While I appreciate law enforcement wanting to do it's job, there's zero technical reason to require compromised privacy and/or protocols that allow for malicious third parties to impersonate legitimate service providers, right?
There is no reason that the phone can't first check that the tower is legitimate before providing identity, and that the tower then checks whether the phone is legitimate before providing any service.
Law enforcement can have what they want without forcing the public to be subject to hacking or identification by anyone at all with an agenda or a few bucks to spare. Right?
Given the increased public awareness of internet security and privacy recently, I'd guess that increased public awareness of mobile security is either already happening or about to happen. I'm just curious how far along we are.
But LEA are the ones setting up the illegitimate “towers”. It’s not about them keeping you safe from scary black hats, it’s about them being able to use them without hurdles to jump over.
And as far as the carriers are concerned most of the public doesn’t care, LE is happy and they don’t have to spend money upgrading anything.
I’m not suggesting something that will stop law enforcement at all, I am suggesting something that will prevent your phone from connecting to any random device that any person anywhere can drop under a bush.
> But LEA are the ones setting up the illegitimate “towers”.
The article said it’s a foreign government, Israel, spying on lawmakers, not U.S. law enforcement. You are suggesting the StingRays are ours and not black hats?
> as far as the carriers are concerns most of the public doesn’t care, LE is happy
That’s because they haven’t heard from the public on this issue, nobody’s complaining because nobody knows. As soon as they do hear about it, they will realize the public cares. This is why public awareness of the lack of security in our current cellular setup is important.
Law enforcement is a non-argument in my opinion. Of course they want it easy, but we do not have to make it easy. Many of the safety measures we currently enjoy happened despite law enforcement’s complaints, including device locking and encryption.
And, like I said before, I believe they can get what they want with little to no effort and continue to spy on us without forcing the public to lose privacy to Israeli or Russian or Chinese or even your local neighborhood black hats.
The article said it’s a foreign government, Israel, spying on lawmakers, not U.S. law enforcement. You are suggesting the StingRays are ours and not black hats?
I'm saying how is your device able to distinguish between the two? As in if they lock down the towers then they are effectively preventing you from connecting to StingRays as well.
And, hey, I agree with you, I'd love to see some regulation that forced the hands of the carriers. And maybe more people would care if they knew. But I'm skeptical in this day and age where everyone seems willing to give away everything about themselves in exchange for some convenience and entertainment.
> But I'm skeptical ... everyone seems willing to give away everything
Well, I hope you get your optimism back! :) FWIW, I think there's a mountain of evidence pointing in the positive direction. It might not be a majority yet, (and it doesn't take a majoriry!) but there's tons of awareness about the loss of privacy that comes with Facebook and Google, and it's growing and being reported in the mainstream press every day now. HTTPS actually is almost everywhere, and 10 years ago it was almost nowhere. GDPR happened. There are a ton of reasons to think cellular privacy is on the way. No doubt it's frustrating that it isn't here already, and no doubt that it takes time, but personally I feel like skepticism and hopelessness is on the disappearing end of this, and that it's inevitable we'll get better mobile privacy.
There is no reason that the phone can't first check that the tower is legitimate before providing identity, and that the tower then checks whether the phone is legitimate before providing any service.
Law enforcement can have what they want without forcing the public to be subject to hacking or identification by anyone at all with an agenda or a few bucks to spare. Right?
Given the increased public awareness of internet security and privacy recently, I'd guess that increased public awareness of mobile security is either already happening or about to happen. I'm just curious how far along we are.