Lawful Evidence, Cell keys, Stingray and Other Breaches
It appears that a 4-letter agency (UK-based) and a three-letter agency (US-based) have conspired to reduce the security of cell phone users worldwide to approximately zero. Surely, their motives must have been noble; after all, these agencies belong to two governments renowned for their verbal support of democracy and freedom worldwide. To consider them as seeking their own selfish interests is unthinkable.
How nice it is for all Telephone Carriers to be released from all responsibility, especially after a series of record-breaking credit card number heists. We’re sure the incidence of these data beaches and the exposure of cell phone encryption keys is just coincidental.
Inquiring minds might ask the Government Agencies involved if they are positive they kept the lists of cell phone encryption keys secure, and that no greedy employee copied them and sold them somewhere.
Inquiring minds might also ask about the record number of huge data breeches (Target and Home Depot come to mind), and how these might be caused or enabled by hacking technology produces by these letter agencies. As Gold finger said, “Open is happenstance, twice is coincidence, the third time is enemy action.”
Pure speculation, of course – but that hacking technology would be very valuable to criminals, and would certainly facilitate thefts of information including credit information, if the information is ever carried over cellular networks.
We’re also sure the relevant Government Agencies would not respond well to such an inquiry. Clearly, they never believed their sins would be aired in public, because “Official Secrets” protection largely protects little except bureaucrats from informed criticism.
Which bring us to the next set of questions, about Stingray, the Harris Corporation Cell spoofer. We now know a little more about cell encryption – it is an RSA-like mechanism with a single key known to both the phone and cell carriers, not a public key system where the private key is only known by one party. Anyone who has that key can see or listen to any communications traffic which uses that key.
Information about Stingray is also subject to a remarkable level of control by the FBI.
Here’s an article from Ars Technica, and one from Techdirt report showing the FBI demanding that civic and state police departments refer any FOIA requests to the FBI instead of answering the requests themselves:
We’d assert that to “spoof” the cell system and intercept cell calls, the Harris Stingray must decrypt the cell call in the same manner as the cell system. It has to become a Man-in-the-Middle, and has to fool both the caller and the carrier.
Which raises an interesting question:
From where does the Stingray obtain its encryption/decryption keys?
We can conceive of two sources:
- The Carriers
- The Stolen keys discussed above
Now we’d expect retrieving keys from the carriers would require a warrant, but if not, then the collection of keys from all carriers, (and there are many, worldwide) would be extremely complex and subject to multitudes of missing keys, and errors. The cell spoofing system would be both intermittent and unreliable in operation.
What an embarrassment for a diligent law enforcement organization, such as the FBI. A sneaky mass-surveillance system that only worked sometimes.
The Stolen List
Here there are some advantages to Law Enforcement. A diligent three letter agency has collected all the keys, and willingly provides periodic timely updates before the Sim Cards are distributed and before the keys placed into use. Moreover, the keys are available from a single source! Any operational failures can be blamed on the “key management” three letter agency, and therefore would not be career-limiting failures when used by the “law enforcement” three letter agency.
If we were designing such a system, the complete list from the source, collected before use, would be a much more effective systems design.
However, using a stolen list of keys, not authorized by judicial warrant, and used to gather evidence might just be questionable in the US. That certainly could be career-limiting in scope! Would it also explain the great degree of secrecy surrounding the deployment and information on the use of the Stingray equipment? When was the last time you recall the FBI demanding that local and state police forces refer FOIA questions to them? Ever? We can’t recall another such occurrence.
In the UK a criminal convicted by evidence not gathered under a warrant are free to sue the police for their imprisonment. This appears to be another delicious piece of irony embodied in the British system of Justice. We can only imagine how successful a convicted felon would be in collecting damages against the police in the civil courts.
- Fromo where does the Stingray obtain its cell keys for its operation?
- How these are keys obtained, by Warrant or by other means?
- If by Warrant, Where are the records of these Warrants?
- If by stolen key list, What is the effect on the evidence if the police took an illegal shortcut and acquired their evidence by use of stolen cell phone keys?
- What appeals from those already convicted could arise, from tainted evidence, collected through phone calls illegally tapped without a warrant?
- What technologies were developed which could have assisted the people who stole or leaked the vast quantities of Credit Cards from large retailers?