Stingray Spy Tools Can Record Calls, New Documents Confirm

THE FEDERAL GOVERNMENT has been fighting hard for years hide details about its use of so-called stingray surveillance technology from the public.

The surveillance devices simulate cell phone towers in order to trick nearby mobile phones into connecting to them and revealing the phones’ locations.

Now newly released documents confirm long-held suspicions that the controversial devices are also capable of recording numbers for a mobile phone’s incoming and outgoing calls, as well as intercepting the content of voice and text communications. The documents also discuss the possibility of flashing a phone’s firmware “so that you can intercept conversations using a suspect’s cell phone as a bug.”

The information appears in a 2008 guideline prepared by the Justice Department to advise law enforcement agents on when and how the equipment can be legally used.

The American Civil Liberties Union of Northern California obtained the documents (.pdf) after a protracted legal battle involving a two-year-old public records request. The documents include not only policy guidelines, but also templates for submitting requests to courts to obtain permission to use the technology.

http://www.wired.com/2015/10/stingray-government-spy-tools-can-record-calls-new-documents-confirm/
Continue reading

License Plate Readers Exposed! How Public Safety Agencies Responded to Major Vulnerabilities in Vehicle Surveillance Tech

Law enforcement agencies around the country have been all too eager to adopt mass surveillance technologies, but sometimes they have put little effort into ensuring the systems are secure and the sensitive data they collect on everyday people is protected.

Case in point: automated license plate recognition (ALPR) systems.

Earlier this year, EFF learned that more than a hundred ALPR cameras were exposed online, often with totally open Web pages accessible by anyone with a browser. In five cases, we were able to track the cameras to their sources: St. Tammany Parish Sheriff’s Office, Jefferson Parish Sheriff’s Office, and the Kenner Police in Louisiana; Hialeah Police Department in Florida; and the University of Southern California’s public safety department. These cases are very similar, but unrelated to, major vulnerabilities in Boston’s ALPR network uncovered in September by DigBoston and the Boston Institute for Nonprofit Journalism.

After five months of engagement with these entities, we are releasing the results of our research and the actions these offices undertook in response to our warnings.

What is ALPR?

ALPRs are networks of cameras that take pictures of every passing car and capture data on each car’s license plate number, including the time, date, and location where the vehicle was photographed. ALPR cameras are often mounted on patrol cars or affixed to stationary roadside structures, such as light poles and traffic signals.

The systems will alert police when a camera recognizes a car on a “hot list,” an index of cars that are stolen or believed to be tied to criminal activities. However, most ALPR systems collect and store data on every car (i.e. they don’t distinguish between suspects and innocent civilians). Even if a vehicle isn’t involved in a crime, data on where it was and when may be stored for many years, just in case the vehicle later comes under suspicion. Consequently, a breach of an ALPR system is a breach of potentially every driver’s travel history. Depending on how much data has been collected, this information in aggregate can reveal all sorts of personal information, including what doctors you visit, what protests you attend, and where you work, shop, worship, and sleep at night.

The ALPR systems at the center of our investigation were sold by a company called PIPS Technology, which has since been bought by 3M. In 2011, prior to the acquisition, the company bragged of installing more than 20,000 cameras around the globe. After independent security researchers alerted us to the vulnerabilities, we discovered that many stationary ALPR cameras from PIPS were individually connected to the Internet and freely accessible online to anyone who knew where to look.

https://www.eff.org/deeplinks/2015/10/license-plate-readers-exposed-how-public-safety-agencies-responded-massive Continue reading