
Sen. Wyden Confirms Cell-Site Simulators Disrupt Emergency Calls - DiabloD3
https://www.eff.org/deeplinks/2018/08/blog-post-wyden-911-disruption-css
======
imglorp
FCC stopped taking E911 seriously long ago.

There used to be rules with teeth that cell carriers must be able to locate
911 callers for the operator. Cingular got a tiny fine in 2003, less than
their office party spend, but it motivated them (as AT&T) and TMobile to adopt
the (expensive) UTDOA technology to comply. Sprint and Verizon did not,
staying on A-GPS which has indoor limitations. People kept dying indoors, but
meanwhile, the regulations demanding indoor accuracy are still in "proposal"
and "study" phases in 2018 [2].

You can still get fined a little if you drop a BUNCH of 911 calls altogether,
but for wireless location, life isn't worth much.

1\.
[https://www.wsj.com/articles/SB105546175751598400](https://www.wsj.com/articles/SB105546175751598400)

2\. [https://www.fcc.gov/public-safety-and-homeland-
security/poli...](https://www.fcc.gov/public-safety-and-homeland-
security/policy-and-licensing-division/911-services/general/location-accuracy-
indoor-benchmarks)

~~~
vernie
Hey at least they're passing the savings onto the subscribers.

~~~
logfromblammo
That's an awfully presumptuous assumption to make, that all the executives and
shareholders are also subscribers.

------
Chardok
I would imagine a major responsibility of the FCC is ensuring communications
in an emergency and they are clearly failing. I immediately think of this
article as well [https://www.npr.org/2018/08/22/640815074/verizon-
throttled-f...](https://www.npr.org/2018/08/22/640815074/verizon-throttled-
firefighters-data-as-mendocino-wildfire-raged-fire-chief-says)

This is damning evidence to what a regulatory captured agency looks like.

------
yourbandsucks
Ron Wyden is a national treasure. One of a very short list of DC politicians
who make any effort whatsoever to understand tech.

~~~
mtgx
I'm kind of surprised they let him in the Senate Intelligence Committee for so
long. It seems like everyone else in that committee is basically an "anti-
Wyden" or pro-complete surveillance.

I think the only reason they haven't tried to push him out is because they
don't want to put him in a position where his ethics will compel him to tell
everyone _exactly_ what the intelligence community has been doing.

Wyden generally tries to get the intelligence executives to come out with the
truth themselves, but 99% of the time they don't or they mislead the public,
and there's little he can do about it.

As a Senator Wyden has complete immunity to blow the whistle on whatever
national security intelligence he wants on the Senate floor, but he's too much
of a nice guy to do that - _unless_ they force him out with their shenanigans.

~~~
dragonwriter
> It seems like everyone else in that committee is basically an "anti-Wyden"
> or pro-complete surveillance.

Along with Wyden, Harris and Heinrich voted against approving the renewal of
Section 702, and while Feinstein didn't vote against renewal, she did before
that join with Harris and others in supporting an amendment, which was
defeated, which would have added a warrant requirement before accessing the
contents of American’s communications pulled in in the course of surveillance
under 702. So, while Wyden may be the strongest anti-surveillance voice, it is
not th case that the rest of the Committee (particularly on the Democratic
side) is unilaterally pro-surveillance anti-Wydens.

~~~
Bartweiss
> _Feinstein didn 't vote against renewal, she ...[supported] an amendment,
> which was defeated_

I'm curious if anyone knows the Washington dirt on this one.

Feinstein has a long history of being aggressively pro-surveillance, far more
than basically any other Democrat. (Something to do with having her house
bombed and shot at early in her career, perhaps...)

For Congresspeople with awkward positions, it's pretty standard to take the
occasional favorable-looking vote on something you know is doomed to fail.
So... would Feinstein have known in advance that the 702 amendment was doomed?
And, harder to prove, would she have voted differently if it hadn't been?

------
parliament32
Because catching some drug dealer is so much more important than everyone in
an area being able to make 911 calls, right?

I like how the FCC exists to enforce _exactly this kind of thing_ yet they're
doing nothing.

------
fulafel
How does this work post-2G, are the phones still not authenticating the
network? Or are the operators giving signed fake certs out? Or is is some kind
of downgrade attack to 2G?

edit: this 2014 article talks about a downgrade attack with the older
stingrays, and a "Hailstorm" kind of device that works without 2G but without
details: [https://arstechnica.com/tech-policy/2014/09/cities-
scramble-...](https://arstechnica.com/tech-policy/2014/09/cities-scramble-to-
upgrade-stingray-tracking-as-end-of-2g-network-looms/)

edit 2: It could also be implementation or design flaws, and/or backdoors, in
the cellular network, courtesy of network equipment vendors.

~~~
829128321
In short, it's downgrade.

Since 3G, there is mandatory mutual authentication [except for emergency
calls] with integrity protected management traffic [except for emergency].

The problem is, identification and key agreement require prior set-up of the
lower network layers. If a cell station indicates an error during the early
stages (i.e., before mutual authentication) of connection establishment in 4G,
the smartphone falls back to earlier generations.

------
asn0
I'm surprised that Stingray has such an obvious signature (break everything on
nearby phones), seems like that makes it trivial to detect and defeat for any
capable criminal.

~~~
Spooky23
That’s why the law enforcement community fought so hard to keep it secret.

Criminals are always looking for the next tech that gives them an edge and
know immediately when the police can exploit it. Nextel direct connect (which
was not interceptable for a long time) and BBM were the big ones of recent
memory.

~~~
gowld
So are non-criminals interested in not being persecuted by a police state.

~~~
asn0
How feasible would it be to have a white list of known-good cell base
stations, so I could control my phone's cellular connections just like I do
WiFi and Bluetooth?

~~~
toomuchtodo
Discussion about a similar question 3 years ago:
[https://news.ycombinator.com/item?id=9030531](https://news.ycombinator.com/item?id=9030531)

Importantly, you're going to need Apple to support this in the baseband
hardware of iPhones to perform tower discrimination (some vendors exist that
have proprietary software and/or baseband firmware to perform this
functionality on Android).

EDIT: Maybe this could be done with bunnie and snowden's introspection engine?
[https://www.tjoe.org/pub/direct-radio-
introspection](https://www.tjoe.org/pub/direct-radio-introspection)

------
geophile
What actually happens if you call 911, and your call is intercepted. Do you
just not get through?

This sounds like a lawsuit waiting to happen, especially now that this
information is public. There is some emergency, someone calls 911, help
doesn't arrive, victim and relatives sue the police who say "911 call? What
911 call?". Someone finally puts two and two together.

~~~
clubm8
Considering these cell-site simulators are often used at protests this seems
like a recipe for disaster. What happens when another person is shot[1] at a
protest and there's no way to call 911?

[1] [https://www.theguardian.com/us-news/2017/apr/25/milo-
yiannop...](https://www.theguardian.com/us-news/2017/apr/25/milo-yiannopoulos-
event-shooting-couple-charged-seattle)

~~~
betterunix2
I imagine the police would use their radios to call for help, if there are not
already paramedics standing by.

~~~
StudentStuff
Who says their legacy, TDMA based radio networks are properly functioning?
Motorola has sold most US municipalities and business clients hot garbage for
radio networks, they can't push high call volumes, and your often limited by
crosstalk (other people trying to talk on your channel) and the number of
operators on staff. They literally revert to playing clear the channel tones
for a solid minute multiple times a day. Its awful!

The current emergency responder trunked radio networks are extremely fragile,
shitty systems. I have no hope that the transmitter at Columbia Tower in
Seattle will be of any use to emergency personnel after a major event. Too few
channels available, not enough staff to route and handle the channels we do
have either.

------
mjevans
Speaking of TESTING things... it would be VERY NICE if a dedicated 'test
channel' were setup for 911/e911/whatever. Maybe it'd be stuffed in to the
developer options page somewhere, but I SHOULD be able to send a test call
that gets an automated response and logs success/failure. It should use and
behave exactly as 911/emergency call normally does, including working without
any service (maybe also rate-limited), except not tie up actual emergency
resources and be expected from time to time.

Even if just checking IF a cell-phone works for that connection in a given
location.

~~~
Something1234
This kind of automated testing sounds like it would be a fantastic idea.

------
merpnderp
Catching some meth head is far more important than making sure a person having
a heart attack can reach EMT, obviously.

~~~
Shivetya
our entire war on drugs is misdirected and woefully expensive in terms of
dollars and lives. sadly that may never change unless we can get a true third
party or similar thinking individuals into office

~~~
marnett
It actually works in reverse. A like-minded person won't get into office until
the public opinion changes.

~~~
merpnderp
Exactly why it is better to work within the parties than outside. Much more
opportunity to reach people who's voices matter.

------
PaulHoule
Why I don't get is why they don't make it so you dial 911 and it rings in the
squad car that has the Stingray.

~~~
marcoperaza
It does one better according to the company. It detects the 911 call and lets
it through to the real tower. The headline is very sensational. Read Mr.
Wyden’s statement in the article for the non-sensationalized version.

~~~
MadcapJake
It states that this has not been tested to current 911 standards and thus the
public has no way to know if this is even true.

------
rjsw
And calls to 911 will increase as people check whether there is a Stingray
nearby.

~~~
mi100hael
Stingrays block _all_ calls since they're not actually connected to a cell
network, so calling any number should suffice.

~~~
eh78ssxv2f
How is blocking all calls even remotely legal?

~~~
Spooky23
It’s not. But the FCC isn’t capable of doing its job, and prosecutors are very
cautious about using the evidence.

~~~
Trochal
Reminds me of another story on HN where for months some guys was driving
around with a cell phone jammer in his trunk because he got fed up of
distracted drivers. It took quite a bit of effort to track him down as far as
i remember.

~~~
wool_gather
Possibly cathartic, but I'd almost imagine having a bad signal would distract
them _more_.

------
upofadown
>It is striking, but unfortunately not surprising, that law enforcement has
been allowed to use these technologies ...

The last I heard that the FCC authorization was only for use in emergency
situations. If that is still the case then law enforcement has not been
allowed to use these technologies in the way they actually do.

Law enforcement has been doing off the books surveillance pretty much forever.
It isn't likely they are going to suddenly stop. The article has it right,
this is entirely a technical problem at heart...

------
nolemurs
The title of this article is pretty misleading. There is no confirmation that
the cell-site simulators disrupt emergency calls. Rather:

> Harris Corporation claims that they have the ability to detect and deliver
> calls to 911, but they admit that this feature hasn’t been tested.

The fact that the feature isn't tested is a serious concern, and should be
addressed, but this headline is completely inaccurate, frankly dishonest, and
reduces my faith in the EFF.

I understand where the EFF is coming from, and for the most part believe in
their causes, but this sort of willfully dishonest headline just serves to
reduce credibility. In the future when I see EFF articles with dramatic
headlines I'm going to assume they're probably not what they seem and be less
likely to read the article.

Fans of he EFF will forgive these sorts of inaccuracies. Skeptics will not -
this sort of article just serves to drive reasonable but undecided people away
from your cause.

------
deusofnull
Wait, so does this mean that if you were being monitored with a stringray,
your phone would just be a brick without access to mobile network data (calls,
texts, data) etc? that seems like a huge giveaway???

------
LorenPechtel
Why are these devices even legal to operate? Normal FCC rules, you're not
supposed to operate a radio transmitter so as to interfere with other users.

Stingrays by their very nature interfere with other users.

~~~
leereeves
They aren't legal for anyone but the police, who are allowed to do many things
the rest of us aren't.

~~~
mdpopescu
Yep. Anyone who says "people are equal before the law" doesn't live in the
real world.

There are many "social layers" \- arguably more than the four Indian castes.
They are treated very differently by everyone, including the legal system.

------
madengr
You don’t need a CSS to disrupt service. Simple jamming will do that.

------
matthewaveryusa
You really have to wonder what caliber criminal the stingray is targeting.
stingray is useless with an encryption layer, and I don't see how any seasoned
criminal doesn't use encryption.

~~~
betterunix2
Most seasoned criminals are unsophisticated, because people who turn to crime
typically do so for lack of better opportunities (which would typically exist
for people with the sophistication needed to understand cryptography and how
to effectively use it). Here are two illustrative examples of this lack of
education/sophistication:

[https://www.youtube.com/watch?v=F89eycANUrQ](https://www.youtube.com/watch?v=F89eycANUrQ)

[https://www.theregister.co.uk/2006/04/19/mafia_don_clueless_...](https://www.theregister.co.uk/2006/04/19/mafia_don_clueless_crypto/)

I think the reason you cannot fathom seasoned criminals not using encryption
is that you are not a seasoned criminal.

------
drefanzor
I'm curious to hear more about "rogue law enforcement". :) Batman, or a bunch
of bikers beating up the spouse of a domestic violence victim. I need more
information.

~~~
phyzome
Answering your question straight: Rogue law enforcement would be cops who are
using illegal methods and lying to courts.

(In the process, letting criminals go free, because the evidence will
eventually be invalidated.)

~~~
bilbo0s
>In the process, letting criminals go free

Or, more probably, locking up innocent people.

------
westurner
And emergency text alerts.

------
marcoperaza
This headline is deceiving. The actual statement from Mr. Wyden is nowhere
near so conclusive:

> _Moreover, while the company claims its cell-site simulators include a
> feature that detects and permits the delivery of emergency calls to 9-1-1,
> its officials admitted to my office that this feature has not been
> independently tested as part of the Federal Communication Commission’s
> certification process, nor were they able to confirm this feature is capable
> of detecting and passing-through 9-1-1 emergency communications made by
> people who are deaf, hard of hearing, or speech disabled using Real-Time
> Text technology._

~~~
Spooky23
EFF headlines (like any other pressure group) are usually like that.

From a legal perspective, not certified means the feature doesn’t exist. So it
is technically an accurate statement.

~~~
marcoperaza
> _From a legal perspective, not certified means the feature doesn’t exist. So
> it is technically an accurate statement._

I guess almost all of the software developers here have never really built any
features then. Imagine that, all that code and the features “don’t exist”. I
didn’t realize the law had such ontological power. Not certified means not
certified. Not believing you have a legal obligation to get certified is a
great reason to avoid that expensive and bureaucratic process.

~~~
Spooky23
If you’re in a regulated space or have a contractural requirement,
certification matters.

As an example, If you’re providing services to the government or other
organization that include encryption, you must use FIPS 140-2 validated
crypto. If you fail to do so, and something happens (where something ranges
from audit to breach) from a legal perspective, it’s not encrypted. This is
true even if you used equal or better tools to encrypt the data.

