Home Opinion IMSI Catchers Revive a Heated Debate on Privacy versus Security

IMSI Catchers Revive a Heated Debate on Privacy versus Security

IMSI Catchers Revive a Heated Debate on Privacy versus Security
0
Get started on your cybersecurity degree at American Military University.

By Wes O’Donnell
Managing Editor, InMilitary and InCyberDefense

Long before the June 2013 Edward Snowden revelations that the National Security Agency may have inadvertently spied on American citizens, the public was debating the importance of privacy over security. After all, it was Benjamin Franklin who said, “Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.”

Franklin was talking about taxation and defense spending as they applied to the Pennsylvania General Assembly. But that doesn’t stop some privacy advocates today from using the quote in our privacy-challenged 21st century.

The common argument I hear today seems to follow party lines. For example, I often hear those on the left demanding privacy and those on the right say they are willing to give up privacy for security.

IMSI Catchers Increasingly Used by Government Agencies and Law Enforcement

Over the past several years, a relatively new technology called a cell site simulator has entered the privacy versus security conversation. This technology is known as an IMSI (Individual Mobile Subscriber Identity) Catcher or Stingray.

Essentially, this electronic device tricks a smartphone into believing it is a cell tower, which allows agencies to pinpoint the location of phones with a high degree of accuracy. In addition, more advanced units can intercept and record communications or even alter the content of calls and texts.

We expect federal agencies like the NSA, FBI and ATF to use cell site simulators. However, the American Civil Liberties Union (ACLU) recently revealed that law enforcement agencies at the state and municipal levels, such as local police departments, use Stingray devices in criminal investigations.

According to the ACLU, law enforcement agencies in numerous states use cell site simulators:

In fact, the interception industry is booming. In 2014, the IMSI catcher industry was worth $251 million. Estimates from IMSI catcher manufacturers like the Harris Corporation claim that by 2019, the cell site simulator industry will be worth $1.3 billion.

In addition to growing, the cell site simulator industry is extremely secretive. Harris, the primary manufacturer of IMSI catchers, makes customers sign strict non-disclosure agreements when they purchase them.

According to Motherboard of VICE News, “The FBI even barred local cops from disclosing any information about the devices, and there have been a few cases where prosecutors preferred to drop charges rather than face the possibility of disclosing that the authorities had used Stingrays or similar products in their investigation.”

Implications for Privacy

If law enforcement agencies’ claims that they use Stingray devices only for criminal investigations are true, why are privacy advocates opposed to their use?

The primary argument against the use of Stingrays is that there is no definitive way to filter out a target’s phone data from numerous potential bystanders. This puts law enforcement agencies in a precarious position regarding Fourth Amendment violations against warrantless surveillance.

Just because a law enforcement agency says it will be responsible with innocent user data doesn’t mean that the agency must do so without oversight.

The IMSI Catcher Arms Race Begins

Now that IMSI catchers have skyrocketed in sales and notoriety, numerous cell phone manufacturers have promised that more robust countermeasures will be installed in future software updates and hardware. Those manufacturers include Apple and Samsung.

In addition, numerous open-source software initiatives have been designed to detect when someone operates an IMSI catcher near you. The Android IMSI Catcher Detector, AIMSICD, has been in development since 2012 and is still experimental software.

Consumers should beware of free apps in Apple’s App Store or Google Play that claim to detect IMSI catchers. Researchers at Oxford University and the Technical University of Berlin showed that they could circumvent the most popular Stingray detection apps and still trick the phones into handing over sensitive data.

An Ongoing Debate

It’s clear that the privacy versus security debate won’t end anytime soon. In our increasingly complex technical world, citizens must determine how far is too far. These issues are often strongly partisan. Ultimately, this debate involves all of us and we will help decide the outcome.

In a perfect world, one can have total privacy and complete security. Unfortunately, that is not the world we live in. Which do you prefer – more privacy or more security?

Get started on your cybersecurity degree at American Military University.

Comments

comments