Monday, May 14, 2018

How a “location API” allows cops to figure out where we all are in real-time

That's the provocative title of a piece that was on ARS Technica over the weekend - and they include a really novel link.  You can try to see if your phone, or a handful of other things, can be located.  Think of it as a way to test your privacy measures, your VPN or browser security.
The digital privacy world was rocked late Thursday evening when The New York Times reported on Securus, a prison telecom company that has a service enabling law enforcement officers to locate most American cell phones within seconds. The company does this via a basic Web interface leveraging a location API—creating a way to effectively access a massive real-time database of cell-site records.
The API - Applications Program Interface - is the key.  It's what appears to be Securus' contribution to the tracking.  The API makes it possible for any programmer to write applications that use this data.  The data itself is not from Securus.  They rely on data brokers and location aggregators that obtain that information directly from mobile providers.
The Texas-based Securus reportedly gets its data from 3CInteractive, which in turn buys data from LocationSmart. Ars reached 3CInteractive's general counsel, Scott Elk, who referred us to a spokesperson. The spokesperson did not immediately respond to our query. But currently, anyone can get a sense of the power of a location API by trying out a demo from LocationSmart itself.
If you want to see where the fight over the end of the Fourth Amendment is currently taking place, this may not be it exactly, but I bet you can see it from here.
Securus’ location service as used by law enforcement is also currently being scrutinized. The service is at the heart of an ongoing federal prosecution of a former Missouri sheriff’s deputy who allegedly used it at least 11 times against a judge and other law enforcement officers.
"To access this private data, correctional officers simply visit Securus’ Web portal, enter any US wireless phone number, and then upload a document purporting to be an official document giving permission to obtain real-time location data," Wyden wrote.
The reason the data is available is because cell phones need to "talk" with the towers and the towers triangulate on a given number to aid in handling the call.  If several towers receive the handset, as is usually the case, they can tell by signal strength changes the likely direction the phone is moving, so that they can hand off to the next cell more easily.  

With the Securus system, the phone's location isn't obtained from the phone's GPS; the provider's  knowing the location has nothing to do with a phone being a Smart phone or a dumb old flip phone, and it has nothing to do with turning "location services" off.  The location awareness comes simply from being a phone on the cellular network.

Similarly, while the location provided by triangulating between cell towers is low resolution - they might know that the phone is somewhere in a quarter or half mile diameter circle - this was adequate for a lot of criminal prosecutions.  If someone's argument was "I wasn't even there", and the phone records verified they weren't within that quarter mile circle but in another cell some distance away, the story checked.  GPS enhances that measurement.  You can envision someone being falsely accused of something by a third party but being in the same cell as the third party.  Perhaps they're within a few hundred yards of the accuser; two or three houses or apartments away.  They're really "not even there", but the location being accurate only to within a quarter or half mile circle is incapable of proving or disproving that. 

The LocationSmart test page.  I haven't decided if I really want to run the test.  With a service like this, I want to read the "Terms of Use" and they don't really make me comfortable.  I'd like them to say, "this is a one-time demo; we're going to destroy the number you gave us in 24 hours along with all the information you entered".  Nope.  In one place it says, "You agree to provide LocationSmart with true, accurate, current, and complete information about yourself (the "User Information") if requested, and maintain and update such information to keep it true, accurate, current, and complete at all times."  I added that bold format.  That sounds like they're going to keep anything I tell them. 

In the old days, people used to wonder if the FBI had a file on them and we used to say the easiest way to get an FBI file started on you was to request a copy of your FBI file under the Freedom of Information Act.  I just can't help but wonder if checking to see if your phone (or browser, landline, and so on) can be tracked is a way to ensure that it gets tracked.  But then I tell myself it's already tracked anyway.


  1. Didn't I see this being done on an old NCIS episode.

  2. If it works to catch criminals I'm for it. I don't always carry my cell phone and I rarely have it on so I'm not too worried about this.

    1. That's what the King's ministers said about not needing warrents to enter homes. They were only looking for criminals and you have nothing to fear from their search.

    2. To Anonymous 10:54. I think everyone here is missing the point. If you are standing on the street corner and see someone steal a purse IS THAT LEGAL TO SEE THAT??? Well of course it is. You aren't peeking in a window, you aren't rumaging through someones house. You are simply seeing what can be seen from a public place. NOW suppose a radio talk show host accuses someone falsely on the air. Can they be sued??? After all your point seems to be that we aren't allowed to hear what is said or to know what station it was said on. Well of course we can hear it and act on it because it is on the public air waves. NOW apply that to your cell phone. The information in question is available to anyone who knows how to get it. It doesn't require they snatch your phone and find it. It doesn't require a search of AT&T offices to get it. It is in the air. No warrant is required. We aren't talking about private conversation but simply the 1's and 0's that allow the equipment to work. That it allows you/someone to know where that phone is physically located is no different than standing on the corner and observing someone. It is there for all to see, it is inherent in the design and function of the phone. If you don't want to be seen on the street snatching purses don't do it and if you don't want your phone to tell people where you are get rid of the phone. Simple as that. You don't NEED a phone. I'm not sure you realize that. you "want" the phone and if you want it then you accept the baggage that comes with it.

  3. Spy 101:

    Buy a burner phone. Use call forwarding: Set it to forward all calls received by it to your actual in-your-pocket number.

    You can now destroy the physical burner phone, but all calls to it come to you (minus caller ID data). It has no actual location. But there's no way to tell where you're actually standing, as long as you pay the burner phone bill.

    You can do the reverse, using one burner phone per number you want to call outbound to, and the same call forwarding technique.

    So far, even TPTB can't crack that.

    So far.

    The trick is not linking your phone number to you, ever, and never using it to call anyone/thing directly.

    Once you're linked to a number, it's like the Internet itself: it's forever.

    And @Anonymous 12:32
    It works to catch everyone, everywhere, at all times, 24/7/365/forever. That's the difference between what you "aren't too worried about," and what the authors of the Fourth and Fifth Amendments were worried about.

    Look up your high school civics teacher, and punch him in the junk for doing a crappy job.

    1. So far, even TPTB can't crack that.

      So, you're telling me the phone company's location reporting code can't query their database for what numbers forward to this number? Maybe that little sql fragment has been in the location reporting code since the first week, because enough people forward their work desk phone to their cell that it was obviously useful?

      Graphviz (short for Graph Visualization Software) is a package of open-source tools initiated by AT&T Labs Research for drawing graphs

      Initial release: before 1991

    2. Aesop; You are tilting at windmills. It is a fact. You can't change it. All you can do is talk about it. If it makes you feel good that you can disparage someone who disagrees with you perhaps you should look up your childhood pastor and apoligize to him.

      Cell phones by their design and implementation create this situation. That someone, police or private citizen uses it is simply a fact of life now. Live with it. The best solution if yu are "that" paranoid is don't have a cell phone.

      Your position on this is like hating that other humans have eyes and can see you as you move through life. That is simply the way it is. As my mother always told me don't do or say anything you would not do or say in front of your grandmother. Good advice. Take it and stay out of trouble.

    3. You're missing the point: they can list all the numbers they want. They can identify the number in time and space.

      The critical info bit they don't have with a burner phone, is that they can't associate a ten-digit number to being you. That's why it's called a burner phone. Because it's not able to be associated to an actual person.

      Why this obvious reality upsets your applecarts is something to talk over with a pshrink, but I can't help it if reality kicks anybody's ass.

  4. Reason #185473 why I will never own one of these things.

    Whitehall, NY

  5. We sure pay an awful lot for the "convenience" of having a phone with us all the time.....

  6. They cannot track your phone if you have removed the battery. Turning it "off" is not sufficient, because the FedPigs (at least) have backdoors into the smart phones so they can remotely turn them on without you noticing. They admitted this several years ago in a trial where they presented audio of two people discussing a drug deal. Ever wonder why most smart phones won't let you remove their battery?

    1. That is a myth. If you turn off your phone it cannot receive any signal and turn itself on.

    2. I hate to break this to you, but the DoJ admitted in court several years ago that they had done just that. What pig sty do YOU work for, Officer Anonymous?

    3. "What pig sty do YOU work for"
      Your mother would be so proud of you.

      I repeat the DOJ, CIA, FBI cannot turn on a cell phone that is turned off AND they cannot use it to listen to you or track you either. The phone must be on to do these things. It would be possible to build a phone or other device to do exactly what you say but it would be very difficult to do it totally secretively. And by "secretively" I don't mean that they don't tell you I mean that it is undetectable in the circuitry.

      It would be interesting to have SG chime in here. Considering his expertise in electronics his insight on this would be useful.

    4. At the risk of sounding like Bill Clinton, it depends on what the definition of "OFF" is.

      iPhones, for one, are never really completely "OFF"; I assume other smartphones are the same. The only way they turn it completely off is to open it up and pull the battery. Having done that, it's not an easy operation - it takes a couple of steps and special tools. I know some Android phones used to allow you to pull the battery but I'm ignorant of those.

      Going into airplane mode is good alternative. If it really turns off the radios (phone, WiFi, Bluetooth and any others), and it appears to turn them off, then the phone can't be accessed. It's a hunk of plastic, metal, glass and silicon. Could someone hack the code in the phone to turn the modem on periodically to listen or transmit? I would guess they could.

      In this story in ARS, Apple said that their devices were protected against this sort of attack if the device was locked and they're constantly trying to get everyone to lock their phones. Locking must turn off the microphones.

    5. I'm not sure about this. I worked in electronics and have an associate degree in electronics. I have a masters in computer systems and worked my entire life with computers programming and repairing them. IMHO in order to be able to turn on a device remotely it must have the ability to receive a signal telling it to turn on AND it must have the circuitry and/or the coding to do that. These two things must be present. Are they? It would be impossible to have them present without it being obvious to anyone with working knowledge of the device to know this. My bedside radio is plugged in and powered I defy you to turn it on. Why can't you? Because there is no circuitry and coding to allow it. Ditto for cell phones.
      I often leave my phone off for days and weeks. When I do the battery stays at 100%. When I have it on but make no calls I use about 25-30% a day. What that tells me is when the smart phone is turned off it is not scanning the troposphere for signals, it is doing nothing. If it was looking for that unlikely signal to turn itself on it would have to be looking 24/7, looking, looking, looking. It is not passive it must actually use electrons to do it.

      So both of these facts (that there is no circuitry or coding to allow it and that when the phone is turned off it is "off") mean that the FBI or CIA cannot turn your phone on remotely.

      If you (the generic you as in anyone) think I am wrong than show me exactly how it is done. I want to either see the circuitry OR the assembly level commands to do that. I don't think anyone can show me this. I don't think even Steve Wozniak or anyone at Apple can show me that.

      Now don't confuse what I have said with the various possibilities that a turned on phone can do unexpected things. Different issue.

    6. Which company do you claim that you worked for? I want to make sure I don't buy any of THEIR garbage, because they clearly employed individuals who don't know jack shiite about what they're doing. Have you heard of "back doors"? That's normally in software, but they also exist in hardware. Routers are an example. The FedPigs got manufacturers to put them in so the FedPigs could access the info they want, WHEN they want it, without a warrant. Or is this just more "fake news":
      Are you REALLY that incompetent or are you instead just another lying pig trying to con Mere Citizens???

    7. Yeah, gee, back doors, golly I guess you got me there. Listen Mark you are out of your depth here. Somewhere you heard about "back doors" and think they are magic. The first and most important thing is the system must be powered for the back door to be operational.

      My point is still that IF there was either the electrical circuitry and/or the ability to code the system to allow a "turned off" cell phone to be turned on remotely that such circuitry and/or coding ability would be known to everyone familiar with the intricacies of the phone. There is no such knowledge to support this theory. What there is, is some conspiracy theories and some claims of the possibility.

      SO, prove me wrong. Show me the circuit that can turn on a phone remotely. This would indeed be possible. It would be a very specific part of the design with no other purpose than to allow this function and not easily hidden. It would require enough power (probably as much as the phone itself requires) so it would be obvious to everyone with one of these phones that it was present. So if it is there it is easy to prove. Prove it!!!

    8. Read the friggin' link. Then blow it out your pig butt.

      And that was back in 2014.

      As I said, what company do you claim that you worked for in electronics? I sure as hell don't want any of THEIR products.

    9. Well this is a good start Mark. It appears that you are no longer claiming that the government can turn on a cell phone that has been turned off. Now we need to work on your pig butt fetish.

  7. Aesop is , as usual, full of shit. The ONLY way not to get tracked is to not carry a phone or any other form of E-COMS. Even then you can have an RFID planted and be tracked and never know it. GPS is regularly(and illegally) used by Law Enforcement to track cars and individuals. Honestly the only way to know you haven't been tracked is to ditch everything that has been out of your sight. @ Anonymous: Remote activation, GPS and RFID are all built into ALL modern communications at the factory. That has been federal law for more than 20 years. The only way not to get tracked is to be a total paranoid acting as if you live in a repressive military police state , right out of 1984. Because you do.

    1. Anonymous genius is full of shit.
      Nobody said the phone couldn't be tracked.
      He said you can't be tracked if the phone you're carrying in your pocket isn't linked to being YOU.

      So it's just an anonymous ten-digit device at a certain area.

      Low reading comprehension for the win.

  8. Funny. I just don't find it a crimp in my lifestyle to have a cheap cell phone in the car for emergencies, but keep the battery out when I'm not using it. Or to not have a cell phone attached to my body, or the car (Onstar etc.) Or to use Linux for my everyday computer. Or to spend cash for everyday purchases. Or to not document my life on Facebook.

    This was the mainstream lifestyle what, 30 years ago? Everybody lived this way. It's not hardship or adversity, we didn't suffer from not making chit-chat with our loved ones every hour. Check out what advice Don Lancaster gave in 1978 on page 62 (pdf page 82) of _The Incredible Secret Money Machine_:

  9. Aesop, what makes you think that you understand enough about the technology to think that you know all the ways the Fed.Gov could track you? And that they can't link burner phones to you?

    The Dread Pirate Roberts got busted because of an OpSec failure, and he knew tons about the different ways they could track him. He's doing life with no parole now.

    "Buy crap loads of burner phones and your problems are solved" is doing a grave disservice to the readers here.

    P.S. The first time your burner phone forwards a call to your real phone is when they have you. Google Call Detail Report to learn why. But this is a different way of saying that there are a lot of ways to go wrong when you don't understand all the underlying technologies.

    1. Borepatch,
      I don't know why the concept is so difficult for so many people, in 0.2 seconds:
      The burner phone is "your real phone", for the purposes of the discussion.

      If you're doing anything with a phone number that's already been linked to you by name, you've already f**ked this up from the get-go. That movement, location, etc., is compromised full-time the minute you put the battery in it.

      And if you link your name to any number officially (billing, credit history, registration, etc.), it's been "burned".

      If you're carrying a linked phone around in your pocket, you're no longer 123 456 7890, you're now Joe Blow, not mystery meat.
      It's not any harder than that.

      I can drive around in a car all day long. You can photograph it from space, and read the license number a million times a day.

      But if the tag is an aluminum plate I pounded out in my garage workshop, and it looks like a legit license plate, because I have mad paint skillz, but it's never been registered to me by the DMV, you can't track me. (And obviously, that doesn't work when you get pulled over, because you're in the car).

      But nobody pulls you over walking through the mall because you have a phone in your pocket that doesn't link to an actual identified person with 5000 pieces of data from IRS records to FBI files to fingerprints to driver's license to 30 credit reports ad infinitum.

      FFS, that's why you can't tell who "Borepatch" or "Aesop" really is by looking us up in the phonebook, because (absent a lot of other connections not available to most people) no one can connect an Internet "handle" to our actual identity.

      That someone can run a web page on the Internet and not grasp that concept baffles the bejeezus out of me.

      That's what a "burner phone" is, FFS.
      You bought it for cash. You pay cash to top off the account.
      You don't call from it nor receive calls inbound directly to it, to or from anyone. EVER.
      Otherwise, it's "burned", and you pitch it.

      I cannot imagine doing this 24/7/365 for every call you're making. But the phone that you think of as "yours", registered to you, tagged to you, identified to you, geo-located to your address in real time doesn't go with you all the time unless you want all that movement and your entire itinerary tracked in minute detail, ever hour of every day.

      That's the difference between a phone that's untraceable to being you - or anyone else, specifically - and one that's a tethered red balloon tied to your belt, your entire life, at least for most people who use them without any forethought.

      It's not any more difficult than that.
      I was telling you how not to be tracked.
      (Which, if you're using a burner phone while "your" ID'ed and self-linked phone is in the other pocket, is a Stupidity Fail of biblically epic proportions. When both numbers have the same geo-location - depending on the precision of the system - the jig is up, and you'd be toast.)
      I was not telling you that you could be literally invisible.
      {And I'm not being "Anonymous" to be cute; apparently there's some trouble at the moment getting the thread to link me to "Me".
      Almost like I was using a burner account.}

  10. The first time your burner phone forwards a call to your real phone is when they have you.

    Imagine former spy agency employee Edward Snowden chasing you. When you enter your real number as a forwarding on the burner phone is when they have you.

    I believe the burner phone forwarding thing is like a nonviolent protest without armed protection by the Deacons for Defense and Justice. Government employees teach it to you because it doesn't work, and citizens do it because they know it doesn't work. It's like a domesticated dog whimpering instead of biting. Liberty is scary, most people reject it.

  11. Not only does connecting your burner phone to your real phone give you away, so does EVER turning on your burner phone in the safe location as your real phone, especially if you don't live in a crowded urban area. There are records kept of all phones in an area; several years ago AT&T admitted it had people embedded in DEA task forces for just this reason - to find out which phones were in a given area at the same time as, or before or after, a target phone.

  12. Cops have had this ability for well over a decade. A few bad cops who decide to harass someone can make their life hell quite easily.

    1. David,
      "A few bad cops"? How about the entire bloody FBI, which has proven itself to be as corrupt as any hick town, "good ol' boy", cop or deputy with shaven head and fingerless gloves, along with the requisite dark sunglasses?

      How about NSA? Their intentions toward us don't need to be good or bad, they collect the information simply because they can. BFYTW (not you, David, but how they view all of us "peons" out here). To paraphrase: "One Nation, Under Surveillance, with Liberty and Justice for None".

      The question isn't "Are you being paranoid?" The question is, "Are you being paranoid _enough_?" There doesn't _have_ to be a reason for trying to keep .gov from knowing everything about you. It is reason enough that they aren't entitled to know everything about you.

      People who say, "If you aren't a criminal, why do you care?" 1) Because they don't have the right to know anything about me beyond "name, rank, and serial number", and 2) Because every one of us are guilty of committing "three felonies a day", thanks to laws on the books that we haven't even a clue about. The government considers _all_ of us as criminals.

    2. This is nothing new
      It is how the tracked O.J.