Surveillance Self Defense
A Pictorial Guide On How You Can Defeat Mass Surveillance
No Warrant No Problem (How LE gets your info / data)
By Theodoric Meyer ProPublica
Update, June 27, 2014: This post has been updated. It was originally published on Dec. 4, 2012.
The government isn't allowed to wiretap American citizens without a warrant from a judge. But there are plenty of legal ways for law enforcement, from the local sheriff to the FBI to the Internal Revenue Service, to snoop on the digital trails you create every day. Authorities can often obtain your emails and texts by going to Google or AT&T with a court order that doesn't require showing probable cause of a crime. These powers are entirely separate from the National Security Agency's collection of Americans' phone records en masse, which the House of Representatives voted to end.
Here's a look at what the government can get from you and the legal framework behind its power: Stuff They Can Get How They Get It What the Law Says
Who You Called, When You Called
Listening to your phone calls without a judge's warrant is illegal if you're a U.S. citizen. But police don't need a warrant — which requires showing "probable cause" of a crime— to monitor the numbers for incoming and outgoing calls in real time, as well as the duration of the calls. Instead, they can get a court to sign off on an order that only requires the data they're after is "relevant to an ongoing criminal investigation"— a lesser standard of evidence. The government can also get historical phone records with an administrative subpoena, which doesn't require a judge's approval.
Police can get phone records without a warrant thanks to a 1979 Supreme Court case, Smith v. Maryland, which found that the Constitution's Fourth Amendment protection against unreasonable search and seizure doesn't apply to a list of phone numbers. The Electronic Communications Privacy Act (ECPA) — a 1986 law that underpins much of how the government can get digital data — requires providers to allow access to real-time data with a court order and historical data with a subpoena.
Your Phone Is a Tracker
Many cell phone carriers provide authorities with a phone's location and may charge a fee for doing so. Cell towers track where your phone is at any moment; so can the GPS features in some smartphones. In response to an inquiry by Sen. Edward J. Markey, a Massachusetts Democrat, Sprint reported that it provided location data to U.S. law enforcement 67,000 times in 2012. AT&T reported receiving 77,800 requests for location data in 2012. (AT&T also said that it charges $100 to start tracking a phone and $25 a day to keep tracking it.) Other carriers, including T-Mobile, U.S. Cellularand Verizon, didn't specify the number of location data requests they had received or the number of times they've provided it. Internet service providers can also provide location data that tracks users via their computer's IP address — a unique number assigned to each computer.
Courts have been divided for years on whether police need a warrant from a judge to get cell phone location data. Back in 2005, Judge Stephen W. Smith denied a government request for real-time access to location data, and some judges have followed his lead. But other courts have ruled that no warrant in necessary. Authorities only have to show that, under the ECPA, the data contains "specific and articulable facts" related to an investigation — again, a lesser standard than probable cause. Montana, Maine, Wisconsin, Utah and Colorado have passed laws requiring police to get a warrant for location data in most circumstances. (See the American Civil Liberties Union's helpful breakdown of recent laws passed.) Recent court rulings have created a patchwork of rules depending on where you live and who's requesting the data. New Jersey's Supreme Court ruled last year that police needed a warrant to get real-time location data, and Massachusetts' Supreme Judicial Court ruled in February that authorities needed a warrant to get historical location data for significant periods of time. But those decisions apply only to state authorities in those states, not federal law enforcement agencies like the FBI.
Federal appeals courts have split on whether police can get historical location data from cell carriers without a warrant. The Fifth Circuit in New Orleans ruled last year that police don't need a warrant, while the 11th Circuit in Atlanta ruled this month that they do. The rulings mean that police in the 11th Circuit — which covers Alabama, Georgia and Florida — need to get a warrant for location data, while authorities in the Fifth Circuit — Texas, Louisiana and Mississippi — don't need to do so. A similar case, U.S. v. Graham, is ongoing in the Fourth Circuit, which covers Maryland, Virginia, West Virginia North Carolina and South Carolina. "I do think there is a high likelihood that sometime in the next two to four years the Supreme Court will be taking up this issue, and probably sooner than later," said Nathan Freed Wessler, an ACLU staff attorney who argued the 11th Circuit case.
What Computers You Used
The standard for IP addresses is the same as the one for phone records: Authorities can get a court order allowing real-time access as long the court approves that the records are relevant to an investigation. They can also get historical records of IP addresses with an administrative subpoena.
Police can thank U.S. v. Forrester, a case involving two men trying to set up a drug lab in California, for the ease of access. In the 2007 case, the government successfully argued that tracking IP addresses was no different than installing a device to track every telephone number dialed by a given phone (which is legal). The FBI obtained such a court order last year authorizing it to track the IP addresses used to log into an email account reportedly belonging to Edward Snowden in real time (although Lavabit, the email provider, resisted the order).
Messages You Sent Months Ago
Here's where the rules get really complicated. Authorities need a warrant to get unopened emails that are less than 180 days old, but they can obtain opened email as well as unopened emails that are at least 180 days old with only a subpoena as long as they notify the customer whose email they've requested. The government can also get older unopened emails without notifying the customer if they get a court order that requires them to offer "specific and articulable facts showing that there are reasonable grounds to believe" the emails are "relevant and material to an ongoing criminal investigation" — a higher bar than a subpoena. How often does the government request emails? Google says it got16,407 requests for data in total — including emails sent through its Gmail service — from U.S. law enforcement agencies in 2012, and an additional 10,918 requests in the first half of 2013. Microsoft, with its Outlook and Hotmail email services, says it received11,073 requests from U.S. authorities in total in 2012, and an additional 7,014 in the first half of 2013. The company provided some customer data in 75.8 percent of the 2013 requests. (The figures don't include requests for data from Skype, which Microsoft owns.) And Yahoo says it received12,444 such requests in the first half of 2013, providing at least some customer data in 91.6 percent of them. (The Department of Justice requires providers to wait six months before releasing data on the requests.) A coalition of technology companies, including Apple, Google and AT&T, is lobbying to change the law to require a search warrant for email and other digital data stored remotely.
In U.S. v. Warshak, the U.S. Court of Appeals for the Sixth Circuit ruled in 2010 that authorities should have gotten a search warrant for the emails of Steven Warshak, a Cincinnati businessman convicted of wire fraud in which his emails were used as evidence. The decision only applies in the Sixth Circuit, which covers Michigan, Ohio, Kentucky and Tennessee, but it's had an influence beyond those states. Google, Microsoft and Yahoo have said they refuse to turn over emails without a warrant and cited the ruling. A bill introduced last year by Sens. Patrick Leahy, a Vermont Democrat, and Mike Lee, a Utah Republican, and approved by the Judiciary Committee would update the ECPA and require a warrant to get all emails. A similar bill being pushed by Reps. Kevin Yoder, a Kansas Republican, and Jared Polis, a Colorado Democrat, known as the Email Privacy Act, secured the support of a majority of the House last month. And the Justice Department, which had objected to such a change, said last yearthat there was "no principled basis" for giving older emails less protection than newer ones.
Drafts Are Different
Communicating through draft emails, à la David Petraeus and Paula Broadwell, seems sneaky. But drafts are actually easier for investigators to get than recently sent emails because the law treats them differently.
The ECPA distinguishes gives stored electronic data — including draft emails that were never sent — less protection under the law. Authorities need only a court order or a subpoena to get them. The bills to update the ECPA would change that by requiring a warrant to obtain email drafts, but none of them have passed yet.
As With Emails, So With Texts
Investigators need only a court order or a subpoena, not a warrant, to get text messages that are at least 180 days old from a cell provider — the same standard as emails. Many carriers charge authorities a fee to provide texts and other information. Sprint charges $30 for access to a customer's texts, according to documents obtained by the ACLU in 2012, while Verizon charges $50.
The ECPA also applies to text messages, which is why the rules are similar to those governing emails. But the ECPA doesn't apply when it comes to reading texts or accessing other data on a physical cell phone rather than getting them from a carrier. The Supreme Court ruled unanimously that police needed a warrant to search the phones of people who had been arrested. The court dismissed the Justice Department's argument that searching a cell phone was not materially different than searching a wallet or a purse. "That is like saying a ride on horseback is materially indistinguishable from a flight to the moon," Chief Justice John G. Roberts Jr. wrote in the opinion.
Documents, Photos, and Other Stuff Stored Online
Authorities typically need only a court order or a subpoena to get data from Google Drive, Dropbox, SkyDrive and other services that allow users to store data on servers, or "in the cloud," as it's known.
The law treats cloud data the same as draft emails — authorities don't need a warrant to get it. But files that you've shared with others — say, a collaboration using Google Docs — might require a warrant under the ECPA if it's considered "communication" rather than stored data. "It actually makes no sense for the way we communicate today," says Greg Nojeim, a senior counsel with the Center for Democracy & Technology.
The New Privacy Frontier
When it comes to sites like Facebook, Twitter and LinkedIn, the rules depend on what authorities are after. Content is treated the same way as emails — unopened content less than 180 days old requires a warrant, while opened content and content at least 180 days old does not. Authorities can get IP addresses from social networks the same way they get them from Internet service providers — with a court order showing the records are relevant to an investigation for real-time access, and with a subpoena for historical records. Twitter has reported that it received 1,494 requests for user information from U.S. authorities in 2012, and 1,735 requests in 2013. In the second half of 2013 — the most recent time period for while data is available — Twitter reported that 55 percent of the requests were from subpoenas, 7 percent through other court orders, 26 percent came through search warrants and 12 percent came through other ways. Twitter says that "non-public information about Twitter users is not released except as lawfully required by appropriate legal process such as a subpoena, court order, or other valid legal process," except in emergencies "involving the danger of death or serious physical injury to a person." Facebook says it requires a warrant from a judge to disclose a user's "messages, photos, videos, wall posts, and location information." But it will supply basic information, such as a user's email address or the IP addresses of the computers from which someone recently accessed an account, under a subpoena.
Courts haven't issued a definitive ruling that distinguishes social media posts from other electronic communications. In 2012, a New York judge upheld a prosecutor's subpoena for information from Twitter about an Occupy Wall Street protester arrested on the Brooklyn Bridge. It was the first time a judge had allowed prosecutors to use a subpoena to get information from Twitter rather than forcing them to get a warrant. Last year, U.S. Magistrate Judge John M. Facciola in the District of Columbia modified a search warrant giving the government access to the Facebook account of Aaron Alexis, the Washington Navy Yard shooter, to limit its scope to information relevant to the investigation.
Forget the NSA, the LAPD spies on millions of innocent folks
Meet the Muslims Suing the Cops for Their Own Surveillance Records
Apple Is Right: The FBI Wants to Break Into Lots of Phones
FBI says it will help local and state law enforcement break into encrypted devices
NYPD spying in Muslim areas - with CIA's help
CIA’s Secret LSD Experiments on America
'Gestapo' tactics at US police 'black site'
Appeals Court Rules Police Can Lie to Suspects
IR LEDs used to defeat Security Cameras
By: Alan Parekh
Camera tampering to prevent capture of your criminal actions. Tampering is generally done by obstructing the camera view by a foreign object, displacing the camera and changing the focus of the camera lens.
(How to) Beat Stingray, DEA, FBI, NSA and police surveillance using a burner (for Dummies)
Not only can stingrays be used to determine a phone’s location, but they can also intercept calls and text messages.
There’s really no such thing as an untraceable call. If the government wants to monitor or collect data on your communications, it can almost always find a way. But prepaid disposable cellphones will make you harder to track.
Go to a mom-and-pop retail store and buy a prepaid phone with cash.
Prepaid phones known colloquially as “burners” can provide you with partial privacy. Even the NSA can’t track them with accuracy.
The term "burner phone" is a slang that refers to cheap, disposable pre-paid cellular phones. Burner phones are often associated with illegal activities; however, people can use burner phones for legitimate temporary phone numbers.
The big advantage that burners have over traditional wireless phones is that the user’s personal data isn’t logged at the point of sale or by the service provider.
Getting started just takes three steps:
1.) Buy a prepaid phone;
2.) Buy an airtime card;
3.) Activate the phone and add your airtime to your account. It’s extremely easy. You can add airtime directly to the phone using a “pin” number. The exact process differs from carrier to carrier, though. You need to read the instructions on your airtime card.
Calls made on burners are generally transmitted over existing networks.
In 2012, a federal appeals court ruled that people using prepaid cellphones had no “reasonable expectation” of privacy, and that the government was free to track away.
Recent leaks on the US government’s domestic spying program, it appears that burners can be legally traced. It’s just a lot more difficult.
Q. Don't you still have to provide a driver's license for proof of identity so they can register it to you?
A. Prepaid carriers can’t share your personal information because it’s not collected from its users, unless you voluntarily submit it. You can give any name, or no name at all. Like all mobile devices, you can be tracked while using the device. The problem for law enforcement, or organizations that track phones illegally, is that the user can discard the phone whenever they please. By changing devices and making cash-only transactions, it’s possible to avoid detection.
Q. How does one put money on it then without having to register on AT&T's website using a name/credit card?
A. Phone card/time is sold in stores. Use cash, scratch off code on back and enter code into phone. Phone will load amount purchased. No ID required.
Using Stingray it’s not difficult for the government to determine your location based on your burner’s communication with cell towers.
*You have to remember to leave your real cellphone at home.
Even though your smartphone is off, it is still communicating with cell towers.
Each iPhone contains a unique Exclusive Chip Identification (ECID) number that identifies the phone to the cell tower. With access to the BBP via jail-breaking, hackers may be able to change the ECID, which in turn can enable phone calls to be made anonymously or charges for the calls to be avoided.
Bloggers, whistleblowers, and our founding fathers all made use of anonymity in order to freely speak unpopular or dangerous information.
The NSA doesn’t possess the ability to fully monitor prepaid phones, they can monitor devices given certain conditions. One of those conditions: Long-term use of the same device. Once they ascertain a phone’s number, they can track it indefinitely.
Two primary kinds of prepaid cell phones exist. Those that come locked to a particular MVNO, such as Virgin Mobile and Tracfone, and those that sell SIM cards that can insert into an unlocked device.
The simpler the phone, the better.
*If you continue to use the same SIM card then it's all traceable back to your phone number/account.
The actual phone number for a GSM mobile device is attached to the SIM card. For the CDMA standard, the phone number remains with the phone itself. By changing either the SIM card (for GSM) or the phone itself (for CDMA), you may anonymously change the phone number.
Change phones or SIM cards frequently.
Another method of identifying a cellular device is through its MAC address. Tablets and smartphones come equipped with a WiFi chip. This chip include a unique identifier number known as a MAC address. Whenever your device connects to the internet over a wireless network, the MAC address is reported and recorded.
Third parties can still geolocate burner users by accessing a phone’s GPS and WiFi. Prepaid phones can also be tracked using the traditional, albeit less-accurate, method of cellular triangulation. However, even with such features enabled, locating a prepaid phone’s user remains difficult. Even the NSA has issues immediately locating and identifying prepaid burner users.
Ars Technica covered how the NSA seeks to thwart the anonymity offered by prepaid phones. Fortunately, the NSA’s methods aren’t 100% effective in identifying their users; prepaid burners still give users a means of sidestepping surveillance.
Use lazersms.com for receiving and sending SMS anonymously.
If you need to call people, use VOIP over Tor.
You can avoid SMS completely, there are several encrypted chat options (OTR is most common and robust).
Reporters and editors should be extremely careful about how and where they store information that might identify an unnamed source.
Do your part. Take two minutes, donate five dollars to help keep this information online. We receive no government or corporate funding. We can not continue this work without your support. Make an impact by making a one time donation now. Your tax deductible donation helps us provide you with content that you won't find anywhere else. Thank you for your support.
"Some writers have so confounded society with government, as to leave little or no distinction between them; whereas they are not only different, but have different origins ... Society is in every state a blessing, but Government, even in its best state, is but a necessary evil; in its worst state, an intolerable one."
--- Thomas Paine, Common Sense; forgotten American & revolutionary whose remains are lost