This silence on FOIA requests is in line with what the FBI has been instructing local law enforcement to do[1]. Here's the relevant FBI letter:
In the event that the Minnesota Bureau of Criminal Apprehension receives a
request pursuant to the Freedom of Information Act (5 USC 552) or an equivalent
state or local law, the civil or criminal discovery process, or other judicial,
legislative, or administrative process, to disclose information concerning the
Harris Corporation [REDACTED] the Minnesota Bureau of Criminal Apprehension will
immediately notify the FBI of any such request telephonically and in writing in
order to allow sufficient time for the FBI to seek to prevent disclosure through
appropriate channels.
This is a written policy that FOIA requests should by default be resisted. This combined with the change from a mission of "law enforcement" to "national security"[2] signifies a huge shift in the FBI away from a rule-of-law culture to a rule-of-man culture.
Has anyone ever quantified the dollars spent per criminal captured for these kinds of programs? I mean flying a small plane, using proprietary technology, agents' time... I'm guessing this is in the millions of dollars, but who are we catching with this?
Whether alone (with user movement and precise clocking) or in a coordinated group effort, devices might begin to triangulate tower location and check this against historical and geographic data.
It would be a bit ironic, if/when triangulation begins to "work" "in the other direction".
It already is: Mozilla has been building apps¹ that allow users to contribute to a shared database of the locations of cellphone towers and WiFi APs.
The idea is to allow GPS-less devices to find where they are, but it could certainly be used to identify new towers in places which had already been mapped.
EDIT: It seems there's also opencellid.org, which actually allows you to download the full database.
3G provides some cryptographic basis for this, but you might not have a UI on your device to require 3G or to warn you about roaming (which could defend at least against early generations of IMSI catchers).
Why are these planes even required? Cant the US government simply get this information directly from the phone carriers? Given all of the power the NSA seems to have, surely they have this capability already.
I'm not sure that carriers keep the IMSI tower association records (vs. call or data transmission logging information). This would be a tremendous amount of information to retain, since a given phone is always associated with at least one tower and may be re-negotiating its association thousands of times per day.
I believe they do. I'm hardly an expert, but on the Serial podcast, which details a murder investigation, cellphone tracking gathered from the carrier is introduced as evidence, and the events are described as "pings" (not calls, and probably not data since this was in the early 90s). I don't think they actually triangulate the position, they just know the tower the cellphone "pinged" and the approximate distance based on signal power.
This would be a tremendous amount of information to retain
Not really. An IMSI takes about 7 bytes, plus a few for location, let's say 12 bytes. Multiplied by, say, 2000 pings a day per user, by 300M users, that's just 7TBs/day, for all carriers.
> going to the telecom company with a sweeping warrant
Would it be a sweeping warrant? If they are only targeting 1 person/phone, then it sounds like a very specific warrant. Plus, the phone companies wouldn't give them all the data ("the whole haystack"), the phone companies would only give them the specific data to that person.
I imagine intercepting it yourself means you need less cooperation from private entity, less paperwork (or paper-trail), and the ability to react to stuff being said/sent in real-time.
[1]: http://arstechnica.com/tech-policy/2015/02/fbi-really-doesnt...
[2]: http://www.msnbc.com/the-last-word/fbis-main-mission-now-not....