaid card and walk down the street looking cool." In a depressing turn for law-enforcement authorities, prepaid service has caught on with drug dealers and other criminals. With no contract and no bills, there is no paper trail -- a feature that also makes the service attractive to tax evaders. Europe's prepaid users number some 14 million, or 20% of all mobile subscribers. By the end of 1998, the number of prepaid users will rise to 22 million, or 25% of the total European market, according to Salomon Smith Barney. In the U.S., playing catch up, virtually every big wireless provider has jumped into prepaid service: Half of PrimeCo Personal Communications LP's customers are prepaid, while 40% of BellSouth Corp.'s subscribers are. Prepaid will make up 25% of all new wireless sign-ups this year, estimates Donaldson, Lufkin & Jenrette. U.S. providers remain technologically behind their European counterparts, who adopted digital standards far earlier. European digital phones have a special card that can be inserted into the phone to activate special features such as Portugal's ATM replenishment. In the U.S., users can only replenish their prepaid phone by paying cash at a store or via credit card. Portugal Telecom SA, Portugal's main phone company, got the idea for prepaid cellular service when executives realized that the nation's sophisticated network of ATMs could be used as mobile-phone "refueling" stations. The service was launched in 1995; today, 68% of all Portugal Telecom's mobile-phone customers are prepaid. Telecel Communicacoes Pessoais SA, a rival wireless carrier that is 50.9% owned by Airtouch Communications Inc. of the U.S., has been equally aggressive. Its Vitamina prepaid phones are sold in brightly colored packages, each shaped in the form of a pill. One popular brand is aimed at corporations: The company can specify exactly how much credit it wants each employee's phone to have, and how often the credit should be topped up. The Frog Factor Another product, Vitamina K (for kid), is for children ages eight to 15. The phones look like frogs and have six colorful buttons that can be programmed by a parent. "One is for mummy, two for daddy, three for grandma. That's all the kid has to know," explains Joao Mendes Dias, Telecel's product-marketing director. An especially big hit is Vitamina R (for radicals), sold to the 15-to-24-year-old set and featuring only fashionable Ericsson or Nokia models. If a Vitamina R customer calls another Vitamina R user, the call is 35% cheaper than calling someone else. And the advertising slogan has its fans, as well: "Vitamina R. It heals everything but hangovers." Sandra Santos, a 21-year-old student in Lisbon, likes her snazzy Vitamina phone because it provides a running display of the credit available at any time. When she runs low, there is always a cash machine nearby. Thanks to special calling rates, her Vitamina bills are half what she paid with a previous subscription plan. And her previous phone? "I gave that to my dad," she says. Airtouch now hopes to apply Telecel's ideas-especially the savvy marketing -- in the U.S. The San Francisco company is pitching prepaid to students in Ohio and Michigan. During the World Cup soccer tournament, it targeted Hispanic customers in Southern California. In the last 12 months, about 10% of all new Airtouch customers joined on the prepaid plan. That number could double in the next 12 months, says Airtouch. Dave Whetstone, director of the company's prepaid business, noting that his company has extensive interests in European wireless carriers, adds: "We look at our European operations and say, 'Wow, prepaid is exploding there. There may be some cultural differences, but there's got to be something there' " for U.S. consumers. Airtouch won't have to convince Jenifer Borrusch, an 18-year-old student at Eastern Michigan University. Ms. Borrusch's parents wanted to give her a traditional mobile phone in case of emergencies during her 45-minute drive from Livonia, Mich., to college. But because she might overspend, they gave her a prepaid device instead. The ploy worked. "I won't even let my best friend use it," she says.
Actually, there seems to be a screw up out there. Right now, one can go down the 7/11, and pay cash for a prepaid cellphone, and renew it with cellphone time cards also purchased with cash. No paperwork, NONE. I have one. While all of the technology applies, and certainly it is possible to determine things by analyzing calling habits, I can't see how one can easily determine who has cellphone #blahblahblahblahblah when you just bought a box at an out of town 7/11 during the breakfast rush with cash. Esp if one doesn't make a lot of calls. On Thu, 17 Sep 1998, Dave Emery wrote:
On Thu, Sep 17, 1998 at 11:56:02AM -0700, Matthew James Gering wrote:
Regarding the tracking of mobile phones, are all current types of phones susceptible?
There was a recent post here regarding tracking of GSM phones. TDMA/CDMA, analog/digital, PCS-band, etc, are they all equally capable of being tracked?
All the wireless standards I am aware of allow for registration and polling phones to find out if they are on and available without ringing them. This provides silent location information to the nearest cell of a phone merely turned on, location which may be hundreds of feet in tightly congested urban areas and tens of square miles in suburban and less populated areas. Some system operators apparently use this feature with all active phones to relieve congestion on paging channels, while others do not actively track phones not being used except in certain situations or parts of the network. Of course location to a cell is always available during a call...
The FCC has mandated that this cell-granularity location information be made available to E-911 centers on emergency calls, and there may be some situations in which it is currently made available to domestic law enforcement under other circumstances, though CALEA restricts such availability without warrents. Whether and under what circumstances law enforcement can request a poll be transmitted (re-registration) to locate a silent but powered phone is less clear. It would seem that CALEA forbids this, but what in fact is the practice by such agencies as the FBI working quietly with cell carriers in places such as NYC is less clear.
In the future FCC rules will require that all E-911 calling wireless phones be located to 125 meters 67% of the time. There are proposals to do this with differential time of arrival (DTOA) or other direction finding techniques (apparently a hard problem in cities with lots of multipath propagation due to reflections) that work passively on some or all cell calls and registrations (thus allowing tracking of everybody), or by cooperation with the cellphone handset that could be only turned on when the user wished to be located (an E-911 emergency) and disabled otherwise. One version of this would use GPS rather than ranging or other techniques to determine position relative to the cell sites. Of course all the user disaablable techniques such as GPS and DTOA done in the handset firmware only will work with future cell firmware and hardware and not legacy handsets, and because of this may not be acceptable to the FCC.
There are some distinctions between CDMA, GSM, analog and TDMA (non GSM), in respects to exactly how easy it is to implement precision location meeting the FCC spec passively and on all calls at all times. Apparently CDMA with its very tight power control to minimize the near-far problem makes it fairly awkward to reliably triangulate position from multiple sites since the mobile may be only detectable at one site at any time... What this means in practice is that some wireless technologies are more likely to require some definate active firmware intervention to do precision location, whilst others may allow it with no special intervention. If the FCC allows this intervention to be enabled by a user, this may provide some opportunity for location privacy.
However pagers are not, correct? They just broadcast an entire area to page instead of the pager keeping the network informed of their location.
The one way pagers work this way. The guaranteed delivery two way pagers do support registration and will know the location of the pager after a page has been sent to it and any time the system wants to determine it. This location will be quite coarse with current two way (reFlex) pagers with cell sites some distance apart, but DF techniques are quite possible and could be implemented by law enforcement or spooks or other interested groups. Unlike wireless phones there is no current FCC requirement for positioning information distribution or precision positioning infrastructure, so two way pagers aren't likeyly to be routinely located accurately any time soon.
Of course most modern wireless phones support paging message delivery, so more and more people will be using wireless phones with the FCC mandated tracking accuracy for paging...
One thing I have long wondered: Why don't they make phones that "wake-up" by a paging signal and then accept the call? It might increase the connect time significantly, but it would also increase the potential stand-by time indefinitely, and the location of the user is only exposed when calls are in progress, not while the phone is on stand-by.
Wireless phones do currently work this way. They listen to the forward control channel for a paging message that says they have got a call coming in and only then do they transmit. The amount of power used in transmitting would quickly use up the battery if they continuously broadcast. The problem with cellphone location is that they can also be paged with a registration request that does not cause them to ring or show any evidence of transmitting, but sends back a brief message burst (not using much battery). This can be made to happen every so often, or only when polled.
Are there any paging services (particularly alpha paging) that work on a global scale? You would think daily pager rental service (esp. at airports) would be popular. You could have an email address, even a static phone number, that could re-route messages to any pager that you happen to have at the time (PSTN-IP-PSTN, or even easier if the pager service gives SMTP addresses, which most do these days).
There are nationwide pager services that broadcast your pages over very wide areas or depend on registration to locate you down to a smaller area. But yes, you can get paged anywhere in the US and several other countries. And the new LEO satellite technology will allow paging over whole continents or potentially anywhere in the world.
Similarly a PSTN-IP-PSTN interface for voice could give you a static phone number that you could dynamically forward anywhere untraceably.
The LEAs don't like this concept, and one of the provisions of the CALEA wiretap stuff is providing tracing of calls forwarded so you can't do this....
-- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Chip Mefford wrote:
Actually,
there seems to be a screw up out there.
Right now, one can go down the 7/11, and pay cash for a prepaid cellphone, and renew it with cellphone time cards also purchased with cash.
No paperwork, NONE.
I have one.
While all of the technology applies, and certainly it is possible to determine things by analyzing calling habits, I can't see how one can easily determine who has cellphone #blahblahblahblahblah when you just bought a box at an out of town 7/11 during the breakfast rush with cash.
Esp if one doesn't make a lot of calls.
Tasty. Especially if one's partner in crime has taken the same precaution. To the LEAs: technology giveth and technology taketh away. BTW - do these phones have a modem connector? If not could one be added? Then you get end-to-end privacy too.
participants (7)
-
Bill Stewart -
Chip Mefford -
Dave Emery -
Duncan Frissell -
Matthew James Gering -
Michael Motyka -
Steve Schear