Stingrays and the Spy in Your Hand
Hat tip to Cooper Quintin and the Electronic Frontier Foundation (EFF) for noticing that Google has introduced a new feature to its Android operating system that allows customers to operationally disable 2G in their smartphones.
Why is this important?
When 2G was first introduced, George H.W. Bush was still president and Americans were watching Murphy Brown and Cheers. Like an ancient ruin underneath a modern office building, 2G persists in our phones – and with this old technology, it perpetuates vulnerabilities for our privacy.
As Quintin explains it, 2G uses weak encryption between a cell tower and the device, making it susceptible to having calls and text messages intercepted. Worse, 2G offers no authentication of the tower to the phone, which allows federal, state and local law enforcement agencies to employ cell-site simulators, known as “stingrays,” to impersonate a cell tower and suck up the data in our phones.
EFF helpfully offers a tutorial on how to disable 2G on your Android device. And the EFF page also has a “take action” button that allows you to send a message to urge Apple to follow Google’s example on 2G.
While it is important for Google, Apple and Samsung to look for ways to defeat attempts to surveil our phones, the rapid pace of technological development ensures that government will almost always find a way to our data. Legal solutions are needed as well as technological ones.
That is why PPSA supports a stingray bill introduced by Rep. Ted Lieu (D-CA), Rep. Tom McClintock (R-CA), Sen. Ron Wyden (D-OR) and Sen. Steve Daines (R-MT) that would require the government to get a warrant before it deploys stingrays. “The Fourth Amendment means what is says, even in the digital age,” Rep. McClintock said.
Momentum for such effective legislative action would be enhanced by more disclosure of how many stingrays are operating in which jurisdictions, and basic information about the policies for their use.
In July, 2021, the Project for Privacy and Surveillance Accountability filed a lawsuit in the U.S. District Court for the District of Columbia to compel 18 federal offices and agencies – including the FBI, the Drug Enforcement Administration and the Office of the Attorney General – to comply with our ignored Freedom of Information Act request to produce records on the policies of cell-site simulators.
Google is to be commended for taking a strong step in the right direction. But much more will need to be done, in law as well as in technology, to protect the wealth of personal information in our phones.
Comments are closed.