PropertyValue
?:author
?:datePublished
  • 2018-10-05 (xsd:date)
?:headline
  • Do Presidential Alerts Give the Government Total Access to Your Phone? (en)
?:inLanguage
?:itemReviewed
?:mentions
?:reviewBody
  • On 3 October 2018, the Federal Emergency Management Agency (FEMA), in coordination with the Federal Communications Commission (FCC), conducted a nationwide test of the Wireless Emergency Alerts (WEA) system, an event referred to by many commenters as a Presidential alert. On the day of the test, John McAfee, the controversial founder of the McAfee Antivirus software empire and a current cryptocurrency advocate (as well as 2020 U.S. presidential candidate for the Libertarian party), tweeted an alarming statement about the test: In this post, we'll describe the myriad hurdles McAfee’s argument would need to overcome to be accurate, noting that we could find no independent support for the claims he made in that tweet. What is the Presidential Alert System? The presidential alert tested on 3 October 2018 combined a nationwide test of the Emergency Alert System, or EAS (which is familiar to people as cacophonous weather and/or natural disaster alerts that might interrupt television or radio broadcasts) and the Wireless Emergency Alert system, or WEA (which is familiar to cell phone users who have received Amber alerts or other local emergency alerts). Typically, the WEA system is used by state and local jurisdictions, but the October 2018 test was the first attempt at trying out a nationwide alert via this system for the purposes of conveying a message from the President. Based on a George W. Bush-era law, anyone with a cell phone can opt out of any WEA notification unless that notification is issued at the direction of the President and/or his/her designee. While the law has required the EAS to be tested nationwide for the past three years, October 2018 was the first time such a test had been combined with a test of a nationwide WEA alert. What Is John McAfee’s Argument? In a brief phone interview, McAfee explained to us his view that a nationwide WEA notification could be exploited by the federal government to spy on private citizens. He suggested this could be done by exploiting what he called an E911 chip. He characterized the purpose of this chip as something 911 dispatchers can use to find location information for people who call 911 and either hang up or are incapacitated during the call: We will discuss the accuracy of that statement later in this post. However, McAfee’s argument, generally speaking, is that because (he says) the WEA utilizes this E911 chip, they too have the ability to turn on your phone and spy on you: What is an E911 Chip? According to Ted Rappaport, a professor of Electrical and Computer Engineering at NYU and the founding director of their NYU WIRELESS research center, There is no such thing as an E911 chip in a cell phone. Nomenclature aside, McAfee appears to be referring to the technology required by the FCC of modern cellular phones and network providers that assures 911 call centers receive accurate geolocation from mobile phones. The regulations that require such capabilities are broadly referred to as E911 rules. The enhanced 911 (E911) rules were implemented by the FCC in two phases and were aimed at improving the effectiveness and reliability of wireless 911 services by providing 911 dispatchers with additional information on wireless 911 calls. Phase I required cell phones to be capable of communicating to a 911 call center which cellphone tower was utilized in an emergency call. Phase II required wireless carriers to begin providing information that is more precise to [call centers], specifically, the latitude and longitude of the caller. The FCC mandated that the accuracy of that information had to meet certain standards depending upon the type of technology used. Most modern cell phones use a combination of two methods to generate that location information: A network-based solution which triangulates a caller's location from the cell phone towers near it, and a headset-based solution which is generally a GPS receiver built into the phone. Most modern cell phones contain a GPS receiver chip. It is this chip, McAfee argued to us, that a presidential alert system could exploit. Does The Wireless Emergency Alert System Use an E911 Chip? McAfee asserted that the action of sending out a nationwide alert necessitates access to the GPS or other location services (i.e. the E911 chip) that are part of your phone. FEMA, the federal agency that oversees the WEA, disputes this view, with a FEMA spokesperson telling us: In essence, what happens when any WEA alert (including Amber alerts and severe weather alerts) go out is that the cell towers in the targeted region will broadcast a signal to all cell phones within receiving distance. This is a passive process, and as such the tower does not require, nor does it obtain, information from the phones that receive the message. The only differences between a Presidential alert and any other WEA alert a phone might already receive are that 1) cell phones are not capable of opting out of WEA notifications from the President according to FCC policy, and 2) WEA notifications target the entire country, not a smaller geographic region. Could a WEA Alert Exploit Your Phone’s Hardware and Expose Its Location? Because a WEA notification is a passively received signal, it does not add to the list of potential security vulnerabilities in a phone. For that reason, McAfee’s thesis that the presidential alert is itself a security risk does not hold up. That does not mean, however, that your phone and the software it runs on do not have access to a scary amount of personal data, or that it is not constantly tracking your location and recording you. According to Rappaport, the NYU professor, users almost always (without their knowledge) opt-in to a variety of services that utilize the kind of information McAfee is concerned with: Outside of the issue of a WEA alert's being a passive signal, McAfee’s thesis also requires accepting the notion that 911 operators have access to those same datasets (the ones described by Rappaport) constantly being created by your phone. That portion of the argument is a bit more factual. As an example, Apple’s iOS 12 system, which was released in September 2018, utilizes a service that collects and packages your location data to be sent to a 911 center should you make a call: We reached out to RapidSOS for a comment on the claims made by McAfee but have not received a response. We have found no evidence, though, that this process could be flipped in reverse, whereby a 911 call center (or any other party) could access this information without your first calling 911. In fact, based on RapidSOS’s literature, their data transfer process is effectively a one-way signal as well. In their process, your location data is constantly updated and sent to a NG911 (next generation 911) data clearinghouse which is then (if you make a 911 call) transmitted to a call center and displayed alongside the other location data they would normally receive. These data could theoretically include other sources of information, but a user would have to opt-in to those features explicitly. We asked McAfee how he knows that the government, via the introduction of a nationwide alert system, could gain access to this kind of data in a way that did not previously exist before the alert system, and he told us that while no documented evidence of any legislation allowing for such a process existed, every great security person knows it: Regardless of what chip McAfee is referring to, his claim rests on the notion that receiving a WEA alert requires governmental access to the geolocation services utilized by 911 centers, a claim which we have found no evidence to support and which FEMA denies. While cell phones do collect data on users (effectively) without their knowledge and do so constantly, we could identify no mechanism by which the perils presented by that reality were in anyway expanded by a presidential alert, since those alerts merely use the same technology that cell phones have employed to receive weather and Amber alerts for years. If the government were to have a way of snooping on citizens through their cellphones, it would have to depend on their co-opting some other system and not simply using the presidential alert system as it exists today. (en)
?:reviewRating
rdf:type
?:url