Americans' cellphones subject to sweeping government surveillance
Since 2007, the United States Marshals Service has been operating a program where aircraft it operates are equipped with devices designed to imitate cell towers for the purposes of gathering unique mobile phone registration data.
These devices, similar to the StingRay equipment used by law enforcement on the ground, are called “dirtboxes,” derived from the name of the company that makes them, DRT, Inc. (Digital Recovery Technology), which is a subsidiary of Boeing.
These dirtboxes are installed on Cessna aircraft operated out of five airports situated around larger cities, allowing the Marshals to canvass most of the population. In flight, the dirtboxes will scan data from any cellphones it can identify, tricking them into thinking they are connected to a site operated by one of the major wireless carriers.
The cellphones will report their unique identifiers, known as an IMSI (International Mobile Subscriber Identity), to the dirtbox. Out of this dragnet method of gathering data (similar to the NSA methodology), the Marshals would identify their target of surveillance, and the dirtbox “lets go” of all other cellphone data collected in the process.
Use of the dirtbox has been known to cause problems by interrupting calls in progress, raising concerns that 911 calls could get dropped. Software updates have apparently alleviated that issue. The way this system works, bypasses any encryption or security of data on the phone because the dirtbox mimics a cell tower so perfectly that the devices give up the IMSI without any issue.
What is even more telling about this program, is that it bypasses the carriers completely. In lieu of asking for location data from the provider, the Marshals are able to obtain it directly, and arguably more accurately, apparently within 10 feet. Newer versions of this technology reportedly also have the ability to jam signals discretely, or retrieve data within the device, such as SMS, MMS, or photos.
Concerns outside, and within the Marshals Service have been raised about how diligently non-suspect data has been handled or “dropped.” While it is seen as completely “legal” compared to other surveillance programs, the ethical question of if this method of surveillance “should” be done. Compared to a ground-based StingRay system, which might scan a couple hundred devices, an airborne platform is gathering tens-of-thousands of users’ data.
Also alienated in this program are the carriers, who have a vested interested in maintaining security of their networks, and other technology companies who have been striving to protect user data in the wake of the NSA scandal. This government backed “man-in-the-middle” tactic could further motivate companies to challenge warrants, National Security Letters, and other requests for information even more.
To make the story even more interesting, the dirtbox is able to gather IMSI data even if the device is not in use. That is according to a regulatory filing made by Boeing in 2010 to the US Department of Commerce. It was a report discussing the success the dirtbox had in finding contraband cellphones that had been smuggled into prisons.
source: The Wall Street Journal (subscription required)
These devices, similar to the StingRay equipment used by law enforcement on the ground, are called “dirtboxes,” derived from the name of the company that makes them, DRT, Inc. (Digital Recovery Technology), which is a subsidiary of Boeing.
The cellphones will report their unique identifiers, known as an IMSI (International Mobile Subscriber Identity), to the dirtbox. Out of this dragnet method of gathering data (similar to the NSA methodology), the Marshals would identify their target of surveillance, and the dirtbox “lets go” of all other cellphone data collected in the process.
Surveillance targets are what you would expect, suspected fugitives, drug dealers, and the like. Court orders are obtained to authorize the use of the dirtbox. However, as one might also expect, organizations like the ACLU raise valid privacy concerns, “It’s inexcusable and it’s likely – to the extent judges are authorizing it – [that] they have no idea of the scale of it,” according to Christopher Soghoian, chief technologist with the ACLU.
Use of the dirtbox has been known to cause problems by interrupting calls in progress, raising concerns that 911 calls could get dropped. Software updates have apparently alleviated that issue. The way this system works, bypasses any encryption or security of data on the phone because the dirtbox mimics a cell tower so perfectly that the devices give up the IMSI without any issue.
What is even more telling about this program, is that it bypasses the carriers completely. In lieu of asking for location data from the provider, the Marshals are able to obtain it directly, and arguably more accurately, apparently within 10 feet. Newer versions of this technology reportedly also have the ability to jam signals discretely, or retrieve data within the device, such as SMS, MMS, or photos.
Concerns outside, and within the Marshals Service have been raised about how diligently non-suspect data has been handled or “dropped.” While it is seen as completely “legal” compared to other surveillance programs, the ethical question of if this method of surveillance “should” be done. Compared to a ground-based StingRay system, which might scan a couple hundred devices, an airborne platform is gathering tens-of-thousands of users’ data.
To make the story even more interesting, the dirtbox is able to gather IMSI data even if the device is not in use. That is according to a regulatory filing made by Boeing in 2010 to the US Department of Commerce. It was a report discussing the success the dirtbox had in finding contraband cellphones that had been smuggled into prisons.
Things that are NOT allowed: