Wonder if someone suspected Feds would do this, they could ask their accomplice to take their phone and walk around with it in a different part of town. They would then have a
alibi and be discarded as a potential suspect.
GPS spoofers already exist, so why not a GPS mirroring app. Keep your phone on, but have it reporting the location of your friend's phone. Or maybe a history based AI synthesis of where you supposedly went. The problem is going to be that you supposedly drove down the 405 but none of the scanners saw your car.
(Edit: That and Google wouldn't agree with T-Mobile on your location. Oh well.)
... for 20-30 minutes. Plus this requires accomplice, which can already take the phone for a walk (with cap, glasses and generic body-covering clothing to fail facial recognition)
It is interesting how people think in the context of their own lifes, I highly suspect that 13of40 is American, where you can't live a functioning life without a car.
FYI massively scanning and recording faces this way in a public place is not ok in most of Europe. Recording the raw security footage sure, but no deeper processing.
EDIT: Yes, that creates a data point that police could also search for — "give me all the phones in the vicinity that were turned off and then back on surrounding the incident." Okay, how far away? That would be a massively larger search, geographically, wouldn't it? How far before and after is your window for turning off and back on events?
That's still an additional search. It's also probably got a far worse signal:noise ratio than proximity to the incident — assuming the robbers were dumb enough to have their phones on them (and on) in the first place.
Turning it off could leave a trace: "this phone was turned off 15 minutes before the robbery started, and was turned on 15 minutes after the robbery ended, both events in a location which is 15 minutes by car from the bank".
Leaving it at home, without turning it off, leaves no such trace; it's consistent with "this phone's user simply stayed at home today".
Is it possible to auto answer a call? In that case you could call the phone and there would be proof not only that you were at home, but that you were having a conversation.
Google could probably detect atypical usage patterns. If you’re always on your phone and suddenly there is no accelerometer delta then you’re likely not at home with your phone but somewhere away from it.
Better to just have the kid play with it all night. And, of course, tell the wife (assuming she's in on it) to watch a lot of Jackie Chan movies on Netflix all night.
Well, who in their right mind would bring a cellphone to a bank robbery? And yes, creating an alibi would be good. But not with a knowing accomplice, because that'd be a vulnerability.
So, one problem here is that the police could look for co-travelers. I.e., two or more people being shown to take the exact same route.
Spies would look for this to see if they are being tailed. If they can see a pattern of people who are co-travelers on their same path, then that’s a pretty bright signal.
It would be more work for the police to look for these kinds of signals in the location data, but not companies like Google.
Just FYI, you would have to have an exceedingly clever accomplice. They would need to walk around in a part of town where there are no cameras, and preferably very few witnesses. (If someone remembers seeing him alone, or cameras verify he was alone, or God forbid, if one of his buddies sees him and strikes up a conversation, the gig is up.)
Your accomplice would have to take possession of the phone at a comfortable distance from the target bank. (Again, in a place that no one, and no camera can observe the arrival of either party.) And the co-conspirator actually robbing the bank would have to make his/her way to said bank without being observed leaving the phone drop site. (And without being observed traveling in a direction inconsistent with his/her phone's location data.)
All of that is not as easy as it sounds. One traffic camera on a stoplight and they got you, in your car, heading towards the bank, in the opposite direction of your phone. Now your co-conspirator is in trouble too. (Aiding and Abetting at minimum.)
We're creeping towards an age of ubiquitous gaze, and only people who are way smarter than I really know if there's any averting it at this point. I think the only real defense against ubiquitous, 24/7 surveillance right now is to live life in a remarkably unremarkable fashion.
It's possible (especially if you're in a criminal database) that this might actually paint a bigger target on your back - if a traffic camera caught you going toward the bank and facial recognition picked it up in an automated sweep... then the fact that your phone was broadcasting as being in a different location might be a red flag on it's own.
While humans are doing the piecing together this tactic will probably be pretty decent, but it wouldn't be super hard to marry those datasets after you've seen it happen a time or two.
And now everyone who forgets their phone on their way to work gets flagged.
I’m not even disagreeing with you. It makes me sad, however, that this sort of automated surveillance is mostly accepted by wider society. We will force everyone into a Brave New World styled life, where being entirely unremarkable is the only way to avoid suspicion, no matter how innocuous the behaviour.
In addition to your concerns, I don't think there's even anything to be gained by intentionally trying to create a false trail since the warrant only looked for phones in the area of the bank around the time of the robbery. The robbers could just as easily leave their phones at home (or any other place far away from the bank) and they would not be flagged by the reverse location search.
You could also mail your phone via ground. It wouldn't hold up to intense scruitiny because your locations would all coincide with package delivery places but it might help.
Co-conspirator leaves his phone at home, dresses and puts make up on to look like you, takes your phone to a couple of spots with a digital trace of your phone but only low tech cameras, and builds an alibi for you. Their alibi would be being home sick. Could even meld the two stories by buying yourself some DayQuil.
Governments serve Google with over-broad search warrants frequently, but there is not information in this article stating or implying that Google responded to this or other similar warrants. Google has a whole department of attorneys dedicated to evaluating search warrants. They claim they won't comply with vague and overbroad warrants.
> It was an aggressive technique, scooping up every Android phone in the area and trusting police to find the right suspects in the mess of resulting data. But the court found it entirely legal, and it was returned as executed shortly after.
> They claim they won't comply with vague and overbroad warrants.
Assumably it’s the judge’s opinion on this that matters, right? In the case of a national security letter this fight wouldn’t even be public. Assume the worst.
A judge would review the warrant before issuing it hopefully. I think Google can basically say "Look, this is a bad warrant and you'd be better off narrowing it a bit" and that would work in most cases.
You, as a defendant, can also challenge the warrant as part of your trial if you are caught, potentially getting the results of the search thrown out.
It's unlimited in scope so it's pretty broad. There could have been any number of people passing through that area of space/time. A good standard for such warrants is when the police suspect a particular person and want to search for evidence of their whereabouts. A fishing expedition where the police have no suspects and just want to grind all available data is almost the definition of "vague and broad", if not that of "over-broad". In this case it seems that the police did not even have a concrete reason to believe that the perpetrator carried phones or used Google services.
- Why asking Google? (My GPS is allways off)
- Why not ask the phone providers?
- Even the dumbest criminal does know today, don't carry your phone with you, if you do something like this.
I switzerland was a murder an rape case close to one of most busy highway. The police asked the phone providers for phones in this area (highway included). The first bill from the providers was 860'000CHF, they reduced it later to 200'000CHF.
2010 - 2030 This kind of thing happens with lots of alarming stories in the news. People are kind of worried that they will get dragged in as a crime suspect simple because they were driving by the area when a crime was being committed nearby.
2030 - 2040 This kind of investigation becomes so common that the independent news outlets just stop finding instances of it. People are kind of relaxing about it.
2040 - 2050 It turns out that, like DNA evidence, there's now an entire innocence project started dedicated to getting people out of incarceration for any crime where the totality of evidence was GPS data and some made up stories.
2050 -> Oh sorry that new energy source blew up, earth is gone.
I fear the timeline is way too optimistic. It wont take till 2030 to normalize.
>It turns out that, like DNA evidence, there's now an entire innocence project started dedicated to getting people out of incarceration for any crime where the totality of evidence was GPS data and some made up stories.
Is also already the case. Denmark had such a problem recently.
Given the history of every other technique the cops have ever used to solve crime I'm betting it's gonna wind up somewhere between forensic bite mark analysis and eyewitness testimony (i.e. not worth shit unless you've got a lot of other stuff to corroborate it). Of course a generation of prosecutors will get to make their careers on this kind of crap before it gets debunked.
Well beyond suggesting that, as stated in other threads, as the criminals get smarter they will simply leave the phone at home and yes, innocent people that have a digital footprint near (and when) the crime will be caught instead. Once the police have identified a potential fall guy and they are black, or an immigrant or some other disadvantage, we'll see eyewitnesses come forward to "help" the police officer.
$9.99 a month "identity masking", lets you run your android device in stealth mode. (I'm being sarcastic of course).
One of my SDR projects was to boot a GSM base station if my burglar alarm went off and store copies of every IMEI it can see in the cloud. Seems like it would be a better lead to hand investigators than a fuzzy security camera shot.
Yes! Well let me be a bit more clear. The FCC has a process for, and indicated they would likely approve, a special temporary operating license for such a device given that it would only operate for a short time (during the break-in) and not interfere with the thieve's or neighbor's cell phones as it would respond with no compatible roaming network. Also it wouldn't do any sort of interception or monitoring other than the tower ping.
It would also need permission from the licensed spectrum holder, that could be harder to get.
But yes, completely legit with the right paperwork.
I was a little as well, I happened to be at an SDR conference and one of the attendees was a lawyer working with the FCC on licensing issues[1]. I gave him my use case and he said that if it was constrained the way I said it would be, then if it came through their office they would likely approve it.
[1] The FCC has been pretty engaged in understanding the impacts of SDRs because of their potential for abuse (as one attendee called it, "The Drones of spectrum." As an amateur (AI6ZR) and someone in industry I've been helping as an SME to explain some of this stuff to their less technical staff.
And investigators probably would not care — consider how many identity theft cases have the ID thief on camera (in my case, at a hardware store opening up a line of credit in sight of store cameras, and later using a cloned card at an ATM machine, surely in view of an ATM camera.)...yet despite thousands stolen in ID theft cases, there is hardly ever any action taken.
My thought would be they could track the phone of the person, who would probably still have it on them, and using that and a fuzzy security camera image have enough evidence to arrest them at least.
I feel like, as soon as you enabled this feature, your phone would start broadcasting more.
I suppose we can sorta thank the FEC for their crazy broadcast device requirements when it comes to suspecting whether airplane mode actually stops a device from dialing home.
"Criminals deserve just as much privacy and safety as anyone else. If the government violates the criminal's rights to solve, prevent, or preempt crimes, even more crimes have occurred (privacy violations, killing of the criminal, etc.)
There should be explicit modes for phones and browsers available to criminals that allow them to safely commit crimes without risk of their rights being infringed upon."
I know you were being facetious, but a mode somewhere in between "track me" (data enabled) and "remove my phone from the network" (airplane mode) would be nice.
Maybe "for the next hour, don't do the normal location-tracking/biometrics monitoring/reporting". I get that Google has no incentive to make that feature but maybe Apple does?
Basically every normal adult commits at least misdemeanors daily (in the sense that a bored cop could stick you with one and an aggressive prosecutor could nail you for it if you didn't get a decent lawyer) crimes all the time.
Trying to make a black and white distinction between criminals and everyone else is futile.
They can't call it that. But they can call it... Incognito. Plus then you can just tell the cops: "i was watching xhamster all night.. see my phone was in porn mode (you know incognito is called porn mode)"
Your locations from the time your phone was in airplane mode are uploaded the moment you switch it back to normal Wi-Fi connection. I guess your only choice is going full-on tinfoil/Faraday cage-style though that might be a bit impractical while doing the deeds...
The entire premise of this is flawed; instead of trying to come up with a way to make the tracking device you're carrying stop tracking, maybe you should just not carry the tracking device in the first place. Leaving your phone at home when go and rob a bank is like Criminal 101.
Baseband processor might be running even on a phone that is seemingly turned off. That's why crime bosses discussing breaking bad always removed their batteries. That might also not work 100% if there were large capacitors inside the phone...
it's conceivable with even the phone powered off that the GPS processor could still be running in an ultra-low power mode doing geolocation fixes every n-seconds and storing them in a cache on the chip.
So I guess a Faraday cage would be the only sure way...
I've done some neuro/ephys related collaborations where I installed stuff inside a room sheathed in all 6 sides in solid, grounded copper. Inside with the door shut, the wifi and LTE were both good enough to stream video!!! Although, they say it did a good job at cutting the 60hz noise. Personally I would learn a little bit more about Faraday cage design before trusting anything to it besides lightning strikes
High-frequency emissions love long thin gaps. Just grounding the parts against each other is not enough, you have to close the longer gaps, eg with copper tape with conductive glue (sold in electronics shops) and the surface below must be blank too. If you do not do this the gaps might even function as an antenna and amplify the signal.
Also, cables coming outside of your box must be shielded too.
Typically there was a 2" conduit carrying DC power cables and the seam around the door might not have been sealed, so probably that. Also had similar results with fridges, and they have rubber seals on the door gap. So probably leaking through cracks.
If we go into questions of what a maximally malicious phone could do, rather than a question of what a normal phone actually does...
The Faraday cage would still leave the accelerometer fully functional. Now you might say "but because of drift it will rapidly diverge". Yes and no. It turns out that it's possible to detect based on "gestures" where you might be. Works better for winding irregular streets than in a gridlike street network.
If we go full Sherlock Holmes, the microphone might also overhear trains and music from stores giving away the location.
Yes, I do this all the time when I'm hiking out backpacking. Without any cell or WiFi nearby I try to save battery by turning them off. When I want to check a location on my map I enable the location long enough to get a GPS fix and turn it off.
I have to wonder why Google removed the ability for apps to put a phone into airplane mode / turn off the GSM antenna. Perhaps it was a legitimate UX consideration or some weird unintended consequence of a regulation about radio transmissions.
Still, it would be nice if the default for phones was to not be connected to the mobile network. Instead, they could listen out for a signal broadcast on an FM frequency (for example), and only connect to the mobile network when a specific unique ID was sent, indicating that you have an incoming call. (The unique ID would be agreed with the radio transmitter in secret before hand, and changed after each call).
When your phone is on a Wi-Fi network, it could instead have all incoming calls directed to it that way, like a softphone, meaning you would only rarely have to reveal your location to the mobile network.
The economics of this could work in some places (based on my rough guesses), but not if users had to root their phone to grant apps this permission to turn airplane mode on and off. I also don't know how much battery life would be required to be constantly processing an incoming FM signal in software (at least whenever the phone was off a Wi-Fi network). I'm also assuming that phones have FM receivers that apps can interact with, or that this could be an external device, connected via BlueTooth, perhaps.
I wish I knew what is apparently so objectionable about my comment above. Is it just that the system I'm proposing is impractical for some reason, or do people object to the goal of preventing governments from tracking the movements of basically all their citizens all the time?
As an example of the sort of society I am hoping to avoid, let me offer this article:
In all seriousness though, I'm pretty sure your system fails in the deliverability department.
Mobile phones are meant to be...well... mobile, and that functionality basically requires that when a call intended for you is started from somewhere else, there has to be a way for the signal to get correctly switched to where you are.
If you treat cell towers as switches, that then means that each tower maintains a routing table of handsets within it's area which allows the signal to eventually find it's way to you. This is the fundamental operating principle behind packet switching and the Internet in general.
Let's say there's 4 cells. A, B, C, and D.
I call you from A. You're in D's coverage area. A can connect to B and C, and C can connect to A, B, and D, B cannot see D.
My handset tells the switch behind cell tower A I'm looking for you. It checks it's routing table to see if it's serving you, and finds it can't, so it pings the next switch that has announced a possible route (C). C checks it's routing table, to find you and doesn't, but it sees D knows of you, so forwards to D. D knows you're there, so it finally connects the call. The circuit is made. This works because information about what handsets are in range, and which cell knows routes to what is constantly updated and propagated through the network. So if you took a trip out of D to B while on a call, the call would not have to terminate since the towers hand you off from tower to tower as your handset's location changes.
The system you propose though, breaks that paradigm. Since the cell tower has no way of tracking the handsets in its service area, every possible tower has to chirp to see if your phone will respond. Once your session is established, some of the normal routing protocols can still be reused, however, the initial connection stage is where it gets problematic.
Routing tables clean themselves up over time, so if you don't use your phone for long enough, you essentially cause the system to attempt a network-wide chirp just for you.
Now multiply that by everyone, times the timeout to voicemail, on every tower on the network. Not ideal. You have no way of telling whether the call connected with the handset until the handset actually answers, or every switch gives up and returns cannot connect as dialed. You're a walking DoS attack because someone wants to call you, and you won't pick up your damn phone.
Furthermore, your scheme degenerates to the current arrangement if an always available mobile data connection is assumed, as your phone will just establish a session every time it sends data.
Basically, it's not the telephone part that makes you traceable. It's the "I can guarantee synchronous delivery part". And hell, even if you throw out the mobile bit, phone records still the you to a location; it just takes a bit more footwork and a cooperative witness/wiretap to prove it's you.
It's a pretty in depth problem, with a lot of nuances to be squirreled out. It takes a long time to explain, and even if someone could get most of the way there, that's only the start of the issue. I've got friends who have tried making ISP's before, and the amount of friction created by monolithic telco's is absolutely insane even when you aren't doing anything exotic.
You have to remember as well, telephony isn't magic. You're eating up bandwidth all the time. Stuff is incredibly fast nowadays, but everyone is using it too. Also, all successful networking suffers from tracibility problems. Things just get mitigated slightly by jurisdictional boundaries and the impracticalities of being able to trace through sufficient levels of proxy links. So it's not surprising you got a few "you really don't get it" downvotes.
Anyway... Hope that explains things, and I'm sure there's a bunch of detail I'm missing.
EDIT: Additional thinking: there's other reasons why a telco/mobile provider would want all handsets connected at all times even when not doing calls. It gives them an idea of where they need to install or upgrade infrastructure based on metrics w.r.t how many handsets are in the cell.
Basically, from a business standpoint, there is little reason to not go the direction that we have. The privacy concern does change things a bit. Not sure whether it would be enough to drive a push to abandon/change things so drastically. It's an interesting thought experiment though that I will happily cogitate on for weeks in my idle time. I like devising new protocols.
Most criminals I knew over a decade ago knew this already. Phones were left behind as much as possible, batteries pulled out when discussions happened, and so on. I’m long away from that world (been clean for 7 years), but I would be surprised if they’ve not adapted even further
Can't Feds ask mobile phone servers providers(there are only couple of them in US) for phones registered at specific base station? I think police have been doing this for ages.
They can but that could pick up way more people and not be accurate enough for location tracking. Cell sites can have a range of multiple miles.
Phones have a much more accurate location history since they can localize using AGPS. And with google location history turned on it stores that location to googles cloud.
If you were a cop, would you want the AGPS range data? or some triangulated range of phones?
Cops are only doing what makes sense. You can't really blame them. There needs to be a law that prevents them from doing it. Absent that, people need to stop being so liberal with their information.
This was a bank robbery, but the principle certainly applies to other activities as well. I mean really, do you really need your phone on you if you're going to see your mistress? I don't think you do.
There’s probably a market for bank cameras with image recognition that automatically set a silent alarm if they spot a gun. Several cameras inside and out could track the individuals.
Private businesses, especially banks, are free to ban guns (and may be required to do so). So while this might not work for the gas station next to the hunting club, it should be fine for the bank.
Most are concealed, and the rest are usually holstered and pointing down. Doesn't seem that hard to exclude almost all of those, leaving just a few for manual review.
Not only recognition, but also video quality adjustments. A bank surveillance system often has to archive months of video so police can go back to try to find out if the robbers had been there before to plan their crime.
A smart AI surveillance system might have 4k cameras, but not save the video in 4k format.
Instead, everytime a new face appears, it can use the maximum resolution to take a profile photo of the face for archival purposes and to calculate facial recognition.
If integrated into the banks software, it could match the faces to associated accounts by noting what account was looked up while the new face was at a tellers window.
If a robbery is detected through behavioral analysis or gun recognition, then the recording system would switch from 720p @ 15 fps (for example) to 4k @ 60 fps. It could also not just alert the police automatically, but could quickly pull up the associated account information, clips of previous visits discovered through the facial recognition, and send that to the police or have it ready for their viewing.
How long did it take for the employee take to push the silent alarm? Seconds count. (I realize you have no idea and simply made that up anyway. We don't know if someone did push the alarm.)
"Our system zooms in on people who carry firearms. In addition, our network of cameras coordinate and will take several pictures from different angles and zoom levels. Furthermore, our AI looks for identifying features (e.g. moles) on the suspect's face, arms, etc"
How many bank robberies and convenience store robberies are there every year in the US? Why stop there? There's lots of gun violence in the US that lends itself to AI based security.
Who cares about bank and store robberies? Employees hand over the money and clock out; customers continue on with their lives. Very few humans suffer, and the ones that do suffer can afford a haircut.
A better use of AI based law enforcement might be targeted against corporate+government institutions which actually harm people at scale.
Isn't this a blatant constitutional violation? Maybe while they are at it they can search through everyone's house as they "might be there".
Granted the fusion center already have access to this information - alot of times they have to make it official to be admissible in court. So there might be something foul in play here(besides the blatant 4th amendment violation).
> With nearly a year elapsed since the warrant was served, that suggests this particular reverse location search may not have been as fruitful as investigators hoped.
They did not find anything. But God help you if you have a prior record and happen to be black or match the description of the assailants... and just happened to be around the bank at the time.
>But God help you if you have a prior record and happen to be black or match the description of the assailants... and just happened to be around the bank at the time
Seems reasonable that you would be approached by investigators if you were present at the scene and matched a witness description.
It would be fine if they simply approached people and tried to rule them out, but due to the psychopathy in the justice department they often try to paint the people they find into the perp often hiding evidence that exonerates them.. in other cases photo-shopping their face to cover up tattoos to make them look more like the assailant.
The issue is that prosecutors don't act in good faith... and because of that legitimate exercises maybe used against people in illegitimate ways.
Yes that sort of thing happens, but "often"? How often are we talking here? You make it sound like a common occurrence and I'm not convinced that's the case.
Happened to me, so I can speak about this first hand.
I fit the description: I was between 5'3" and 5'11" and my skin color can be described as "coffee with a touch of milk."
Video evidence that showed, fifteen minutes before it happened, that I was 13km away at a wedding having dinner wasn't enough since I could have left immediately after the footage was taken and driven down.
I still have video evidence of the senior detective basically instructing the witness to select me out of a lineup. They also whispered to each other throughout which I only managed to hear thanks to some expensive headphones I had.
I made fake Facebook accounts and befriended all of the "witnesses" and victims. Beat the case on a technicality thanks to a post I found on Facebook by a eye witness.
I'd still be in jail right now 9.5 years later.
I'd say it happens extremely frequently, it's just that the people it happens to aren't as lucky as I am.
It's not something I'm particularly proud of or something I talk about - outside of my immediate family no one really knows all of the details, and only a handful of people outside of my immediate family know about it. It's the most traumatic experience of my life and had significant consequences on my mental health that still affect me daily.
My blind optimism helped me through it, but it had really hurt my family too.
I didn’t agree to anything unless it was an order. This had the benefit of them requiring to have a senior officer review the request to make sure it’s actually necessary and lawful to order (such as when they requested a buccal swab).
The line-up I mentioned was a photo line-up, where they place one of my mugshots among a group of other photoshopped mugshots.
They arrested me in the first instance, then released me, then arrested me again and charged me after they had performed the photo line-up.
Often enough. Like how many times is too many when we are talking about sending people away for years? If they find something that exonerates you, who is looking out for you, do you have the right to find evidence that clears you? Can you ask Google for such information? Anything they find can and will be used against you, and anything that clears you they are under no obligation to disclose. Does that sound like a fair bargain?
of course frequency matters. Yes, it's awful every time, but it's a whole lot worse for society if it happens 10,000 times a day as opposed to once every 5 years
It's not like they couldn't do all that without google's help. They would have looked at every camera nearby, talked to every witness, etc. If your name/face came up and you had priors or matched the description you'd get a visit. Google's data is probably more accurate/scoped and more impervious to bias than the other options they had.
This is particularly relevant with the recent discussion around Amazon's Ring partnership with law enforcement. "We will always ask you for permission" gets a bit thin when warrants like this can be issued.
