Category Archives: Sting Rays

Encryption actually protects law-abiding Canadian citizens - Toronto Star 20160710

When it comes to policing and national security, far too often Canadians are asked to let fear trump their rights.

Recently, the front page of the Toronto Star featured the headline, “Encryption creating a barrier for police ...,” potentially convincing some readers that the technology’s only purpose is to aid criminals. Rarely do we see headlines such as, “Encryption protects thousands of Canadians’ credit card information,” or “Encryption enables secure communications for every Canadian.” or even the aspirational, “Canada leads the way in cybersecurity for its citizens.”

Increasingly, when we hear about encryption in the media, or from public safety officials, it’s presented as a danger — something that prevents those whose job it is to keep us safe from fulfilling their role. However, in the vast majority of transactions online by ordinary, law-abiding citizens, encryption is a good thing that makes personal, sensitive data harder to capture and decipher. Indeed, if more data were stored in encrypted form, sensational breaches of privacy — like the one that drove some Ashley Madison users to suicide — could be avoided.

Acknowledging that encryption can be a good thing for society doesn’t erase police concerns about data access; it contextualizes them. We at the Canadian Civil Liberties Association (CCLA) have long been supporters of warrants, the process by which police can go before a judge to demonstrate that their need to intercept a suspect’s private communications is reasonable and proportionate.

While we understand that warrants aren’t helpful if data can’t be decrypted, reports indicate police now have the tools, and are working with technology companies, to gain access to even the most complex of encrypted data. For example, as we learned from the Project Clemenza investigation, police can now decrypt BlackBerry communications and are making extensive use of Stingray technology, which allows for the mass interception of cellphone data.

We also know the FBI has developed a hack to intercept messages on Tor networks, which are designed for secure, private communications. Even the infamous Apple v. FBI case ended with the FBI getting what it wanted.

An increasing lack of public trust, that invasive technologies will be used proportionately by security and law enforcement agencies, is attributed to an excessive attention to privacy rights, encouraged by privacy advocates. What we hear from concerned citizens, however, is not that they prioritize privacy over all else, not that they don’t value security, and not that they don’t appreciate the need for police to use new technologies to deal with new threats.

Rather, they tell us, there is way too much secrecy and way too little accountability surrounding the ways these technologies are used. This is not an invention concocted by privacy advocates, such as CCLA; it’s the result of an increasing disjunction between the stories people hear and their expectations of appropriate conduct in the name of public safety.

For example, when the Communications Security Establishment used information from the free internet service at a major Canadian airport to track the wireless devices of thousands of ordinary airline passengers for days after they left the terminal, many Canadians felt intuitively it was intrusive and wondered if it was illegal. But it wasn’t. That’s the kind of situation that erodes the trust that is fundamentally necessary for the social license law enforcement needs to function effectively.

Another example is the aforementioned Stingray technology, which apparently has been quietly used in Canada for a number of years. Police maintain that secrecy gives them the edge they need against increasingly sophisticated criminals. However, Canadians have legitimate concerns that when a powerful technology is used in secret, it’s impossible to ascertain whether it’s being used wisely and proportionately, and if necessary safeguards are in place.

While it would clearly be more convenient for police to have instant access to all the information they want it wouldn’t ensure crimes are investigated justly, or with respect for the innocent bystanders whose data gets swept up, and that matters too.

A recent survey on Canadian identity, published in October by the national statistics agency found that the Charter of Rights and Freedoms was chosen as Canada’s most important national symbol, with 93 per cent support.

In other words, Canadians consider rights protection to be core to their sense of who we are as a people. Thus, it’s time to stop looking at rights, the technologies that protect them, and people who argue for them, as barriers.

Indeed, it’s time we talked about public safety, new technologies, and reasonable expectations in a way that rebuilds trust and provides a solid foundation for a Canada in which our persons, property and rights all have strong and effective protection.

Dr. Brenda McPhail is the director of the privacy, technology and surveillance project at the Canadian Civil Liberties Association.

Threatpost - Blackberry CEO defends lawful access principles, supports phone hack - 20160419

Threatpost - Blackberry CEO defends lawful access principles, supports phone hack - 20160419

BlackBerry’s CEO made the company’s stance on lawful access requests clear this week and is defending actions to provide Canadian law enforcement with what it needed to decrypt communications between devices.

The company’s CEO John Chen penned a statement on Monday, reiterating that one of BlackBerry’s core principles is customer privacy but also acknowledged that BlackBerry stood by its “lawful access principles” in a recently publicized criminal investigation where it was alleged that BlackBerry assisted law enforcement in retrieving data from a phone.

“We have long been clear in our stance that tech companies as good corporate citizens should comply with reasonable lawful access requests,” Chen said. Then, in a thinly veiled jab at Apple, Chen added, “I have stated before that we are indeed in a dark place when companies put their reputations above the greater good.” Speculation around the inner workings of the case, which deals with a mafia-related murder in Montreal, has intensified over the last week following a Vice report on Thursday. According to the news outlet, the Royal Canadian Mounted Police (RCMP) – the country’s federal police force – successfully intercepted and decrypted over one million BlackBerry messages relating to the case between 2010 and 2012.

Reporters combed through thousands of court documents that strongly suggest that both BlackBerry and Rogers, a Canadian communications company, cooperated with law enforcement to do so. Particularly telling was a reference in the documents to a “decryption key” that deals with “BlackBerry interception.”

The RCMP oversees a server in Ottawa that “simulates a mobile device that receives a message intended for [the rightful recipient]” according to court filings. In another document, an affidavit, RCMP Sergeant Patrick Boismenu said the server is referred to by the RCMP as a “BlackBerry interception and processing system,” and that it “performs the decryption of the message using the appropriate decryption key.”

BlackBerry has long used a global encryption key – a PIN that it uses to decrypt messages – for its consumer devices.

It’s unclear how exactly the RCMP secured access to a BlackBerry decryption key, or for that matter if it still has the key, but BlackBerry “facilitated the interception process,” according to RCMP inspector Mark Flynn, who testified in a transcript.

Defense lawyers believe the technology the RCMP is using to target BlackBerry devices mimics a cell phone tower and can be manipulated to intercept devices and forward information to police. Largely known as Stingray tracking devices or International Mobile Subscriber Identity (IMSI) catchers, the RCMP refers to the devices as “mobile device identifiers” or “MDIs.” The Globe and Mail did a deep dive on the technology on Monday, noting the technology has been in use in Canada since 2011 and is capable of knocking people calling 911 offline.

If the RCMP is still in possession of the global key, it’s likely that Mounties could still use it to decrypt PIN-to-PIN communications on consumer devices.

While Chen didn’t get into specifics around his company’s move, he lauded it on Monday.

“Regarding BlackBerry’s assistance, I can reaffirm that we stood by our lawful access principles,” Chen wrote, further likening it to doing the right thing in a difficult situation and boasting that it helped lead to a “major criminal organization being dismantled.”

Conversely, privacy experts questioned Chen’s statement and pondered whether it could signal the beginning of the end for the company.

“I think Chen is traveling down a very dangerous path here,” Richard Morochove, a computer forensics investigator with Toronto-based computer consulting firm Morochove & Associates said Tuesday on Canada’s Business News Network, “With this announcement he’s just pounded a big nail into BlackBerry’s coffin.”

BlackBerry uses a global key for its consumer devices, but Chen insists that the company’s BlackBerry Enterprise Server (BES) was not involved in the case and that messages sent from corporate BlackBerry phones cannot be decrypted.

“Our BES continues to be impenetrable – also without the ability for backdoor access – and is the most secure mobile platform for managing all mobile devices,” Chen wrote.

While that means that many of the company’s higher end clientele, government workers and corporations, are protected, any consumers who own BlackBerry devices may have been open, or could still be open to spying by the Canadian police.

Chen’s position of course marks a stark delineation between BlackBerry and Apple, another company that’s been waging its own battle with the government over granting access to customer information.

While Apple refused to break its own crypto to let the FBI bypass the iPhone’s encryption, it sounds like all law enforcement has to do to break into a BlackBerry is ask.

Privacy watchdog to investigate RCMP over alleged ‘stingray’ cellphone surveillance - Toronto Star 20160412

Privacy watchdog to investigate RCMP over alleged ‘stingray’ cellphone surveillance - Toronto Star 20160412

The commissioner has opened an investigation into the use of International Mobile Subscriber Identity (IMSI) catchers, otherwise known as stingrays, by law enforcement.

Canada’s privacy watchdog says it will investigate a privacy complaint about the alleged use of “stingrays” by the RCMP.
Office of the Privacy Commissioner spokesperson Valerie Lawton said the organization has opened an investigation into the RCMP’s refusal to admit whether or not it usesthe surveillance technology known as stingrays, formally called International Mobile Subscriber Identity (IMSI) catchers.

During the course of an investigation, the privacy commissioner typically determines if any privacy laws have been broken and makes recommendations on future policy.
The complaint was filed by Laura Tribe, a digital rights specialist for free speech advocate OpenMedia, after she read a story in the Star about the RCMP’s refusal to answer questions about the devices.

“If these invasive technologies are not in use, then these agencies should have no problem confirming that their surveillance activities remain within the confines of the law. If these StingRay technologies are being used in Canada however, the public has a right to know,” said her complaint, filed in December.

The RCMP did not immediately return the Star’s request for comment.

The Mounties have remained tight-lipped about the tech, which mimics a cellphone tower and collects information such as identifying data, text messages and phone calls from people’s cellphones. The device casts a wide net that doesn't distinguish between suspects in criminal cases and ordinary citizens.

In December, when the Star used the Access to Information Act to request policies related to the RCMP’s use of the technology, the RCMP wrote back that those records were exempt from disclosure. The OPP also wouldn’t comment on whether they used the devices.

Meanwhile in the U.S., the FBI has admitted to employing them and drafted a guidance document restricting how law enforcement should use the surveillance technology.

Documents obtained by the Star using the Access to Information Act reveal the privacy commissioner had planned to sit down with RCMP in January to discuss stingrays. But Lawton said the meeting was cancelled once the commissioner decided to launch the investigation.
“That meeting was delayed and before it could be re-scheduled we opened an investigation into a related complaint. Therefore, the issue is now being handled via our investigations process. Due to confidentiality provisions in the Privacy Act, we are not able to offer further information at this time,” Lawton said in an email.
The commissioner has been following media reports about the device for some time and had hoped to get clarity from the RCMP, documents show.

“We have not been made aware by the RCMP of their use of the technology,” OPC spokesperson Tobi Cohen wrote in an email to another media outlet, obtained by the Star using the Access to Information Act.

“If they are using this technology, we expect to be consulted.”

The privacy commissioner is already conducting an investigation into Correctional Service Canada for the alleged use of stingray technology at Warkworth Institution in Campbellford, Ont.

Tribe told the Star she got word last week that the privacy commissioner would investigate her complaint. OpenMedia is also involved in the B.C. access and privacy watchdog’s probe of the Vancouver Police Department’s failure to respond to requests on the subject.
“These are really dangerous tools that can be used to invade the privacy of tens of thousands of Canadians at a time,” Tribe said. “I’m not saying there’s never a time or place for them, but we can’t even begin to have that conversation until we know that they’re being used, or what those circumstances are.”

The RCMP Are Being Investigated Over Controversial Spy Tech - Motherboard 20160413

Canada’s federal police force is being investigated by the country’s top privacy watchdog for its use of a controversial mass surveillance device.

A spokesperson from the Office of the Privacy Commissioner of Canada (OPC) confirmed to Motherboard that it has opened an investigation into the Royal Canadian Mounted Police’s use of IMSI catchers, or “StingRays.” These devices are essentially fake cell phone towers that force phones in the vicinity to connect and reveal identifying information.

The use of such devices has been the topic of much heated discussion and public debate in the US. The Florida Supreme Court ruled that the warrantless use of StingRays by police is unconstitutional in 2014. StingRays are controversial because they target devices within a certain area, and thus risk violating the privacy of innocents.

A leaked email from Correctional Services Canada last year indicated that an unnamed, StingRay-like device was installed in an Ontario prison to monitor inmate communications, but also caught innocent people outside the facility in the dragnet.

“These are fundamentally tools of mass surveillance,” said David Christopher of OpenMedia, the organization that filed the privacy complaint that spurred OPC’s investigation.

Canadian police have been extraordinarily unforthcoming when it comes to the use of IMSI catchers, or StingRays.

Last month, seven men accused in a Quebec court case relating to a mafia slaying pleaded guilty, but not before the RCMP was forced to reveal in open court that they had used a so-called “mobile device identifier”—the RCMP’s term for IMSI catchers—in the course of their investigation. The end of the case meant that the RCMP will reveal no more information about its use of IMSI catchers in court.

"The RCMP will continue cooperating with the Privacy Commissioner on this matter," an RCMP spokesperson wrote me in an email.

In British Columbia, Vancouver police are embroiled in a public battle to keep the details of their use of IMSI catchers secret.

An OPC report on the RCMP’s use of the technology, however, may finally shed some much-needed light on the police’s use of a highly controversial and potentially privacy-destroying surveillance device.

“In order to have a debate, we first need to get the facts on the table,” Christopher said.

Parties Argue for Disclosure of Documents About “Stringray” Surveillance Devices - Pivot Legal Society 20160324

Parties Argue for Disclosure of Documents About “Stringray” Surveillance Devices - Pivot Legal Society 20160324

Submissions to B.C. Information & Privacy Commissioner Inquiry call for Accountability for use of Mass Surveillance Tools

The B.C. Office of the Information and Privacy Commissioner has begun a much-anticipated Inquiry about the Vancouver Police Department’s refusal to disclose documents requested by the Pivot Legal Society under B.C.’s Freedom of Information and Protection of Privacy Act. The Vancouver Police Department has withheld records relating to the use of surveillance devices generically known as IMSI catchers, popularly known as “Stingrays”, and refused to confirm or deny the existence of such records.

Stingrays mimic cell phone towers and can collect information about cell phones in a given area, including geo-location and content data. Pivot Legal Society, as a party, and the BC Civil Liberties Association, BC Freedom of Information and Privacy Association and OpenMedia, as intervenors, have filed submissions in the Inquiry arguing that records sought must be disclosed under the access to information laws.

Micheal Vonn, Policy Director of the B.C. Civil Liberties Association said: “Law enforcement’s refusal to confirm or deny that they even have information about “Stingrays” is preventing us from having meaningful legal and policy engagement about an issue that involves the constitutional rights of vast numbers of people. Calls for accountability on the use of these devices have met an official response that so far looks an awful lot like sticking their fingers in their ears and yelling “La, la, la we can’t hear you.”

“Warrantless police surveillance undermines the very principles upon which a democratic society is based. British Columbians deserve answers, not police stonewalling,” said Michael Markwick, President of the B.C. Freedom of Information and Privacy Association.

“To date, police stonewalling has made it impossible to hold an informed debate on the use of these powerful surveillance tools,” said Laura Tribe, digital rights specialist for OpenMedia. “We need this critical information to protect our privacy and ensure police are held accountable for their potential use of such invasive devices.”

“The Vancouver Police Department’s refusal to be forthright about the use of a mass surveillance device is deeply troubling, and it speaks to the urgent need for transparency on this issue all across Canada,” says Douglas King, police accountability lawyer with Pivot Legal Society. “Sadly the police have already given us plenty of reason to believe they cannot be trusted to protect our privacy and respect due process when it comes to the use of Stingrays.”

The following submissions have now been filed with the Office of the B.C. Information and Privacy Commissioner:

While Canadian police have long sought to keep the subject of Stingrays secret, the media has reported extensively on the subject, including a recent story of about the possible use of IMSI catchers by the RCMP. Additional information about Stingrays can be found here.

Canadians still in dark over police use of cellphone spyware - Toronto Star 20160324

Canadians still in dark over police use of cellphone spyware - Toronto Star 20160324

Vancouver police refuse to confirm or deny that they use the StingRay device, which spies on personal cellphone data.

A civil-right group has filed an appeal after Vancouver police refused to confirm or deny using Stringray. The invasive device is used to breach people's personal data on cellphones.

VANCOUVER—A police department’s refusal to either confirm or deny the use of a controversial and indiscriminate mass-surveillance device means Canadians have no way of knowing if their personal cellphone data is safe from prying eyes, say civil-rights groups.

Pivot Legal Society, a British Columbia-based legal-advocacy organization, filed an appeal with the province’s privacy commissioner after Vancouver police refused to disclose documents related to whether they use an invasive technology known as StingRay.

StingRay is a device that mimics a cellular communications tower to trick mobile devices within range to connect to it. This allows the cell-site simulator to intercept both text and audio communication, as well as to extract internal data and pinpoint a device’s location.

The device, which operates as a dragnet interceptor, has also been referred to as a King Fisher, an IMSI catcher and a cell-site simulator.

Wednesday was the deadline for interveners to file submissions on Pivot Legal’s appeal.

Groups such as the B.C. Civil Liberties Association and OpenMedia argue that police are “stonewalling” attempts by the public to know the extent of the device’s use, which is putting Canadians’ constitutional rights at risk and preventing law enforcement from being held accountable.

In its submission, filed on Wednesday, OpenMedia wrote that confirming Stingray use is a necessary precursor to the informed public debate needed to develop appropriate policy and legal guidelines.

“(It) is therefore in the public interest for such disclosure to occur.”

The BCCLA’s submission posited police accountability and regulatory oversight as the core issues.

“The simple fact that we cannot get police to even confirm nor deny whether they exist or whether they’re planning to use them means that that critical piece of policy and legal work is prevented from happening,” said spokeswoman Micheal Vonn.

“It really is the major roadblock to us shaping the rules for police use around these devices.”

Vancouver police have argued that divulging documents on the topic could compromise the effectiveness of their investigative techniques.
But Chris Parsons, of the Munk School of Global Affairs’ Citizen Lab at the University of Toronto, dismissed that assertion, noting that its use is widely acknowledged in the United States.

The American Civil Liberties Union has identified 61 agencies in 23 states that own Stingray devices, though the group said that number likely under-represents the actual total given how many agencies purchase the technology secretly. Known groups include the Federal Bureau of Investigation, the National Security Agency and the Internal Revenue Service.

“Let’s face it, we’ve got TV shows where these things are coming up as plots devices,” Parsons said. “They’re in the public domain. This isn’t a top-secret device or something of that nature.

“Functionally, we understand how they operate, so asking any police service, ‘Do you have these? And if so, can you provide documents pertaining to them?’ is a fairly trivial sort of request.”

Of more concern, he said, would be discovering that a police department lacks policies or regulations around what to do with information collected from random citizens who are not under investigation.

Freeze, Colin and Braga, Matthew - Surveillance device used in prison sets off police probe - The Globe and Mail 20160314

Freeze, Colin and Braga, Matthew - Surveillance device used in prison sets off police probe - The Globe and Mail 20160314

Surveillance device used in prison sets off police probe

Federal prison authorities are under criminal investigation for possible illegal surveillance, The Globe and Mail has learned. The probe centres on Correctional Service Canada’s use of a dragnet surveillance device inside a penitentiary.

Fallout from the 2015 surveillance incident, involving a device that CSC officials called a “cellular grabber,” has led to a lawsuit from jail guards and a criminal inquiry by the Ontario Provincial Police.

Under the Criminal Code, indiscriminate surveillance campaigns can be deemed crimes that merit prison sentences. Federal security officials do not get blanket exemptions, even if they themselves work to manage prisons.

The case at hand started with a desire to locate prisoners’ contraband cellphones, but ended up with a warden apologizing to his own staff for inadvertently spying on them.

The make and model of the device in question are being withheld from the public, which generally is familiar with such machines by names such as “Stingrays,” “cell-site simulators” or “IMSI catchers.”

“IMSI catchers are not localized. It would get anything that’s in range and won’t discriminate,” explained Tamir Israel, a lawyer at the Canadian Internet Policy and Public Interest Clinic.

On Monday, The Globe and Mail reported on the RCMP’s courtroom bid to keep its use of a similar device secret.

In the winter of 2015, officials at Warkworth Institution, a medium-security prison in Ontario, grew alarmed by prisoner drug overdoses. On Jan. 20, one CSC official sent an internal e-mail, according to federal court documents related to the civil suit, saying “there are phones all over the institution and this is how they are organizing the introduction of contraband.”

Officials in Ottawa, records show, put out a request for an outsider who could perform “surveys of radio traffic” to “confirm the presence of cellular phones inside institutions.” The winning contractor, according to federal court documents, was a Quebec-based engineer named Peter Steeves, who said he could do the job for $7,500 in fees, plus $2,000 in travel expenses.

Contacted Monday by The Globe and Mail, Mr. Steeves said he is no expert in the legalities of interception. “I’m just a guy trying to make a living – I really don’t know the law,” he said. Asked about the police probe, he said, “I know I have to go for an interview. I have been told it’s a criminal investigation.”

Access to information records show that last April, a device was shipped to CSC from Florida. Details are mostly being withheld, but it weighed 38 kilograms and its manufacturer was a Britain-based surveillance-machinery firm, Smith Myers.

The “pilot program” at the Warkworth Institution started rolling out in the late spring. By August, CSC officials arranged an internal meeting to review the “cellular grabber to better understand its capacity,” according to an e-mail now filed in court. Officials wanted to know “how to force” a phone to communicate its specific location, or how to list phones on a map of the prison.

Before long, CSC officials began asking for even more specifics – such as how to figure out whether phones were sending texts or calls. On Sept. 3, one official asked for the “total activities of cellular devices from inmates, staff …”

Prison guards learned of the program, and pushed back. “How does this device bend a radio signal … to eliminate the inclusion of staff areas?” one guard asked in an e-mail to his bosses.

By the end of September, Warkworth’s warden, Scott Thompson, sent an apologetic e-mail to all staff, according to access to information records. “Unfortunately, I knew that by trying to intercept what the inmates were doing, I would also be provided information about cellular devices being used in non-inmate areas,” his e-mail said. The warden relayed that the device “provides make, phone numbers and sim-card numbers” and, also, “recorded all voice and text conversations.”

With that, he assured his jail guards that any of their inadvertently captured communications wouldn’t be used against them. “I am sorry if this information causes stress to any of you,” he said.

Some CSC e-mails contradict the warden, stating explicitly that the device did not capture any conversations beyond three text messages intercepted in a bid used to showcase its capabilities. (On Monday, the contractor, Mr. Steeves, told The Globe that the device “does not capture voice at all.”)

At the end of October, the Union of Canadian Correctional Officers took their bosses to court. In a lawsuit, they complained their their privacy rights had been violated – and that CSC had spied upon them.

“Look – we’re all about getting the contraband out. We’re in. If there’s technology to do that, we’re there,” explained Jason Godin, a union vice-president in an interview. “But, God damn it,” he said, “… you can’t spy on private conversations of staff members.”

Mr. Israel suggests that the correctional officials who acquired the device were likely operating in a legal vacuum.

“Because no agency to my mind has openly acknowledged to using these in court, no court has provided guidance as to what the [legal] authorities should be,” he said. Some federal officials, he added, “may be under the impression they can just deploy these IMSI catchers without any authorization at all.”

CSC officials have recently stopped giving statements to lawyers pursuing the civil suit. According to Federal Court filings, that’s because they have become worried to have learned there is now also a criminal probe.

“The Ontario Provincial Police is currently conducting a criminal investigation into the monitoring of cellphones at Warkworth Institution,” reads a motion filed earlier this month. Because OPP detectives are now interviewing CSC officials, the latter “have significant concerns about providing affidavits while an investigation is under way.”

Spokespersons for the OPP and CSC won’t comment on the specifics of the investigation.

Correctional officials originally defended their use of the device by saying they had “authority to monitor and intercept communications to ensure the security of institutions.” But they have stopped saying this now that they face civil and criminal investigations for alleged unlawful surveillance of jail guards.

Court filed e-mails show that, in the end, CSC seized only three contraband cellphones smuggled into Warkworth.

Police in Ontario and Canada refuse to answer questions about the use of Stingrays - Rabble 20160302

What the heck is a Stingray? And what does it have to do with my privacy? - Rabble 20160302

You may not be aware that a device named after an unusual sea creature poses a serious threat to your cell phone -- but I assure you, it does. A growing concern in the privacy world, the surveillance device nicknamed a "Stingray" (technically known as an IMSI catcher) is an invasive technology that threatens to undermine the privacy of anyone with a cell phone.

A small device about the size of a briefcase, Stingrays are used by some law enforcement agencies to simulate cell phone towers, and trick nearby mobile phones into connecting to them and exposing sensitive personal information. That includes revealing your phone's location, as well as recording incoming and outgoing phone calls. That isn't bad enough? The Stingray can also intercept your text communications, and even extract the encryption keys you use to protect your data.

Incredibly invasive? Yes. But the problem with Stingrays doesn't stop there. They're not just invasive, but they're also indiscriminate. Stingrays use blanket surveillance on everyone in a given geographic location, without any clear targeting.

Are you caught up within the Stingray's radius? Your information is being captured. It has nothing to do with any reasonable expectation of guilt -- just your geography. Just as a cell phone tower connects with all nearby phones, so does the Stingray. They can be targeted into homes, offices or parks. Wrong place, wrong time? You're going to be included in the sweep.

This means you don't have to be the target of an investigation to be spied on. By definition, innocent citizens are inevitably caught up in the Stingray's dragnet. And, perhaps worst of all, you won't even know if you're a victim.

One of the challenges with StingRays is that there is little information about the full extent to which these devices are currently in use. But we do know that they are being used. The NYPD recently revealed these devices have been used over 1,000 times since 2008. Canada's own RCMP, Ontario Provincial Police, and the Vancouver Police Department have all refused to answer requests for information on the subject.

Worse yet, we don't know how this information is being used, how long it's being stored for, and what protections are in place to ensure it is not misused. It's bad enough to collect all of this information about innocent citizens. Failing to ensure it's being treated appropriately only makes things worse.

As we increasingly find ourselves under more and more surveillance, with our privacy under attack from what feels like all sides, is all lost? No. We don't yet know how common Stingray usage is in Canada, and we still have a chance to stop this before their use becomes more widespread.

Transparency is the first step. We need to know if, when, and where these technologies are in use, to be able to demand accountability of our law enforcement agencies. We need to understand the facts to ensure our right to privacy is being protected, and that authorities are being held accountable for this type of surveillance.

That's why, at OpenMedia, we're intervening alongside a number of other pro-privacy organizations at an upcoming case to be heard by the B.C. Privacy Commissioner. We're asking the Commissioner to rule that police must come clean about whether, and how often, they use these spying devices. The case will be heard later this month, and you can check out our website or follow us on Facebook for the latest developments.

Laura Tribe is Digital Rights Specialist for OpenMedia, a community-based organization that safeguards the possibilities of the open Internet.

Cellebrite: What You Need to Know About Cell Phone Forensics - North Star Post 20160223

Cellebrite: What You Need to Know About Cell Phone Forensics - North Star Post 20160223

Smartphones are nearly ubiquitous devices that handle, create, and store massive amounts of information about our lives.

Law enforcement agencies have spent tens of millions of dollars on technology and training to seize a large trove of data on any given smartphone. Cellebrite has emerged as a leading supplier of cellular data seizure technology. Cellebrite produces software and mobile terminals that are used to physically copy data off of seized cell phones--data that might not be shared over a connection that can be intercepted.

Smartphones are often the best source of information on their users, which makes them attractive to marketers, spies, and law enforcement, among others. Law enforcement has invested heavily to retrieve and utilize data from smartphones in investigations and court cases.

North Star Post has previously reported on cell-site simulators (a.k.a. Stingray, IMSI catchers, DRT-boxes), which are capable of remote, widespread, indiscriminate and often times warrant-less surveillance. New evidence is emerging that certain variants of this technology can even jam frequencies, drain batteries and turn a cell phone into an active listening device.

Cell-site simulators are capable of uniquely tracking and/or identifying cell phones. Certain models can intercept text messages and phone calls. These capabilities are very powerful for tracking who associates with whom and for capturing communications for a large group or a target that an agency might not want or be able to get a wiretap for. The most advanced cell-site simulators still leave a large ocean of personal information untouched on a smartphone.

Smartphones typically store and access emails, photos, instant messages, location history, usage history on various apps (these could be anything from financial transactions to search history), and a variety of online and cloud services. Some forensics software is even capable of exploiting data stored on a smartphone to connect to social networks and cloud services and download personal data that is not available on the device itself.

Cellebrite offers the UFED (Universal Forensic Extraction Device) line of software and hardware to governments for them to copy as much data as possible off of seized smartphones. UFED contains a catalog of procedures for retrieving data from more than 95 percent of mobile devices on the market. These procedures might be as simple as accessing a built-in backup or debugging feature in a smartphone with weak security.

More secure smartphones may require the use of undisclosed bugs and exploits Cellebrite has compiled. Cellebrite also recently released a new product called UFED Cloud Analyzer, which allows users to use authentication codes and passwords saved by mobile apps to automatically log into Gmail, Google Drive, Facebook, Twitter, Dropbox, and Kik. Cloud Analyzer is then able to download emails, message history, files and contact lists as available. Cellebrite claims UFED Cloud Analyzer acts like these providers' apps by using their application programming interfaces (APIs) to access data. Requests for comment from Google, Facebook, Twitter, and Dropbox went unanswered.

Cellebrite says there are "30,000 global deployments" of their forensics technology "in more than 100 countries" with users including "intelligence services, border patrols, special forces, military forces, public safety agencies and securities and financial organizations." Cellebrite's portable UFED unit is listed in a US militarycellphone surveillance catalog published by The Intercept. Cellebrite has a large presence in US law enforcement--there are currently 48 courses scheduled in the US for the remainder of 2016.

Chandler, Arizona, has one week-long class scheduled. There are also several classes scheduled in Northern Virginia and Salt Lake City, with others generally scattered across the country. The courses range in technical complexity from basic use of UFED to dis-assembly and physical access to circuitry at advanced levels.

Documents from the Chicago Police Department claim that UFED "is crucial while conducting investigations where cellular telephones are present." The documents then request approval to spend $7,074 on a portable UFED kit, as well as $999 a year of annual software fees thereafter. As Freddy Martinez of Lucy Parsons Labs in Chicago has uncovered, Chicago Police Department policy is to use seized drug money to cover the costs of surveillance technologies. Internally, this money confiscated prior to the trial or conviction of a suspect is called "1505" money.

Another memo on approving a payment for an update claims UFED "is proprietary and utilized in covert operations. Knowledge of it's (SIC) existence should be kept within the Bureau of Organized Crime and limited to sworn personnel." Chicago PD apparently let its license expire and rushed to renew it in August of 2011 because a "software update was immediately needed for the execution of a search warrant on an offenders cellular telephone (Operation Little Girl Lost)."

Cellebrite does not limit itself to using official procedures authorized by device makers. The company is active in searching for exploits against smartphone security features. One Cellebrite job ad listed "1337 skills" and "military intelligence elite courses (you know and we know)" as requirements. Cellebrite is based in Israel, which has a significant pool of skilled security researchers, in part due to the existence of Israeli military Unit 8200.

Unit 8200 is responsible for collecting signals intelligence, similar to the NSA and the UK's GCHQ. Unit 8200 is unique in its recruitment and training of large numbers of talented security researchers who enter the private sector after completing mandatory military service. Another Cellebrite job posting lists experience in Unit 8200 as a qualification equivalent to holding a bachelor's degree. The company boasts they have a staff of over 200 engineers.

Cellebrite has a key edge in attacking the security of smartphones--its relationships as the "exclusive provider of mobile synchronization systems for Verizon Wireless, AT&T, Sprint/Nextel, T-Mobile" and others that allow them to obtain "pre-production handsets and source codes from the cell phone manufacturers six months prior to retail launch which is a major advantage for research and development." See here, courtesy of Lucy Parsons Labs.

Some or all source code on a cell phone is proprietary to the manufacturers and operating system vendors involved and kept secret from most security researchers and the general public. Source code is a human-readable set of instructions carried out in software. Most programs are translated from human-readable source code to binary data that is far more difficult to analyze for security flaws. Cellebrite holds a major advantage in finding secret exploits against proprietary source code that they have access to because security researchers cannot review the code for flaws and alert the public. The head start of up to six months to hack new phones and OS updates also stands out as a massive edge over those attempting to find and fix security flaws, especially when compared to the 1-3 year life-cycle of most smartphone models.

Law enforcement has aggressively exploited security and privacy gaps in mobile devices and their networks to surveil targets. "Tower dumps" of all communication traffic with a cell towers, other records from carriers, and cell site simulators all allow anyone with access to them to monitor the location and communications of cell phones. Mobile forensics software allows those with access to a device to collect far more information, some of which may only be available on the phone.

The proper use of good encryption on smartphones can protect stored information from someone knowledgeable in hacking them or from mobile forensics software. Cellebrite and other forensics software developers do research and package exploits against mobile devices, but many of these attacks can be easily reproduced by skilled hobbyists from information on public forums, especially if forensic accuracy is not required. A technically knowledgeable hobbyist or criminal could also further exploit authentication tokens and stored passwords on mobile devices to access emails or make fraudulent financial transactions. Encryption is the last line of defense between a smartphone user's data and an attacker with physical access to the device.

The movement of Apple and Google to encrypt storage by default has triggered a wave of concern and complaints from FBI Directors James Comey and other law enforcement officials. Comey and others have called for device makers to provide a means of "exceptional access," commonly called a "backdoor" in the security community by modifying designs of future smartphones and their operating systems. Apple and Google have both pushed back on these requests, with the support of the academic security and cryptography community, see here.

"The San Bernardino litigation isn't about trying to set a precedent or send any kind of message. It is about the victims and justice," Comey said in a piece written for the online publication Lawfare, adding "I also hope all Americans will participate in the long conversation we must have about how to both embrace the technology we love and get the safety we need."

This conflict has reached a new peak in a court battle between Apple and the DOJ--the DOJ obtained an order to compel Apple to develop a modified version of iOS to extract data from an iPhone provided to Syed Rizwan Farook, one of the San Bernadino shooters, by his employer.