A Simple Software Fix Could Limit Location Data Sharing

Slashdot reader nickwinlund77 quotes Wired: Location data sharing from wireless carriers has been a major privacy issue in recent years... Carriers remain perennially hungry to know as much about you as they can. Now, researchers are proposing a simple plan to limit how much bulk location data they can get from cell towers.

Much of the third-party location data industry is fueled by apps that gain permission to access your GPS information, but the location data that carriers can collect from cell towers has often provided an alternative pipeline. For years it's seemed like little could be done about this leakage, because cutting off access to this data would likely require the sort of systemic upgrades that carriers are loath to make.

At the Usenix security conference on Thursday, though, network security researchers Paul Schmitt of Princeton University and Barath Raghavan of the University of Southern California are presenting a scheme called Pretty Good Phone Privacy that can mask wireless users' locations from carriers with a simple software upgrade that any carrier can adopt—no tectonic infrastructure shifts required... The researchers propose installing portals on every device — using an app or operating system function — that run regular checks with a billing server to confirm that a user is in good standing. The system would hand out digital tokens that don't identify the specific device but simply indicate whether the attached wireless account is paid up.

Doesn't sound like it fixes anything

[saloomy]

Carriers can measure your phones signal from various towers to approximate where you are. The phone only needs to message a tower to do this. Also, this requires software the carrier has to implement. They want the data, as it has value to them. Good luck asking them to shoot their balance sheets in the foot voluntarily, and maintain that oath of privacy in the face of a court order.

Re:Doesn't sound like it fixes anything

[teg]

Carriers can measure your phones signal from various towers to approximate where you are. The phone only needs to message a tower to do this. Also, this requires software the carrier has to implement. They want the data, as it has value to them. Good luck asking them to shoot their balance sheets in the foot voluntarily, and maintain that oath of privacy in the face of a court order.

The proposal is that the carrier's will only measure a "random phone in good standing"'s position relative to the cell towers, as opposed to a known phone. Won't fly, because 911 and law enforcement requires it. If you want to fix monetization of the data by the carriers and the privacy implications of this, "just" adopt some GDPR rules.

Re:

[saloomy]

The GDPR rules are there for companies, not the government. When GCHQ wants to know where you are, the GDPR can and will do nothing for you. This is a "do as I say, not as I do" sort of law.

Re:Doesn't sound like it fixes anything

[BAReFO0t]

Actually, no, that is absolutely false.

The GDPR is for everyone. And going by experience here in Germany, the government is actually the strictest in implementing these rules. They even refuse to share data between government agencies at all. You manually have to carry the data over. (Also because they're Internet-clueless bureaucrats. :)

I can imagine that the GCHQ doesn't care much about laws and human rights anyway, yes. But 1. they're not in the EU anymore, and 2. that's still illegal. It's just that where there's no plaintiff, there's no judge. Especially in the age of cowards.

But keep spreading your fascist agenda disguised as libertarianism.

Re:

[ytene]

The UK are legally required to follow the GDPR. In the UK the provisions of the GDPR were enacted in the “Data Protection Act” of 2018.

If the UK fail to obey those provisions, the EU will block the UK from having any access to EU data, which means that the ability of the UK to continue as a service provider [particularly in the financial sector] to EU customers, will be lost.

The UK cannot afford to screw that up, and they know it.

Re:

[teg]

The GDPR rules are there for companies, not the government. When GCHQ wants to know where you are, the GDPR can and will do nothing for you. This is a "do as I say, not as I do" sort of law.

GDPR applies to both companies and the government. Branches of government (at all levels) can be sued if they breach GDPR, and in my experience try really hard to live up to the regulations. In any case, I was not proposing to cut off law enforcement and 911 - just how the companies handle your data. E.g. no selling your data without consent.

Now, if you are interested, I can note that GDPR doesn't fully apply to all parts of the government - just most parts. GDPR is EU regulation 2016/679, and regulation

Re:

[saloomy]

What I meant was any solution that requires trust in the Wireless Carrier to follow laws or promise not to track is a second rate solution. Until there is a way to stop them from pinpointing you by your own devices / software you control, these solutions are just not a guarantee of privacy. The premise with encryption like PGP is you know it is mathematically secure and you can audit it. Laws of man can not circumvent laws of mathematics. They can circumvent other laws of man, or malicious government actors

Re:

[BAReFO0t]

Not a hindrance. Phones can easily implement a "if (emergencyDetected || call.number == 911) { send(location); }".

Re:

[arglebargle_xiv]

That's the flaw with this paper, it relies on the cooperation of the carriers for it to work, in which case you may as well just ask them to cooperate by not tracking you at all.

Re:

[vivian]

The proposal is dependent on legislation that requires phone providers to use this new protocol, then not cheat. Why not skip the complexity of the new protocol and legislate that the phone providers can't collect and sell this data?

 

Re:

[BAReFO0t]

Yes, triangulation will always be possible. This is more about not knowing who you are triangulating there because the payment token is anonymous.

But that's why democratic governments were invented though. So the royalty couldn't just push what benefited them, no matter what.
We, the people (aka the government), can simply tell them to implement it, or go have a nap on the bed that is also a chopping board. ;)

Now if only somebody would bring democracy to the US... ;)

Re:

[dohzer]

This is more about not knowing who you are triangulating there because the payment token is anonymous.

Can't they just MITM your Facebook connection?

Re:Doesn't sound like it fixes anything

[ytene]

I’m sorry if this is a silly question but how is that going to work when I want to call you on your cell? My call enters your carrier’s network computers on your carrier’s network interrogate data from all their cell towers looking for your number, so they know which cell tower to route my call to and all they get back is a long list of “Customer in good standing” as an identifier?

I must be missing something, because as I see it, the carrier’s towers must have the ability to identify each handset in range, without which the network simply can’t function.

Re: Doesn't sound like it fixes anything

[PPH]

I have no mod points. But this exactly.

Re:

[superdave80]

I'll start by stating that I don't know enough abut cellular technology to give an exact answer, but they do discuss this in the paper they released.

We decouple network connectivity from authentication and billing, which allows the carrier to run Next Generation Core (NGC) services that are unaware of the identity or location of their users but while still authenticating them for network use.

I think they are trying to stop your ID from being transmitted unnecessarily (billing/authentication) which can be done with the tokens, but still identifying you for your actual network services (incoming calls/text, etc.).

Re:

[flink]

Yes, triangulation will always be possible. This is more about not knowing who you are triangulating there because the payment token is anonymous.

Why wouldn't the carrier just keep a map of accounts to tokens issued? It seems like this scheme is totally dependent on the carrier acting in good faith.

Re:

[Gaglia]

The way I understand it works is that the phone's ID will be randomized, and hence unlinkable by the carrier. In other words, yes, you can triangulate, but you don't know *who* you are triangulating. To me it looks like a neat idea. Hopefully regulatory pressure (GDPR etc, because obviously this won't happen by magic) will eventually make it attractive for carriers to adopt the scheme.

Re:

[AmiMoJo]

Didn't read the paper I see.

At the moment when a phone connects to a tower it sends a unique identifier for the SIM card, which the provider ties up to an account and decides if it wants to provide service or not.

They have replaced the identifier with a token instead. The phone contacts the billing server with account details and between them they create the token. The token is anonymous, it can't be linked back to the account, but it also can't be generated without the cooperation of the billing server.

The

Enhanced 911

[timholman]

Don't the FCC's own Enhanced 911 (E911) rules require cell phone carriers to collect geolocation data for emergency responders?

What motivation would carriers have for bypassing E911?

Re:

[Noobsa44]

I'm interested in this claim. I tried googling true locations and any bankruptcy information but failed to find it. Care to share a link to your claims?

Re:

[AmiMoJo]

When a smartphone sees you calling 911 it uses all available sensors (GNSS, nearby wifi APs etc.) to determine location and send that data to the emergency services. Cell triangulation is more of a fall-back these days, and it's not nearly as accurate.

Re:

[timholman]

When a smartphone sees you calling 911 it uses all available sensors (GNSS, nearby wifi APs etc.) to determine location and send that data to the emergency services. Cell triangulation is more of a fall-back these days, and it's not nearly as accurate.

Which is completely irrelevant if the emergency occurs in a rural area with no nearby WiFi, or the smartphone is shielded from a good GPS lock. In that case, cell tower triangulation could make the difference between life and death.

You seem to be arguing for

Re:

[AmiMoJo]

Well there's another way it can be done - the phone triangulates based on the cell towers it can see.

Re:

[RogueWarrior65]

Possibly, but that assumes that someone in trouble actually calls 911. As a long time member of search & rescue, I can tell you that many people don't. One reason is that they believe that they're going to get billed for getting rescued. That's not true in every state and in every case. When they don't call 911, we're forced to use tower pings to try to locate the subject but this method is notoriously unreliable. Ironically, what works far better is Google location services. Of course, law enforc

Dead on arrival?

[schwit1]

"simple software upgrade that any carrier can adopt"

1. If carriers are selling location data why would they cut off a source of revenue?
2. LEOs and security agencies also want this data. They would get FISA or FCC to force carriers NOT to implement.

Re:

[Actually, I do RTFA]

Well, they talk about the MVNOs (resellers of the big carrier's data) being able to implement it, not just the major carriers. So you could have a privacy MVNO that charges a premium for not tracking you.

Re:

[BAReFO0t]

Jesus Christ, it's like a democratically controlled government is not even a concept one is allowed to think about anymore...

Instead of parroting your own helplessness, why don't you use that democratic power of yours for a change?
E.g. by electing *neither* the right-wing fascists *nor* the extreme right-wing fascists.
You know... how many times do those two so-called parties of treasonous lobbyists have to show they are traitors, before you stop falling for their brainwashing? (Not saying this to shame you,

Re:

[dfm3]

how many times do those two so-called parties of treasonous lobbyists have to show they are traitors, before you stop falling for their brainwashing?

As long as the wolves keep telling the sheep, "if you're shrewd/lucky enough, one day we might let you join the wolves, and then you won't want the sheep restricting YOU, right?" the sheep will keep working against their own self-interest to benefit the wolves.

Re:

[schwit1]

FISA and FCC are not democratically elected. An example is the CDC's eviction moratorium. The CDC is not elected and they can't point to legislation where Congress gave them that authority. There response was something like 'so take us to court'. CDC lost in court. Biden says he's going to enforce it anyway.

A democratically controlled government hasn't existed for a century.

Tell me when this actually exists

[locater16]

I mean, sure, I'll sign up for the wireless carrier that does this. But until that one exists...

How do you recieve calls/SMS

[Actually, I do RTFA]

Reading through the paper (okay, skimming), I don't see how this works with receiving calls/SMS. It looks like that all gets punted to VOIP and using it just for data.

Re:

[itsme1234]

In 4G and above everything IS data (in particular over IP), yes calls are VOIP done seamlessly by a client you don't even notice (part of the standard phone software). This probably can somehow work especially in a split scenario that involves some MVNO, basically the actual network won't know precisely who's behind this or that subscriber that actually pays another company for services. Very roughly it's like UPS drivers would share and mix from time to time their phones. The network sees a lot of phones d

Pretty Good Joke

[Pierre Pants]

"We do not believe that users of PGPP, in its current form, would be capable of withstanding targeted legal or extra-legal attacks by nation-state organizations (e.g., the FBI or NSA), though PGPP would likely limit the ability of any organization to continue to operate a regime of mass surveillance of user mobility." - yeah no shit, at least they acknowledge the obvious fact that all the shenanigans they described could never actually be used in the real world. Good luck finding a single country that would

Re:

[geekmux]

Good luck finding a single country that would allow users to evade location tracking.

Wait, THAT many countries have made it illegal to NOT own a smartphone?

When the hell did this happen...

Re:

[Pierre Pants]

You don't need a smartphone for your location to be tracked.

Re:

[Pierre Pants]

and if you're talking about not using a mobile phone at all, sure, you're still allowed to do that. Don't be a smart ass, the topic is "Pretty Good Phone Privacy", I wasn't talking about a chip the government injected into you.

Re:

[BAReFO0t]

Yes, and if you don't like to breath Zyklon B, you can just choose to *not* breathe! It is your choice, mate, and hence squarely your fault! --.--

Aaah, the old monopolist pseudo-argument.

Call me when you can still live an acceptable life without a smartphone and it is a realistic choice.
Oh, wait, you can't! Cause you ain't got a phone! (No, modern dumbphones allow tracking too. And modern dumbphones are just old smartphone tech anyway.)

Re:

[gweihir]

Actually, it requires people to carry that phone. I have several, but they stay at home unless needed. Also better for my stress levels. Always reachable? What for?

Uhhh

[paul_engr]

IMSI?

This won't work

[GigaplexNZ]

that can mask wireless users' locations from carriers with a simple software upgrade that any carrier can adopt

So... a fix that relies on the attacker to deploy the fix? Dead on arrival.

I am pretty sure that is bogus

[gweihir]

May provide some fake peace-of-mind to some clueless people, but there are more ways to track location than asking the cell towers directly or using GPS.

Re:

[skulgnome]

Which are those? GeoIP is rather coarse these days, much moreso than tower data.

I don't get it

[nukenerd]

This requires the carriers to install some software to stop tracking you so they can no longer sell your movement data to whoever. Surely if they wanted to stop selling your movement data to whoever, they could simply stop selling it. So why need the software? And why would they want to stop selling it anyway?

Technological solutions not always the answer

[Improv]

If we really wanted to solve this, using laws to constrain carrier use of that information is how to do it.

Otherwise it's obvious that if carriers are, as the article says, "perennially hungry" to have/share that info, voluntary changes to their infrastructure against their financial interests are not going to happen.

That's odd

[skulgnome]

My phone has had explicit per-applet permissions for access to location data; if permission is not given then the application receives bogus data so that it cannot force an user's hand. This has been the case for years now. Are carrier ROMs permitting location data access to all programs or something? Because that's crazy.

Are carriers loathe to make upgrades or not?

[PoopMonkey]

In one sentence, they say

For years it's seemed like little could be done about this leakage, because cutting off access to this data would likely require the sort of systemic upgrades that carriers are loath to make.

How is changing the way phones are identified NOT systemic? You've introduced another moving part with the "billing server", which then hands out a token to identify things. Pretty big systemic upgrade. And why would you assume if the carrier is the one with the billing server they wouldn't make the tokens identifiable? Pinky promise?

The operative word: can

[stikves]

Let's see: "software upgrade that .... any carrier ... can ... adopt".

Why would the carriers adopt a new piece of code that will limit their ability to collect, and hence market / sell this information? Obviously the researchers themselves have no power over large corporations. The public? 99% will not even care. That leaves the government intervention. But who am I kidding? Government will want even more location tracking, as long get they get to dip their hand in the honey jar.

Just accept that your entire