Habeas Data: Privacy vs. the Rise of Surveillance Tech

Politico (June 3, 2018) published an excerpt from Habeas Data: Privacy vs. the Rise of Surveillance Tech, by Cyrus Farivar.

The police in Santa Clara, CA tracked a hacker through the warrantless use of a secretive surveillance technology known as a stingray, which snoops on cell phones. Stingrays, or cell-site simulators, act as false cell phone towers that trick phones into giving up their location. They have become yet another tool in many agencies’ toolbox, and their use has expanded with little oversight - and no public knowledge that they were even being used until the Hacker went on an obsessive quest to find out just how law enforcement tracked him. When he tugged on that thread, he found out something else: that police might be tracking a lot more than we even know on our phones, often without the warrants that are usually needed for comparable methods of invasive surveillance.

While StingRay is a trademark, stingray has since become so ubiquitous in law enforcement and national security circles as to also often act as the catch-all generic term - like Kleenex or Xerox. A stingray acts as a fake cell tower and forces cell phones and other mobile devices using a cell network (like Rigmaiden’s AirCard, which provided his laptop with Internet access) to communicate with it rather than with a bona fide mobile network. Stingrays are big boxes - roughly the size of a laser printer - like something out of a 1950s-era switchboard, with all kinds of knobs and dials and readouts. Stingrays can easily be hidden inside a police surveillance van or another nearby location.

All of our cell phones rely on a network of towers and antennas that relay our signal back to the network and then connect us to the person that we’re communicating with. As we move across a city, mobile networks seamlessly hand off our call from one tower to the next, usually providing an uninterrupted call. But in order for the system to work, the mobile phone provider needs to know where the phone actually is so that it can direct a signal to it. It does so by sending a short message to the phone nearly constantly—in industry terminology this is known as a ping. The message basically is asking the phone: “Are you there?” And your phone responds: “Yes, I’m here.” (Think of it as roughly the mobile phone version of the children’s swimming pool game Marco Polo.) If your phone cannot receive a ping, it cannot receive service. The bottom line is, if your phone can receive service, then the mobile provider (and possibly the cops, too) know where you are. (Politico June 3, 2018)