Remove the battery and there is no possible way to track you with GPS
Police Tapped Sprint Customer GPS Data 8 Million Times In A Year http://tinyurl.com/y9a4tkp
Under a new system set up by Sprint, law enforcement agencies have
gotten GPS data from the company about its wireless customers 8 million
times in about a year, raising a host of questions about consumer
privacy, transparency, and oversight of how police obtain location data.
What this means -- and what many wireless customers no doubt do not
realize -- is that with a few keystrokes, police can determine in real
time the location of a cell phone user through automated systems set up
by the phone companies.
And while a Sprint spokesman told us customers can shield themselves
from surveillance by simply switching off the GPS function of their
phones, one expert told TPM that the company and other carriers almost
certainly have the power to remotely switch the function back on.
To be clear, you can think of there being two types of GPS (global
positioning system). One is the handy software on your mobile device
that tells you where you are and helps give driving directions. But
there's also GPS capability in all cell phones sold today, required by a
federal regulation so if you dial 911 from an unknown location,
authorities can find you.
Sprint says the 8 million requests represent "thousands" of individual
customers -- it won't say how many exactly -- and that the company
follows the law. It's not clear, however, if warrants are always needed,
or whether they have been obtained by police for all the cases.
We know the 8 million number thanks to an Indiana University graduate
student named Christopher Soghoian, who has made headlines before for
investigations of privacy and tech issues.
At a recent professional security conference attended -- and taped -- by
Soghoian, Sprint Manager of Electronic Surveillance Paul Taylor revealed
the 8 million figure. "[T]he tool has just really caught on fire with
law enforcement," he said:
We turned it on the web interface for law enforcement about one
year ago last month, and we just passed 8 million requests. So there is
no way on earth my team could have handled 8 million requests from law
enforcement, just for GPS alone. So the tool has just really caught on
fire with law enforcement. They also love that it is extremely
inexpensive to operate and easy
It's useful to keep in mind that, as Sprint spokesman Matt Sullivan
tells TPM, "every wireless carrier has a team and a system" through
which police can access GPS data. Sprint is the company unlucky enough
to find itself the focus of scrutiny, but it reportedly controls just
18% of the U.S. wireless market, making it the third largest carrier.
Sprint says the 8 million figure "should not be shocking given that
Sprint has more than 47 million customers and requests from law
enforcement and public safety agencies" include missing person cases,
criminal investigations, or cases with the consent of the customer.
(Read the company's full statement here.)
Privacy advocates, though, are alarmed. "How many innocent Americans
have had their cell phone data handed over to law enforcement?" asked
Kevin Bankston, senior staff attorney at the Electronic Frontier
Foundation, in a lengthy response to the revelation. He goes on:
How can the government justify obtaining so much information on so
many people, and how can the telcos justify handing it over? ...
What legal process was used to obtain this information? ...
What exactly has the government done with all of that information?
Is it all sitting in an FBI database somewhere?
Bankston calls on Congress "to pull the curtain back on the vast,
shadowy world of law enforcement surveillance and shine a light on these
Sullivan, the Sprint spokesman, tells TPM that for certain requests the
police pay a fee to Sprint to cover costs. But it's not just a question
of paying an entry fee to access the system; Sullivan says there's a
legal process. "Before [law enforcement] can access any customer data,
they have to show proper legal demand," and "the parameters of the
information they can receive is extremely specific, including the
duration they can look at it and the specific data."
It's not clear, according to EFF, that "proper legal demand" always
means a search warrant.
Julian Sanchez of the Cato Institute has chimed in with a look at the
current state of the relevant law, including the 2005 reauthorization of
the PATRIOT act. He concludes that it's "quite likely that it's become
legally easier to transform a cell phone into a tracking device even as
providers are making it point-and-click simple to log into their servers
and submit automated location queries."
Another key question: can customers disable the GPS on their wireless
devices? Sprint's Sullivan says its his "understanding" that privacy
settings on phones can be set to turn off GPS, in which case, he says,
police trying to conduct surveillance would not be able to track a phone.
But Jeff Fischbach, a California-based forensic technologist who has
been a technical consultant on many criminal cases over the years, tells
TPM he's seen empirical evidence that the privacy settings are
essentially meaningless. Again and again, he says, "I've seen GPS data
from defendants who told me [the function] was switched off."
Saying there's nothing technically sophisticated about switching on GPS
capability remotely, Fischbach observes that if it's really possible to
switch off GPS on a phone, "it would almost be like saying license
plates are optional."
We may be getting more answers soon. With buzz growing around Soghoian's
report, first posted on his blog, Sprint has been forced to respond
publicly. Fischbach believes it's only a matter of time before the
company is forced to make more disclosures to the public.
"Sprint's going to have to calm people down," he says.
Civis Romanus Sum