DOCSLIB.ORG

An Assessment of Imsi Catcher Threats Hearing

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
An Assessment of Imsi Catcher Threats Hearing BOLSTERING DATA PRIVACY AND MOBILE SECURITY: AN ASSESSMENT OF IMSI CATCHER THREATS HEARING BEFORE THE SUBCOMMITTEE ON OVERSIGHT COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY HOUSE OF REPRESENTATIVES ONE HUNDRED FIFTEENTH CONGRESS SECOND SESSION JUNE 27, 2018 Serial No. 115–68 Printed for the use of the Committee on Science, Space, and Technology ( Available via the World Wide Web: http://science.house.gov U.S. GOVERNMENT PUBLISHING OFFICE 30–878PDF WASHINGTON : 2018 COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY HON. LAMAR S. SMITH, Texas, Chair FRANK D. LUCAS, Oklahoma EDDIE BERNICE JOHNSON, Texas DANA ROHRABACHER, California ZOE LOFGREN, California MO BROOKS, Alabama DANIEL LIPINSKI, Illinois RANDY HULTGREN, Illinois SUZANNE BONAMICI, Oregon BILL POSEY, Florida AMI BERA, California THOMAS MASSIE, Kentucky ELIZABETH H. ESTY, Connecticut RANDY K. WEBER, Texas MARC A. VEASEY, Texas STEPHEN KNIGHT, California DONALD S. BEYER, JR., Virginia BRIAN BABIN, Texas JACKY ROSEN, Nevada BARBARA COMSTOCK, Virginia CONOR LAMB, Pennsylvania BARRY LOUDERMILK, Georgia JERRY MCNERNEY, California RALPH LEE ABRAHAM, Louisiana ED PERLMUTTER, Colorado GARY PALMER, Alabama PAUL TONKO, New York DANIEL WEBSTER, Florida BILL FOSTER, Illinois ANDY BIGGS, Arizona MARK TAKANO, California ROGER W. MARSHALL, Kansas COLLEEN HANABUSA, Hawaii NEAL P. DUNN, Florida CHARLIE CRIST, Florida CLAY HIGGINS, Louisiana RALPH NORMAN, South Carolina DEBBIE LESKO, Arizona SUBCOMMITTEE ON OVERSIGHT RALPH LEE ABRAHAM, LOUISIANA, Chair BILL POSEY, Florida DONALD S. BEYER, JR., Virginia THOMAS MASSIE, Kentucky JERRY MCNERNEY, California BARRY LOUDERMILK, Georgia ED PERLMUTTER, Colorado ROGER W. MARSHALL, Kansas EDDIE BERNICE JOHNSON, Texas CLAY HIGGINS, Louisiana RALPH NORMAN, South Carolina LAMAR S. SMITH, Texas (II) C O N T E N T S June 27, 2018 Page Witness List ............................................................................................................. 2 Hearing Charter ...................................................................................................... 3 Opening Statements Statement by Representative Ralph Lee Abraham, Chairman, Subcommittee on Oversight, Committee on Science, Space, and Technology, U.S. House of Representatives ................................................................................................ 4 Written Statement ............................................................................................ 6 Statement by Representative Eddie Bernice Johnson, Ranking Member, Com- mittee on Science, Space, and Technology, U.S. House of Representatives .... 8 Written Statement ............................................................................................ 10 Statement by Representative Donald S. Beyer, Jr., Ranking Member, Sub- committee on Oversight, Committee on Science, Space, and Technology, U.S. House of Representatives ............................................................................ 12 Written Statement ............................................................................................ 14 Witnesses: Dr. Charles H. Romine, Director, Information Technology Laboratory, Na- tional Institute of Standards and Technology Oral Statement ................................................................................................. 17 Written Statement ............................................................................................ 19 Dr. T. Charles Clancy, Director, Hume Center for National Security and Technology, Virginia Tech Oral Statement ................................................................................................. 25 Written Statement ............................................................................................ 27 Dr. Jonathan Mayer, Assistant Professor of Computer Science and Public Affairs, Princeton University Oral Statement ................................................................................................. 33 Written Statement ............................................................................................ 35 Discussion ................................................................................................................. 49 Appendix I: Answers to Post-Hearing Questions Letter submitted by Representative Ralph Lee Abraham, Chairman, Sub- committee on Oversight, Committee on Science, Space, and Technology, U.S. House of Representatives 62 Articles submitted by Representative Donald S. Beyer, Jr., Ranking Member, Subcommittee on Oversight, Committee on Science, Space, and Technology, U.S. House of Representatives 64 (III) BOLSTERING DATA PRIVACY AND MOBILE SECURITY: AN ASSESSMENT OF IMSI CATCHER THREATS WEDNESDAY, JUNE 27, 2018 HOUSE OF REPRESENTATIVES, SUBCOMMITTEE ON OVERSIGHT COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY, Washington, D.C. The Subcommittee met, pursuant to call, at 2:17 p.m., in Room 2318 of the Rayburn House Office Building, Hon. Ralph Abraham [Chairman of the Subcommittee] presiding. (1) 2 LAMAR S SMITH. Te~., EOOIE BERNICE JOHNSON RANKING MEMBER cr::ongress of the ~nited ~totes t1ousc of Rcprcscntatincs COMMITTEE ON SCIENCE, SPACE. AND TECHNOLOGY 2321 RAYBURN HOUSE OFFICE 8U!LD!NG WASHINGTON, DC 20515-6301 (202) 225-6371 Subcommittee on Oversight Bolstering Data Privacy mul Mobile Security: An Assessment of IMSI Catcher Threats Wednesday, June 27. 2018 2:00p.m. 2318 Raybum House Office Building Dr. Charles H. Romine, Director, Information Technology Laboratory, National Institute of Standards and Technology Dr. T. Charles Clancy. Director. Hume Center for National Security and Technology, Virginia Tech Dr.• Jonathan Mayer, Assistant Professor of Computer Science and Public Atfairs, Princeton University 3 U.S. HOUSE OF REPRESENTATIVES COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY HEARING CHARTER June 27, 2018 TO: Members, Subcommittee on Oversight FROM: Majority Staff, Committee on Science, Space, and Technology SUBJECT: Oversight Subcommittee hearing: Bolstering Data Privacy and Mobile Security: An Assessment ofIMSI Catcher Threats The Subcommittee on Oversight will hold a hearing entitled Bolstering Data Privacy and Mobile Security: An Assessment ofIMSI Catcher Threats on Wednesday, June 27, 2018, at 2:00 p.m. in Room 2318 of the Rayburn House Office Building. Hearing Purpose: The purpose of this hearing is to examine and assess the threats to mobile security and user privacy presented by international mobile subscriber identity (IMSI) catchers and similar technology. IMSI catchers, known colloquially as "Stingrays", exploit cellular vulnerabilities by intercepting and collecting data and information transmitted to and from mobile devices. In the hands of malicious or nefarious actors, the technology can be leveraged to gain access to calls, texts, and other information sent to and from the mobile devices of unwitting Americans. Officials with DHS recently disclosed signs of sophisticated technology, including IMSI catchers, near sensitive facilities including the White House. The hearing will focus on the threats this technology poses to data security and privacy, as well as the steps industry and government can take to better mitigate such threats in the future. Witness List: Dr. Charles H. Romine, Director, Information Technology Laboratory, National Institute of Standards and Technology • Dr. T. Charles Clancy, Director, Hume Center for National Security and Technology, Virginia Tech Dr. Jonathan Mayer, Assistant Professor of Computer Science and Public Affairs, Princeton University Staff Contact: For questions related to the hearing, please contact Tom Connally or Duncan Rankin of the Majority Staff at 202-225-6371. 4 Chairman ABRAHAM. The Subcommittee on Oversight will come to order. Without objection, the Chair is authorized to declare re- cesses of the Subcommittee at any time. Good afternoon and welcome to today’s hearing entitled ‘‘Bol- stering Data Privacy and Mobile Security: An Assessment of IMSI Catcher Threats.’’ I recognize myself for five minutes for an opening statement. Good afternoon again. Welcome to today’s Oversight Sub- committee hearing ‘‘Bolstering Data Privacy and Mobile Security: An Assessment of IMSI Catcher Threats.’’ The purpose of today’s hearing is to examine the threats that IMSI catchers and other similar technologies pose to mobile security and user privacy. IMSI catchers and rogue base stations, commonly known by their brand name ‘‘Stingray,’’ are devices used for intercepting cellular traffic and data. Today we will hear from government and aca- demic experts about the basics of the technology, the ways in which it can be used by both legitimate and illegitimate actors, and poten- tial methods to mitigate the risks these devices pose. Regrettably, although they were invited, the Department of Homeland Security, DHS, declined to provide a witness today and instead provided a briefing to Members and staff last week. While this was helpful in giving some context to the matter, it was no substitute for a public discussion on such a serious issue. It would have been substantially more helpful for DHS to have been present today, to be part of the dialogue, inform the American public, and answer questions about their work in this area. With that said, I would like to thank our witnesses for participating today and tak- ing time out of their schedules to testify on this very important matter. Historically, the use of IMSI catcher technology has been limited to law enforcement, Department of Defense, and intelligence serv- ices. This was
Load more

Recommended publications
  • Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. Border - Nytimes.Com
    6/4/2015 Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. Border - NYTimes.com http://nyti.ms/1dP5ida POLITICS Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. Border By CHARLIE SAVAGE, JULIA ANGWIN, JEFF LARSON and HENRIK MOLTKE JUNE 4, 2015 WASHINGTON — Without public notice or debate, the Obama administration has expanded the National Security Agency’s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified N.S.A. documents. In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad — including traffic that flows to suspicious Internet addresses or contains malware, the documents show. The Justice Department allowed the agency to monitor only addresses and “cybersignatures” — patterns associated with computer intrusions — that it could tie to foreign governments. But the documents also note that the N.S.A. sought permission to target hackers even when it could not establish any links to foreign powers. http://www.nytimes.com/2015/06/05/us/hunting-for-hackers-nsa-secretly-expands-internet-spying-at-us-border.html?emc=eta1&_r=0 1/6 6/4/2015 Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. Border - NYTimes.com The disclosures, based on documents provided by Edward J. Snowden, the former N.S.A. contractor, and shared with The New York Times and ProPublica, come at a time of unprecedented cyberattacks on American financial institutions, businesses and government agencies, but also of greater scrutiny of secret legal justifications for broader government surveillance.
    [Show full text]
  • An Introduction to Cellular Security Joshua Franklin
    An Introduction to Cellular Security Joshua Franklin Last Changed: 20140121 Intro License Creative Commons: Attribution, Share-Alike http://creativecommons.org/licenses/by -sa/3.0/ 2 Intro Introduction • Cellular networks are a dense subject – This is not a deep dive • The standards are large, complicated documents • Involves physics, telecommunications, politics, geography, security... • We will discuss older cellular networks first and build upon this knowledge • The GSM, UMTS, and LTE standards are more or less backwards compatible – Major consideration during standards development 3 Intro Who Am I? • Joshua Franklin • I hold a Masters in Information Security and Assurance from George Mason – Graduate work focused on mobile operating systems • I work in election and mobile security 4 Intro Learning Objectives • Become familiar with the GSM, UMTS, and LTE family of cellular standards • Be introduced to spectrum allocation and antennas • Learn the security architecture of cellular networks • Be introduced to how cellular networks have been hacked in the past We will deeply explore LTE security while only touching on GSM and UMTS. LTE is the new standard moving forward (a.k.a., the new hotness). Previous cellular standards are being phased out. 5 Intro Excluded Topics This class does not cover: • Wireless physics • Ancient wireless networks (AMPS, IMS, smoke signals ) • Wired systems (PSTN/POTS/DSL) • Standards other GSM, UMTS, and LTE – CDMA2000, EV-DO, WiMax • In-depth discussion of GPRS, EDGE, and HSPA variants • SMS and MMS (text messaging) • Mobile operating systems (iOS, Android, Windows Phone) • QoS , Mobility management, and VoLTE • Internetwork connections Warning: This class is U.S.-centric but the standards are used worldwide.
    [Show full text]
  • Stanford Students Create 'Do Not Track' Software 3 December 2010, by Adam Gorlick
    Stanford students create 'do not track' software 3 December 2010, By Adam Gorlick such as Firefox requests content or sends data using HTTP - the protocol that underlies the web - it can optionally include extra information called a "header." Do Not Track adds a header that signals the user does not want to be tracked. The technology can now be installed as an add-on for Firefox, and Mayer and Narayanan are working to make it operate with Chrome. Safari and Internet Explorer do not support their software. Once the add-on is installed, the user doesn't have to do anything else. Each time a website is visited, a do- "We always thought Do Not Track was a great technical not-track message is automatically sent. idea, and it has a real impact that's feasible," said Jonathan Mayer, one of two researchers who created The students, who have been working with the software. computer science Professor John Mitchell, are also creating ways to configure web servers to honor their code. As a government agency pushes for a "do not Sending businesses and advertisers the message track" mechanism to protect online consumer that you don't want to be tracked is one thing. But privacy, a pair of Stanford researchers is getting them to respect your privacy is another - developing the technology to make it work. and it's something that hinges on government enforcement. For about four months before Wednesday's release of the Federal Trade Commission's "At the end of day, Congress would probably have recommendations for increasing Internet privacy, to pass a law empowering the FTC to enforce this," Jonathan Mayer and Arvind Narayanan have been said Ryan Calo, director of the Consumer Privacy creating software that would let users opt out of Project for Stanford Law School's Center for third-party web tracking and tell advertisers to stop Internet and Society.
    [Show full text]
  • Regulating the Zero-Day Vulnerability Trade: A
    REGULATING THE ZERO-DAY VULNERABILITY TRADE: A PRELIMINARY ANALYSIS MAILYN FIDLER* I. INTRODUCTION In April 2014, computer security experts revealed “Heartbleed,” a vulnerability in software encrypting information transmitted over the Internet.1 The bug existed in OpenSSL, which up to two- thirds of websites use to encrypt Internet traffic.2 Heartbleed exposed large swaths of data to interception and exploitation. Initially, news stories speculated the U.S. government knew about Heartbleed, and, rather than disclosing it, had been using it or keeping it for intelligence or other purposes, leaving Internet users at risk.3 Although the Heartbleed speculation seems to have been unfounded, public concerns about Heartbleed, combined with distrust created by Edward Snowden’s disclosures about the National Security Agency (NSA), forced the U.S. government to detail4 how it deals with software vulnerabilities it knows about but that remain unknown to software vendors or users – “zero-day” vulnerabilities or “zero-days.”5 The Obama administration’s response to Heartbleed raised further questions about U.S. policy on zero- day vulnerabilities, including the U.S. government’s role in purchasing vulnerabilities from the zero-day market. * Marshall Scholar, Department of Politics and International Relations, University of Oxford. I would like to thank the following people for their advice, input, and support during my work on this research: Lily Ablon, Richard Bejtlich, Fred Cate, Scott Charney, Jack Goldsmith, Jennifer Granick, Herb Lin, Jonathan Mayer, Chris Soghoian, Michael Sulmeyer, and Peter Swire. 1 Nicole Perlroth, Experts Find a Door Ajar in an Internet Security Method Thought Safe, N.Y. TIMES (Apr.
    [Show full text]
  • Explanatory Memorandum.As Issued
    July 16, 2013 Explanatory Memorandum for Working Group Decision on “What Base Text to Use for the Do Not Track Compliance Specification” Table of Contents I. History and Background A. Early history of DNT and Formation of the Working Group B. History Since Change of Co-Chair i. February 2013 Face-to-Face ii. Between the Boston and Sunnyvale Face-to-Face Meetings iii. Sunnyvale Face-to-Face iv. The Process Since the Sunnyvale Face-to-Face II. Do Not Target A. The DAA Self-Regulatory Program and Do Not Track B. The Definition of “Tracking” and Related Terms Prior to the Current DAA Proposal C. The Current DAA Definition of “Tracking” and Related Terms i. The DAA Definition and Aggregate Scoring ii. Other Objections to the DAA Definition of Tracking III. Do Not Collect A. Transient or Short-term Collection B. Unique Identifiers IV. Data Hygiene and De-identification A. Market Research and Product Development Exceptions V. Response to Comments that Support the DAA Proposal as Base Text VI. Conclusion This Explanatory Memorandum accompanies the decision of the Working Group of July 15, entitled “What Base Text to Use for the Do Not Track Compliance Specification.”1 The decision was written by Matthias Schunter and Peter Swire, co-chairs of the Tracking Protection Working Group of the World Wide Web Consortium (“W3C”), in accordance with long-established procedures in the Working Group. That decision of the Working Group addresses the question of what base text to use for the Do Not Track Compliance Specification, and concludes that the draft put before the group in June (“June Draft”) will be the base text rather than the proposal submitted by the Digital Advertising Alliance and other group members (“DAA Proposal.”)2 Part I of this memorandum provides history and background of the process to date, with emphasis on the issues that differ between the two texts.3 Part II is called “Do Not Target,” and discusses the definition of “tracking,” the means of user choice concerning targeted online advertising, and related topics.
    [Show full text]
  • A Promising Direction for Web Tracking Countermeasures
    A Promising Direction for Web Tracking Countermeasures Jason Bau, Jonathan Mayer, Hristo Paskov and John C. Mitchell Stanford University Stanford, CA fjbau, jmayer, hpaskov, [email protected] Abstract—Web tracking continues to pose a vexing policy progress towards standardization in the World Wide Web problem. Surveys have repeatedly demonstrated substantial Consortium has essentially stalled [14], [15]. consumer demand for control mechanisms, and policymakers While Do Not Track remains pending, there has been worldwide have pressed for a Do Not Track system that effec- tuates user preferences. At present, however, consumers are left a renewal of interest in technical countermeasures against in the lurch: existing control mechanisms and countermeasures web tracking. Mozilla [16] and Microsoft [17], [18] have have spotty effectiveness and are difficult to use. already shipped new anti-tracking features, and Apple has We argue in this position paper that machine learning could indicated openness to improving its longstanding counter- enable tracking countermeasures that are effective and easy measures [19]. The chairman of the United States Federal to use. Moreover, by distancing human expert judgments, machine learning approaches are both easy to maintain and Trade Commission recently departed from the agency’s palatable to browser vendors. We briefly explore some of longstanding focus on Do Not Track and signaled that it the promise and challenges of machine learning for tracking views technical countermeasures as a promising direction countermeasures, and we close with preliminary results from for consumer control [14]. a prototype implementation. Moreover, even if Do Not Track is widely adopted, some websites may ignore or deceptively misinterpret the I.
    [Show full text]
  • Detection of Rogue Devices in Wireless Networks
    Detection of rogue devices in Wireless Networks by Jeyanthi Hall A thesis submitted to the Faculty of Graduate Studies and Research in partial fulfilment of the requirements for the degree of Doctor of Philosophy Ottawa-Carleton Institute for Computer Science School of Computer Science Carleton University Ottawa, Ontario August 2006 © Copyright August 2006, Jeyanthi Hall Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. Library and Bibliotheque et Archives Canada Archives Canada Published Heritage Direction du Branch Patrimoine de I'edition 395 Wellington Street 395, rue Wellington Ottawa ON K1A 0N4 Ottawa ON K1A 0N4 Canada Canada Your file Votre reference ISBN: 978-0-494-18221-5 Our file Notre reference ISBN: 978-0-494-18221-5 NOTICE: AVIS: The author has granted a non­ L'auteur a accorde une licence non exclusive exclusive license allowing Library permettant a la Bibliotheque et Archives and Archives Canada to reproduce,Canada de reproduire, publier, archiver, publish, archive, preserve, conserve,sauvegarder, conserver, transmettre au public communicate to the public by par telecommunication ou par I'lnternet, preter, telecommunication or on the Internet,distribuer et vendre des theses partout dans loan, distribute and sell theses le monde, a des fins commerciales ou autres, worldwide, for commercial or non­ sur support microforme, papier, electronique commercial purposes, in microform,et/ou autres formats. paper, electronic and/or any other formats. The author retains copyright L'auteur conserve la propriete du droit d'auteur ownership and moral rights in et des droits moraux qui protege cette these. this thesis. Neither the thesis Ni la these ni des extraits substantiels de nor substantial extracts from it celle-ci ne doivent etre imprimes ou autrement may be printed or otherwise reproduits sans son autorisation.
    [Show full text]
  • President Barack Obama the White House 1600 Pennsylvania Avenue NW Washington, DC 20500
    President Barack Obama The White House 1600 Pennsylvania Avenue NW Washington, DC 20500 May 19, 2015 Dear President Obama, We the undersigned represent a wide variety of civil society organizations dedicated to protecting civil liberties, human rights, and innovation online, as well as technology companies, trade associations, and security and policy experts. We are writing today to respond to recent statements by some Administration officials regarding the deployment of strong encryption technology in the devices and services offered by the U.S. technology industry. Those officials have suggested that American companies should refrain from providing any products that are secured by encryption, unless those companies also weaken their security in order to maintain the capability to decrypt their customers’ data at the government’s request. Some officials have gone so far as to suggest that Congress should act to ban such products or mandate such capabilities. We urge you to reject any proposal that U.S. companies deliberately weaken the security of their products. We request that the White House instead focus on developing policies that will promote rather than undermine the wide adoption of strong encryption technology. Such policies will in turn help to promote and protect cybersecurity, economic growth, and human rights, both here and abroad. Strong encryption is the cornerstone of the modern information economy’s security. Encryption protects billions of people every day against countless threats—be they street criminals trying to steal our phones and laptops, computer criminals trying to defraud us, corporate spies trying to obtain our companies’ most valuable trade secrets, repressive governments trying to stifle dissent, or foreign intelligence agencies trying to compromise our and our allies’ most sensitive national security secrets.
    [Show full text]
  • Exhibit B Case 1:19-Cv-11311-JSR Document 23-2 Filed 05/22/20 Page 2 of 37
    Case 1:19-cv-11311-JSR Document 23-2 Filed 05/22/20 Page 1 of 37 Exhibit B Case 1:19-cv-11311-JSR Document 23-2 Filed 05/22/20 Page 2 of 37 ! !"##$%%&&'"(')*&+,$-.%'/(0'1"*&+(#&(%'2&3"+#' ' 4565'7"8,&'"3'2&9+&,&(%/%$*&,' ' ::;%.'!"(-+&,,' ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! </='>(3"+?&#&(%'4,&'"3'' !&@@A6$%&'6$#8@/%$"('B&?.("@"-$&,C''' D+$*/?E'!"(?&+(,'/(0'2&?"##&(0/%$"(,' !"##$%%&&'6%/33'2&9"+%' ' ' 7"(5'F/,"('!./33&%GH'!./$+#/(' 7"(5'>@$I/.'>5'!8##$(-,H'2/(J$(-'K&#L&+' !"##$%%&&'"(')*&+,$-.%'/(0'1"*&+(#&(%'2&3"+#' ' M&?&#L&+':NH'OP:Q! ! ! Case 1:19-cv-11311-JSR Document 23-2 Filed 05/22/20 Page 3 of 37 "#"$%&'("!)%**+,-! Advances in emerging surveillance technologies like cell-site simulators – devices which transform a cell phone into a real-time tracking device – require careful evaluation to ensure their use is consistent with the protections afforded under the First and Fourth Amendments to the U.S. Constitution. The United States’ military and intelligence agencies have developed robust and sophisticated surveillance technologies for deployment in defense against threats from foreign actors. These technologies are essential to keeping America safe. Increasingly though, domestic law enforcement at the federal, state, and local levels are using surveillance technologies in their every-day crime-fighting activities. In the case of cell- site simulators, this technology is being used to investigate a wide range of criminal activity, from human trafficking to narcotics trafficking, as well as kidnapping, and to assist in the apprehension of dangerous and violent fugitives. Law enforcement officers at all levels perform an incredibly difficult and important job and deserve our thanks and appreciation.
    [Show full text]
  • Stingray: a New Frontier in Police Surveillance
    PolicyAnalysis January 25, 2016 | Number 809 Stingray A New Frontier in Police Surveillance By Adam Bates EXECUTIVE SUMMARY olice agencies around the United States are of extensive nondisclosure agreements, the federal gov- using a powerful surveillance tool to mimic ernment prevents state and local law enforcement from cell phone signals to tap into the cellular disclosing even the most elementary details of stingray phones of unsuspecting citizens, track the capability and use. That information embargo even applies physical locations of those phones, and per- to criminal trials, and allows the federal government to Phaps even intercept the content of their communications. order evidence withheld or entire cases dropped to protect The device is known as a stingray, and it is being used the secrecy of the surveillance device. in at least 23 states and the District of Columbia. Origi- The controversy around police stingray surveillance nally designed for use on the foreign battlefields of the challenges our antiquated Fourth Amendment jurispru- War on Terror, “cell-site simulator” devices have found a dence, undermines our cherished principles of federalism home in the arsenals of dozens of federal, state, and local and separation of powers, exposes a lack of accountability law enforcement agencies. and transparency among our law enforcement agencies, In addition, police agencies have gone to incredible and raises serious questions about the security of our indi- lengths to keep information about stingray use from vidual rights as the government’s technological capability defense attorneys, judges, and the public. Through the use rapidly advances. Adam Bates is a policy analyst with the Cato Institute’s Project on Criminal Justice.
    [Show full text]
  • Assessing Threats to Mobile Devices & Infrastructure
    1 Draft NISTIR 8144 2 Assessing Threats to 3 Mobile Devices & Infrastructure 4 The Mobile Threat Catalogue 5 Christopher Brown 6 Spike Dog 7 Joshua M Franklin 8 Neil McNab 9 Sharon Voss-Northrop 10 Michael Peck 11 Bart Stidham 12 13 14 15 16 17 18 19 Draft NISTIR 8144 20 Assessing Threats to 21 Mobile Devices & Infrastructure 22 The Mobile Threat Catalogue 23 Joshua M Franklin 24 National Cybersecurity Center of Excellence 25 National Institute of Standards and Technology 26 27 Christopher Brown 28 Spike Dog 29 Neil McNab 30 Sharon Voss-Northrop 31 Michael Peck 32 The MITRE Corporation 33 McLean, VA 34 35 Bart Stidham 36 STS Mobile 37 38 39 40 September 2016 41 42 43 44 U.S. Department of Commerce 45 Penny Pritzker, Secretary 46 47 National Institute of Standards and Technology 48 Willie May, Under Secretary of Commerce for Standards and Technology and Director 49 National Institute of Standards and Technology Interagency Report 8144 50 50 pages (September 2016) 51 52 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an 53 experimental procedure or concept adequately. Such identification is not intended to imply recommendation or 54 endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best 55 available for the purpose. 56 There may be references in this publication to other publications currently under development by NIST in accordance 57 with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, 58 may be used by federal agencies even before the completion of such companion publications.
    [Show full text]
  • NIST SP 800-187 – Guide to LTE Security
    NIST Special Publication 800-187 Guide to LTE Security Jeffrey Cichonski Joshua M. Franklin Michael Bartock This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-187 C O M P U T E R S E C U R I T Y NIST Special Publication 800-187 Guide to LTE Security Jeffrey Cichonski Joshua M. Franklin Applied Cybersecurity Division Information Technology Laboratory Michael Bartock Computer Security Division Information Technology Laboratory This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-187 December 2017 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other federal official.
    [Show full text]