Locating and monitoring smartphones is part of everyday life for the police and secret services. The authorities are increasingly using surveillance measures. As an affected person, you usually don’t notice anything. TECHBOOK explains the usual procedures.
Anyone who has their smartphone with them generates extensive location and movement profiles by constantly logging into radio cells. Under certain conditions, the German security authorities may monitor suspects’ smartphones or access technically generated metadata. TECHBOOK explains which methods are used most frequently in smartphone surveillance.
Location monitoring of smartphones
Modern smartphones can determine their own position very precisely with the help of satellite navigation systems such as GPS. However, investigators usually have no access to this data, but locate the cell phones in the mobile network.
Smartphones always log into the nearest radio cell as soon as they are connected to the mobile network. The smartphone sends the individual device code to the radio cell. Depending on the device, the so-called International Mobile Equipment Identity (IMEI) or Mobile Equipment Identifier (MEID) is used for identification. This can be accessed on Android phones with the key sequence *#06#.
In addition, the smartphone transmits the International Mobile Subscriber stored on the respective SIM card Identity (IMSI), which is used in addition to the phone number for identification in the mobile network. Depending on the location, the honeycomb radio cells cover areas of three to six kilometers in the country or small areas of up to 50 meters in the city. The so-called cell ID method is used to determine the approximate location via the intersections of several radio cells, depending on the size of the radio cells.
Evaluations of WLAN data also allow position determinations if the WLAN points are linked to a digital road map. With the help of many WLAN networks and their exact coordinates, position determinations of up to 20 meters are possible. Especially in larger cities, radio networks are available with the necessary frequency.
The telecommunications surveillance
Classic telecommunications monitoring, also known as TKÜ, is used particularly frequently in the mobile communications sector. In the case of measures within the meaning of Section 100a StPO, all communication via mobile phone is monitored and recorded, which is why the intervention thresholds are set high. Only in the case of serious crimes such as B. bribery or fraud resorted to this means. This measure is to be understood as classic wiretapping, in which the authority eavesdrops on conversations and reads text messages. Because smartphones can do much more than make calls, the authorities were faced with the problem of encrypted communication using messenger services.
Source TKÜ regulates access to encrypted chats
The encrypted communication of smartphone messengers causes great difficulties even for authorities such as the BKA. So the idea came up to revise §100a StPO and a sentence was added. The so-called source TKÜ was created in order to be able to access the telecommunication before it is encrypted. For this purpose, a kind of state malware is supposed to be used to access the smartphone in order to monitor what has been written before the cryptographic process. However, this type of intervention is highly controversial. Access to a terminal device may only take place with encrypted telecommunications and must be distinguished from online searches. This is laid down in another law and has other requirements. The precise delimitation of these instruments remains a technical and legal borderline case. With the increasing storage capacities, more and more communication data on the smartphone is becoming relevant for investigative authorities. However, the technical means for breaking up the encrypted communication are not precisely specified in the law on source TKÜ.
In June 2021, the federal government extended the powers of source TKÜ to the federal police and 19 state and federal intelligence services. In addition to the police, the Office for the Protection of the Constitution is now entitled to TKÜ sources and can also forward the data obtained to the MAD military counter-intelligence service.
Monitoring of future traffic data
If the authorities already know exactly which phone number or which subscriber of a smartphone they want to monitor, they can request the future traffic data from the mobile phone provider. A judge must approve this. Traffic data from the communication of suspects or subscribers are requested by the authorities if they are suspected of a serious criminal offense under Section 100g Paragraph 1 of the Code of Criminal Procedure. As with radio cell evaluation, collecting connection data for past periods is only possible in the case of particularly serious criminal offenses such as e.g. B. Burglary permitted.
Radio cell evaluation near the scene of the crime
The radio cell evaluation has been reworded by law since the amendment of §100g Para.3 StPO and now allows stored traffic data of the telecommunications providers to be retrieved in the event of criminal offenses. Although the measure has to be approved by a judge, the traffic data of all smartphones that were logged into the radio cell at a time during the period of the crime being prosecuted are accessed. This affects both people who were communicating at the time and people who were only passively logged in. In the case of communication processes, however, the content of the call or text messages is not discussed, only the phone numbers of the parties involved and the time of the connections are saved.
Access to data retention data
In the case of particularly serious crimes such as B. burglary, aggravated robbery or formation of a criminal organization, according to §100g Abs.3 S.2 StPO, data from a longer period of time can also be accessed. The stored connection data for voice communication can be queried up to ten weeks later and location data of the individual radio cell can be collected up to four weeks later. In this case §§100g paragraph 2 in connection with §176 TKG applies.
How many people are affected by radio cell evaluations?
Although the number of radio evaluations in the individual states and by the federal authorities is manageable and is usually in the three-digit range, the amount of traffic data collected quickly runs into the millions. from one printed matter of the Berlin Senate shows that in 2016 alone, 491 non-individualized radio cell evaluations were carried out in Berlin, in which over 112 million traffic data were recorded. From the mass of traffic data, it was ultimately possible to determine more than 6448 connection data from mobile phone subscribers.
IMSI catcher: Simulated radio cell and location
In addition to the possibilities of requesting data from radio cells from the telecommunications companies, an authority can also use an IMSI catcher. Using an IMSI catcher, a radio cell is simulated to determine the IMEI device number and the IMSI of the SIM card of suspects. In this way, the authorities record the smartphones of people who are not known or assigned to them. It also no longer matters in which country the mobile phone contract was concluded with a provider if data is to be retrieved. The smartphones of everyone in the vicinity log into the state radio cell simulation. In addition to monitoring traffic data from a smartphone, it is also possible to listen to specific conversations or read text messages. Entire groups of people who are in a certain area can also be specifically recorded via their smartphones. The IMSI catcher can also be used for the targeted location and search of smartphones by the authority sending “silent SMS”.
The admissibility of official measures with the IMSI catcher was a point of contention for years. The measures were assigned to the paragraph on telecommunications surveillance. Since this interpretation was controversial, the legislature has corrected it with a new paragraph. The new legal basis for monitoring with the IMSI-Catcher is now set out in Section 100i Paragraph 1 No. 1 & 2 StPO and is aimed at serious criminal offences. A judge must approve the measure.
silence SMS as a location finder
In order to be able to determine and monitor the location more precisely, the security authorities send a “silent SMS” to the smartphone. The receipt of the SMS causes the mobile phone to respond to the radio cell. The provider can see in which radio cell the phone is registered and can pass this information on to the authorities. However, the mobile phone must be switched on and logged into the network with a valid SIM card. A smartphone in “flight mode” can therefore not be located by a “silent text message”.
A “silent SMS” is not shown on the display and does not trigger an acoustic signal. For Android smartphones, however, under certain technical conditions you can use apps such as SnoopSnitch also recognize the “silent SMS”.
Also Read: Is Your Partner Secretly Monitoring Your Cell Phone?
On what legal basis may “silent SMS” be used?
There is no legal standard in Germany that, according to its wording, allows the use of “silent SMS” in investigations. In the Code of Criminal Procedure, however, in Clauses 100i the permitted technical investigative measures in the investigation of criminal offenses of considerable importance. This also includes the location and monitoring of smartphones. Last has the Federal Court of Justice in February 2018 confirms that investigators are allowed to use “silent texting”. The “silent SMS” is now seen as a “technical means” within the meaning of Section 100i I No. 2 StPO. According to the BGH, the measure finds its legal basis there, even if it was not expressly mentioned in §100i StPO.
How do privacy advocates see the use?
Privacy advocates criticize the prevailing practice of the measure, even if there is no fundamental rejection. The Berlin data protection officer at the time, Maja Smoltczyk, for example, criticized the mass application. The necessary documentation for monitoring smartphones is often missing. The authorities have also only insufficiently complied with the necessary notification and deletion obligations. Authorities should actually delete the collected data “immediately” after the investigation is completed.
How often do secret services use the “silent SMS”?
According to the Federal Government, the Office for the Protection of the Constitution sent a little more than 103,000 “silent SMS” to locate mobile phones in the first half of 2018. The Federal Criminal Police Office used the surveillance tool 68,000 times in 2021. The Federal Police used the “silent SMS” almost 48,000 times during this period. The figures from customs and the Federal Intelligence Service were classified by the government as secret and were not published. Since 2018, this has also applied to the Federal Office for the Protection of the Constitution.
Online browsing of digital devices
Since the new version of §100b StPO, online searches have been given their own legal basis in the StPO.
After a long series of mishaps during development, the investigators had two variants of a “state Trojan” at their disposal. In addition to software for PCs (RCIS 1.0 Desktop), the BKA has also developed a variant for monitoring smartphones and tablets (RCIS 2.0 Mobile). The BKA has also spent almost six million euros to have controversial programs developed for online searches.
In addition, it came out in 2021 that the BKA had bought the controversial surveillance software “Pegasus” from NSO Group Technologies. Numerous authoritarian states belonged to the clientele of NSO, which are now suspected of having monitored members of the opposition, journalists and human rights activists with the Pegasus software. The BKA bought the Pegasus Trojan in a modified form because the comprehensive functions of the surveillance software did not reveal any conformity with the constitution. The modification of the software should make it possible to distinguish between a source TKÜ and an online search in order to meet the legal requirements. The cost of the Trojan is said to be in the single-digit millions.