[liberationtech] Cell phone tracking

Seth David Schoen schoen at eff.org
Fri May 31 17:57:31 PDT 2013 

Eugen Leitl writes:

> There might be use cases for using end-to-end encrypting 
> VoIP phones on Mifi over 3G/4G (assuming you can penetrate 
> the double NAT), as here both security compartments are 
> separate.

That seems to have some clear potential privacy and security benefits,
but if you use a MiFi with a 3G account registered in your own name,
the carrier will still be able to track the location of the MiFi
device itself and associate it with your identity.

We could imagine 3G interfaces with frequently randomized IMEIs and the
use of blinded signatures to pay for service, so that the carrier will
know that someone has paid but not who the device owner is.  (Refilling
a prepaid account with that kind of mechanism needn't be much more
complicated than prepaid refills today, especially when the user tops
up their account at a kiosk with an electronic terminal as opposed to
with an online credit card payment or by buying a scratch-off card.)  I
think this gets us back to the political problem that some governments
have already made the use of these mechanisms _illegal_*.

A pretty common challenge for situations like this is that if a telco
wanted to actively cooperate in order to deliberately know less about
its customers, we might be able to figure out a way to make it work
technically.  But telcos generally don't want to do that and governments
don't want the telcos to do it either.  And this applies to other kinds
of service providers too; there's great research from the academic
cryptography world about privacy-protective ways of providing many
services but today's service providers are mostly reluctant to make use
of this research or other crypto tools to reduce what they know about
users (with a couple of shining exceptions).

Arvind Narayanan has just pushed a two-part paper in _IEEE Security &
Privacy_ about exactly this point:

http://randomwalker.info/publications/crypto-dream-part1.pdf
http://randomwalker.info/publications/crypto-dream-part2.pdf

Narayanan argues that "a mis-alignment of incentives frequently occurs"
to discourage the use of cryptography to protect privacy (particularly
in the strongest end-to-end sense) and that there is minimal demand for
protecting data against intermediaries and service providers.

(I find this paper extremely depressing, but it does describe actual
events.  If I were writing this paper, I would continue to ask how
we can increase demand for cryptographic privacy mechanisms rather
than declaring defeat.)


* To pick up on Narayanan's argument, even if this kind of service is
  legal and even if carriers thought it was a reasonable service for
  them to offer, we might expect problems with demand for it.  One
  problem for the level of demand for blinded e-cash payments for
  telecommunications services is that if users lose their mobile
  devices and don't have suitable backups, they lose all of their
  prepaid account value (because it existed only in the form of e-cash
  on the devices).  This is different from the status quo where prepaid
  balances can be associated with an account that persists and can be
  claimed by a user if even they lose a particular device.  Methods of
  paying for services that have cash-like privacy properties like cash
  could be unpopular because they expose to customers to cash-like
  risks.  And many people now prefer to pay for point-of-sale
  transactions with credit cards despite the major privacy losses
  compared to cash; probably people who regularly accept that trade-off
  would be skeptical that totally anonymous prepaid service accounts are
  a benefit.  I've recently done some research and writing about anonymous
  payments for transportation services and seen that transportation
  agencies expect very few users to prefer unregistered cash-equivalent
  payment methods that are purchased in cash.  That might be partly a
  self-fulfilling prophecy (if the agencies don't promote the idea that
  it's good to pay for transportation in a way that leaves fewer records,
  and don't do more to make this convenient, clearly fewer people will do
  it), but it's also surely based in part on their observations from
  customers' behavior.

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107

More information about the liberationtech mailing list