
Mass cellphone surveillance experiment in Spain - carlesfe
https://cfenollosa.com/blog/mass-cellphone-surveillance-experiment-in-spain.html
======
Havoc
Following the link on airplane mode:

>“Every phone has two operating systems,” explains Gary S. Miliefsky, CEO of
SnoopWall, “One that connects to cellular networks, and one that interfaces
with the consumer. Airplane mode may only disable features in the consumer
facing operating system, such as Android or iOS, but not in the OS used
between the phone and the carrier network. A phone may be giving out a ‘ping’
and you’d never know it.”

Surely that defeats the whole idea behind airplane mode. i.e. stop the phone
from sending crap that (supposedly) messes with airplanes?

~~~
kawfey
As an RF engineer who has tested frequency spectra and radiated powers of
various consumer electronics including cell phones, I've never seen a cell
phone (specifically an iPhone 5, A Nexus, a Samsung Galaxy S4, and a razr flip
phone) transmit with airplane mode turned off.

It's not just airplanes that could be susceptable to cell phone emissions, but
back in GSM days, the number of handoffs while in flight would effectively jam
the cellular network in a 200mi radius. Nowadays cell phones are much smarter
and don't do that, and the EMC risk in aircraft is extremely low.

~~~
AndrewDavis
No way to tell if it's listening though. It could be silent and still be
processing every it can detect.

Who knows if there are secret commands that can be sent to it to override
airplane mode settings, or instructions to do other nefarious things and
broadcast once out of air plane.

~~~
eurasiantiger
Why would they be listening to audio anyway when all phones have always-on
speech recognition?

~~~
angry_octet
He means listening to the radio. A phone might have special baseband firmware
that, e.g., turns on for a minute every hour and listens for a particular
coded sequence (such as the date, and a mask of serial numbers, encrypted to a
key in firmware etc), which would then cause the phone to do a number of
things, such as turn on the radio for rx, or tx the RSSI of nearby towers,
etc. All without telling the main CPU.

~~~
edoloughlin
Colour me dubious. If the phone is in airplane mode then the carrier doesn't
know where it is. Are you suggesting they broadcast this information on all
their cell towers? Or that they have a secret system to predict/guess where a
dark handset might be so they can target it? Either sounds extremely unlikely.

~~~
angry_octet
Well, lots of the NSA kit seems extraordinary.

As to the practicalities, it wouldn't need to use the carrier network, just
put it in a plane. Like the plane they have circling D.C. right now, or a
drone. And your location is often known approximately.

[https://www.buzzfeednews.com/article/peteraldhous/spies-
in-t...](https://www.buzzfeednews.com/article/peteraldhous/spies-in-the-skies)

Someone should point a good signal analyser at these.

------
BuildTheRobots
> It is unclear whether enabling airplane mode stops this tracking. The only
> way to make sure is to remove the SIM card and battery from the phone.

It is possible for a handset to attach to a network without a SIM card for the
purposes of making an emergency call. Please don't think removing or swapping
your SIM card stops tracking.

I've yet to see 2G or 3G phones try and talk to a local network in aeroplane
mode (though you shouldn't believe me). I did see some oddness years ago when
testing an early and proprietary LTE handset, but I'm not sure I'd believe
that either.

~~~
theossuary
It also seems like phones have their own tracking ids that they report, it's
not just the sim card.

There was a great talk about some of this from black hat; how the CIA
renditioned Abu Omar out of Italy and how they were found out:
[https://youtu.be/BwGsr3SzCZc](https://youtu.be/BwGsr3SzCZc)

~~~
alias_neo
All GSM phones have at least one of these (multi-SIM devices have multiple),
they uniquely identify devices with SIMs and are held in databases shared
intentionally amongst many nations for blacklisting and such.

If a phone is reported stolen in the UK and reported, it's IMEI can be added
to this list and the device becomes useless in participating countries, say
for example, Spain, or Germany or the US.

My point is, it's a globally unique identifier; tempering with, modifying or
cloning them is illegal in some countries.

The SIM itself is almost irrelevant, but, with the information mobile
providers hold, it's trivial to link a SIM account, a device identifier and a
person (particular given some countries require ID by law to obtain a SIM).

~~~
mindslight
Furthermore, being criminalized in some countries has caused discussion of how
to change IMEIs to be censored in technical forums _everywhere_. The obvious
draw is stolen phones, so nobody wants to touch the topic with a ten foot
pole, despite its straightforward relevance to privacy.

~~~
gruez
>censored in technical forums everywhere

everywhere? I found this in 1 minute.

[https://forum.xda-developers.com/android/general/how-to-
rest...](https://forum.xda-developers.com/android/general/how-to-restore-lost-
imei-t2936696)

~~~
mindslight
And yet there is also this: [https://forum.xda-
developers.com/showthread.php?t=2652022](https://forum.xda-
developers.com/showthread.php?t=2652022)

That attitude reflects the dead ends I've experienced when looking around for
how to change IMEIs for various phone models I was interested in. Also note
all the disclaimers in the thread you linked.

Maybe recent phones are still so straightforward with QPST that any time the
question is actually asked it's bound to get flooded with crap? It certainly
doesn't feel that way. Eventually I'll get around to setting up another
Windows VM and seeing what modern QPST can actually do.

------
foxfired
The solution will be to have a slider that physically disconnects the
networks. Slide it down and the hardware is no longer physically connected.
The phone still have all it's no-connection features. Slide it up and you are
back online.

We cannot trust software to actually disconnect as advertised. It is not in
the network operator's interest. Unfortunately, it is also not in the phone
manufacturer's interest to have you disconnect. Wake up, this is only a dream.

~~~
glitcher
Or put the phone inside a Faraday Cage phone pouch.

Just because there is a physical control presented to the user doesn't mean
there won't be any hidden connections inside the phone still.

~~~
m463
A faraday cage works for incoming signals, but not so much for outgoing. It
also depends on the wavelength vs size of mesh.

I think using a solid cage is the best bet.

~~~
tareqak
Hi 'm463, you seem knowledgeable about this subject, so I have a few
questions. Could you please answer the questions below or direct me to where I
can learn more?

1\. If a phone is off e.g. iOS’s General->Shut Down, then can it still receive
and transmit signals?

2\. What is the best kind of cheap case / enclosure for a cellphone that would
prevent signals from being transmitted or received? Can I just wrap a
cellphone in aluminum foil and place said wrapped cellphone in a Tupperware /
plastic sandwich container?

3\. What is an effective way for an RF layperson like myself to detect whether
or not my phone is transmitting or receiving signals while it appears to be
off e.g. RF tool or measurement device?

I just want a way to know and be completely certain that “off” means “off”.

~~~
m463
Those are good questions and I'm not an expert. I was a part of a discussion
once where someone mentioned that faraday cages mostly work for signals
entering.

However:

1a) You don't know (because your phone can pretend to be off). You need to
remove the battery (and also remove hidden batteries)

1b) some phones support NFC, which can theoretically be used when the phone is
off.

2) I suggest being familiar with:
[https://en.wikipedia.org/wiki/Faraday_cage](https://en.wikipedia.org/wiki/Faraday_cage)
and your cellphone before making a decision

3) I don't know, but this would help with #2

------
ruuda
A few comments here claim that aggregated data is fine. An interesting read is
[1]. It discusses how trajectories of individuals can be recovered from
aggregated mobility data with high accuracy. It's a great read because it
breaks down the approach into small logical steps, but the end result
(recovering individual's trajectories from aggregated data) sounds bizarre at
first.

[1]: [https://blog.acolyer.org/2017/05/15/trajectory-recovery-
from...](https://blog.acolyer.org/2017/05/15/trajectory-recovery-from-ash-
user-privacy-is-not-preserved-in-aggregated-mobility-data/)

~~~
autoexec
People are often able to get personally identifiable information from
aggregated/anonymized data. At this point, I think people should be
automatically skeptical that their personal habits are protected when a
company claims they only collect/use/sell aggregated/anonymized data. In
practice, it might not be protected at all.

------
comius
Having gps trajectrories and two locations in the city, like home and job
address, it should be quite easy to find corresponding trajectory and thus
deanonymising a single person. No need for imsi or any other data. Therefore
to make data anonymous it should be encoded in terms of number of subscribers
in given time and area. My guess would be it isn't

------
pvaldes
[UPDATED. It seems that the recording will happen after the elections, not
before, so apparently spying the political preferences of people would not be
the motive (yet). I had removed those parts]

Is easy to stablish a probable connection between this sudden need to watch
all phones in relation to the disturbs in Catalonia coordinated by sms
messages and apps.

Would be trivial to connect the pool of "people that went to the place X at
the day Y", and the part of the city or neighborhoods where they mainly go to
sleep after the disturbs. Many other sensible things can be disclosed from
that, like how many people came from Euskadi to join the disturbs for example,
and if they joined to eat before in a special place).

Nobody signed to accept to participate in this, and there is not a way that
allow you to be excluded.

Is totally "1984" level, is outrageous, breaks many red lines all "in your
face european parlament", and somebody should pay for that.

------
DoctorOetker
go to etsi.org go to the search form for standards and enter "lawful
interception" without quotes. Read / browse all the relevant standards (titles
and content). This has been going on for years and years

~~~
severine
Thanks for the link!

 _There are 1130 results:_

[https://www.etsi.org/standards#page=1&search=lawful%20interc...](https://www.etsi.org/standards#page=1&search=lawful%20interception&title=1&etsiNumber=1&content=1&version=0&onApproval=1&published=1&historical=1&startDate=1988-01-15&endDate=2019-10-29&harmonized=0&keyword=&TB=&stdType=&frequency=&mandate=&collection=&sort=1)

~~~
severine
I've posted the link to HN, so as to not derail this thread, but there's a
clear conversation starter there!

[https://news.ycombinator.com/item?id=21390968](https://news.ycombinator.com/item?id=21390968)

------
jammygit
Also in Spanish news: there was a separation movement leading to the arrests
and jailing of separatist leaders after 90% of the population votes for
separation. The leaders got something like 15 years of jail time. There have
been massive protests for weeks now

[https://www.bbc.com/news/amp/world-
europe-50194846](https://www.bbc.com/news/amp/world-europe-50194846)

~~~
spanxx
How is that related to this piece of information?

Spanish Constitution does not allow regions (Autonomous Communities in Spain's
legal jargon) to make referendums. What's the issue here?

~~~
pjc50
Wildly inappropriate sentencing? The question of whether it's really
appropriate to deny a kind of democratic participation is also worth
discussing.

~~~
spanxx
I'd say the sentencing is right because they broke the law.

~~~
hootbootscoot
15 years in prison? that's nuts. that had better be manslaughter or armed
robbery or stealing zillions of pensions etc...

there is no way you can present holding a controversial referendum as worthy
of a jail sentence at all, let alone 15 years. "broke the law"... i mean,
crossing the street when the light is red is "breaking the law". buying weed
is "breaking the law".

it is a provocative heavy-handed foolish move by the Spanish Supreme Court,
that will only serve to inflame tensions, as it now provides an air of
martyrdom.

it's all thoroughly unnecessary and gratuitous. it would be enough to say
"well that referendum result doesn't count, sorry. nope." and you'd have a bit
of protest and another "illegal" referendum every few years, but you wouldn't
be feeding the popularity of the Catalonian independence movement.

it was a stupid move. hubris appears unattractive to the global lens.

mind you, I couldn't have given 2 hoots about any of this, just reporting on
how it appears on the world stage.

~~~
SamReidHughes
Secession movements have a big chance of killing a ton of people and violating
the civil rights of many more, so a 15 year sentence is very plausibly
appropriate, in comparison to armed robbery.

~~~
pjc50
This was the the peaceful independence movement. They have not killed anyone
and have no declared intention to.

~~~
SamReidHughes
That would be a great argument if it meant there was no chance of future
violence. But it doesn't, so it's not.

~~~
darkwater
So basically you're saying that somebody should be jailed for N years because
maybe, in the future, someone else related with the same movement might use
some level of violence to achieve... something we still don't know, in
circumstances we still don't know? Wow.

~~~
SamReidHughes
Actually, no, but if you want to pretend I did, have at it.

~~~
darkwater
You were the one talking about "future". Can you explain better what did you
mean?

------
Mirioron
I thought that something like this would not be allowed due to the general
monitoring clause as per article 15 of the directive 2000/31/EC.[0] But
reading it again I'm not sure anymore.

[0] [https://eur-
lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX...](https://eur-
lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000L0031:en:HTML)

------
24gttghh
Solution: Faraday cage. They can't make radio waves break the laws of physics!
(that I know of...)

~~~
excalibur
Better make sure it's off before you stick it in there, or it will be dead
when you take it back out.

~~~
pilsetnieks
Why would a Faraday cage kill a phone? It's not EMP.

~~~
tlb
Some (older) phones will burn a lot of power searching for a cell signal when
there is none.

~~~
coldtea
Still wouldn't do nothing except waste battery power.

I had all kinds of older phones, and in older times 20-25 years ago there were
tons of places with zero signal (villages, islands, places out of the city,
national parks, and so on) and the phones survived just fine.

That's as zero as in a faraday cage, as far as the phone is concerned -- no
tower to talk to at all, 0 bars for hours or days on end.

~~~
tlb
I took "dead" to mean a dead battery.

~~~
coldtea
A, probably. Sounded like the parent meant something more ominous, as that's
no biggie to warn about, you recharge and are as good as new.

~~~
excalibur
Yes, I meant a dead battery. The "solution" I was replying to was suggesting
keeping your phone in a Faraday cage to thwart government surveillance,
presumably a small portable cage that you would take with you wherever you go.
If you leave your phone running in there, there's a pretty good chance that
the battery will be dead when you take it out to use it, which defeats the
entire purpose of carrying a phone in the first place.

------
nudq
Controlled compromise of privacy for the sake of scientific insight seems like
a good idea, until you realize that we either get profoundly non-replicable
junk "science", or continued and unlimited re-breach of privacy for the sake
of replication. Neither is any good.

I'm reminded of Raj Chetty who publishes papers based on exclusive access to
IRS tax return data. ([https://www.sciencemag.org/news/2014/05/how-two-
economists-g...](https://www.sciencemag.org/news/2014/05/how-two-economists-
got-direct-access-irs-tax-records)) Not real science unless you can have
access to that data, too. You can't.

~~~
tvanantwerp
While I'm normally all for access to raw data used in research, that's pretty
hard to do with IRS data without massively violating Americans' privacy and
exposing them to identity theft. It's fair to be skeptical of anything using
locked-up data, but I don't see a good way around the problem.

------
kuu
The problem is that carriers have being retrieving this data for a long time.
This news is that they're giving the data to the government for statistical
analysis and we cannot do anything about it...

~~~
enriquto
it is very innocent to believe that the carriers would not provide these data
already to the government if asked (e.g. by a court order), and they have
probably been asked many times.

~~~
aoeusnth1
More likely, they proactively give everything to the government and let the
govt. figure out what they want to do with it.

------
diego
"With a court order, this data can be used to identify and track an
individual... ... which means that it is stored de-anonymized in the carrier
servers"

No, it does not mean that it's stored de-anonymized. It means that it _can_ be
de-anonymized if required by a court order.

EDIT because all the downvotes, this is not nitpicking. The deanonymizing data
is ELSEWHERE, not on the servers. It takes a court order to obtain it,
employees cannot use it. It's an important point.

~~~
aivisol
Can you explain this to the layman? How does it work? Does it mean they store
IMSI hashes with location data in one database and customer names and their
IMSI in another and nobody supposedly should have access to both databases at
the same time?

~~~
wastedhours
That's the explanation I'd expect the answer to be. In Europe it'd be
classified as pseudo-anonymous, and would still be personally identifiable
data in the legal sense, and therefore not truly "anonymised".

------
pvaldes
An interesting point is that they have yet the data of the phone owner,
because is required by the new laws that you send they your name, phone number
and your email in order to receive some notifications from the government.
This has happened since the last two years or so.

------
StanislavPetrov
A good article but I'd like to offer one minor correction.

>The only way to make sure is to remove the SIM card and battery from the
phone.

You only have to remove the battery, not the battery and the SIM. You aren't
being tracked if your phone has no battery.

------
Erlich_Bachman
Hasn't this been going on in most countries and most carriers for years?

------
petre
Just shut it down and wrap it in aluminium foil if you're concerned.

------
readhn
Well, you would think this kind of mass surveillance would help Spanish
authorities put Russian mobsters (with connections to Putin and Co.) in
jail... but instead they get acquitted:

[https://www.bbc.com/news/world-
europe-45907655](https://www.bbc.com/news/world-europe-45907655)

[https://www.propublica.org/article/fighting-russian-mafia-
ne...](https://www.propublica.org/article/fighting-russian-mafia-networks-in-
spain)

~~~
iagovar
This information won't be useful to track any individual.

------
docuru
RIP privacy!

------
throwawayisp
This seems a bit exaggerated. I work for one of these ISPs, but I'm not
involved in this project.

GDPR explicitly states that no permission is required if the data is
anonymised. The data shared with the INE will be movement of batches of at
least 5000 people. The movements will be between 3500 zones. There are more
than 60.000 cell phone towers in Spain, so they could have made the movements
much more precise if they wanted (at the cost of anonymity of course). If less
than 5000 people cross from a zone to another it will not be shared. No
IMEI/IMSI/MSISDN will be shared.

I understand that there might be concerns of de-anonymisation, but it makes no
sense. If the Spanish government wanted to track someone they already can,
with a court order. Spanish phone providers are required by law to store this
data for 6 months minimum up to 2 years maximum.
([https://www.boe.es/buscar/doc.php?id=BOE-A-2007-18243](https://www.boe.es/buscar/doc.php?id=BOE-A-2007-18243)).
The government is going to receive data from 4 working days, 1 weekend day, a
holiday and two days in Summer. Tying this with Tsunami Democratic is a bit
strange. There is an ongoing investigation, so they can already track people
tied with the movement as long as they have some form of personal information
(IMEI, IMSI, MSISDN). Honestly, a massive protest one of those days might
throw off the statistics in Catalunya.

And by the way, this data is already being sold to third parties for profit:

[https://www.orange.es/empresas/grandes-empresas/internet-
of-...](https://www.orange.es/empresas/grandes-empresas/internet-of-things-
big-
data?internal_source=orange&internal_medium=homeGrandesEmpresas&internal_term=home+soluciones+internet+of+things+big+data)

[https://www.vodafone.es/c/empresas/grandes-
clientes/es/soluc...](https://www.vodafone.es/c/empresas/grandes-
clientes/es/soluciones/cloud-colaboracion/big-data-analytics/)

[https://www.business-
solutions.telefonica.com/en/products/bi...](https://www.business-
solutions.telefonica.com/en/products/big-data/business-insights/smart-steps/)

Sometimes, unfortunately, it's being sold without anonymisation too and leaks
have happened. Just one example in the USA:

[https://www.vice.com/en_us/article/nepxbz/i-gave-a-bounty-
hu...](https://www.vice.com/en_us/article/nepxbz/i-gave-a-bounty-
hunter-300-dollars-located-phone-microbilt-zumigo-tmobile)

~~~
darkwater
> I understand that there might be concerns of de-anonymisation, but it makes
> no sense. If the Spanish government wanted to track someone they already
> can, with a court order.

Bingo! Is there a court order here?

~~~
iagovar
You don't need a court order here because you can't track and identify an
individual with this information.

~~~
chopin
With a timeline of location data? There is no such thing as anonymity with
such a data set.

------
atemerev
Since October 14th, there are ongoing mass protests in Catalonia (a part of
Spain with a strong pro-independence sentiment), demanding freedom for their
political prisoners jailed by Madrid (for 9–13 years). Hundreds of thousands
people are on the streets. Barely reported by media. Barcelona Airport was
overtaken for one day.

So yes, looks extremely convenient these days.

~~~
harperlee
The fact that a prisoner was a politician does not make him/her a political
prisoner.

~~~
enriquto
And most of the current prisoners are not politicians and have never been.

Regarding the politicians, may these traitors rot in jail. They betrayed their
people and surrendered themselves when everybody was on the streets ready to
fight.

------
xpuente
This "experiment" might be somehow related with
[https://tsunamidemocratic.github.io](https://tsunamidemocratic.github.io) ?

~~~
capableweb
That was my first thought too but seems the dates are between 18 and 21
november. If they wanted to track the current widespread protests in Spain,
they would have done it right now.

~~~
enriquto
they are of course tracking us right now. This announcement is just an
explicit reminder that they can do so, to try to scare the people. The dates
are irrelevant.

------
spanxx
I'm sorry but this post seems like scaremongering.

As long as data is not de-aggregated and de-anonymized there is no issue here.

I see no relationship with the GPDR as this law applies to personal data and
the agreement explicitly stated that data must be aggregated.

As long as it is used to know people flow or for statistical purposes, I see
no wrong here.

The other political statements and comparisons he makes, well are unrelated
and sincerely looks like political propaganda to me.

~~~
about_help
"As long as data is not de-aggregated and de-anonymized there is no issue
here"

Awfully hopeful there.

"The other political statements and comparisons he makes, well are unrelated
and sincerely looks like political propaganda to me."

I would say the same about your assertions of innocence and presumption that
the data can not be de-anonymized. If the "propaganda" is supporting user
privacy I'd say you're on the wrong side of this discussion.

~~~
spanxx
Do you have any idea about law in this matter? It is illegal to de-anonymize
data without a court order.

