Don’t be shocked at spies tracking your phone: opinion

  • TECH
  • Tuesday, 10 Apr 2018


The press has been in a lather of late over reports that the US Department of Homeland Security had discovered evidence that cellphone tracking tools were being used by “unauthorised” parties in and around Washington. 

Formally known as International Mobile Subscriber Identity catchers, and often called stingrays, these devices fool your phone’s baseband into believing it is in contact with a cell tower. IMSI catchers can use your phone’s signal to track your movements and contacts. In some cases they might persuade your phone to turn off its encryption. 

It’s a powerful, scary technology. Scarier still, federal officials admit that although they can detect the devices, they can’t find them. Still, here are three reasons that the excitement over the news from Washington is a little overdone. 

In the first place, the use of IMSI catchers by unauthorised parties isn’t news. Privacy advocates have long fought to reduce reliance on the devices by law enforcement, on the ground that they sweep up too much data from those suspected of nothing. But techies have been warning for years that stingrays could be used by criminals and foreign governments. A 2014 article in the Harvard Journal of Law and Technology was succinct: “Hostile foreign intelligence services can and, almost certainly, are using the technology in this country for espionage.” 

In other words, the concern that’s suddenly making headlines has been around for a while – so long that entrepreneurs have been developing tools to help us detect their presence. Remember that IMSI-catchers trap mobile phone signals by mimicking cell towers. One means for uncovering stingrays, then, is to use algorithms that identify what would seem to be towers except that they switch frequency too often or actually change location. Last year, researchers at the University of Washington announced that they had used exactly these techniques to uncover hidden IMSI catchers in and around Seattle. 

All of which is to say that although it’s useful to have longstanding suspicions confirmed, the widespread use of stingrays, with or without authorisation, should hardly be considered newsworthy. 

In the second place, to borrow from John le Carré, spying is eternal. We shouldn’t profess such surprise that foreign powers try to use against us the same tools we would use against them if we didn’t have anything better. Americans are always shocked to learn that we’re not invulnerable to espionage. But spying is tit for tat, and the phones to which we as a nation seem addicted are a natural and tempting target. For our own convenience, we constantly send vulnerable packets of data into the ether. We should hardly be surprised that foreign governments (or whoever the unauthorized users are) yield to the temptation to study what we so casually broadcast. 

But in the third place, we should never allow ourselves to forget that lots of people who don’t happen to be spies are already spying on us. Like our cellphone carriers. Like just about every website we visit. (Although not all to the same extent. A 2016 Princeton University study of the 1 million most visited sites found that news sites tend to be the most intrusive, and sites maintained by government and educational institutions the least.) True, the data most sites collect is formally anonymous, but de-anonymizing might not be all that hard, particularly with social media. In a 2017 paper, researchers from Stanford and Princeton universities showed how, given 30 anonymized links originating from Twitter Inc., they could deduce the underlying Twitter account with 50 percent accuracy. 

And that’s before we even get to Facebook Inc. Now, I have zero interest in kicking a good company when it’s down, so let me start out by saying that users who are howling about their (anonymyised) data falling into the wrong hands may not have spent much time perusing Facebook’s terms of service. The challenge for the privacy-conscious user isn’t third parties; the challenge is Facebook itself, which exists not to connect you with friends but to package data about your online activities and use it to sell targeted advertising. Happily, the company has recently translated the list of what it admittedly collects about its users from legalese into something approaching English, and anybody with an account (all 2 billion-plus of us) should take a gander at the remarkable result.  

It’s natural that we worry about digital privacy – and we do worry about it, apparently a lot – but we need to stop acting like babes in the woods. We can’t go squalling for our parents whenever some new set of prying eyes sets its sights on our data. Not when we allow all sorts of corporate strangers to rummage through our digital lives, and rarely raise a peep. 

That’s our Faustian bargain: Give us access to these wonderful tools, and we’ll give you access to pretty much anything you want. Along the way, all sorts of uninvited guests are bound to listen in. That’s been the deal from the start. So let’s all stop pretending we didn’t know what we were getting ourselves into. — Bloomberg

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

Next In Tech News

Local teachers using popularity of social media to prop up PdPR
Delivery Hero goes back to its roots with Berlin re-launch
Oprah-backed Apeel wants to help grocers peer into their produce
Meet China’s elderly influencers cashing in on the Internet
TikTok begins testing in-app shopping to challenge Facebook
Nasa's giant Webb telescope succeeds in key pre-launch test
Female streamers are conquering Twitch
Futuristic computer game hopes to be tonic for climate change anxiety
Singapore researchers control Venus flytraps using smartphones
A 1,100-year-old poem cost Meituan’s outspoken CEO US$2.5bil

Stories You'll Enjoy