Who is Listening to Your Cellphone?
June 10, 2020 | 8 minutes read
Federal Wiretapping Laws
Who is listening in and recording the data on your personal calls? You may be surprised. Most Americans realize that it is a federal crime to record or “wiretap” a person’s phone calls without an approved court order from the FISA Court. Americans are protected from illegal search and seizure, or are we?
It is a federal crime to wiretap or use any type of recording device to capture others’ communications, verbal or electronic, without court approval. The only exception to this is when one of the “participating parties” has given prior consent. It is also a federal crime to use any information obtained through these recordings or to disclose information acquired through illegal wiretapping or electronic eavesdropping.
Federal and state law does not always agree. Federal law states that one party participating in the conversation can give consent to record. Thirty-eight states and the District of Columbia agree. However, the remaining states require two-party approval or all parties involved in the conversation. These regulations are very clear-cut. Without a court order, someone participating and engaged in the conversation must give the consent to record. Otherwise, to do so is a federal crime that comes with penalties and prison time. Even with these specific regulations, American corporations are producing equipment specifically designed to record cell phones’ data.
Who is Violating These Regulations?
Spying is a booming business. There is money to be made in monitoring people’s cell phones without their knowledge. Anyone can obtain the type of devices used to capture and collect cell phone data. It can be the government, law enforcement, your neighbor down the street, or a cyber thief looking for your credit card data. In all fifty states, individuals, corporations, and government authorities have been quietly investing millions of dollars to obtain mobile phone surveillance equipment for the past two decades. These devices are being produced on US soil but are also manufactured abroad. They are available for legal purchases by authorities, but they are also available for a black market price.
How Cellphone Data is Captured
Generically known as an “IMSI catcher,” it is a contentious spy tool used to track cell phones and their users. It’s a box-shaped portable device that gathers information from phones in its surrounding vicinity. It does this by sending out a false signal and tricking cellphones into connecting to it. This device can be carried, used from a trunk of a vehicle, attached to the bottom of drones or airplanes. It can be covertly set up anywhere and can be used over a targeted radius collecting hundreds of phones identifying codes. The IMSI or International Mobile Subscriber Number is one such identifying code. It also loads the phone’s ESM or Electronic Serial Number. The user can then use that data to target a specific phone of interest to monitor their location in real-time or collect a log recording all calls and texts in the targeted area at a particular time. The IMSI catcher does this by sending out a false cell tower signal, and all phones within the given area will automatically connect first to their tower. The main point is that without a specific court order, collecting, monitoring, or eavesdropping on calls of any type is a federal offense.
The Stingray
The StingRay, manufactured by the Florida-based Harris Corporation, is the most widely distributed type of IMSI device available today. Most laws governing telephone call recording are part of state criminal statutes and codes. This classification is due to the legal rhetoric that includes “phone calls” and any type of eavesdropping, wiretapping, or any intercepted communication. Regardless of the definition of how the call data is “captured,” the information is still stolen data. Is it possible that Harris Corporation is violating state and federal laws by supplying a device meant to be used to break the law? If company XYZ created a tool that allowed the user to take money from an ATM without the bank’s consent or the accounts violated, is it a legally produced and sold device? Would the company XYZ be held liable for its use?
StingRay devices are a type of IMSI catcher. It mimics a cellphone tower causing all cellphones within a specified radius to connect and pass their data through them. This type of surveillance is termed ‘the man in the middle attack.’ It is invisible and untraceable to the end-user of the cell phone. It also allows the operator of the StingRay device full access to any transmitted data.
Who is Using Cellphone Surveillance?
Many private individuals, large and small corporations, and government agencies are currently using cellphone surveillance systems and data tracking even though the US Federal law has penalties against it. The rules are written carefully to not discern between the types of data collected; it is not just limited to ‘voice recordings’ but in any kind of ‘intercepted communication.’ There are various ways that data and communications can be intercepted, and an individual can be surveilled or tracked through their cell phone data.
Cellphone surveillance can involve multiple forms of deviant engagement. It can include tracking, bugging, monitoring, eavesdropping, and recording both conversations and text messages. Phone signals can be used to monitor people’s movements from cell tower to cell tower just from being turned on.
StingRays are used to track residents of the community illegally. Users of the device can track people’s movements, intercept and record conversations, take names, and steal phone numbers and text messages from mobile phones. The person being tracked or recorded has no way of knowing that their data is being intercepted. Their call hooks up to the nearest cell tower as it usually does, leaving no trace that the data was stolen.
Tower Dumps
Another way that data from cell phone users can be used indiscriminately is through tower dumps. A tower dump is when a cell phone tower operator shares identifying information for a given period. This data can be used to determine where an individual was at any given time. When a cell phone is turned on, it connects to nearby cell phone towers to maintain a strong signal when turned off. This connection occurs even when the phone is not actively in use.
Tower dumps are a form of data that most US police can obtain without a warrant. Records from law enforcement show that police will use the initial data from a tower dump to ask the court for a subpoena or court order to obtain more information regarding specific users.
Other Methods of Data Loss
There are a variety of ways to grab data from cell phone users. For every method created to block or protect your data, a new approach is developed to steal the data. In today’s world, data is money. It can be your own carrier that sells you out. In 2018, courts ruled that Verizon, AT&T, T-Mobile, and Sprint had to cease selling location data of its users. However, a year later, the companies were continuing to sell their customer’s data. The courts and the FCC determined that this act was negligent in protecting consumers’ private personal data. Two years later, government officials are only considering fines to deter these companies’ continued profit by selling location data.
Some applications have software vulnerabilities or bugs in them that allow for a cell phone’s literal bugging. An example was the FaceTime bug. It will enable the ring to be disabled so that the phone can be called, and from a remote location, data collected through the microphone. The FBI has used ‘roving bugs’ used to collect and ‘listen’ to American citizen’s phone conversations.
Cellphone spying software can be installed on a person’s phone when they are not aware of it. This software type allows for bugging, tracking, monitoring, and recording a user’s cell phone conversations and location. This type of software is routinely used by those in abusive situations, by stalkers, and for other surreptitious reasons.
How to Protect Yourself
After learning the varied approaches to spying on cellphones, you may be tempted to throw yours out or leave it at home. There are ways to protect yourself. These are easy changes you can make to your phone that will keep your phone’s data out of an IMSI catcher’s data scoops. One such way is to use an End-to-end encryption application such as Signal Messenger, which protects cell phone data against stingray devices via cryptographic strategies.
The Signal Messenger application is available on the Google Play store. It is a cross-platform encrypted messaging service. It works by using the internet to send individual or group messages. These messages can include files, voice notes, images, and videos. The same application can also be used to make one-to-one voice and video calls. It uses end-to-end encryption, which makes the communication safe from illicit monitoring and spying. The app also includes features for verifying contacts and checking the channel’s integrity and safety being used to transmit the data. This software is free to download.
In 2020, IMSI devices are being used to collect cell phone data of protestors. These devices pick up data over a designated area, including those who live or work in a protest area. There are no methods of discernment to determine who is or is not a participant in the protest. There is no way of knowing how this data could be used against the cell phone user for merely being in the vicinity. Using the Signal app is just one way to protect your data from unauthorized access.
Another way to block data scoops by a StingRay device is to go into your phone’s settings and make some changes. A StingRay faux cell tower works on 2G settings. The GSM or Global System for Mobile Communications Standard is set to accept lower 2G signals. The StingRay jams other higher signals in the vicinity, forcing phones to connect to its 2G setting. It is possible to set your phone to accept only LTE, 3G, 4G, and 5G service. If you are found in an area targeted by a StingRay, depending on the jamming signal’s strength, you may temporarily lose service, but your phone will not connect to the StingRay device. Change your settings, and the StingRay is blocked. Protect yourself. Learn about how a cellphone is targeted to take data without your consent and find ways to protect yourself, your family, and your data. Remember, there are also many ways to steal your data that is not mentioned here. The new IMSI device called Hailstorm works on 4G, but due to its expense, most unscrupulous users do not have it – yet. To protect yourself and your data, keeping up on technology and privacy is necessary for many years to come.