e dot dot dot
a mostly about the Internet blog by

March 2017
Sun Mon Tue Wed Thu Fri Sat
     
 


UK Bill Would Force Service Providers To Set Up Fake Cell Towers For Surveillance Of Prisoners' Communications

Furnished content.


The latest arena for deployment of cell tower spoofers is prisons. Along with the diminished rights and lowered expectation of privacy afforded to prisoners, those incarcerated can now expect their cell phone calls to be blocked or intercepted.The Register reports a new bill being introduced in the UK would give prisons legal authority to install IMSI catchers to monitor prisoners' communications and track/locate contraband devices. The use of Stingray devices in prisons isn't exactly new, although it hasn't really received much attention. Last year, Motherboard reported the Scottish prison system had been deploying cell tower spoofers for one specific reasons: to make prisoners' cell phone communications impossible. The devices blocked 2G and 3G signals, according to FOI'ed documents. (The documents also noted prisoners had already defeated the repurposed cell tower spoofers, so whatever was included in those documents is already outdated.)In the US, prisons are using similar devices, although no one has copped to deploying a name-brand Stingray within the walls of a prison. ACLU tech head Chris Soghoian's 2014 report on Stingray devices cites a Commerce Department paper on the use of cell tower spoofers to thwart communications and locate contraband devices.There's a twist in the UK legislation, though, that takes it past previous prison surveillance efforts. This bill would compel the cooperation of telcos, rather than make use of existing cell tower spoofer technology.

Provisions in the new bill will allow the Justice Secretary to order networks to deploy so-called “IMSI catchers” to prevent, detect or investigate the use of mobile phones in prisons.Currently fake base stations can only be deployed under the legal provisions in the Prisons (Interference with Wireless Telegraphy) Act 2012, which restrict their deployment to within prison walls – and further, only allows prison governors to deploy them.The new proposals therefore expand the ability of the state to spy on innocent citizens by further co-opting mobile phone companies’ technical abilities.
Rather than leave this to state entities possessing state-owned devices, the bill recruits cell service providers to perform the technical heavy lifting. While prison officials would be able to deploy a device inside a prison's walls to minimize interference with outside cell phone traffic, this bill appears to encourage the deployment of fake cell towers (or the repurposing of existing cell towers) outside prison walls, which would greatly increase the possibility of disrupting legitimate cell phone use and subject a number of non-prisoners to data/communications collections by the prison.The bill contains no wording pertaining to these two issues. There's no requirement to minimize interference or discard irrelevant data/communications. All it does is expand the UK government's power to compel participation in its prison surveillance efforts. This lack of regulatory specificity is par for the course, as the Register points out.
In effect, use of IMSI catchers is effectively unregulated, albeit legal for the state and bodies authorised by the state under the Data Retention and Investigatory Powers Act 2014. It remains illegal for ordinary citizens to use them.
UK law enforcement are also using IMSI catchers, but have yet to be subjected to the (belated) judicial and legislative scrutiny we see happening here in the US. Stingray use in the UK falls under legal authorities for the interception of communications, all of which were written long before police had the (portable) power to disrupt communications and harvest communications and data.The debate over this legislation may change that. While law enforcement agencies are generally receptive to new laws that expand their power and reach, there's always the danger legislative discussions may lead to more direct oversight and/or the removal of a few layers of opacity.

Permalink | Comments | Email This Story


Read more here

posted at: 12:00am on 04-Mar-2017
path: /Policy | permalink | edit (requires password)

0 comments, click here to add the first



Here's A Tip: If You're Desiging Special Apps To Hide From Regulators, You're Going To Get In Trouble

Furnished content.


Crisis management must be a full-time job at Uber. I've argued in the past that some of the attacks on the company are greatly exaggerated, but it keeps running into crisis after crisis -- many of them avoidable. The latest is a big scoop in the NY Times about how Uber has a special program called Greyball (a play on "blackball," get it?) that helped it determine if regulators were trying to get rides and then avoid sending a car. Here are the basics from the article by Mike Isaac:

One technique involved drawing a digital perimeter, or geofence, around the government offices on a digital map of a city that Uber was monitoring. The company watched which people were frequently opening and closing the app a process known internally as eyeballing near such locations as evidence that the users might be associated with city agencies.Other techniques included looking at a user's credit card information and determining whether the card was tied directly to an institution like a police credit union.Enforcement officials involved in large-scale sting operations meant to catch Uber drivers would sometimes buy dozens of cellphones to create different accounts. To circumvent that tactic, Uber employees would go local electronics stores to look up device numbers of the cheapest mobile phones for sale, which were often the ones bought by city officials working with budgets that were not sizable.
In response, Uber has claimed that the program was designed to greylist "terms of service violators", but if that's the case it can just kick them off the service and tell them they violated the ToS. From the report, it seems clear that even if the program was used for ToS violators, it was also used against regulators.I've certainly been vocal about the fact that I think city and state regulations limiting Uber/Lyft and the like are generally bad ideas. What may have started out as a good idea to prevent cabbies taking advantage of riders has turned into quite a corrupt system used to limit competition and artificially inflate prices. I think that the idea behind Uber and Lyft and similar services is super powerful. But, that doesn't mean the company should get a pass for this kind of stuff.Directly building an app to avoid regulators just looks really, really shady, and it's going to come back to haunt you (just ask Zenefits or Volkswagen). And while the article claims that the tool might be a CFAA violation, I don't see how that's possible, unless it involved even more nefarious activities under the hood (none of what's revealed in the article would seem to qualify as a CFAA violation, even under the really stretched interpretations of the CFAA that we've seen).But there still are some other questions. At least in the EU, some are already asking if the use of the tool violates the E-Commerce Directive or Data Protection rules.The bigger question, honestly, is why do this kind of stuff? I'll never understand why companies feel the need to take the shadiest route possible, when they could have just gone with the upfront path of explaining why what they're doing is so useful and powerful, and fighting for it, rather than trying to play silly games. Yes, you can make arguments about how they're trying to grow rapidly, and yes, (as we've discussed) these local regulators are often a nuisance for bad reasons. But this kind of stuff is clearly going to bounce back and create problems later on. Just fight these fights head on, without playing shady games that undermine basically everything else about your business.

Permalink | Comments | Email This Story


Read more here

posted at: 12:00am on 04-Mar-2017
path: /Policy | permalink | edit (requires password)

0 comments, click here to add the first



March 2017
Sun Mon Tue Wed Thu Fri Sat
     
 







RSS (site)  RSS (path)

ATOM (site)  ATOM (path)

Categories
 - blog home

 - Announcements  (0)
 - Annoyances  (0)
 - Career_Advice  (0)
 - Domains  (0)
 - Downloads  (3)
 - Ecommerce  (0)
 - Fitness  (0)
 - Home_and_Garden  (0)
     - Cooking  (0)
     - Tools  (0)
 - Humor  (0)
 - Notices  (0)
 - Observations  (1)
 - Oddities  (2)
 - Online_Marketing  (0)
     - Affiliates  (1)
     - Merchants  (1)
 - Policy  (3743)
 - Programming  (0)
     - Bookmarklets  (1)
     - Browsers  (1)
     - DHTML  (0)
     - Javascript  (3)
     - PHP  (0)
     - PayPal  (1)
     - Perl  (37)
          - blosxom  (0)
     - Unidata_Universe  (22)
 - Random_Advice  (1)
 - Reading  (0)
     - Books  (0)
     - Ebooks  (0)
     - Magazines  (0)
     - Online_Articles  (5)
 - Resume_or_CV  (1)
 - Reviews  (2)
 - Rhode_Island_USA  (0)
     - Providence  (1)
 - Shop  (0)
 - Sports  (0)
     - Football  (0)
          - Cowboys  (0)
          - Patriots  (0)
     - Futbol  (0)
          - The_Rest  (0)
          - USA  (0)
 - Technology  (1055)
 - Windows  (1)
 - Woodworking  (0)


Archives
 -2024  March  (170)
 -2024  February  (168)
 -2024  January  (146)
 -2023  December  (140)
 -2023  November  (174)
 -2023  October  (156)
 -2023  September  (161)
 -2023  August  (49)
 -2023  July  (40)
 -2023  June  (44)
 -2023  May  (45)
 -2023  April  (45)
 -2023  March  (53)
 -2023  February  (40)


My Sites

 - Millennium3Publishing.com

 - SponsorWorks.net

 - ListBug.com

 - TextEx.net

 - FindAdsHere.com

 - VisitLater.com