Tech will not save us.
If you've ever been to a big political action you probably know how important it is to have a reliable communication channel. You have to reconnect with your buddies if you get disconnected and communicate with others about police movements, other environmental hazards, and transit conditions.
But there are many reasons why taking your phone with you to a political action in a police state might actually put you in danger. Probably the most well known reason is that if you are arrested, police can and frequently will try to get you to unlock your phone so that they can access the contents and potentially find evidence to incriminate you or someone else. In a protest environment this might also involve learning about protesters plans or movements. In the US, police cannot legally require you to unlock your phone (unless it's with FaceID or a fingerprint, this is a legal grey area [1]), but if you unlock it yourself they can access your device. This alone convinces a lot of people not to bring, or to bring a temporary disposable phone, to a protest.
Additionally your phone puts out a lot of data that can be used by police to identify, track, and even fully hack your communications. Our phones use several different types of connections to communicate with other devices and the internet.
First, there is cellular data. Phones connect to cell towers owned by telecommunication companies using communication standards like LTE (4G, 5G) and GSM (2G). Normally, the connection between your phone and the cell tower is encrypted. This means that a cop with a radio, monitoring the radio waves in the area, can’t listen in on the data moving between your phone and the cell tower. But with a warrant they CAN request that data from your cell provider, who has full access to everything you send and receive on their cell network[2][3]. This is a good reason to use a secure, encrypted messaging app like Signal that adds another layer of encryption on top of the network's encryption.
Many police departments around the country are increasingly getting access to tools called Cell Site Simulators (aka IMSI-catchers or Stingrays) that can change this [4]. Cellular networks may be encrypted but they haven’t always been, and they definitely weren't designed with security and privacy in mind. There are a lot of technical tricks that police and other hackers can use with cell towers to locate phones. Cell Site Simulators are devices that trick cell phones in the area into connecting to them like a cell tower. When a phone connects to a cell tower it shares something called a International Mobile Subscriber Identity (IMSI) number that uniquely identifies that phone. Because this number is unique it can be used to identify a phone to a cell provider, in other words police can use it to identify the owner of a phone. What's worse is that some Cell Site Simulators can use insecurities in the design of cell tech like GSM and 2G to listen in on a phone's communication with the legitimate cellular tower, rendering the cellular network’s encryption useless [5]. The range on these devices when used by local police is large enough to cover an entire crowd of protestors, but federal agencies have access to plane mounted Cell Site Simulators that can survey an entire city of cell phones [6].
To put this in perspective, although the Seattle Police Department denied having Cell Site Emulators in 2014 [7], the Tacoma police does [4], and civilian research has detected their use in the downtown Seattle area [8]. Given the history of federal surveillance and terrorism of black activists in the united states [9][10], it should come as no surprise that federal agencies such as the FBI and DEA, now authorized to involve themselves in policing protests [11][12], are now deploying technology like plane mounted Cell Site Emulators around the country [13][14] (more on that later). So it is not at all unreasonable, especially in a city with very active unrest like Chicago, Minneapolis, or Washington D.C., to assume that your phone’s IMSI might be recorded by the police while you are at an action.
For this reason and others (cell towers becoming overwhelmed) many people chose to put their phones in airplane mode while at protests. This protects them from most of the risk of Cell Site Simulator technology but it prevents them from communicating digitally. This is where a new set of startup apps come in. Bluetooth and Bluetooth Low Energy (BLE) are entirely different communication standards for phones that use different radio wave frequencies than cellular tech. This means that they can work when your phone is in airplane mode and disconnected from cellular networks.
One such app, Bridgefy, became popular among protesters in Hong Kong and India who feared police interference in their communication [15]. Instead of each phone connecting to a central tower, Bridgefy uses a mesh network where each phone connects to other phones near it and messages bounce from one phone to another until they eventually reach their destination [16]. This mesh network design, although much slower and less reliable, has no central point of failure. Police can take away people's phones or broadcast signals that jam all traffic in an area but they can’t take out the entire network as long as there are enough people using the app.
Bridgefy, however, was not developed explicitly with this purpose in mind. The founder of the start up says "We're working to become the standard for offline communications. Large music and sports events, natural disasters, government control, and underprivileged communities..." [17]. The messaging app is actually a demo app for the underlying mesh network technology that is designed to be sold to other app designers. The marketing material states "By using your app when it was previously impossible to do before, your users will generate data that none of your competitors has access to.” [18] The companies business model is based around providing a platform for app makers to mine users data for profit. To them, protesters, people experiencing natural disasters, and “underprivileged communities” are simply a new user base to exploit. This philosophy is apparent in the tracking software the messaging app uses to mine data on it’s users [28].
This kind of economical approach to building technology for the underserved is not new [19], but it has troubling consequences for the technology. BLE is not secure by nature. Although I’m unaware of any devices marketed at police for intercepting BLE communication, it is possible for anyone with some hacking knowledge and ~$120 dollars of hardware [20] to intercept BLE messages [21]. So there is nothing stopping law enforcement entities from intercepting and identifying messages sent via Bridgefy. What protections does Bridgefy have against this? Does it have encryption? The answer is … probably but we have no way of verifying that it actually works.
Because of Bridgefy’s position as a for profit startup their apps code is secret. In their documentation they say that "Message content is secured through a 256-bit encryption…” and “encrypted content can be sent using RSA encryption.” [22][23]. But without independent verification we have little way of knowing whether this is accurate or the encryption is effective. It’s totally possible, given the track record of US federal law enforcement [24][25], that if there are flaws in the mystery cryptography that Bridgefy uses they have already developed tools to intercept and decode messages.
For this reason I don’t think that it is wise to put very much, if any, faith in Bridgefy. We can not count on technology developed for profit to protect us from the immense surveillance state we live in. If I seem paranoid it is because I have seen too many instances of federal, state, and local agencies ridiculous post-911 intelligence capabilities being used for international and domestic terrorism. I have no faith in law enforcement to make accurate decisions about what is a real threat to americans well being and what simply threatens the white profit driven status quos of our country. The only defense we have is collective community collaboration and action.
Thankfully there are other options that are becoming available for BLE mesh network apps. Briar is a messaging app that communicates over Tor when your phone is connected to the internet (meaning it is encrypted and very anonymous) and uses BLE mesh networking with independently verified encryption and security [26] when cellular networking is not available. Briar however is currently only available for android phones. Bridgefy is also “currently implementing an award-winning, renowned, and sophisticated encryption protocol, and will include it in a version of the Bridgefy SDK that will be published sometime in July or August 2020.” [27] (I’m placing my bets on libsignal). Whether Briar will be able to gain adequate usage to make it useful as a mesh network at protests, or Bridgefy will be able improve their security, remains to be seen.
Either way, the arms race of developing technology for protest safety is one we are unlikely to win outright. BLE has fundamentally shaky security that can leak Bluetooth addresses (like IMSI numbers but for bluetooth) that can be used by law enforcement to link individuals to protests and track their movements. Although there is absolutely no reason law enforcement should have access to them, many wealthy cities use traffic flow sensors that record identifying device information to track phones in cars as they move across cities (including Seattle) [29]. On the other hand law enforcement DO have extensive access all across America to surveillance cameras, body cameras, and aerial cameras and the facial detection software to identify suspects in images and videos [30] (masks, hats, and glasses can lower accuracy but do not always defeat facial recognition). Remember the aerial surveillance I mentioned earlier? Well the other two types of planes that have been spotted circling cities with mass protests are older RC-26B surveillance planes and predator drones (yes, those things the national government has used to commit indiscriminate acts of terror in the middle east for two decades now). Both of these have the capability to stream and record high zoom infrared and thermal imaging video as detailed as this [34].
I’m sharing this not to scare you, but to drive home the point that novel technology will not save us from domestic terrorism and police violence. This is not a problem we can solve with silicon valley innovation and ideas. This is a problem that can only be solved by direct collective action. So use an app like Bridgefy if you need to send that emergency “meet me at the link station” message but don’t for a second think that the trauma our country is experiencing right now is something that can be solved with a technical engineering solution. In closing I leave you with a poetic comment left on a ycombinator post about Bridgefy and the Hong Kong protests: [35]
“...Tech is as addictive as any other addiction.
Intellect is the addictive substance.
Big brains know it,
We use it,
We think along with it.
So what got lost?
When did we stop to think like a humble monkey instead like a greedy machine ?
couple more questions.
point - Balance the mind with its own nature and external influence.
Reject if something feels wrong. Or atleast dont express.
Depression is prevalent in tech.
Why ! Because brain was giving you signs from beginning that it isnt healthy.
Everything is connected...“
[1] How Do I Prepare My Phone for a Protest? – The Markup. (n.d.). Themarkup.Org. Retrieved June 5, 2020, fromhttps://themarkup.org/ask-the-markup/2020/06/04/how-do-i-prepare-my-phone-for-a-protest
[2] (2020, February). AT&T February 2020 Transparency Report [Review of AT&T February 2020 Transparency Report]. https://about.att.com/ecms/dam/csr/2019/library/transparency/2020%20February%20Report.pdf
[3] CARPENTER v. UNITED STATES. (2013). LII / Legal Information Institute. https://www.law.cornell.edu/supremecourt/text/16-402
[4] Stingray Tracking Devices: Who’s Got Them? (2018). American Civil Liberties Union. https://www.aclu.org/issues/privacy-technology/surveillance-technologies/stingray-tracking-devices-whos-got-them
[5] Gotta Catch ’Em All: Understanding How IMSI-Catchers Exploit Cell Networks. (2019, August 14). Gotta Catch ’Em All: Understanding How IMSI-Catchers Exploit Cell Networks. Electronic Frontier Foundation. https://www.eff.org/wp/gotta-catch-em-all-understanding-how-imsi-catchers-exploit-cell-networks
[6] Crocker, A. (2016, March 9). New FOIA Documents Confirm FBI Used Dirtboxes on Planes Without Any Policies or Legal Guidance. Electronic Frontier Foundation. https://www.eff.org/deeplinks/2016/03/new-foia-documents-confirm-fbi-used-dirtboxes-planes-without-any-policies-or-legal
[7] Cell site simulator acquisition and use (Seattle Police Department). (n.d.). MuckRock. Retrieved June 5, 2020, from https://www.muckrock.com/foi/seattle-69/cell-site-simulator-acquisition-and-use-seattle-police-department-12236/
[8] SeaGlass City-Wide IMSI-Catcher Detection. (n.d.). SeaGlass. Retrieved June 5, 2020, from https://seaglass.cs.washington.edu/
[9] Black Extremist. (n.d.). FBI. https://vault.fbi.gov/cointel-pro/cointel-pro-black-extremists
[10] (2018, March 19). FBI Tracked an Activist Involved With Black Lives Matter as They Travelled Across the U.S., Documents Show. The Intercept. https://theintercept.com/2018/03/19/black-lives-matter-fbi-surveillance/
[11] Klippenstein, K. (2020, June 2). The FBI Finds ‘No Intel Indicating Antifa Involvement’ in Sunday’s Violence. Www.Thenation.Com. https://www.thenation.com/article/activism/antifa-trump-fbi/
[12] The DEA Has Just Been Authorized to Conduct Surveillance on Protesters. (n.d.). BuzzFeed News. Retrieved June 5, 2020, from https://www.buzzfeednews.com/article/jasonleopold/george-floyd-police-brutality-protests-government
[13] (n.d.). Casual aircraft surveillance of US citizens [Review of Casual aircraft surveillance of US citizens]. Twitter. https://twitter.com/i/events/1267841582096617472
[14] Cox, J. (2020, June 3). The Military and FBI Are Flying Surveillance Planes Over Protests. Vice. https://www.vice.com/en_us/article/y3zvwj/military-fbi-flying-surveillance-planes-george-floyd-protesters
[15] Koetsier, J. (n.d.). Hong Kong Protestors Using Mesh Messaging App China Can’t Block: Usage Up 3685%. Forbes. Retrieved June 5, 2020, from https://www.forbes.com/sites/johnkoetsier/2019/09/02/hong-kong-protestors-using-mesh-messaging-app-china-cant-block-usage-up-3685/#6ca9b6ff135a
[16] https://static.hkej.com/eji/images/2019/08/26/2230121_83815002f83409110c808245e8a79326.png
[17] Bridgefy: A startup that enables messaging without internet EJINSIGHT - ejinsight.com. (n.d.). EJINSIGHT. Retrieved June 5, 2020, from https://www.ejinsight.com/eji/article/id/2230121/20190826-bridgefy-a-startup-that-enables-messaging-without-internet
[18] Technical Features | Bridgefy. (2020). Bridgefy.Me. https://bridgefy.me/technical-features/
[19] The fortune at the bottom of the pyramid. (2005). Choice Reviews Online, 43(02), 43-1063-43–1063. https://doi.org/10.5860/choice.43-1063
[20] Ubertooth One - Great Scott Gadgets. (n.d.). Greatscottgadgets.Com. Retrieved June 5, 2020, from https://greatscottgadgets.com/ubertoothone/
[21] Sarkar, S., Liu, J., & Jovanov, E. (2019, December 1). A Robust Algorithm for Sniffing BLE Long-Lived Connections in Real-Time. IEEE Xplore. https://doi.org/10.1109/GLOBECOM38437.2019.9014318
[22] https://github.com/bridgefy/bridgefy-android-samples
[23] https://github.com/bridgefy/bridgefy-ios-developer
[24] Vault7 - Home. (n.d.). Wikileaks.Org. Retrieved June 5, 2020, from https://wikileaks.org/ciav7p1/#PRESS
[25] MacAskill, E., Dance, G., Cage, F., Chen, G., & Popovich, N. (2013, November 1). NSA files decoded: Edward Snowden’s surveillance revelations explained. The Guardian. https://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded#section/6
[26] Briar - Darknet Messenger Releases Beta, Passes Security Audit - Briar. (n.d.). Briarproject.Org. Retrieved June 5, 2020, from https://briarproject.org/news/2017-beta-released-security-audit/
[27] FAQ | Bridgefy. (2020). Bridgefy.Me. https://bridgefy.me/faq/
[28] εxodus. (n.d.). Reports.Exodus-Privacy.Eu.Org. Retrieved June 5, 2020, from https://reports.exodus-privacy.eu.org/en/reports/me.bridgefy.main/latest/
[29] (n.d.). 2019 Surveillance Impact Report Acyclica [Review of 2019 Surveillance Impact Report Acyclica]. Seattle Department of Transportation. http://www.seattle.gov/Documents/Departments/Tech/Privacy/SDOT%20Acyclica%20Final%20SIR.pdf
[30] Clearview AI. (2020, June 3). Wikipedia. https://en.wikipedia.org/wiki/Clearview_AI#Customer_list
[31] The Perpetual Line-Up. (2000). Perpetual Line Up. https://www.perpetuallineup.org/
[32] The Predator, a Drone That Transformed Military Combat. (2018, March 9). National Air and Space Museum. https://airandspace.si.edu/stories/editorial/predator-drone-transformed-military-combat
[33] Swain, E., & Schwarz, J. (2019, December 25). Merry Christmas, America! Let’s Remember the Children Who Live in Fear of Our Killer Drones. The Intercept. https://theintercept.com/2019/12/25/merry-christmas-us-drone-strikes/
