Hacker News new | past | comments | ask | show | jobs | submit login
Sen. Wyden Confirms Cell-Site Simulators Disrupt Emergency Calls (eff.org)
518 points by DiabloD3 9 months ago | hide | past | web | favorite | 122 comments

FCC stopped taking E911 seriously long ago.

There used to be rules with teeth that cell carriers must be able to locate 911 callers for the operator. Cingular got a tiny fine in 2003, less than their office party spend, but it motivated them (as AT&T) and TMobile to adopt the (expensive) UTDOA technology to comply. Sprint and Verizon did not, staying on A-GPS which has indoor limitations. People kept dying indoors, but meanwhile, the regulations demanding indoor accuracy are still in "proposal" and "study" phases in 2018 [2].

You can still get fined a little if you drop a BUNCH of 911 calls altogether, but for wireless location, life isn't worth much.

1. https://www.wsj.com/articles/SB105546175751598400

2. https://www.fcc.gov/public-safety-and-homeland-security/poli...

And yet we are being tracked like wild animals because "what if somebody kidnapped you and stuck you in a trunk?"

Really? (And yes, I'm aware of many cases of trunk-kidnapping victims saved by phones. The point that everybody had to have something, so carriers and others deployed all this tracking crap, and everybody sure is making a lot of money off of it, but as it turns out, just kidding.) yay?

It's not about kidnapping, it's about callers not knowing/being able to tell where they are.

This is a very common situation.

The GP poster is saying that cell position tracing is available, universally, because of a requirement for it by law-enforcement.

That data is just not exposed through the particular API needed for 911 operators to access it.

Okay the long story is that CGI (cell tower or maybe antenna/sector) is always available to the public safety operator, roughly 1km radius of accuracy. Higher accuracy locations were mandated by FCC but half the carriers chose to use the less expensive (almost free for them) AGPS, which has its limits like sky view and multipath. There's also some medium priced but inaccurate solutions. That's where we remain: the carriers drag their feet and complain, and the FCC allows them to.

Hey at least they're passing the savings onto the subscribers.

That's an awfully presumptuous assumption to make, that all the executives and shareholders are also subscribers.

Are they though?

I'm 90% sure he's being sarcastic.

Ye golden ol' times that remindeth me of my fine lord and property keeper who did in fact pass back to me one of my fine birds after taking a mere 80% of my yield

I would imagine a major responsibility of the FCC is ensuring communications in an emergency and they are clearly failing. I immediately think of this article as well https://www.npr.org/2018/08/22/640815074/verizon-throttled-f...

This is damning evidence to what a regulatory captured agency looks like.

Ron Wyden is a national treasure. One of a very short list of DC politicians who make any effort whatsoever to understand tech.

Frankly, I wish we could get CA to take note, and unelect Senator Feinstein: she has been against strong encryption[1] (and in fact, on the particular bill mentioned in [1] which would require companies to decrypt user data, Ron Wyden tweeted, "I will do everything in my power to block Burr-Feinstein anti-encryption bill. It makes Americans less safe."); she co-sponsored PIPA[2]; and said, "I don't look at [Snowden's acts] as being a whistleblower. I think it's an act of treason" [3] despite being the Chairwoman of the Senate Select Committee on Intelligence when the then-DNI lied about whether the NSA was spying on Americans — revelations we learned about because of Snowden. (And again, we find Ron Wyden! He's the very person who asked the question "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?")

Alas, she got 44% of the vote in the primary, so I don't think that'll happen.

[1]: https://techcrunch.com/2016/04/13/burr-feinstein-encryption-...

[2]: http://www.ontheissues.org/Economic/Dianne_Feinstein_Technol...

[3]: http://thehill.com/policy/defense/304573-sen-feinstein-snowd...

I'm kind of surprised they let him in the Senate Intelligence Committee for so long. It seems like everyone else in that committee is basically an "anti-Wyden" or pro-complete surveillance.

I think the only reason they haven't tried to push him out is because they don't want to put him in a position where his ethics will compel him to tell everyone exactly what the intelligence community has been doing.

Wyden generally tries to get the intelligence executives to come out with the truth themselves, but 99% of the time they don't or they mislead the public, and there's little he can do about it.

As a Senator Wyden has complete immunity to blow the whistle on whatever national security intelligence he wants on the Senate floor, but he's too much of a nice guy to do that - unless they force him out with their shenanigans.

I don't know if it's because he's a nice guy. I think you identified the reason earlier. He's avoided direct whistle-blowing because that could get him removed from the Intelligence Committee. The only reason the committee hasn't tried to force him out is because he'd talk, and he won't talk so he doesn't get forced out. He'd rather be there and be the bulwark, and occasionally get people to perjure themselves.

It's an odd game-theoretic stalemate.

> It seems like everyone else in that committee is basically an "anti-Wyden" or pro-complete surveillance.

Along with Wyden, Harris and Heinrich voted against approving the renewal of Section 702, and while Feinstein didn't vote against renewal, she did before that join with Harris and others in supporting an amendment, which was defeated, which would have added a warrant requirement before accessing the contents of American’s communications pulled in in the course of surveillance under 702. So, while Wyden may be the strongest anti-surveillance voice, it is not th case that the rest of the Committee (particularly on the Democratic side) is unilaterally pro-surveillance anti-Wydens.

> Feinstein didn't vote against renewal, she ...[supported] an amendment, which was defeated

I'm curious if anyone knows the Washington dirt on this one.

Feinstein has a long history of being aggressively pro-surveillance, far more than basically any other Democrat. (Something to do with having her house bombed and shot at early in her career, perhaps...)

For Congresspeople with awkward positions, it's pretty standard to take the occasional favorable-looking vote on something you know is doomed to fail. So... would Feinstein have known in advance that the 702 amendment was doomed? And, harder to prove, would she have voted differently if it hadn't been?

Feinstein has almost single-handedly pushed for two renewals of FISA 702. So I wouldn't give her too much credit on that.

Wyden has said that he personally takes his oaths of confidentiality quite seriously and so seeks to accomplish what he can while staying within them.

I'm proud to have him in my home state of Oregon. That seems like a rare feeling to have about a politician.

Me too. It's sometimes frustrating with Senator Wyden that whenever I get encouraged to "call my representatives" I find out that he already advocates the position I hold, sometimes articulated better than I could've done myself.

Please DO call them up and say thank you for representing your views so well without you /having/ to call up.

Free's up time for calling other peoples representatives.

The first thing staff screen incoming calls for what district you vote in - if you’re not from their district they usually won’t follow up on a call, unless there was some extenuating circumstance. Most representative’s offices do listen to their constituents, however.

I wonder if people from other constituencies called Sen. Wyden’s offices en masse to thank him, would that news get around to the other offices and maybe get some attention?

When this happens, call or write anyway to thank him.

That is the crazy part about living in oregon. We have a lot to work on but we seem to be trying.

Wyden and Merkley? feels like we could pull a hat trick if we needed a third Senator.

Not to short-change his effort, but actually trying to understand the thing on which you are working, doesn't make you a national treasure.

He's a cromulent fellow, everyone else around him is just a national disgrace.

> trying to understand

It's better than that, though. He and Udall have spent years talking about mass surveillance and telecoms abuses as major problems, and made very few friends doing so.

I agree that "in Congress but acting like a decent human" wouldn't be enough, and it frustrates me endlessly that positions like "was mostly against torture most of the time" are somehow laudable when they come out of Congress. But Wyden's access to confidential briefings means he's actually sounded a lot of alarm bells that other people couldn't, and that deserves some recognition.

> Not to short-change his effort, but actually trying to understand the thing on which you are working, does

You're aware he does more than just "trying to understand"?

Wyden and Udall spend a lot of political capital pissing off some very large players over these topics, from telecoms companies to the NSA. And for their trouble, they mostly got squat until Snowden, which at least them them start yelling "See, we said it was awful and you'd be mad if you knew!"

Maybe beating this drum is worth donations and support today, I seriously hope so, but they deserve serious praise for standing on conscience all that time.

Because catching some drug dealer is so much more important than everyone in an area being able to make 911 calls, right?

I like how the FCC exists to enforce exactly this kind of thing yet they're doing nothing.

How does this work post-2G, are the phones still not authenticating the network? Or are the operators giving signed fake certs out? Or is is some kind of downgrade attack to 2G?

edit: this 2014 article talks about a downgrade attack with the older stingrays, and a "Hailstorm" kind of device that works without 2G but without details: https://arstechnica.com/tech-policy/2014/09/cities-scramble-...

edit 2: It could also be implementation or design flaws, and/or backdoors, in the cellular network, courtesy of network equipment vendors.

In short, it's downgrade.

Since 3G, there is mandatory mutual authentication [except for emergency calls] with integrity protected management traffic [except for emergency].

The problem is, identification and key agreement require prior set-up of the lower network layers. If a cell station indicates an error during the early stages (i.e., before mutual authentication) of connection establishment in 4G, the smartphone falls back to earlier generations.

I'm surprised that Stingray has such an obvious signature (break everything on nearby phones), seems like that makes it trivial to detect and defeat for any capable criminal.

This is, I believe, the most comprehensive list of "stingray" behaviors - these are the behaviors that snoopsnitch[1] recognizes and scores/weighs to determine matches:


[1] https://opensource.srlabs.de/projects/snoopsnitch

My understanding has always been that the point of Stingrays was to make cell phones connect to it, and then it would act as a bridge between a real cell tower and connected phones, which allowed them to intercept communications instead of blocking them. This [1] seems to indicate that my understanding is correct.

Where is the disconnect here?

[1] https://www.wired.com/2015/10/stingray-government-spy-tools-...

I had always thought this too, but apparently it's not the default behavior.

Stingrays (and presumably other IMSI catchers) don't actually act as a bridge to a legitimate network; they're a terminal connection, and effectively deny service to any devices connected to them. This is the default behavior, and it's how the FBI has claimed they're deployed domestically. The reason they don't cause major outages appears to be that they only accept connections from targeted phones; they could equally easily be used as mobile DoS beacons. And the reason they don't cause targets to abandon their 'broken' phone is that they don't have to run full-time for effective triangulation.

For Stingrays to collect calls, as outlined in your link, is effectively a whole new service on top of the basic behavior. The Stingray continues to be an endpoint for the targeted phone, but also extracts the GSM encryption key on the device. It then opens a new connection to a cell tower, and uses the IMSI and stolen encryption to impersonate the real device. From that point on, its a mitm attack.

So the only way a Stingray transfers calls is for targeted users, while configured in a mode that's supposedly not employed in the US. Harris is claiming they use a variant of this system to pass 911 calls, Wyden is pointing out that it's completely untested and doesn't even claim to support text-to-speech dialing.

(Source: Wikipedia is surprisingly comprehensive, primary source at: https://www.documentcloud.org/documents/1282642-07-08-29-200...)

Shit, a mobile DoS hub sounds like it would still be a good use case for the cops / FBI / DHS to "shut off" local internet.

The very first thing I thought when reading the above comment describing how it works is, "I bet something like this would come real handy when suppressing protests".

Aka, Man in the Middle

That’s why the law enforcement community fought so hard to keep it secret.

Criminals are always looking for the next tech that gives them an edge and know immediately when the police can exploit it. Nextel direct connect (which was not interceptable for a long time) and BBM were the big ones of recent memory.

So are non-criminals interested in not being persecuted by a police state.

How feasible would it be to have a white list of known-good cell base stations, so I could control my phone's cellular connections just like I do WiFi and Bluetooth?

Discussion about a similar question 3 years ago: https://news.ycombinator.com/item?id=9030531

Importantly, you're going to need Apple to support this in the baseband hardware of iPhones to perform tower discrimination (some vendors exist that have proprietary software and/or baseband firmware to perform this functionality on Android).

EDIT: Maybe this could be done with bunnie and snowden's introspection engine? https://www.tjoe.org/pub/direct-radio-introspection

No, that's not why. Otherwise they wouldn't have to lie to judges, too. But they did, and still do. And it's because they know the judges would require them to follow proper due process if they are caught using Stingrays.

"Criminals are always looking for the next tech that gives them an edge and know immediately when the police can exploit it."

Some, but the vast majority of criminals do not put that much effort into their crimes, and among those that do, most wind up botching things. When criminals gravitate toward a system law enforcement agencies have trouble with it is more survival of the fittest than active planning.

Law enforcement fought to keep stingrays a secret for two reasons: pressure from the manufacturer, and a desire to avoid public scrutiny (which is likely the reason the manufacturer pressured them to keep it secret). The police would greatly prefer that the general public not spend too much time thinking about stingrays to avoid the risk of a stricter warrant process being required. It is also helpful if judges and defense lawyers are not familiar with the device and do not know what questions to ask.

> seems like that makes it trivial to detect and defeat for any capable criminal

Or OS vendors. crickets

Most criminals are not smart enough, educated enough, or sophisticated enough to be what you were probably thinking of when you wrote "capable criminal".

I think you severely underestimate criminals and their activities. Sure a lot of them are dumb, but so is the average person, and you are going to have a HUGE selection bias of catching the dumb criminals while the smart criminals rarely get caught.

There are smart criminals out there, but the majority of crimes are poorly planned and not committed by the smart criminals. I suspect that the real reason many criminals avoid arrest is that the police lack the resources and manpower to pursue everyone.

What actually happens if you call 911, and your call is intercepted. Do you just not get through?

This sounds like a lawsuit waiting to happen, especially now that this information is public. There is some emergency, someone calls 911, help doesn't arrive, victim and relatives sue the police who say "911 call? What 911 call?". Someone finally puts two and two together.

Considering these cell-site simulators are often used at protests this seems like a recipe for disaster. What happens when another person is shot[1] at a protest and there's no way to call 911?

[1] https://www.theguardian.com/us-news/2017/apr/25/milo-yiannop...

I imagine the police would use their radios to call for help, if there are not already paramedics standing by.

Who says their legacy, TDMA based radio networks are properly functioning? Motorola has sold most US municipalities and business clients hot garbage for radio networks, they can't push high call volumes, and your often limited by crosstalk (other people trying to talk on your channel) and the number of operators on staff. They literally revert to playing clear the channel tones for a solid minute multiple times a day. Its awful!

The current emergency responder trunked radio networks are extremely fragile, shitty systems. I have no hope that the transmitter at Columbia Tower in Seattle will be of any use to emergency personnel after a major event. Too few channels available, not enough staff to route and handle the channels we do have either.

since when do the police call for help to aid someone they shot?

You don't get a connection at all. Stingrays imitate cell towers, but their default behavior is as a dead endpoint; they collect requests and location data but don't reply. They apparently can be used as bridges, which Harris is claiming always happens for 911 calls, but it's not clear that works.

Speaking of TESTING things... it would be VERY NICE if a dedicated 'test channel' were setup for 911/e911/whatever. Maybe it'd be stuffed in to the developer options page somewhere, but I SHOULD be able to send a test call that gets an automated response and logs success/failure. It should use and behave exactly as 911/emergency call normally does, including working without any service (maybe also rate-limited), except not tie up actual emergency resources and be expected from time to time.

Even if just checking IF a cell-phone works for that connection in a given location.

This kind of automated testing sounds like it would be a fantastic idea.

Catching some meth head is far more important than making sure a person having a heart attack can reach EMT, obviously.

our entire war on drugs is misdirected and woefully expensive in terms of dollars and lives. sadly that may never change unless we can get a true third party or similar thinking individuals into office

It actually works in reverse. A like-minded person won't get into office until the public opinion changes.

Exactly why it is better to work within the parties than outside. Much more opportunity to reach people who's voices matter.

Why I don't get is why they don't make it so you dial 911 and it rings in the squad car that has the Stingray.

The first reason is organizational. 911 dispatch and law enforcement are two very different entities. Law enforcement pays 911 dispatch for a service (every time they push that button on their radio they pay a fee). If you have 911 calls coming to the squad car, you're now circumventing 911 dispatch.

Secondly, it's equipment. Most officers have a cell phone and a radio, which isn't really capable of taking calls from their cell-site simulators. Furthermore, they wouldn't be able to record your call, redirect it to fire or EMT, nor dispatch another officer in another jurisdiction.

The officers aren’t trained for it either. I imagine there are pretty important lists of questions that 911 operators ask in various situations to get the right information to pass on. The officers would have to wing it and hope Ts enough.

Or we’d have to train every single officer to have the right skills all the time for something they’ll almost certainly never use.

Considering how many officers seem incapable of drawing a firearm without mag dumping with no regard for what's behind the target I don't think it's possible to train them to do yet another thing without a significant number forgetting most of that training when they happen to need it. (Less rare to draw a gun than get a difficult 911 call when operating a stingray but still not an annual occurrence for many individual officers.)

Requiring a 911 dispatcher be on hand to field 911 calls intercepted by the stingray would probably work and in many cases it would have the side benefit of involving a person accountable to a different chain of command. Having an outside observer like that could slightly discourage stingray abuse (all use is abuse IMO) depending on how they're used in practice.

Edit: It's interesting to see this bounce between positive an negative votes. Why do people disagree? I don't see why this isn't a reasonable opinion.

Edit2: I think firearm usage is a good parallel to a non-911 operator fielding a 911 call while using a stingray. Cops get a scheduled training/test on weapons usage (monthly,annually or somewhere between) but there's still a chance that the situational details result in poor performance because you're not trained on the edge cases and you can't expect every officer to do everything perfectly. Likewise a 911 operator is a specialist job that most cops can probably do an ok job at in typical cases but the risks of poorly handling an edge cases are high enough to be unacceptable. It's much more practical to have a dedicated 911 operator on the job than it is to tell cops to just not get in situations where they have to draw a gun.

Your edit: I don’t think your comment is very useful. It starts off as sort of a generic ‘cops are bad, so who cares’ screed.

Cops behavior when using firearms isn’t really germane to the training required to handle 911 calls.

Your second paragraph is a good comment. That’s probavly balancing out the downvotes from the first.

I agree with you that would have the effect of discouraging Stingray use (especially since departments like to hide that they get used), but I’m not sure that’s a bad thing.

you have given an intelligent critique to this comment...thank you

The only important questions are

1) where are you located? (critical) 2) what's your emergency? (optional)

then a police car and fire truck and maybe EMT are dispatched.

If you've ever called 911, or had any experience with dispatching in any capacity, you'll have discovered that trained, experienced professionals don't think that those are the only two important questions.

What kind of fire? Are people still inside? Do you need instructions on how to provide CPR? What did they eat? Are they on any medications?

That’s off the top of my head. I imagine a trained dispatcher could come up with WAY more.

Yeah, if you call 911 and say a crazy person is breaking glass in your house they'll ask you if you have any firearms in your house, for instance.

An answer to #2 might be "my friend is bleeding from the neck". The dispatcher needs to 1) give first aid advice (put pressure on the wound) 2) figure out if the police should respond. People in an emergency are not always forthcoming with details.

Have you ever called 911?

That's not even close to how a call goes..

This might reveal a stingray was used in a certain location.

It would defeat the intent of police/Executive Branch to defraud and deceive Judicial oversight over the usage of the devices and their implication of illegality in the face of the Constitution of the United States of America

It does one better according to the company. It detects the 911 call and lets it through to the real tower. The headline is very sensational. Read Mr. Wyden’s statement in the article for the non-sensationalized version.

It states that this has not been tested to current 911 standards and thus the public has no way to know if this is even true.

The key here being "according to the company". This is the same company that has been working with law enforcement to prevent them from even disclosing their use of these devices to the courts or defendants. Is that a company you're willing to take at their word?

And calls to 911 will increase as people check whether there is a Stingray nearby.

Stingrays block all calls since they're not actually connected to a cell network, so calling any number should suffice.

How is blocking all calls even remotely legal?

It’s not. But the FCC isn’t capable of doing its job, and prosecutors are very cautious about using the evidence.

Reminds me of another story on HN where for months some guys was driving around with a cell phone jammer in his trunk because he got fed up of distracted drivers. It took quite a bit of effort to track him down as far as i remember.

Possibly cathartic, but I'd almost imagine having a bad signal would distract them more.

It's not telephone service is considered critical infrastructure and therefore it is supposed to be illegal to disrupt service. This is why you have to block robo calls on your phone and its not done for you by the carriers. An over simplification is if a call is attempted no entity can prevent it from being made.

I am sure there are some legal loop holes out there that is why the government can use the CSS.

Aren't these still "secret" devices that show up even w/out a warrant?

It probably isn't.

Anything's legal until a judge rules on it.

Ok, so they should fix that and connect the stingrays to an actual network, and forward all calls.

Leaves the question what happens when they move or turn off the stingray.

So just man in the middle all the encryption that goes on with modern phone protocols? Should we all have to install the stingray root cert on all our phones? or should the phone providers have to provide them a valid tower cert on demand?

Don't stingrays downgrade to 2g where cellphones didn't authenticate the tower?

No, even with 3G phones generally won't complain in any visible way if the tower doesn't support encryption.

I mean, I think they downgrade to 2G for a lot of reasons; the encryption (or lack thereof) isn't the only one.

So if your internet goes (which never happens here anymore, ymmv), then don't make any calls. If the stingray lets through internet, then make encrypted voip calls.

That’s what the sensational headline would make you think, but the opposite is true. According to the company, the devices do, in fact, detect and let 911 calls through to the real tower. It is all other calls that are blocked.

They say they're supposed to do this, but the feature was never actually tested and even the manufacturer themselves aren't sure it's gonna work.

Not certified by the FCC does not mean not tested. If you’re an engineer, I’m sure you’ve tested plenty of things that you didn’t get “certified” by some regulator.

The only reason to go through such expensive regulatory certifications is that you believe you have a legal obligation to.

or maybe that you care about public image. It's obvious this company only cares about Police contracts.

Just because the call isn't to 911 doesn't mean it wasn't an emergency call.

>It is striking, but unfortunately not surprising, that law enforcement has been allowed to use these technologies ...

The last I heard that the FCC authorization was only for use in emergency situations. If that is still the case then law enforcement has not been allowed to use these technologies in the way they actually do.

Law enforcement has been doing off the books surveillance pretty much forever. It isn't likely they are going to suddenly stop. The article has it right, this is entirely a technical problem at heart...

The title of this article is pretty misleading. There is no confirmation that the cell-site simulators disrupt emergency calls. Rather:

> Harris Corporation claims that they have the ability to detect and deliver calls to 911, but they admit that this feature hasn’t been tested.

The fact that the feature isn't tested is a serious concern, and should be addressed, but this headline is completely inaccurate, frankly dishonest, and reduces my faith in the EFF.

I understand where the EFF is coming from, and for the most part believe in their causes, but this sort of willfully dishonest headline just serves to reduce credibility. In the future when I see EFF articles with dramatic headlines I'm going to assume they're probably not what they seem and be less likely to read the article.

Fans of he EFF will forgive these sorts of inaccuracies. Skeptics will not - this sort of article just serves to drive reasonable but undecided people away from your cause.

Wait, so does this mean that if you were being monitored with a stringray, your phone would just be a brick without access to mobile network data (calls, texts, data) etc? that seems like a huge giveaway???

Why are these devices even legal to operate? Normal FCC rules, you're not supposed to operate a radio transmitter so as to interfere with other users.

Stingrays by their very nature interfere with other users.

They aren't legal for anyone but the police, who are allowed to do many things the rest of us aren't.

Yep. Anyone who says "people are equal before the law" doesn't live in the real world.

There are many "social layers" - arguably more than the four Indian castes. They are treated very differently by everyone, including the legal system.

You don’t need a CSS to disrupt service. Simple jamming will do that.

You really have to wonder what caliber criminal the stingray is targeting. stingray is useless with an encryption layer, and I don't see how any seasoned criminal doesn't use encryption.

Most seasoned criminals are unsophisticated, because people who turn to crime typically do so for lack of better opportunities (which would typically exist for people with the sophistication needed to understand cryptography and how to effectively use it). Here are two illustrative examples of this lack of education/sophistication:



I think the reason you cannot fathom seasoned criminals not using encryption is that you are not a seasoned criminal.

I suggest you watch a couple of episodes of The First 48 to see the level of ineptitude of both criminals and the police

I'm curious to hear more about "rogue law enforcement". :) Batman, or a bunch of bikers beating up the spouse of a domestic violence victim. I need more information.

Answering your question straight: Rogue law enforcement would be cops who are using illegal methods and lying to courts.

(In the process, letting criminals go free, because the evidence will eventually be invalidated.)

>In the process, letting criminals go free

Or, more probably, locking up innocent people.

Does it matter?

Are you saying there are mad dog vigilantes out there who you would like to know everything about you?

I'm 100% certain that I don't want bloodthirsty vigilantes knowing anything about me or any of my family. Frankly, it's just principle for me, so I'll be honest, I don't even want the government to have the ability to track me.

And emergency text alerts.

This headline is deceiving. The actual statement from Mr. Wyden is nowhere near so conclusive:

>Moreover, while the company claims its cell-site simulators include a feature that detects and permits the delivery of emergency calls to 9-1-1, its officials admitted to my office that this feature has not been independently tested as part of the Federal Communication Commission’s certification process, nor were they able to confirm this feature is capable of detecting and passing-through 9-1-1 emergency communications made by people who are deaf, hard of hearing, or speech disabled using Real-Time Text technology.

If it hasn't been tested and certified, I am reluctant to bet the life of myself and my family on it. I think the headline is reasonable and recommend it stays as-is.

EFF headlines (like any other pressure group) are usually like that.

From a legal perspective, not certified means the feature doesn’t exist. So it is technically an accurate statement.

>From a legal perspective, not certified means the feature doesn’t exist. So it is technically an accurate statement.

I guess almost all of the software developers here have never really built any features then. Imagine that, all that code and the features “don’t exist”. I didn’t realize the law had such ontological power. Not certified means not certified. Not believing you have a legal obligation to get certified is a great reason to avoid that expensive and bureaucratic process.

If you’re in a regulated space or have a contractural requirement, certification matters.

As an example, If you’re providing services to the government or other organization that include encryption, you must use FIPS 140-2 validated crypto. If you fail to do so, and something happens (where something ranges from audit to breach) from a legal perspective, it’s not encrypted. This is true even if you used equal or better tools to encrypt the data.

the headline is a reasonable abstraction from the legalese which you quoted. if the feature isn't FCC compliant, as taxpayers we are to assume that it exists outside of the law and is thus not something we can depend upon. in any event, it violates the ADA because it isn't disability-compliant in any capacity.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact