France passes bill to allow police remotely activate phone camera, microphone (opens in new tab)

Note that it is not just police. The core of GPS network, SS7 system, is more than 50 years old in this point. It is often exploited by authoritarian states, sometimes to the end to get human right activists and journalists murdered.

https://attack.mitre.org/techniques/T1430/002/

Our crook friends in Israel sell this as a service

https://privacyinternational.org/examples/3429/nso-group-off...

Correct me if I'm wrong, but cell phone companies only know which tower you are currently connected to. So it's pretty inaccurate. The only thing that is "house accurate" is the GPS on your phone. That means they need access to your phone to get that info.

Remark that GPS doesn't need to be turned on. Google mapped all Wifi's and so can locate you without GPS.

The question is how accurate is cell tower triangulation?

No. They can locate anyone's phone on demand. The services that do this can generate a likely street address from GPS or tower triangulated location.

This is how many criminals now get caught while on the run. It isn't magic police work but rather the personal tracking device everyone carries. Likewise some spree killers have been tracked down by geofencing phones known to be around all crime scenes and zeroing in on the one that shows up at all/most of them.

> Despite all the technology in the world the majority of police work is still plain old-fashioned knocking on doors and making phone calls. People will always voluntarily give up all the information in the world to be seen as good citizens. In your friend's case I'm willing to bet that they asked the sister for the names of his close friends and acquaintances and yours matched up.

Sure, but that doesn't pass the smell test in this situation:

1. That's a lot of work, which would take a lot of time to do. For instance, does the sister know the OP's number. His full name? His first name? Are they going do all the work to piece together fragmentary information for a wellness check?

2. The technology exists and is widely deployed for the police to straightforwardly take a quick shortcut around all that work.

And most importantly:

3. The police said they took that shortcut.

or they just triangulated using his cell phone, it can be very accurate in urban settings

They just call the phone and the system will typically triangulate it if it rings. It's used all the time in search and rescue.

I like this idea, very human. Social engineering basically. And at the end, they are not required to tell you their method.

No one is arguing that it's illegal, OP only said its 'spooky', therefore bad. Sometimes bad things are plainly allowed by federal law.

Doesn't such tracking require a warrant?

Looking at call logs may require less.

Not really, best in class network probes will regularly give you positions that are wrong by a few km, you need quite a bit of cleaning to reconstruct accurate paths.

That's why something like MDT was added to 3GPP standards and emergency calls trigger a hard GPS fix.

How can you triangulate if you're only connected to 1 tower?

Fairly certain you can apply this to nearly any government.

I like this comment because I always assume a majority of people here are Americans, but I'm not, and maybe it's not true anymore.

I've (unfortunately) got a habit of accidentally assuming forums are "in the US". I think I would put it down to a couple of things:

1. Most native English speakers are in the US, so the accidental assumption that someone is American is more often than not correct.

2. The internal voice that reads text to me has a generic male American accent.

Take your pic, most G8-20 are doing this.

Pick one

Y Combinator is an American company and the website is hosted in the US.

At this point, they don't even need to brainwash anybody - they will just 49/3'd the law and say "xxxx it" to the parliament.

Nah, profit motive by the companies is reason enough.

Soonish?

https://www.europarl.europa.eu/news/en/press-room/20230609IP...

Meh, phones with removable batteries are still being made. Samsung's Galaxy Cover line has plenty of phones with removable batteries. Some even feature the much feared IP68.

Wouldn't a Pixel phone be vulnerable to USA giving Google a 'national security letter' saying to make your phone remotely accessible with a personalised update, say? Google seem like they could - and if paid, would - readily do that whilst other companies could hide behind lack of resources or whatever.

I just assumed that USA three letter agencies paid larger companies upfront to implement back doors; seems to fit with past form. Why would they not do that. Indeed it always struck me the debacle with Huawei where USA government smeared then to prevent their equipment being used in UK was so that USA-manufactured equipment with USA-controlled backdoors would be implemented instead ... it might only have been financial protectionism but it just seemed too big a protest.

/tinfoilwrappedforfreshness

Nexus/Pixel devices literally come out of the box with Verizon background crapware installed that you cannot disable or remove even if you're not a Verizon customer.

Google long sold out, friend.

Regarding the Faraday bag, as I mentioned in another comment, that is not useful because the phone could be recording your audio anyway and then just transmit it later when you take it out of the bag. What you'd really want is some kind of soundproof box, but I'm not sure if an effective one exists because microphones can be sensitive and audio recordings can be amplified.

Faraday bags are not effective against all frequencies. Specifically the 5G frequencies are known to be very difficult to block with a cage ( but do have relatively short ranges)

I prefer hardware kill switches (and my phone has them).

and ban 'noisy devices' at protests in the name of fighting terrorism, as well as categorizing a kitchen pan in that category.

Unfortunatelly the baseband is not controlled by GrapheneOS

> It's already common to see criminals and dissidents get busted because they think that turning a phone off stops it from reporting location data.

That’s an incredible claim to make with no source. It seems unreasonable to suspect Apple and google would allow some chips they don’t access to battery even when powered off.

Do the cameras/microphones need to be controlled by the baseband? Naively they seem like they should be at a slightly higher level than the main radios, and should be controlled exclusively by the OS. I'm guessing from your comment there's some reason that's not the case though?

I wonder if the microwave tip works.

Or the manufacturers will just not sell their phones in France. Ultimately it’s the French citizens that will miss out.

Oh. We've been doing that for decades in the US.

To be fair, in English, the word "tens" is much more rare than "dozens."

In this context they're largely interchangeable, but "tens" is much more clunky and probably a worse translation.

I dunno, I think the number will increase above dozens. They certainly won't start out doing dozens a year, then pare it down to one or two, and eventually realize the don't even really need it. More likely, the number of uses per year will creep up, until eventually it's not as controversial as it used to be, at which point it'll jump dramatically. As a comparison, in the U.S., no-knock warrants were controversial when they were first implemented, and they were stated as being only for very special circumstances—ya know, terrorists and such—and now they happen about 70,000 times a year, mostly for dangerous activities like marijuana possession or distribution. The ratchet only goes one way, which is why it's dangerous to grant the premise of "we'll only use this in exigent circumstances, we pinky swear".

Exactly. The total number of cases doesn't really matter that much, it's the capability and willingness.

>"[Though] there is no legal requirement for the statement to be true [...]"

This is a major flaw in Western democracies. A person acting for the government, making a statement that the public would see as official, should be bound by law to tell the truth; or at least not lie nor commit deception.

People like UK ex-PM Johnson are effectively committing treasonous fraud, by lying to the public, and getting off scot-free.

Also, I recall that the green light on the apple camera is controlled by the camera's firmware, making it more difficult to turn on without the light come on. (You'd need to overwrite the camera firmware.)

iSight cameras had an LED that was supposedly unbypassable. Turns out that was bullshit and it was trivial to rewrite the iSight module's firmware.

> cars

For the very strange who accept driving the new "smartphones with wheels".

Including, note, the cars with the embedded telephone as mandated by the european union past 2018 - the e-call systems. Some articles went "there could be privacy issues, but it is a remote eventuality": now you see that someone could push as normal an eavesdropper in your car.

Apple is good at /marketing/ their security, not being good at security.

"Apple complies with local laws in each of the countries in which it operates."

It's insecure by design because the NSA has for decades purposefully degraded the security of everything they can get their hands on to make it easier for them and law enforcement to spy on.

They don't want you listening in on John Q. Senator's phone calls, but they sure do...

Replying so I can read all of these later.

This bill could be step one. Step two could be a requirement for SW/HW manufacturers to add a backdoor since this is not really effective to fight crime this way. I'm not saying it is planned or there's some conspiracy for establishing a totalitarian state.

But we can't really predict the future and more loose rules could be introduced by the next government with a totally different agenda who might thank for the previous one for creating this legal framework.

Also, this section is weird too:

> They said sensitive professions, including doctors, journalists, lawyers, judges and MPs, would not be legitimate targets.

Apparently software engineering is not a sensitive job.

Is it expensive to compromise a phone?

Is it sensitive to compromise a phone, now that there is a national law allowing it, passed through a democratic process?

Right.

> aspiring

he thinks he's smarter than everyone, and he therefore feels justified ramming his policies down everyone's throats.

Exactly. Don't count on the next-gen mega-state to have a long-term positive effect on your life.

The terror was fully part of the revolution, and was notably when the vote for France to proclame itself a Republic happened. Support for and against the king came and went throughout the revolution. The vote for abolition of monarchy in 92 (so, 3 years after it began!) and then for death penalty of the king in 93 was heavily influenced by the fear of retribution for whom may vote against. France would likely still be a monarchy if not for the terror.

FWIW, France became an empire, then was restored as a monarchy, then back an empire and monarchy before it became a republic durably.

Revolution was not a series of peasants and commoner ridding themselves of their despots, it was much more dirtier, political and complex than that, which doesn't prevent to still be behind the ideals that drove the events and find it beautiful.

And very shortly thereafter, an emperor :-)

what you call red terror was merely a preludium to the much more servere and large scale 'white terror' the royalists and their supporters comitted much more horrifying and large scale terror on a massive scale. The right-wing terror that followed the revolution is somehow never mentioned. I guess people still buy into the scarlet pimpernel bs.

https://en.wikipedia.org/wiki/First_White_Terror

Looking at European history, I don't think that we can claim that the continent is today more authoritatian than it has been in the past.

Wikipedia is not very helpful. Try this one:

https://foreignpolicy.com/2021/04/09/bernard-henri-levy-bhl-...

I liked Lévy's insistence on human rights but he became an ideological crusader.

And though he is as bourgois as possible he advocated in his article for social reforms (but no talking about police reforms).

(and by the way: his Sartre book is great)

It's not so simple. Without order there can be no liberty, but absolute order isn't compatible with liberty either. Liberty exists in a balance which may easily be lost.

Of all of the issues in the US, I genuinely believe FISA and FISC are the largest issues today. There can be no secret courts in a real democracy (or republic or whatever else you want to call it). The government can't be by, for, and of the people if they have a recourse to lock away people that can't have the sun shine on it.

It astounds me that this is just accepted as a practice in the US. Or am I being naive?

How can a judge possibly have all the context required to make a decision like this, do they get access to the Intel so they can verify the claims?

From what I've read, the current theory is that access is initially possible using the cellular modem. Building and running a custom Android wouldn't necessarily help in that case, because the modem/baseband firmware is completely isolated and runs independently of the OS.

It seems like general camera/audio recording would need a secondary exploit.

https://android.stackexchange.com/questions/219230/where-is-...

Or CalyxOS.

calyxos.org

Are you suggesting widespread conspiracy between governments and tech companies?

I'm strongly in favor of physical switches and I detest where technology is nowadays, but it seems pretty likely to me that they removed the physical switches because:

1. It simplifies (cheapens) production costs

2. It eliminates points of failure

3. It reduces user error opportunities

4. It makes it easier to waterproof devices

5. It makes it easier to make devices smaller

And surely others that don't require a major conspiracy.

well, it has sw switches at least, but yeah, i would love to :)

Almost all EU, the UK, US, Australia, NZ, etc. Even though all of them are far from perfect, it's still significantly better than in most places elsewhere.

France is currently following a path close to what Hungary did before, with a steady reduction in press freedom, political freedom, and individual freedom, coupled to a progressive erosion of the rule of law (a significant recent example came from the protests regarding the pension reforms: the government started banning most protests, but the ban was almost systematically lifted by courts. Then the government took a shady approach: the protests were banned, but the official text for the ban weren't published anymore as they should, so it could not be contested in front of courts, and people who still went to the protests got arrested for “attending to a banned protest”, and detained up to 48 hours (no justification needed, no recourse) before being released with no charge).

For sure France isn't PRC, but there's a full spectrum between ideal democracies and totalitarian dystopia, and France is much closer to what's called “Illiberal democracies” than to the former.

One can only hope that not also part of the design since day zero.

Many dumb phones have off switches (which actually work), or better: removable batteries.

(You can simply break the circuit with a piece of paper between the battery terminal and phone contact for convenience.)

Maybe fewer avenues for them to activate the microphone, though.

I believe it's somewhat unrelated to the rioting.

If you look at France it's not all of France rioting (through all of France was protesting).

Instead its a specific group of people defined by at what kind of place they live in: Banlieues. This is a form of ghetto which is historically mostly populated by people which grand parents had a migration background and which due to an economical shift had en-mass lost their jobs (the grand or grand grand parents).

This people grew up as French where told all the social norms and expectations of French society etc. At the same time they are often not treated as French have close very little chances to get any job at all. Just having a address at the border of a Banlieues is enough for you not even be considered for a job.

Over the last decades this has gotten so bad that by often police isn't really present in the Ghettos at all, and if only in larger groups. At the same time this distress is frequently abused by extremists, e.g. religious ones.

But that also means that most people in Banlieues probably do not care too much about this law as it is unlikely to ever affect them anyway. At the same time it's also true the other way around, the police cares too little about the Banlieues to abuse it to target the huge majority of people there. Similar if they move against people there they know very well that this people do not have good ways to properly legally defend themself.

But who will be targeted by this are e.g. environmental activists. For example France has in the past already (many times) declared some environmental activists as domestic terrorists and used anti-terrorist laws to spy on them in various ways.

I probably are wrong in some points at least somewhat, but I think it might be still worth to consider some of the arguments.

Then you are out of luck, of course. I didn't claim it would be without drawbacks. But it's basically your only good recourse.