1998-04-22 - Re: Position escrow

Header Data

From: Phil Karn <karn@qualcomm.com>
To: cryptography@c2.net
Message Hash: a8a60cbd563aa0c44972fdd249d0e4a8a8bc7b426b4b9bf801dd851a65d563dc
Message ID: <199804220153.SAA22662@servo.qualcomm.com>
Reply To: <199804220101.AA20326@world.std.com>
UTC Datetime: 1998-04-22 01:54:01 UTC
Raw Date: Tue, 21 Apr 1998 18:54:01 -0700 (PDT)

Raw message

From: Phil Karn <karn@qualcomm.com>
Date: Tue, 21 Apr 1998 18:54:01 -0700 (PDT)
To: cryptography@c2.net
Subject: Re: Position escrow
In-Reply-To: <199804220101.AA20326@world.std.com>
Message-ID: <199804220153.SAA22662@servo.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


I think you guys are worried about the wrong problem.

The E911 stuff is still years off. Even when it is deployed, it will
probably work only during a call, though this may depend on the exact
method.

In my opinion, idle cell registrations -- which are already standard
cellular system practice -- represent the far more serious privacy
threat.

The cellular network uses registrations to locate mobiles so that page
(incoming call) messages can be directed to the user's cell instead of
being inefficiently "flooded" over the entire network. (I note that
each AMPS paging channel is 10 kb/s while the usual one-way paging
system operates in flood mode at something like .5 - 2 kb/s. But
cellular phone calls have to go through in seconds, while pager
messages often take minutes.)

While these registrations are not quite as precise as the E911
locating stuff under discussion, they can be precise enough. They'll
locate you to a given cell and sector, to say nothing of a given city.
In many heavily populated places, cells are pretty small.  And most
importantly, registrations occur whenever the phone is on -- whether
or not it's in a call. Even the most heavily used phones probably
spend most of their time idle, and many less heavily used phones are
probably idle for days at a time.

While it would seem that a cellular carrier would have no reason to
log these messages, many do. The main reasons, as I understand them,
have to do with resolving roamer billing disputes and detecting
cloning fraud. 

The FBI is already slobbering all over these registration logs and has
been battling the CTIA to get them under CALEA -- even though Louie
Freeh specifically disclaimed an interest in them during the
Congressional hearings on CALEA.  So far the CTIA has resisted. But
knowing them, the problem is almost certainly about money and not
anything as inconsequential as personal privacy.

Phil









Thread