Stingray

I found a story on Hacker News detailing “Stingray”, and the criminal who found it:

Rigmaiden eventually pieced together the story of his capture. Police found him by tracking his Internet Protocol (IP) address online first, and then taking it to Verizon Wireless, the Internet service provider connected with the account. Verizon provided records that showed that the AirCard associated with the IP address was transmitting through certain cell towers in certain parts of Santa Clara. Likely by using a stingray, the police found the exact block of apartments where Rigmaiden lived.

Let’s get this out of the way first: what Rigmaiden did was wrong, and he deserved to be punished for his fraud. However, the abuse of power by law enforcement, and the way in which they were able to track him with Stingray, without a warrant, was even more heinous.

So what is Stingray, and why should we care? First, the “what”: Stingray is essentially a fake cell tower. Your phone connects to it, and it proxies the traffic so you don’t realize what’s happening. All the while, your phone is being tracked by law enforcement. So why should we care? Isn’t this only going to affect criminals?

As we’ve seen from the Snowden revelations, such operations by government agencies and law enforcement start out with the best of intentions, and quickly devolve into unconstitutional, unwarranted surveillance operations that target even the most minor of suspects, or even the innocent in the case of NSA spying. Even worse, these tools can be used to create an all-out police state in the hands of a tyrant.

So what does this have to do with crypto?

We can see from the Rigmaiden case that cryptography is not the end-all, be-all solution touted by some. Quite the opposite — crypto is but one piece in the security puzzle. Consider this: if you’re using Signal for end-to-end encryption of your communications, and some malicious entity has surreptitiously installed a keylogger on your phone, does it matter that your communications are encrypted?

The Rigmaiden case also tells us how important cryptography and security are for keeping unconstitutional behavior in check. Had there been a mesh network in use, connecting via an exit node to the wider internet, Stingray would have been useless. Combined with a DC-net, communications could have been kept truly anonymous.

My previous two statements are fairly broad and assume a lot, so let’s narrow them down a bit. What if each apartment complex used a mesh network, such that all of its inhabitants shared one high-throughput exit node? Of course, this only begs the question: how do we encourage adoption of such technologies?

I thought it would take something like the Snowden revelations, but unfortunately, that story ended not with a bang, but a whimper. It may take a seismic event, even more shocking than Snowden’s story, to shake us into action. What will it take? I’ll write more about the technologies we can use to subvert these abuses of power, and what it will take to spur adoption, in future posts.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.