So, you're a master criminal, or perhaps a cheating spouse, but either way you've covered your tracks and have a high court judge ready to confirm your alibi - you were eating dinner in a club when the deed occurred. Tickets paid in cash, and a hoodie to hide from the CCTV, your story is safe - except your mobile phone network …
Where's the proof ?
That I was actually carrying the mobile phone at the time ? #
Of course you could analyse usage and network changes to try and pin it down to an individual - but I *guess* this would be circumstantial at best ?
Legal stuff aside, it's not exactly ground-breaking technology either.
Mostly correct for 2G, for 3G I beg to differ...
Quote: In addition to the cell your phone is logged onto, the network operator can record your rough distance and the direction from it.
Actually, this is valid mostly for 2G networks. In 2G networks the distance from the cell site is the key factor in sync-ing to the network. As a result the cell constantly computes your so called "timing advance" and as a result has excellent information on the distance to your phone. It also uses only the strongest possible signal from your phone ignoring multipath and reflections from buildings.
3G is quite different. First of all, the timing advance is not used and not easily obtainable. The 3G cell cites actively use multipath and multiple reflected signals to improve the signal to noise ratio. This is done very early in the signal processing path and at very low level. As a result the cell no longer knows the distance to the mobile. While you can obtain similar data from power control it is not anywhere as reliable as timing advance. Power levels depend on anything starting with what the mobile is doing at the moment, how many mobiles are camped on the cell, weather, sun's mood, etc. Frankly anyone trying to present "we put your 3G phone here and it produced a similar power control recording" should be laughed at very loudly and suspected of fraud. Add to that the picture is muddled further (especially for data) by the phone being camped on multiple cells at the same time (aka soft handover) and the picture is complete.
So while the powers that be have a lot of present capabilities based on the GSM network, it is bound to become extremely entertaining as the 3G phones become commonplace.
@ Anton Ivanov
Can you shed any light on how the EDGE network works? That is becoming the network of choice at least for ATT in the USA.
OK, next time I rob a bank, I'll remember to lend my phone to someone...or maybe just leave it at home.
Re: @ Anton Ivanov
Here is something to get you started: from 2002
Cell site analysis has provided important evidence in many recent murder cases including the murder of those two poor kids in Soham which ensured that the animal responsible is now behind bars.
Frankly, I'm glad they have the ability.
I wonder how many of the No to ID mob carry mobiles, completely oblivious to the fact that they can be tracked, kind of makes a mockery of their argument doesnt it?
Like I said in another post, I'll carry an ID card but wont pay for the privilege.
Not just the coppers
Also think about the multitude of employees at the operator who will have access to these record's, for reporting fault finding and other uses. Some with and some without scruples.
Not to mention what might be going on unseen: http://www.theregister.co.uk/2007/07/11/greek_mobile_wiretap_latest/
Screw the IDs - when I am running naked down the street, they will just have to take my word for who I am! Or else would the ID have to be implanted as a chip under the skin - which I am sure it will be at some point...
So my phone was at the scene...
Like someone said earlier on: just because my phone was there surely it can't prove *I* was there?
"I wonder how many of the No to ID mob carry mobiles, completely oblivious to the fact that they can be tracked, kind of makes a mockery of their argument doesnt it?"
On the contrary. Certainly, there will be many No2ID campaigners that are unaware of this issue, but this lends weight to their campaign by highlighting yet another tool for invading privacy and tracking everyone's movements.
Before you start with the "I've got nothing to hide...", perhaps you should consider your ignorance and read this: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565
No need for the operator
This article is in no way at the current state of the art.
You can just listen in on the GSM transmission. Surely most of it is encrypted, but there still is some information in clear text. From what I've seen the IMSI seems to be always transmitted this way. Now the IMSI is a unique identifier of the SIM.
So what you can do is simply listen in on all GSM channels and wait for packets containing the IMSI. Now you know what phone has been in what cell.
This is the big problem with GSM, it doesn't offer any kind of privacy as everybody knows your location. This is an issue which must be addressed in future standards.
@ Christian Berger
This really depends on what kind of RAN deployment the operator is using, I think you'll find GSM Phase 2 and above is rather more secure than you suggest. The IMSI isn't the real bad boy anyway and will be saved from radio transmission for security purposes wherever possible.
But be it MSISDN, IMSI or IMEI as above you can’t prove this link’s someone to any crimes as per Andre Carneiro.
Yet another loophole
I am the registered owner of 4 phones (1 for each member of the family). The police will think I am in 4 places at once?
How does this work with roaming?
Let's say I acquire a pre-paid SIM from some network operating in some other country . I can now roam onto a UK network of my choice. When the boys in black want to know where I was last Tuesday who do they ask? Even I might not know precisely which UK network I was roamed onto! Neither are the law necessarily very well equipped to request location information from Azerbajan Telecom or similarly inaccessible provider of my SIM.
A well-informed author... NOT!
> we can't say where, as they operate out of a number of Post Office boxes.
Of course not, because the only way to discover the delivery address* for a PO Box number would be...
... to ring up the Royal Mail Business Centre for the area in which the PO Box is, and ask them. Anonymously. Period. That's it. The Royal Mail doesn't provide accommodation addresses (for which you used to have to have a licence under section 5 of the Official Secrets Act 1920, until it was repealed by the Postal Services Act 2000... yes, really!), so ANYONE can ring up without giving their name and just ask.
PO Box numbers are provided solely for pre-sorting mail, NOT for true anonymity.
If for any reason (e.g. you speak to a numpty who doesn't know the Royal Mail's own rules), just politely tell them that you are happy to hold for as long as it takes whilst said numpty consults a manager at the nearest Royal Mail Operations Centre... and as if by magic...!
Jeez... hardly cutting-edge journalism, is it?
* But not the name of the person to which it is delivered, because of... (all together now!)... the Data Protection Act!
Smartphones can fix this
Not to worry, my "Multimedia Computer's" battery is dead half the time!