From cde33556a0989e52f629b40393197dd9492a9dfd Mon Sep 17 00:00:00 2001 From: Than Harrison Date: Wed, 21 Sep 2022 17:29:45 -0400 Subject: [PATCH] Add section: Your Cell-Site Location Information Signed-off-by: Than Harrison --- guide.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/guide.md b/guide.md index 1a50b71..7da08e5 100644 --- a/guide.md +++ b/guide.md @@ -103,6 +103,7 @@ Finally note that this guide does mention and even recommends various commercial - [Some Devices can be tracked even when offline:] - [Your Hardware Identifiers:] - [Your IMEI and IMSI (and by extension, your phone number):] + - [Your Cell-Site Location Information:] - [Your Wi-Fi or Ethernet MAC address:] - [Your Bluetooth MAC address:] - [Your CPU:] @@ -827,6 +828,18 @@ While there are some smartphones manufacturers like Purism with their Librem ser See [Appendix N: Warning about smartphones and smart devices] +### Your Cell-Site Location Information: + +In *Carpenter v. United States*, [[Wikiless]](https://wikiless.org/wiki/Carpenter_v._United_States), a jury in the District Court for the Eastern District of Michigan convicted Timothy Carpenter of armed robbery. Wireless carriers produced CSLI for petitioner Timothy Carpenter’s phone, and the Government was able to obtain **12,898 location points over 127 days**. There were several findings regarding these data points, one of which concerned the privacy of cellphone subscribers and their data. These were pointed to in an article from Vice titled *["Revealed: US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data"](https://www.vice.com/en/article/y3pnkw/us-military-bought-mass-monitoring-augury-team-cymru-browsing-email-data)*, regarding Augury, which is designed to reveal historical subscriber data. Among others, it is a tool used by the U.S. Navy, Army, Cyber Command, and the Defense Counterintelligence and Security Agency (DCSA). Augury gathers a staggering amount of data about a subject, including a subscriber's CSLI. Certainly violates your Fourth Amendment rights - or so you would think? No, this is all covered by many Supreme Court rulings, and this is specific to the US but extends beyond borders. Australia, we see you. + +"There are 396 million cell phone service accounts in the United States - for a nation of 326 million people. Cell phones perform their wide and growing variety of functions by connecting to a set of radio antennas called "cell sites." Although cell sites are usually mounted on a tower, they can also be found on light posts, flagpoles, church steeples, or the sides of buildings. Cell sites typically have several directional antennas that divide the covered area into sectors. Cell phones continuously scan their environment looking for the best signal, which generally comes from the closest cell site. Most modern devices, such as smartphones, tap into the wireless network several times a minute... Each time the phone connects to a cell site, it generates a time-stamped record known as cell-site location information (CSLI). The precision of this information depends on the size of the geographic area covered by the cell site. The greater the concentration of cell sites, the smaller the coverage area. + +Wireless carriers collect and store CSLI for their own business purposes, including finding weak spots in their network and applying "roaming" charges when another carrier routes data through their cell sites. In addition, wireless carriers often sell aggregated location records to data brokers, without individual identifying information of the sort at issue here. ... Accordingly, modern cell phones generate increasingly vast amounts of increasingly precise CSLI. [Carpenter v. US, 585 U.S. 2018.](https://supreme.justia.com/cases/federal/us/585/16-402/) + +Given that cell phone users voluntarily convey cell-site data to their carriers as "a means of establishing communication," the court concluded that the resulting business records are not entitled to Fourth Amendment protection," [as decided June 22, 2018](https://www.law.cornell.edu/supremecourt/text/16-402) [[Archive.org]](https://web.archive.org/web/20220826042940/https://www.law.cornell.edu/supremecourt/text/16-402) + +Due to the nature of cell networks and how they work, there is **no** way to not give information like this to your service provider. It is apparently "implied", as evidenced by the [Telephone Consumer Protection Act 47 U.S.C. § 227](https://www.fcc.gov/sites/default/files/tcpa-rules.pdf) [[Archive.org]](https://web.archive.org/web/20220913181620/https://www.fcc.gov/sites/default/files/tcpa-rules.pdf). + ### Your Wi-Fi or Ethernet MAC address: The MAC address[^99] is a unique identifier tied to your physical Network Interface (Wired Ethernet or Wi-Fi) and could of course be used to track you if it is not randomized. As it was the case with the IMEI, manufacturers of computers and network cards usually keep logs of their sales (usually including things like serial number, IMEI, Mac Addresses, ...) and it is possible again for them to track where and when the computer with the MAC address in question was sold and to whom. Even if you bought it with cash in a supermarket, the supermarket might still have CCTV (or a CCTV just outside that shop) and again the time/date of sale could be used to find out who was there using the Mobile Provider antenna logs at that time (IMEI/IMSI). @@ -13570,6 +13583,7 @@ In short, our opinion is that you may use Session Messenger on iOS due to the ab [Some Devices can be tracked even when offline:]: #some-devices-can-be-tracked-even-when-offline [Your Hardware Identifiers:]: #your-hardware-identifiers [Your IMEI and IMSI (and by extension, your phone number):]: #your-imei-and-imsi-and-by-extension-your-phone-number + [Your Cell-Site Location Information:]: #your-cell-site-location-information [Your Wi-Fi or Ethernet MAC address:]: #your-wi-fi-or-ethernet-mac-address [Your Bluetooth MAC address:]: #your-bluetooth-mac-address [Your CPU:]: #your-cpu