
The StingRay Is Why the 4th Amendment Was Written (2017) - jseliger
https://fee.org/articles/the-stingray-is-exactly-why-the-4th-amendment-was-written/
======
rival_elf
I work in the field of cell network security research and want to help clear
up some misinformation I'm seeing in these comments.

First, I just want to highlight that reason cell site simulators (the more
general term for StingRays/IMSI-catchers) exist is because cell phones cannot
authenticate all messages coming from cell towers. I'm seeing some vague
comments about "a lack of encryption", but it's primarily more of an
authentication issue.

You can read more about why it's primarily an authentication issue + how some
of the relevant types of cell network attacks work in this technical post I
wrote for EFF: [https://www.eff.org/wp/gotta-catch-em-all-understanding-
how-...](https://www.eff.org/wp/gotta-catch-em-all-understanding-how-imsi-
catchers-exploit-cell-networks)

There are some interesting proposals for fixing this lack of authentication
using a certificate-based PKI system, the most promising being this paper from
Purdue: [https://relentless-
warrior.github.io/index.php/publications/...](https://relentless-
warrior.github.io/index.php/publications/insecure-connection-bootstrapping-in-
cellular-networks-the-root-of-all-evil/). This solution is very far from
production-ready, but it's a much-needed step in the right direction.

~~~
stefan_
We have SIM cards for 30 years to authenticate unique users to the network,
but those same cards can't authenticate the network? No, this is entirely by
choice and could have been trivially solved. They just forgot the "server
certificate" part.

~~~
dunmalg
I'd say it's less a "choice" than an "oversight". SIM cards solve the problem
of "how do we know if Random Phone is attached to an account and the bill is
paid?" The question of "how does the phone know it's talking to a real tower"
was never even ASKED, as the very idea would have seemed preposterous.

~~~
foobarian
This happened with networked OSes too. There was a time when Ethernet jacks
were trusted unconditionally and hosts could be authenticated by their IP
address or worse. NIS used to use the "honor system." Great fun in college in
the 90s :-)

------
luxuryballs
Between this example and “no knock” warrants (where people get killed,
including police) I think it seems obvious that people have forgotten what the
point of a warrant is.

A warrant is suppose to prevent either of the two cases from resulting in
lengthy court battles or death from confusion, and it’s very simple:

YOU SHOW THE PERSON BEING SEARCHED THE WARRANT IN ADVANCE!

That is how you gain authorization... somehow people are being searched and
the warrant is either kept secret entirely or not shown to them prior to the
search!

That’s literally the fundamental purpose of a constitutional warrant!

Things are so backwards now, search then warrant, shoot first then ask
questions, execution before trial...

~~~
AndrewKemendo
I'm not sure where you are getting this definition of the purpose for
warrants, but it's not based on any historical fact that I'm aware of.

The way I'm aware of history, a warrant simply allows for an individual or
group to take an action on behalf of the state, specifically by statement from
a judge, which would have otherwise been illegal. For some individuals and
groups, specifically sworn Law Enforcement officers, they fall within warrant
exceptions or broad granted "warrant authorities."

It has no relation to a suspect being notified of a warrant and there is no
legal mandate to notify the suspect as far as I am aware.

~~~
aspaceman
The definition they use follows from the definition you use, but is dependent
on the times. If you are given authority to act on a warrant by the state,
then you show that to the person you're investigating so they don't shoot you
for being on their property.

Without the warrant, they have every right to shoot a strange person walking
through their property without permission. Since this was before the concept
of Law Enforcement officers (I feel like people forget cops haven't always
been a thing in the U.S.), people wouldn't just accept some nobody in a
uniform as a person of authority.

There weren't cops, so the warrant was the only way to show you had the
authority of the state.

~~~
cecilpl2
> Without the warrant, they have every right to shoot a strange person walking
> through their property without permission.

What kind of hellish "right" is that?

You should not have the right to shoot someone for merely walking on your
property. That is preposterous!

~~~
whiddershins
So I am sitting in my living room at 12:25 in the middle of the night in
Brooklyn right now. If I look up from my phone and I see someone standing
unexpectedly in my kitchen, I should give them the benefit of the doubt and
not assume I am in mortal danger?

I mean, what would you think?

~~~
oblio
In most of the world, yes, you don't assume you're in mortal danger. This is
the kind of logic that makes US police officers shoot everyone on sight.

An intruder most likely wants to steal your stuff, which hardly requires a
death sentence, as you seem to want to offer.

~~~
michaelmrose
What do you think happens when someone just wants to steal your stuff and runs
into property owners in the process?

1/4 of the time when a person is present for their burglary they are
assaulted, robbed, raped, or murdered.

If someone breaks into your home and you shoot them to death they have zero
chance of harming your family.

Decreasing the risk of breaking into people's homes incentivizes human trash
to convert your valuables to drugs and put your family at risk in the process.
Even junkies can grasp that housebreaking is dangerous which is why they try
to at least avoid people most times.

Being kinder to garbage changes that dynamic.

~~~
meowface
I agree with you that lethal force is the only reasonable option in that
situation, but a human doesn't become "garbage" simply because they fall
victim to addiction to a substance which causes them such suffering during
withdrawal that they feel like they have no other choice but to try to steal
to end the withdrawal. If you were in that same situation after some friends
got you hooked, you might steal something to stop the pain, too.

In my opinion, providing legal drugs and rehabilitation to addicts, free of
charge, would significantly reduce these kinds of thefts and break-ins, in
addition to a lot of other huge societal benefits. The system works by only
allowing the addict to consume the drug under supervision; they can't take
anything outside of the clinic. It seems to work very well in some European
countries.

~~~
celticmusic
Sorry, but I'm going to fall on the side of the law abiding citizen here.

If you can't know the intent (and you can't), then you must assume the worst
intent and act accordingly. Anything else is naive.

Because I promise you one thing, I look up and see a stranger in my house, I'm
attacking them immediately with no thought towards anything except protecting
myself and everyone in the house. There will be no questions until it's over
with.

If they were just looking to steal something for drugs, that can be sorted out
once I've subdued them.

~~~
meowface
As stated in my first sentence, I agree with you. I think lethal force is the
only reasonable option here.

I was just saying drug addicts aren't necessarily garbage. They face lethal
force because they've broken into one's home; not because "they're garbage".

~~~
michaelmrose
Yes it would be wrong to hurt people unless it was to protect oneself or
others.

------
remote_phone
Unfortunately the only way around this is to donate to the ACLU and have every
single case thrown out no matter how egregious until the police learn their
lesson.

~~~
BurningFrog
I used to donate to ACLU when they were a pure civil liberties organization.

Now that they're a leftist/social justice group I have nowhere to donate.

~~~
nickthemagicman
Gay Marriage, Citizens United, Whistleblower protections, Encryption, Net
Neutrality, warrantless surveillance...

It's actually hard to think of an issue where Republicans have been on the
right side of protecting Civil liberties in recent history other than gun
control.

Are the ACLU leftists or are leftists the ones protecting civil liberties?
Sort of a chicken and the egg situation.

~~~
SamReidHughes
The ACLU and "Republicans" were on the same side of Citizens United.

~~~
nickthemagicman
Do you know what Citizens United is?

Where do you get your information?

------
Half_pint
Wasn't this behaviour already ruled unconstitutional in Kyllo v United States
([https://en.wikipedia.org/wiki/Kyllo_v._United_States](https://en.wikipedia.org/wiki/Kyllo_v._United_States))?

~~~
abbadadda
Seems related but not the same. Looks like Kyllo took up the case all the way
to the Supreme Court. I think the only way for this Sting Ray stuff to be
ruled unconstitutional is if a specific case against it was brought forth.

> Kyllo then petitioned the Supreme Court for a writ of certiorari, which was
> granted.

------
zachlatta
Seems like a strong case for encryption. Why is it even possible for these
devices to read your info?

~~~
mirimir
Because phones are totally insecure.

The only secure option is using an external WiFi or cellular data router for
Internet connectivity. The router can of course be geolocated. And adversaries
may gain some access. But it should be possible to prevent access through it
to the phone. That is, it's a firewall.

Then do end-to-end encrypted Internet stuff, messaging and VoIP. And by using
some mix of VPNs and Tor, adversaries won't even see most metadata. Except for
communication timing, of course.

See [https://blog.torproject.org/mission-improbable-hardening-
and...](https://blog.torproject.org/mission-improbable-hardening-android-
security-and-privacy)

Edit: But this still doesn't protect from some third party with root rights on
the phone. For Android, the Copperhead OS might be enough. But I don't know
enough to know. And for iOS, I suspect that you're stuck trusting Apple.

~~~
judge2020
iOS's only security issue is users not updating and being vulnerable to well
known vulnerabilities. Neither iOS nor Android will survive a truly targeted
nation state attack, but for most people 0-days aren't worth protecting
against.

The only exception to this is the checkm8 vulnerability, which can be
performed on an A11 and older chips (so iPhone XR/XS/XS+ and 11/11 pro/11 pro
max aren't vulnerable) from DFU mode, which doesn't need the device passcode.

~~~
mirimir
Right. I guess that phones can't update without direct cellular or WiFi
connectivity. But I don't know.

Is that true?

Could one somehow enable updates through pure TCP/IP?

~~~
Retric
You can update iOS devices through iTunes via USB, or buy an ethernet adapter.

~~~
judge2020
But your computer does need internet, see [https://support.apple.com/en-
us/HT201442](https://support.apple.com/en-us/HT201442)

> If your computer can’t communicate with Apple's software update server, you
> might see one of these messages.

~~~
JadeNB
But at least I have more control over what my computer does when it connects
to the internet than I do over what my phone does.

------
jijji
the simple solution is for cell phones to have a whitelist of cell towers that
they connect to with GPS locations of those towers, it could even compare
against known databases of towers [0]... Until some software like that gets
implemented, this will keep happening.

[0] [https://opencellid.org/](https://opencellid.org/)

~~~
jb775
great idea...I wonder if a 3rd party app could enable this or if that type of
access is currently closely held? I'd only consider software that has super
low level hardware access so you could basically control electrical access to
that part of the phone's circuitry (so backdoor features can't be built that
make sneaky connections).

~~~
jijji
The closest thing I've seen was an opensource app called SnoopSnitch, but it
requires root on the phone and supposedly only works on Qualcomm modems.

------
mhb
Probably this isn't technically possible but here is a possible way to
collectively authenticate cell towers:

A service which receives information from an app reporting which cell towers
are in range of the phone. The server triangulates the positions of cell
towers and updates users about their authenticity.

~~~
spyder
There are several several IMSI catcher detector apps, but they aren't perfect:

[https://www.wired.com/story/stingray-detector-
apps/](https://www.wired.com/story/stingray-detector-apps/)

~~~
mhb
I don't understand how those work but they seem different from what I am
suggesting. I am saying to use the strength of the cell tower signal received
by many phones in order to detect where authentic cell towers are.

------
PlasticTank
Where I live I see police SUVs driving around with these types of devices on
their roofs, this is a couple of times per day occurrence. I was wondering
strictly for research purposes what kind of attacks are these devices
vulnerable to? Could one for example spoof enough phones/connections to cause
some DoS like affect.

~~~
NotACop182
Those devices are license plate readers. They use them to scan plates for
“hits”. I’ve heard of units in police departments that use stingray but they
are detached with the feds and are on NDA’s. How’s that legal I don’t know.
You should be more worried about who agencies give body cam videos to and
plate reader data too. I can tell you this if you dig it won’t be good news.
Axion is a for profit company pretty sure facial recognition is in there
plans.

-from definitely not a cop

------
m0zg
Do y'all remember the (likely fake, but widely reported) news about Israeli
stingrays in DC a few months back, in September of this year? Whatever
happened to that story? It was memory holed very quickly, which makes me
suspicious that those weren't actually Israeli stingrays.

~~~
sehugg
It wasn't memory-holed: [https://www.politico.com/story/2019/09/12/israel-
white-house...](https://www.politico.com/story/2019/09/12/israel-white-house-
spying-devices-1491351)

~~~
vondur
That article is a few months old.

------
voldacar
Good article. Needs a (2017) though in the title

------
urvader
It should be fairly easy to put together a Raspberry Pi as a stingray
detector?

------
mirimir
Back in 1989, I had this dream that the Poqet PC would evolve into a
smartphone. And that one could install Linux or *BSD on it. But no, it just
died.

~~~
nine_k
An android phone already runs Linux; you can use it as such, and in many cases
gain root.

OTOH what's happening in the baseband processor is impenetrable, and that
processor has much more control over the device than a cellular modem would.

~~~
mirimir
OK.

But why did we end up with baseband radios instead of cellular modems?

Is it because they grafted "computer stuff" on phones? Instead of adding
cellular capacity to computers?

Or is it just because we can't have phones without surveillance? All those
wiretap-ready requirements, I mean.

------
Animats
Why does law enforcement bother? Can't they just get the info from the telcos?

~~~
giancarlostoro
That requires a warrant. Surprised the FCC allows them to tamper with peoples
phones tbh. Its all sketchy as heck and flawed if cases are dismissed when
they question how the tech works.

~~~
upofadown
Last I heard the FCC doesn't. When people complained the devices were not
licensed the FCC issued licenses "for emergency use only". That's probably
because interference with radio communications is against the law and the FCC
as a mere regulator is subject to that law.

All rather moot as these things are mostly used for various forms of illegal
surveillance. The police have to keep their activity as secret as possible.
That includes the fact that they are using them in the first place.

This whole issue isn't new. The police normally do, or get others to do,
surveillance that is illegal in various ways. The existence of these sorts of
devices is an expression of a kind of desperation. Privacy is getting too
good. So this might actually be a good thing if this forces a long overdue
discussion.

------
ejz
It’s tough to see how a court would rule. Existing privacy law cares a lot
about whether what you’re doing is some kind of trespass. In this case, it
would be trespass on chattel. I wouldn’t have guessed that a court would
accept this reasoning for property in a public space, but that’s happened this
year in Taylor v. Saginaw, the tire chalking case. The stingray is eventually
going to go to SCOTUS and I’m not sure how they’ll rule. Modern conservatives
don’t like trespass, but they do like law enforcement.

