[conspire] Cellphones and GSM privacy

Rick Moen rick at linuxmafia.com
Mon Jun 25 18:06:38 PDT 2012 

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Mon, 25 Jun 2012 18:02:25 -0700
From: Rick Moen <rick at linuxmafia.com>
To: skeptic at lists.johnshopkins.edu
Subject: Re: Next, he'll know if you've been sleeping, know if you're awake...
Organization: If you lived here, you'd be $HOME already.

Quoting Eleanor Schechter (eleanorskeptic at yahoo.com):

> 
> --- On Mon, 6/25/12, greg bart <cyclopasaurus at gmail.com> wrote:
> ...and he ain't Santa:
> 
> http://bits.blogs.nytimes.com/2012/06/21/google-maps-the-worker-bees/?src=twr
> 
> Ha. I shall forward this to my daughter who was complaining about new
> enforcement at work of the rule that you can't bring a cell phone (or
> any of a number of other devices) into the building. She should be
> glad that they're not enforcing a rule that says you _must_ bring a
> cell phone into the buillding.

Technically, of course, the boss in the cited article doesn't get data
about where the _worker_ went, but rather about where the worker's
_smartphone_ went -- during periods when the smartphone is both switched
on and has the Google Maps Coordinate application is enabled and running
during one of its scheduled reporting periods.

Gamesmanship involving having your company-issued smartphone going where
you are not, and vice-versa, is left as an exercise for the reader.

One of these days, when either someone else is paying my cellular bill
or the data charges become less heinous, I will pick of a smartphone
to replace my dirt-cheap and privacy-friendly dumb cellular -- but will
insist on it being one capable of running CyanogenMod, thus permitting
me to solely determine what the device does, rather than some vendor.
Among other things, running a completely open-source and independent
Android rebuild (e.g., CyanogenMod) should permit disabling of all
geolocation check-in functions including the Radio Resource Location
services Protocol (RRLP) ones mandated by the USA FCC.  

Quoting Harald Welte:

'Many modern smartphones with GPS receiver are rumoured to have support
of the RRLP protocol. According to its specification, RRLP enables the
network (or anyone claiming to be the network) to obtain the current GPS
fix of the MS without any form of authentication.
[...]
Result: RRLP is not just a theoretical feature specified in the GSM/3GPP
specs. It is implemented by numerous high-end smartphones. There is no
authentication of the network. There is no notification of the user.
There is no way for the user to disable this [mis]feature.  Impact:
Public debate about this feature is needed. Operators probably need to
consider working on some terms about how they use this feature in their
privacy policy.'

http://openbsc.osmocom.org/trac/raw-attachment/wiki/FieldTests/HAR2009/har2009-gsm-report.pdf,
page 8

----- End forwarded message -----

More information about the conspire mailing list