US marshals grab mobile phone data from the sky

News by Tim Ring

Airborne law enforcement surveillance devices grab phone data on tens of thousands at a time.

American officers match London's Met Police in using ‘dirtbox' devices to hoover-up mobile phone data from tens of thousands of people at a time, according to reports.

US marshals are reportedly using Cessna planes fitted with so-called ‘dirtbox' surveillance devices to hoover up the identity and location data of tens of thousands of mobile phone users at a time.

The claim, made in the Wall Street Journal, follows a few days after The Times said that London's Metropolitan Police are using similar devices to indiscriminately collect identity, call and message data from mobile phone users.

In both cases, the aim is to uncover the phone activity of suspected criminals, but the devices involved capture the ID and location of everyone in the vicinity.

However, the US marshals have trumped the Met Police by going airborne.

According to the Wall Street Journal, their planes operate from five US airports and cover most of the American population, gathering data on tens of thousands of phones on every flight.

They have been operating since 2007 using surveillance equipment nicknamed ‘dirtboxes' - after the Boeing subsidiary which makes them, Digital Receiver Technology.

The two-foot square IMSI (International Mobile Subscriber Identity) catcher devices imitate telecoms companies' mobile phone towers to trick smartphones into transmitting their personal information.

The Times likewise reported on 1 November that the Met Police, the UK's largest force, are using IMSI catchers to “hoover up the identity, call and message data” on “tens of thousands of innocent people”.

The two reports – the latest examples of the mass collection of personal data by government and law enforcement agencies - have led to calls for more transparency and accountability over such programmes from privacy campaigners and security experts on both sides of the Atlantic.

In the US, Christopher Soghoian, principal technologist at the American Civil Liberties Union, described the US marshals' activity as “a dragnet surveillance programme”.

He told journalists: “This is bulk surveillance of a massive amount of people in order to find proverbial needle in a haystack. Recently the FBI has impersonated members of the Associated Press, internet repairmen and now it's impersonating the phone companies. This is just the latest example of them taking impersonation to the extreme.”

Soghoian said telecoms firms are aware of the type of technology used in the surveillance “but whether they knew it was being strapped to the bottom of planes is another story”.

In Europe, cyber security expert Brian Honan of BH Consulting told “Many police forces do have these devices. The big question is: what transparency and oversight is there to ensure they are not being abused and misused to infringe on individuals' privacy rights?

“They are used by police forces to try and monitor criminals but we need to ensure that as with any other surveillance devices, there is clear transparent oversight on their usage.

“The problem is that you can't target one phone particularly. Anyone within range, all their traffic could be intercepted as well.

“If any data is collected on anybody else, there need to be procedures to get rid of it and that proper warrants and oversight is given to the use of them.”

Honan added that: “We need mobile telecommunication companies to look at ways to make calls more secure.”

Commenting on the US marshals report, Rafael Laguna, CEO of European comms software developer Open-Xchange, told via email: “What this latest case of mass surveillance by a government agency on its own people shows is that no-one is safe from being tracked or monitored.

“What else needs to be revealed for us to be without any doubt that we cannot trust governments or their agencies to act in a transparent or legal manner? It is becoming clear that legislation or politicians do not adequately protect us or our data from being monitored or profiled.

“If we want to avoid being subject to surveillance, it requires us to take as much control of our data as possible. By encrypting our data and only using service providers that we trust to act in a responsible manner, we can go some way to taking back control and to protect ourselves from intrusion.“

At the time of writing, no official government or law enforcement sources in either the UK or US had confirmed or denied the two reports.

However, security researcher Daniel Cuthbert of SensePost, demonstrated a similar technique using Snoopy drones at last year's SC Congress, and in recent work (to be reported by SC) he demonstrated the ability to zone in on a specific location (such as the Birmingham central mosque), identify all tweets within a 1000 metre radius being made live at that moment, and select all references to ISIS, for example.

In addition, the researcher could determine the sentiment (pro or anti) of the tweets, cross reference with other publicly available data to identify the individual, follow who was re-tweeting and who was initiating tweets, and thereby identify ISIS agents of influence, their use of botnets, and those used to amplify their messages. 

Given these are all legal means of analysis of publicly available traffic data, it would perhaps be surprising if law enforcement was not taking a similar approach.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews