Why would it be "bad" for Iran to track people this way, but there is not so much concern for the NSA tracking people this way?
The USA has already killed people based on trivial amounts of data such as, "A had dinner with B who is C's relative. Thus even though A is US citizen in a foreign country, we will blow up his car with a Hellfire missile fired from a drone because C is a known terrorist."
>The USA has already killed people based on trivial amounts of data such as, "A had dinner with B who is C's relative. Thus even though A is US citizen in a foreign country, we will blow up his car with a Hellfire missile fired from a drone because C is a known terrorist."
It was the official policy during the bush administration (unknown if still current policy). It resulted in very low numbers when calculating civilian deaths.
Right now a terrorist is a man between ages 18 and I think 45. If you have brown skin and are at that age and are killed in a drone strike in Pakistan, the US gov't announces you as a terrorist killed. :)
It's unbelievable that at&t / verizon / tmobile / uscellular / sprint would freely make this available to overseas companies / just anyone, no? Or am I wrong? I mean, those companies are scum, but damn.
Verint, which also has substantial operations in Israel, declined to comment
for this story. It says in the marketing brochure that it does not use
SkyLock against U.S. or Israeli phones, which could violate national laws.
But several similar systems, marketed in recent years by companies based in
Switzerland, Ukraine and elsewhere, likely are free of such limitations.
At The Post’s request, telecommunications security researcher Tobias Engel
used the techniques described by the marketing documents to determine the
location of a Post employee who used an AT&T phone and consented to the
tracking. Based only on her phone number, Engel found the Post employee’s
location, in downtown Washington, to within a city block — a typical level
of precision when such systems are used in urban areas.
But apparently SS7 -- the network-to-network connection -- freely lets you query anyone's last cell tower. Un-fucking-believable.
There are dozen of companies providing services in this space. Many online credit card transactions are verified these days by doing a location lookup on the SS7 network, correlating the card holder phone location with the card holder current IP address (where the transaction is coming from). Just one example: https://www.google.com/patents/US20130030934 . SS7 is still the wild west, just like the Internet was in the early 90's or telecom was in 2600Hz era. Everything and anyone on the network is trusted blindly.
I've seen these talks from CCC few years ago, tried that myself (on myself) and SS7 only gave MSC id, which is wayy more coarse than cell tower level -- like, 1M customers per MSC (still a privacy concern of course). But that city block level location thing seems like it is something more sophisticated.
This is naive in the extreme. Your online opinions and other data are potentially stored forever and trivially accessible to anyone. Have you ever expressed an opinion about politics, religion, terrorism, abortion or anything potentially divisive? Well in 10 years time the laws could have changed and those legal, innocent remarks you made 10 years ago could potentially land you in a lot of trouble.
What is legal and normal now may be illegal and dangerous later and the then government could go back and look for "troublemakers" by examining old data to check for subversive comments. Good luck explaining your comments from 15 years ago when you get dragged off to a secret court for "terrorist" behaviour based on comments and opinions of many years ago.
What about supposedly innocent tracking data. Suppose you had to visit the dentist several times in quick succession and suppose your dentist office was located very near to a known terrorist cell. Now you are in a database of people to watch. Several years later you have to make repeat visits to some other location which by sheer coincidence is near another terrorist cell. You are now a hot hit and this triggers a series of events starting with the IRS doing a full audit on you and your friends /family potentially followed by much worse.
This is not science fiction but easily plausible. The more data you have, the easier it is to establish causal relationships which are not real, but could have real consequences when some government or other organization takes an interest in you.
I have seen this sentiment posted often when privacy concerns are raised. It implies a deeply flawed notion that as long as you don't have anything to hide then the privacy violations are not of concern.
In reality the systematic break down of privacy and systematic increase of power to those who are committing them eventually leads to oppression and near total control.
I can appreciate your point, but this is a poor analogy. There are people who do exactly that which you find objectionable, and cultures in which it is perfectly acceptable.
> Which is not to say I’d be happy about the NSA using this method to collect location data. But better them than the Iranians.
I have the opposite concern. There's really not much that Iran can do to an American citizen continents away. The NSA, on the other hand, can target, track, and detain me without any recourse.
It's the fear that's been marketed towards us. I don't understand what interest one would imagine that the Iranian government would have in anyone's location who is not Iranian or a threat to Iranian interests. I think the same about the US, but I am a citizen of the US, and the US has interests that are significantly wider ranging than Iran.
Actually, everybody who posesses a credit card or paypal account could start tracking a location of any mobile phone with country-level resolution. Any bulk-SMS sending company has a service called HRL Lookup, which is normally used for optimization of SMS-sending costs to users in roaming. Though VLR address (which is the result of HLR Lookup) can be used for user tracking purposes - the first few digits of this address is just a country code of the country which the user is visiting now.
I find personalized 3rd party tracking objectionable, unless the person volunteered or consented.
That said, it would be quite nice to have an open API where I could query an area for the count of cell phone users active there. Of course this should have upper and lower bounds on the area, perhaps on its shape too. I emphasize that it is just count that I seek, not querying the location of a specific cellphone.
Is anything like this available, free, for a fee, for specific providers ?
The technical part of this article is partially wrong.
I will post the real way it works later along with a real demo you can try on your own number.
Stay tuned!
I wonder how this scales? Would it be possible to get bulk data on phone locations? You could imagine an unscrupulous company repeatedly grabbing the location data for every phone on a list to improve their own customer profiling or advertising.
The USA has already killed people based on trivial amounts of data such as, "A had dinner with B who is C's relative. Thus even though A is US citizen in a foreign country, we will blow up his car with a Hellfire missile fired from a drone because C is a known terrorist."