The Phone Network: Its Surveillance Nuts and Bolts | Rob Braxman
Summary
Transcript
As I’ve talked about in the last couple of videos, I am now a phone service provider with the Brax virtual phone product, which gives me some first hand verification of what I will say. People don’t seem to understand what the carriers and the ancillary companies connected to them can see. How much can they see of your phone traffic data? What about your Internet cell data? What about SMS? What about iMessage? Are phone calls recorded? What location data is known to the carrier? What about sip or voip? Is this better? Outside of carriers, what can third parties see? What do governments see? Are there secret taps into the communications network? And on top of this, it gets more complicated.
What can big tech like Google, Apple and Meta see? How are they connected to the phone network? Can they see cell tower locations? Google and Apple, for example, sell phones. Can they see what’s in the phones? If you want to understand all these details, and there’s a lot, stay right there. I’m going to hit this in a more big picture kind of a way. And in a later video I’ll go into detail into some of these items.
The traditional way devices connect using phone numbers is via the public switch telephone network, or PSTN. I’m going to be using the term PSTN a lot, so don’t be scared with the acronym. Basically, if there are standard phone numbers, you are connected to the PSDN. If you phone someone, you dial out and connect to a central office or exchange of a local carrier. And in order to talk to another phone number, some digital switching has to occur.
Nowadays we use a mobile phone. Our mobile device connects to a cell tower by radio, which then forwards a call to the local exchange in the PSTN. So same thing. However, there are a couple of new features in our mobile phones. First, many use SMS or texting. SMS is a completely different infrastructure and operates outside of the PSTN, though it uses the phone numbers for addressing. Another difference is that mobile carriers provide you with Internet service and Internet is direct from the mobile carrier to their router and towards the Internet.
It is not connected to the PStn. Think of your mobile phone as having two channels, SS seven and data phone and SMS traffic flow through SS seven and then the data traffic goes directly out to the Internet. Another option is to bypass the phone services directly from a carrier. Many businesses do this. They use VoIP or voiceover Ip or VoIp. This means they subscribe to a VoIP operator or have their own hardware.
This provides them with a private exchange or PBX, which allows internal calling within that system using extensions. Devices using VoIP are often called SIP devices because they talk to each other using the SIP protocol to call outside to the PSDN. They then subscribe to a trunk provider that allows addressing of traffic using standard phone numbers. So phone numbers mean the PSDN is involved even with VoIP. On the mobile side, there are companies that resell the services of the mobile carriers.
They don’t actually have any communications infrastructure. They have a marketing organization and then computer systems to manage the billing and activity tracking. The mobile resellers are called MVNOS mobile virtual network operator. Examples of this are mint red pocket, Cricut, Google Fi, consumer cellular and so on. My company is similar to that, but we do not provide mobile services. We only provide voice calls and SMS. So a lot of options here.
The question that needs to be answered is what these various entities see of your data. Let’s start with the basics. The entire PSDN metadata, including who called, who, who answered, who didn’t answer. Length of call is known to all parties participating in the switching and that includes your name. This means the calling service, the receiving service and all the switching carriers in between have a record of all this metadata.
Obviously the switching carriers in the middle where the actual hub of switching occurs, knows the bulk of all activity throughout the network. If there’s any doubt to this, let’s dispel it now. There’s nothing private about this metadata. Obviously any carrier employee or any network operator that participated in the switching can see all this metadata. The three letter agencies already had for a long time been accumulating this call activity data from the various carriers and this was documented by Snowden.
The main program used to collect this data was prism and all the main carriers participated in this. So expect that all your phone traffic with all phone numbers are in a three letter agency database. This data collection was expanded by a law passed in the 1990s called the Kalia or Communications Assistance for Law Enforcement act. Although this law was passed 30 years ago, the automation needed to make this run likely did not get fully implemented until around ten years ago.
In my estimation, what this allows is for law enforcement to tap directly into the PSDN to do things like wiretapping without wires or direct listening to conversations. This can be done now over the Internet with a UI provided to law enforcement. On top of this, the data from these phone calls and SMS, which I haven’t explained yet, is collected and stored in an FBI database called DCIS. So quick and easy lookup of all of your PSD and an SMS traffic through DCIS.
Now, don’t assume this is the only database. I already mentioned prism and so the other three letter agency collects that information for that database, which includes international data. Presumably DCIs and Kalia apply to uS traffic only. Presumably. There are two questions people will ask from this point. What about the actual voice calls? Is that recorded? As far as I know, voice recording is not done unless you’re being wiretapped, which again presumably requires a warrant.
Now, Snowden already talked about a voice print capability, so expect that there is some module somewhere in between that samples all the voices to spot targeted individuals. By the way, can a carrier employee listen into a conversation? It should be obvious that they can. I’m just saying there’s no legal provision to record this or to provide this to another entity, but they can do it. The carrier also has a copy of voicemail or whoever kept the voicemail.
How long do they keep a copy of the voicemail? After deletion is likely some individual policy of the service. SMS is a completely different matter. SMS is pretty open. You can pretty much think of SMS as a postcard sent over the phone network. Anyone involved in the communications flow can see it. There is no encryption whatsoever, and it is in plain text. It can also be intercepted as it traverses the network.
This travels through the network, through the carrier’s SS seven protocol, inside the phone network. And external parties like MVNOs and SIP trunks can access this over the Internet. The three letter agencies can see and do collect every SMS message ever sent, together with the metadata. And just to be perfectly clear here, access to data on the PSDN, including SMS, is incredibly exposed. So this should start getting you thinking about what you do on the PSTN or SMS.
Fortunately, there are other ways of communicating that bypass the PSTN, so you’re not in the main line of data collection. I’ll talk about that later. It doesn’t mean your data cannot be collected, but it may require a special effort rather than just be part of standard mass surveillance. As I mentioned earlier, the mobile cell data is actually about Internet routing. It is no different than the cable company providing you with Internet over a cable modem and DSL connection, except that a mobile carrier does it through radio.
So this is all about Internet traffic. Internet traffic does not go through the PSDN via the SS seven channel. It goes to the carrier’s routers on land, which then gets transmitted directly through an Internet trunk. So monitoring Internet traffic is a different animal. Typically, the Internet mass surveillance is done at centralized areas where most of the traffic goes through for Internet traffic in the US and even internationally.
Most of it goes through at T. At T has the largest infrastructure of this and provides links to carriers through an arrangement called peering, so peers share network connections with each other and route traffic through each other. However, at T is the central peering point. They had around eight peering stations before. Located in the big cities, this is where centralized recording of Internet traffic occurs. This is also where three letter agencies tap into mass surveillance, for example, the reading of emails between email servers.
Now, as far as normal Internet traffic goes with using apps nowadays, most of the traffic over the Internet is encrypted using TLS. So aside from email and regular DNS traffic which is still recorded, this is no longer the kind of exposure of data that it was in the past, which I’m sure the three letter agencies hate. So using some app to communicate, especially within the same app, will prevent outsiders from direct surveillance into your communications.
Because of this, it is often better to use an app for communications rather than the PSTN or SMS. This is where Apple’s iMessage changed the flavor of SMS. Nowadays, the texting app on iPhones detects from the phone number if the other party is also on an iPhone, and instead of sending the SMS through the carrier network, it will instead bypass that and send it over the Apple network.
Now be aware that Apple knows everyone’s phone number if you’re on an iPhone, and it should also be apparent that Apple participates in the prison program. However, I’m just highlighting the fact that this goes outside of the records of the PSDN and as far as I know, also evades the tracking in the Kalia system. So for this information, I presume law enforcement has to get the data from Apple.
KYC means know your customer laws and if you connect to the PSDN in any form, someone has to give an ID to get a phone line. There are exceptions to this, but in general, all the major carriers and MVNOs will require some way to identify you if you have some long term service subscription. In fact, most carriers will collect your Social Security number and check your credit records to give you a normal subscription service.
This rule is typically loosened in pay as you go plans, but of course they still require you to log in to some website and this is still the carrier tracking you through some other means, particularly with mobile plans. Each user is identified by the IMZ or international mobile subscriber identity, and often will be collected together with the IMEI or international mobile equipment identity. Non mobile plans such as landlines and Internet based calling has no IMZ or IMEI.
A category of phone services called VoIP voiceover IP can be offered by some companies without KYC. Let me talk about that next. A voiceover IP system or VoIP, is another method of connecting to the phone network. This can be done completely in housed by businesses. They can install a server like FreepBX and connect hardware SiP phones to each other. And you now have an internal phone system. But for these sip phones to talk on the PStN, they will need to hook up to a PStn trunk.
You can also have software SIP devices instead of physical phones, so anything, including a computer can connect to the PSTN. By the nature of this kind of connection, typically a VoIP solution does not have any kind of KYC on individual phones. Instead, the subscriber to the trunk is the one having to provide the KYC. If a SIP user talks to another SIP device within the same network, then the traffic does not leave the PBX system at all.
In fact, if this is in house, then it does not travel through the Internet. So it’s safe to say that internal conversations inside a PBX are mass surveillance free. Now here’s another interesting trick. Even if SIPs are on different networks, you can actually still connect to each other without a phone number and bypass the PSDN by using an address like this to dial out. This becomes SIP domain to sip domain traffic and is typically encrypted anyway.
So if your SIP service provides this kind of identifier, which for example our service allows, you can communicate with each other without using the PSDN at all. I’m going to do another video on this. If this option is available for your communications, use it now. What is big text connection with all this? Google and Apple, being the makers of the two major phone operating systems, can see your phone numbers on the phones.
On top of that, Google and Apple will ask for a two factor authentication or two FA phone number and then be able to identify you there. As well as far as converting the phone numbers to real identities, they can of course match the phone numbers to a Google ID or Apple ID. And just so it’s clear, if you have a d Google phone, Google, and obviously Apple cannot see the phone numbers on the phone as well as the IMEI or IMZ.
So that’s an exception. But to make this absolutely clear, Google and other big tech companies all collect contact lists. This contact lists come from people you know there. Your phone number can be retrieved and the name on the contact list compared to you and perhaps to a matching email or physical address. In general, instead of the mass surveillance data coming from raw Internet data being scanned today, the best source of surveillance data is from big tech.
So understand this shift. Location tracking as relates to phones really is an issue only with mobile phones. The MZ is recorded by carrier cell towers and they can triangulate you based on the cell towers that detected you and the strength of the signal per tower. The more congested an area, the more accurate this location is. But fortunately the more congested it is, the more people are in the same area.
So in general, cell tower location is pretty approximate. It can be a quarter of a mile around the cell tower or several miles around in a rural area. The larger the area covered, the harder to pinpoint a location. Generally, the best way to track people in a given small area is to use a stingray or MZ catcher. This is a radio device used by law enforcement to detect all the MZs nearby.
Expect that this will be done in sensitive areas or volatile locations like demonstrations. Having said this, the reality is that the location tracking by Apple and Google is very precise and does not involve the carriers at all. So having a standard phone will ensure this data is collected outside of the PSDN. By the way, the Google phones are subject only to rough locations from cell towers if the SIM card is on, so get one of these.
Also, Google can see the closest tower of every single phone in the world through a GPS assist feature called supple, so at least some rough location is always known to them. There’s a lot to absorb here, and there are important takeaways. First, there are laws that mandate surveillance of the PSDN and SMS, and that data specifically the metadata is almost always captured as long as it flows through the PSDN and carrier SMS.
There is no trick you can do with encryption or whatever to evade this. Also, even with supposedly secret phone numbers used for possible nefarious use, tracking can occur not just at the caller side, but absent that tracking can be done on the receiving side. In other words, a pattern can be established based on who you are calling. So bear this in mind when telling me about burner phones.
Burner phones are only useful for one time burner to burner use, then throw it away afterwards. That’s what a spy would do. The real solution to privacy is to limit PSTN and SMS use. We cannot avoid phone calls and SMS. For example, use a virtual phone like braxt virtual phone where there is no KYC and use it mostly for incoming only for conversing with people you know. Move the conversations to some app.
Obviously encrypted apps are best, but even that is not even necessary for the average person. That at least will not be part of some general surveillance. Since SMS is completely open, do not think you can come up with ways to make it safe like doing some sort of encryption. Instead, do texting on a non phone app. If you have a service like a voipplan or you have Brac’s virtual phone, you can communicate with each other using direct SIP server to sip server transmissions which as I mentioned, do not use the PSDN.
And finally, the main problem with phone numbers as it relates to big tech is that it is used as an ID to track your real identity and match it to your online identity. The supposed reason is to protect your account, but this is being abused and is a nice excuse to collect your data where you can give them a number like a brack’s virtual phone number so you hide your real phone number or don’t give them phone numbers at all and use alternate two fa like pass keys or physical security keys.
Not all allow this though. Case by case, you have to absolutely do all you can do to insulate your phone numbers from general collection as it identifies your movements all over. If you’re interested in some of the products I offer that are privacy focused, including the new Brax virtual phone, visit us at Brax me and you can talk to the community of privacy enthusiasts and access the store there as well.
Thank you for watching and see you next time. Our. .
See more of Rob Braxman Tech on their Public Channel and the MPN Rob Braxman Tech channel.
