[FoRK] That’s No Phone. That’s My Tracker.
sdw at lig.net
Mon Jul 16 08:13:02 PDT 2012
The Supreme Court decision on GPS should mean that your location information is off limits unless there is a search warrant.
Until that happens, there are solutions to some of this. All hope is not lost. Individuals have all the power they need to turn
the tables, if they have a reason to. Police can easily be tracked in crowd-sourced ways to keep things transparent, and they
now know (it was obvious, but thanks SCOTUS) they have no hope of avoiding being surveilled via YouTube video. Autonomous
flying/navigating GPS-enabled quadrotors, easily capable of carrying a cell phone with network service and good cameras or other
video links, are about the price of an unsubsidized cell phone or two. 
Negating the tracking advantage against many cell phone users could be done this way:
* Use an IP-only encrypted phone app that connects through a TOR-like call exchange, i.e. multiple Asterisk or Skype-like
servers, possibly running on other cell devices in the collective. All POTS / POCS calls originate from the crypto-cloud. Calls
into the cloud use temporarily assigned, rapidly reused numbers and/or use call connection methods (touch tones etc.) inside the
calls. Optionally use a translation system to understand speech and regenerate it via computerized speech so that voices are not
recognizable (when you care, *FU).
* Keep all shared and certain private remote data in a TOR-cloud. Cause all apps, web browser, etc. to communicate through TOR.
* Use a Bluetooth or Wifi or USB device (which could be another phone, without using other radios) to communicate your public
key to the device with cell service you have to unlock and connect apps and services. Use the same device to store application
data for apps running on the network-enabled phone. Easily doable with minor hacking of Android.
* Rapidly and frequently physically exchange your phone / tracker device with others in the privacy collective. Every time you
arrive at work, go to a restaurant, take the train or a flight, at a stop light, etc., swap in the most random way. Of course,
disable GPS etc. when not needed for navigation, etc. Create an unbreakable method for aging out a device, both physically and
for it's software load. I.e., wipe and reload devices with a known good OS frequently, perhaps every time you exchange. At
physical age out, have group-certified technicians teardown the device to find compromises.
* Use a Bitcoin (or similar) system to pay for service credits for service from the carrier as a group. I.e. untraceable bitcoin
pays for your possession of a collective device and use of the network. Or use a flat rate membership model, allowing cash proxies.
The only hard part is setting up the collective, getting service contracts, and keeping it running. As phone devices become more
powerful and commoditized, you could settle on a standard phone that is powerful enough and cheap enough to treat as a true
commodity. There was a new handset company at Uplinq that was going for a sweetspot of $200 or less for a moderately powerful
smartphone: 1Ghz dual core Snapdragon, no subsidy. They seemed to be aiming to replace feature phones, which most of the world
is still using as a $700 smart phone is a bit much.
Pairing a no-network (GPS/cell/Wifi turned off) cell phone with a network-only device may be a reasonable solution. Exchanging
generic MyFi units may be a simpler option than shared cell phones, considering cost, difficulty in securing apps/traffic,
screen/cameras, hackability (in both directions), etc. You'd still have to be careful of indirect device/app/person signatures,
but that is manageable. On the other hand, having the exchanged cell phones connecting calls for others in a TOR/Skype fashion
is an elegant, no-server solution.
The technical details of setting up the rest of the above are relatively straightforward, doable in a few months. If the local
government behaves, it won't happen. Abuse citizens, lose your advantage relatively quickly. The current state of LEO requests
for location data may be approaching a threshold. This solution should be set up to help dictatorship revolutions, if it is
needed. Those are now getting so effective that the window where it matters who is tracked is probably small.
On Mon Jul 16 02:09:56 2012, Eugen Leitl wrote:
> That’s No Phone. That’s My Tracker.
> By PETER MAASS and MEGHA RAJAGOPALAN
> THE device in your purse or jeans that you think is a cellphone — guess
> again. It is a tracking device that happens to make calls. Let’s stop calling
> them phones. They are trackers.
> Most doubts about the principal function of these devices were erased when it
> was recently disclosed that cellphone carriers responded 1.3 million times
> last year to law enforcement requests for call data. That’s not even a
> complete count, because T-Mobile, one of the largest carriers, refused to
> reveal its numbers. It appears that millions of cellphone users have been
> swept up in government surveillance of their calls and where they made them
> from. Many police agencies don’t obtain search warrants when requesting
> location data from carriers.
More information about the FoRK