Don’t be so shocked at spies tracking your phone
The press has been in a lather of late over reports that the Department of Homeland Security had discovered evidence that cellphone tracking tools were being used by “unauthorized” parties in and around Washington. Formally known as International Mobile Subscriber Identity catchers, and often called stingrays, these devices fool your phone’s baseband into believing it is in contact with a cell tower. IMSI catchers can use your phone’s signal to track your movements and contacts, at times might persuade your phone to turn off its encryption.
It’s a powerful, scary technology. Scarier still, federal officials admit that although they can detect the devices, they can’t find them. Still, here are three reasons that the excitement over the news from Washington is a little overdone.
First, the use of IMSI catchers by unauthorized parties isn’t news. Privacy advocates have long fought to reduce reliance on the devices by law enforcement, on the ground that they sweep up too much data from those suspected of nothing. But techies have been warning for years that stingrays could be used by criminals and foreign governments. A 2014 article in the Harvard Journal of Law and Technology was succinct: “Hostile foreign intelligence services can and, almost certainly, are using the technology in this country for espionage.”
In other words, the concern that’s suddenly making headlines has been around for a while — so long that entrepreneurs have been developing tools to help us detect their presence.
In the second place, to borrow from John le Carré, spying is eternal. We shouldn’t profess such surprise that foreign powers try to use against us the same tools we would use against them if we didn’t have anything better. Americans are always shocked to learn that we’re not invulnerable to espionage. But spying is tit for tat, and the phones to which we as a nation seem addicted are a natural and tempting target. For our own convenience, we constantly send vulnerable packets of data into the ether. We should hardly be surprised that foreign governments (or whoever the unauthorized users are) yield to the temptation to study what we so casually broadcast.
But in the third place, we should never allow ourselves to forget that lots of people who don’t happen to be spies are already spying on us. Like our cellphone carriers. Like just about every website we visit.
And that’s before we even get to Facebook. Now, I have zero interest in kicking a good company when it’s down, so let me start out by saying that users who are howling about their (anonymyized) data falling into the wrong hands may not have spent much time perusing Facebook’s terms of service. The challenge for the privacy-conscious user isn’t third parties; the challenge is Facebook itself, which exists not to connect you with friends but to package data about your online activities and use it to sell targeted advertising. Happily, the company has recently translated the list of what it admittedly collects about its users from legalese into something approaching English, and anybody with an account (all 2 billion-plus of us) should take a gander at the remarkable result.
It’s natural that we worry about digital privacy — and we do worry about it, apparently a lot — but we need to stop acting like babes in the woods. We can’t go squalling for our parents whenever some new set of prying eyes sets its sights on our data. Not when we allow all sorts of corporate strangers to rummage through our digital lives, and rarely raise a peep. That’s our Faustian bargain: Give us access to these wonderful tools, and we’ll give you access to pretty much anything you want. Along the way, all sorts of uninvited guests are bound to listen in. That’s been the deal from the start.