Friday, December 04, 2009

Dial 1-800-RAT-FINK...

Via email, I was alerted to the fact that Sprint/Nextel's Electronic Surveillance Department has been playing Fido every time the po-po said "Fetch!", at least 8 million times over the last sever...

Wait, what?!?

Sprint/Nextel has an Electronic Surveillance Department??!

Maybe these shenanigans would have gone unreported longer if they'd taken a page from the Orwell School Of Marketing and called it the "Department of Customer Love". And by "Customer Love", I mean "Customer Loooove"; the kind you normally have to unwrap a plain brown package and draw the blinds to see on your DVD and is still illegal in some locales.

UPDATE(ISH): Joe Huffman goes into much greater detail, and did it first.

21 comments:

T said...

Ars Technica gives you the summary.

Here's the article from the researcher.

As a friend of mine once said, the question anymore isn't if you're paranoid. It's if you're paranoid enough.

Tam said...

"Have you been loved up by your cell phone provider lately? There's an app for that!"

Anonymous said...

The feds can do some truly awesome things with your phones--turn it on, use it to spy on you, grab your photos, inter alia. I don't think people realize that they are carrying around "bugs" with them 24/7.

Phone "phreaking" is even showing up in some divorce cases.

Shootin' Buddy

Montie said...

As a police investigator, this sends chills up my spine. While getting a warrant or grand jury subpeona for cell phone info is a definite pain in the ass, this type of unrestricted access can only lead to abuses. In 24 years of police work, I have seen enough "criminals with badges" to know that this sort of thing is not good.

Drang said...

They have RFID-blocking wallets and passport cases, I guess RFID-blocking cell phone cases are next.

One comment I saw on one blog said the number seems higher than it is because it includes each individual time they "ping" each cell phone they have a warrant for. They'd have to be getting a hit off of each phone almost continuously for the number to get down to something I'd regard as reasonable.
I wonder if the number could include Sprint/Nextel phones that are part of gov't contracts...?

Ride Fast said...

Apparently the Feds have been paying Yahoo and Verizon to hand over all our comm traffic through them.

In all fairness they should have at least given me the opportunity to rat myself out, I could use the money.

Crucis said...

Having just been laid off by Sprint, I can now speak my mind. calling an application an Electronic Surveillance Department is a stretch. Sprint has an on-line application that allows owners of phones or parents to track their own or children's phones. I used it last year when I lost my phone and found it quickly.

Access to this application is restricted to subscribers and by login/password.

There has been instances in the last few years, local to KC that I know of, where abducted girls were tracked by the signals of their phones. These were not Sprint subscribers and the other carriers used the phones "Ping" with passing cell towers to track movements.

Since Sprint already had the subscriber application, a version was created for LEOs. Not working in that area, I don't know how access is governed. I know that in the past, warrants were required for call detail records for wired phones. I doubt those requirements have changed for wireless.

One search however can pull a load of data. Each datum can add up over a period of time. I think the number of data hits that Sprint manager mentioned was a bit exaggerated.

Scared straight said...

Makes you wonder how much of your web browsing (from your phone or your computer) they're keeping track of as well.

All it takes is one unscrupulous employee at the ISP to track down where you work (not hard) and any questionable sites you may have visited (from home or from work) may be an opportunity for blackmail. Never mind the job, they could threaten to tell your spouse.

Time to tighten the tin foil? Perhaps. Or maybe it's time to clean up the browsing a bit.

Matt G said...

We've used it, exactly in the manner that Crucis described, a couple of times. Girl goes missing. Girl has cell phone. We fill out a simple one-page form that our Communications department sends to Sprint or whoever. A few minutes later, we get the location of the girl's phone. The form includes us swearing that this is a real-live emergency, and requires an agency case number and supervisor approval. The next business day, a rep from the company is all up in your department's business, verifying that the check was legit. It's not just something you could use to check your ex-girlfriend's location, without some flags being raised.

From what I've seen so far, I'm actually in favor of this.

NotClauswitz said...

Good thing I have stupid phone that just makes calls and can't do web-crap - lovin' the luddite.

Matt G said...

Oh, DirtCrashr.
Do you really think it's not capable of spying on you, too? :(

Joanna said...

I got a call today that since I'd been with Sprint for a year (a long, abusive year) I had earned a reward. I got 75 extra minutes, spread out over three months. They also tried to upsell me to a fancier phone and a more expensive plan. And now you tell me they can get all up in my (admittedly boring) bidness. Not that they would, necessarily, but that they can.

I'm not feelin' the love here, people.

Drang said...

Joe Huffman has more at http://blog.joehuffman.org/2009/12/04/Enabling.aspx

Kristophr said...

I have used this one for a few years now.

In the bag, no calls. Simple.

staghounds said...

"It's not just something you could use to check your ex-girlfriend's location"

Unless she was abducted by ANOTHER stalker...

Ian Argent said...

FWIW - Verizon Wireless has gotten EXCORIATED in local press accounts at least twice for not releasing location data to cops unless they follow procedure. So it's a bit of a catch-22 for the cellphoen companies. Corollary to the CSI Effect, I suppose

Chuck Pergiel said...

Never did trust them new fangled phones.

Borepatch said...

I'd be very surprised if the other carriers weren't doing exactly the same thing.

There's a great scene in the film "The Net" where the Bad Guy is tracking Sandra Bullock from her cell phone location. When she realizes what's happening, she gives her phone to a homeless guy.

Pretty good analysis of the technology/security implications, especially for Hollywood in 1994.

Anonymous said...

Funny that he forgot to include how cell companies can triangulate on a phone's position even if it doesn't have GPS or wifi. With precision of 5O meterts or so. Just by several phone towers measuring differences in signal reception betweem them-

Already people are considered suspicious if they leave their phone at home.

@Crucis
A login and a password.
That is a joke. Any half brained script kiddie could gain access probably.

Sprint could very well afford to have it protected by a certificate, and authenticate each and every login into such a system with one time keys sent to a cell phone. Cell messages snooping isn't trivial for the bad guys, usually. At least, we had no electronic accounts broken into every since they started with this scheme. Before that, anyone dumb enough to get trojans into his computer(~60 % of people) could get his bank account cleaned out.

@Pergiel
And you trusted the old phones? Why?

One of the less odious politicians here said it well: only morons say sensitive information over a phone line. I should add that only a moron would send the same in a plain email, IM ..etc.
When smart people here meet to conspire (politicians, businessmen, discussing strategy, tactics, etc), they generally meet underground and sweep for bugs.
That's what you get for having politicians appoint the head of secret service ..

Even the porkheaded nazi thugs are moving over to use PGP.

-Schmidt

Kristophr said...

Exactly.

The Bush administration allowed PCs and laptops for whitehouse staff ... but only as personally owned productivity enhancement.

The Clintons sabotaged all the whitehouse PCs when they left, so Bush simply didn't replace them. His staff brought their own personal machines, and all dealings with the president were done in person.

No email to subpoena. Heh.

When Obama arrived, he had a thick manila envelope from Pres. Bush on his desk, and nary a PC in the place. Simply the way Bush found the place back in 2000.

Matt G said...

So it's a bit of a catch-22 for the cellphoen companies. Corollary to the CSI Effect, I suppose."

Ian Argent nailed it.