Last week the Wall Street Journal broke a story on cellular spying that has troublesome implications for wireless security experts and privacy advocates. According to anonymous sources cited by the paper, the United States government is mounting devices known as dirtboxes on small planes and using them to sweep up cell phone data on innocent citizens. The aircraft are currently flying out of five major airports, covering an area that encompasses most of the continental United States.
What are Dirtboxes?
The odd name comes from the acronym of the company that originally developed the devices, Digital Receiver Technology Inc. The company is currently owned by the aerospace manufacturer Boeing.
Dirtboxes are devices that take advantage of a feature built into every cellular device. Cell phones are designed to seek out and connect with the strongest tower on the carrier’s network. This ensures the user has the best possible signal at all times. The user has no way of selecting which tower the phone chooses, even if the device is hacked and rooted.
A dirtbox impersonates a tower with a stronger signal and tricks the cellular device into connecting to it instead. The user doesn’t have to be using the phone when the dirtbox flies within range. Any phone that is powered on and not in airplane mode will connect automatically. When the phone connects to the dirtbox or tower, it transmits its location information, unique identifier and phone number.
How Are Dirtboxes Used?
Dirtboxes are not a new technology. They’ve been used in ground-based surveillance operations and to keep inmates in prisons from making calls on contraband phones for years.
The difference here is the scope. While a ground-based system might pick up a few dozen phones, a dirtbox mounted on an aircraft flying over a densely-populated area might pick up registration data on hundreds of thousands of devices. They could also be used to pinpoint a user’s location and to pull data off their device such as photos and text messages.
In addition to the sticky privacy issues, dirtboxes can cause problems for cell phone carriers and users. They disrupt the carrier’s cellular network and can cause dropped calls. According to one of the WSJ’s anonymous sources, calls to 911 are not affected.
The major question is, what is happening to the data gathered on citizens who are not the subject of a criminal investigation? In the past, federal judges have ruled that stockpiling data on unintended targets for later use is unconstitutional. The WSJ quoted someone close to the program as saying, “What is done on U.S. soil is completely legal. Whether it should be done is a separate question.”