1 of 24

EFF-Austin Meetup

(Jan 19)

Texas Electronic Privacy Coalition (TxEPC)

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

2 of 24

Geolocation Privacy

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

3 of 24

Outline

  1. What is geolocation data?
    1. GPS Coordinates vs. Cell Tower ID
    2. Historical vs. Realtime
  2. Geodata-producing Devices
    • GPS Tracker (trespass + direct collection)
    • Mobile Devices (collection via third-party)
    • IMSI Catchers or “Stingrays” (direct collection)

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

4 of 24

Data: GPS Coordinates

For example:

Capital Factory

Lat: 30.268994

Lng: -97.740544

www.tobedetermined.org (2006)

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

5 of 24

Data: Cell Tower ID

antennasearch.com

143 Towers

780 Antennas

within 4 miles of Capital Factory.

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

6 of 24

Data: Historical

http://radar.oreilly.com/2011/04/apple-location-tracking.html

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

7 of 24

Data: Realtime

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

8 of 24

Device: GPS Tracker

www.wired.com

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

9 of 24

United States v. Jones (2012)

inforrm.wordpress.com

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

10 of 24

Data Source: all the Mobile things

haikudeck.com

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

11 of 24

Third Party: Mobile Providers

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

12 of 24

Mobile Networks (AT&T, 2011)

engadget.com

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

13 of 24

Femtocells

dolcera.com

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

14 of 24

Data Retention (DOJ, 2010)

www.pcmag.com

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

15 of 24

Volume of Requests (Sprint, 2009)

http://paranoia.dubfire.net/2009/12/8-million-reasons-for-real-surveillance.html

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

16 of 24

Tower Dumps

www.smh.com.au

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

17 of 24

Signaling System 7 (SS7)

http://events.ccc.de/congress/2014/Fahrplan/events/6249.html

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

18 of 24

SnoopSnitch (Android App)

https://opensource.srlabs.de/projects/snoopsnitch

  • Qualcomm-based, Android devices
  • Detect fake base stations (IMSI Catchers)
  • Detect Over-the-Air Updates
  • Detect SMS and SS7 Attacks
  • Optionally share data back

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

19 of 24

Device: IMSI Catchers (“Stingrays”)

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

20 of 24

Haz: DPS, Houston, Fort Worth

Houston City Council (Oct 16, 2012)

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

21 of 24

Haz? Austin Police Department

www.austinchronicle.com

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

22 of 24

Bonus Federal Device: DRT Boxes

www.wsj.com

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

23 of 24

Summarily...

Law enforcement should be required to apply for a warrant for geolocation data, providing for...

  • Probable Cause (no fishing expeditions)
  • Judicial Oversight (warrants issued by judge)
  • Constraint on Use (esp. for direct collection)

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx

24 of 24

TxEPC Infos

Web: http://txepc.org/

FB: https://www.facebook.com/TxEPC

Twitter: @TxEPC

http://effaustin.org/

http://txepc.org/

Meetup (Jan 19)

#EFFatx