0:00:00.165,0:00:13.330
<i>music</i>

0:00:13.330,0:00:22.570
Herald: so the NSA is spying, and was[br]spying, and we had Snowden, we have a lot

0:00:22.570,0:00:31.669
of documents to look at, and there is some[br]new research on how they used geolocation

0:00:31.669,0:00:38.570
methods in mobile networks. It is done by[br]the University of Hamburg and we have here

0:00:38.570,0:00:46.890
Erik who will present this research to you[br]and he has done this for the German

0:00:46.890,0:00:52.080
government and for the NSA[br]Untersuchungsausschuss which we call "NS

0:00:52.080,0:01:03.160
Aua", which means "NS Ouch", kind of. He[br]is a PhD student and holds a master's in

0:01:03.160,0:01:06.430
physics so give him a warm applause

0:01:06.450,0:01:14.710
<i>applause</i>

0:01:16.470,0:01:18.280
Herald: And for those coming later please

0:01:18.280,0:01:22.550
go to your seats and try to be quiet. Yep,[br]thank you.

0:01:22.550,0:01:26.340
Erik Sy: Hello. I'm really happy to have

0:01:26.340,0:01:32.030
you all here and I welcome you to my talk[br]about geolocation methods in mobile

0:01:32.030,0:01:39.680
networks. My name is Eric Sy and I'm a PhD[br]student at the University of Hamburg. So,

0:01:39.680,0:01:47.229
at the beginning I want to point out why[br]I'm giving this talk. So the German

0:01:47.229,0:01:53.299
parliamentary investigative committee[br]wanted to find out about the German

0:01:53.299,0:01:59.909
involvement in US drone strikes and then[br]the German government officials claimed

0:01:59.909,0:02:05.729
that they do not know anything or they do[br]not know any possibility how to use a

0:02:05.729,0:02:11.120
phone number for targeting drone strikes[br]and the investigative committee did not

0:02:11.120,0:02:15.850
really believe this statement and so they[br]asked our research group at the University

0:02:15.850,0:02:26.250
of Hamburg to prepare a report and we[br]handed in that report to the Bundestag and

0:02:26.250,0:02:31.070
it was very soon after what's also[br]published by netzpolitik.org

0:02:31.070,0:02:32.570
thank you for that

0:02:33.800,0:02:39.080
<i>Applause</i>

0:02:39.080,0:02:45.519
E: And it contains like technical[br]methods and approximates the accuracy to

0:02:45.519,0:02:51.739
localise mobile phones and it also points[br]out which technical identifiers are

0:02:51.739,0:03:01.530
required to conduct such geolocation. Now[br]I give you my agenda for today. First I

0:03:01.530,0:03:05.769
will speak about the purpose of[br]geolocation data and then we are looking

0:03:05.769,0:03:11.900
into a broad variety of different[br]approaches to conduct such a geolocation

0:03:11.900,0:03:19.269
in mobile networks, and then we specify on[br]drones and look into the technical methods

0:03:19.269,0:03:26.260
which can be conducted with drones, and[br]and then I'm going to point out which

0:03:26.260,0:03:34.930
technical identifiers we can use for such[br]a geolocation. And lastly I'm going to sum

0:03:34.930,0:03:42.900
up. So, the purpose of geolocation data:[br]it is a neutral technology, so we can use

0:03:42.900,0:03:49.080
it for rescue missions, for example if[br]somebody got lost in the forest or in the

0:03:49.080,0:03:53.940
mountains, we can use geolocation data to[br]find that person and rescue the person.

0:03:53.940,0:04:03.129
Or, if you ever used Google Traffic, there[br]you you can profit from monitoring traffic

0:04:03.129,0:04:12.269
conditions. But we can also use it to[br]invade the privacy of persons, for example

0:04:12.269,0:04:16.519
if we identify people on surveillance[br]footage, or if

0:04:16.519,0:04:23.960
we track the location of a certain[br]individual over a longer period, and

0:04:23.960,0:04:32.160
certainly we can use this data for[br]targeting drone strikes. However I want to

0:04:32.160,0:04:41.190
point out that this data, that they are[br]not suitable to prove the identity of a

0:04:41.190,0:04:46.740
person. So if somebody is conducting a[br]drone strike based on this data, then he

0:04:46.740,0:04:54.180
is actually not knowing who he is going to[br]kill. So, on the right side you see an

0:04:54.180,0:04:59.360
image of an explosion site from a Hellfire[br]missile. A Hellfire missile is usually

0:04:59.360,0:05:06.280
used by these drones and you can[br]approximate that the blast radius is

0:05:06.280,0:05:14.340
around 20 meters. So we would consider a[br]targeted drone strike if we have a

0:05:14.340,0:05:21.970
geolocation method which can determine the[br]position of a person more precise than 20

0:05:21.970,0:05:29.820
meters in radius. So, the first approach[br]which I want to present are time

0:05:29.820,0:05:36.280
measurements and the symbol which you will[br]see down there it's a base station, for

0:05:36.280,0:05:43.449
for the next couple of slides. And a base[br]station... this is the point in a mobile

0:05:43.449,0:05:50.759
network where your phone connects to. On[br]the slides you can certainly interchange

0:05:50.759,0:05:57.569
this base station with an IMSI-catcher.[br]IMSI-catcher is something like a fake base

0:05:57.569,0:06:04.861
station from a third party and you could[br]even build it yourself. So, the method

0:06:04.861,0:06:11.880
used to calculate the position of a phone[br]is for time measurements trilateration.

0:06:11.880,0:06:19.020
You have to know that that signal is[br]usually traveling with the speed of light,

0:06:19.020,0:06:25.160
so when you measure the time you can also[br]measure the distance. And here there are

0:06:25.160,0:06:33.800
three methods presented. There are "Time[br]of Arrival", where the signal moves from

0:06:33.800,0:06:42.120
the hand phone to the three base stations[br]and the accuracy is between 50 and 200

0:06:42.120,0:06:47.690
meters. This really depends on the cell[br]size and they can be more precise or less

0:06:47.690,0:06:55.240
precise. So, then we have "Time Difference[br]of Arrival," which is like a round-trip

0:06:55.240,0:07:02.699
measurement, and we have an "Enhanced[br]Observed Time Difference," where the

0:07:02.699,0:07:09.759
mobile phone actually computes the[br]location within the cell, and the accuracy

0:07:09.759,0:07:17.930
is between 50 to 125 meters.[br]So, and the next method which I want to

0:07:17.930,0:07:25.030
present are angular measurements. When you[br]conduct angular measurements, then you

0:07:25.030,0:07:30.410
determine the direction of arrival from[br]the signal and afterwards you do a

0:07:30.410,0:07:35.930
calculation which is called triangulation[br]and therefore you have to know the

0:07:35.930,0:07:42.280
position of the base station, but also the[br]alignment of your antenna and for this

0:07:42.280,0:07:48.199
method there's certainly two base stations[br]or IMSI-catchers sufficient to determine

0:07:48.199,0:07:55.539
the position of the mobile phone. The[br]accuracy is usually in field experiments

0:07:55.539,0:08:01.530
between 100 and 200 meters and the[br]challenge for this method but also for the

0:08:01.530,0:08:11.909
ones on the previous slides is that on the[br]normal mobile cells you don't have a line

0:08:11.909,0:08:18.550
of sight to each base station from your[br]mobile phone and so the signal gets

0:08:18.550,0:08:27.800
disturbed by buildings in the way and then[br]the accuracy becomes worse. So the next

0:08:27.800,0:08:33.175
method I want to show you, I think most of[br]you will know a little bit about GPS and

0:08:33.175,0:08:41.210
how it's calculated. So satellites, GPS[br]satellites, broadcast their time and their

0:08:41.210,0:08:48.220
position, and the mobile phone uses again[br]trilateration to calculate its position

0:08:48.220,0:08:53.650
and the accuracy is usually below 10[br]meters, but it depends a little bit on the

0:08:53.650,0:09:02.440
chipset within the mobile phone, and then[br]the base station can request the position

0:09:02.440,0:09:09.340
of the phone by issuing a radio... or by[br]issuing a request with the radio resource

0:09:09.340,0:09:16.700
location service protocol. So another[br]method which I want to present is the

0:09:16.700,0:09:21.860
mining of Internet traffic. Some[br]smartphones send GPS coordinates or the

0:09:21.860,0:09:29.580
names of nearby Wi-Fi networks, which are[br]also called SSIDs, to online services, and

0:09:29.580,0:09:36.910
usually these allow the determination of[br]the position around or below 10 meters,

0:09:36.910,0:09:44.600
and it is certainly possible to intercept[br]this traffic and evaluate the geolocation.

0:09:44.600,0:09:51.200
So here I have two quotes for you, and the[br]first one it effectively means that anyone

0:09:51.200,0:09:57.375
using Google Maps on a smartphone is[br]working in support of a GCHQ system. This

0:09:57.375,0:10:05.183
quote comes from the Snowden archive and[br]was issued in the year 2008. So we

0:10:05.183,0:10:10.113
certainly see that there's[br]some proof that at least at those days,

0:10:10.113,0:10:16.900
that they enter, some third parties[br]intercepted those traffic and use it for

0:10:16.900,0:10:27.150
determining the geolocation, and if you[br]want to work with, or determine the

0:10:27.150,0:10:34.480
location with the SSIDs, it is necessary[br]that you have a map where a certain Wi-Fi

0:10:34.480,0:10:40.260
access points are located. And therefore[br]we have also something like... like a

0:10:40.260,0:10:47.400
proof that this has been done by the NSA[br]and this is the mission victory dance,

0:10:47.400,0:10:53.390
where they are mapping the Wi-Fi[br]fingerprint in every major town in Yemen,

0:10:53.390,0:10:59.130
and in Yemen also a lot of drone strikes[br]are conducted. So, let's go to next

0:10:59.130,0:11:07.210
method. Signalling System No. 7 is a[br]protocol which is used for communication

0:11:07.210,0:11:15.520
between network providers, and network[br]providers need to know where, in which

0:11:15.520,0:11:21.570
cell, a mobile phone is located to... to[br]enable the communication, and these

0:11:21.570,0:11:27.880
informations are saved in location[br]registers, and a third party can easily

0:11:27.880,0:11:35.777
request these location informations. I[br]want to refer to the talk by Tobias Engel,

0:11:35.777,0:11:40.707
which... he gave a talk two years ago[br]which really goes into the details of this

0:11:40.707,0:11:48.310
method, and maybe if you like to, there[br]are also commercial services available to

0:11:48.310,0:11:58.430
access this data. So, let's talk about[br]drones. We do not have very solid proofs

0:11:58.430,0:12:05.980
that geolocation methods are conducted by[br]drones, but we have certainly hints. A

0:12:05.980,0:12:15.000
hint is this GILGAMESH system, which is[br]based on the PREDATOR drones, and is a

0:12:15.000,0:12:22.090
method for active geolocation, which[br]describes an IMSI-catcher so... but if

0:12:22.090,0:12:28.590
anybody of you has access to more[br]documents... yeah it would be nice to have

0:12:28.590,0:12:37.170
a look. So...[br]<i>applause</i>

0:12:39.283,0:12:45.580
E: So, the easiest method would be[br]certainly to request for GPS coordinates,

0:12:45.580,0:12:54.030
and there you just replace the base[br]station with a drone. But the method which

0:12:54.030,0:13:01.054
is better, or which I think is the[br]preferred one: Angular measurements.

0:13:02.196,0:13:08.680
Angular measurements, if you have a look[br]in our report, there we approximated that

0:13:08.680,0:13:14.430
the accuracy of these methods are between[br]five and thirty five meters in radius from

0:13:14.430,0:13:20.830
an altitude of two kilometers, and if you[br]get closer to the mobile phone it becomes

0:13:20.830,0:13:28.360
more accurate. So, it would be, to some[br]extent, sufficient to conduct a targeted

0:13:28.360,0:13:35.550
drone strike on this data, and in the[br]meantime, since this report was handed

0:13:35.550,0:13:42.250
over to the Bundestag, I also found other[br]work which described that they are able to

0:13:42.250,0:13:47.910
achieve an accuracy of one meter from[br]three kilometers altitude for small

0:13:47.910,0:13:55.980
airplanes. You have to know that those[br]sensors to measure the angle of arrival,

0:13:55.980,0:14:03.320
that they are usually located within the[br]wings and within the front of the plane,

0:14:03.320,0:14:07.416
and when the plane becomes larger it's[br]also easier to have a more accurate

0:14:07.416,0:14:16.435
measurement. Then I want to point out that[br]a single measurement can be sufficient to

0:14:16.435,0:14:22.290
determine the location of a mobile phone.[br]If we can assume that the target is on the

0:14:22.290,0:14:28.210
ground. So if you assume that the target[br]is maybe in a building in Yemen, so a

0:14:28.210,0:14:34.160
single measurement would be sufficient on[br]a low building in Yemen. And a sky scraper

0:14:34.160,0:14:42.180
would be more difficult. So, and the big[br]advantage of these methods is that

0:14:42.180,0:14:48.290
environmental parameters have a very low[br]influence, since we can have a almost line

0:14:48.290,0:14:59.670
of sight, which allows a better accuracy.[br]So now I'm going to talk about the

0:14:59.670,0:15:06.770
identifiers which can be used for[br]geolocation. Certainly the phone number

0:15:06.770,0:15:13.810
and each IMSI-catcher or base station can[br]request, can issue an identity request to

0:15:13.810,0:15:22.510
a mobile phone, and then receive the IMSI[br]or EMI. The IMSI is something like a

0:15:22.510,0:15:31.350
unique description for a certain customer[br]in the the mobile network and the EMI is

0:15:31.350,0:15:41.080
like a unique serial number for an device.[br]So, when we include those methods of

0:15:41.080,0:15:51.020
mining Internet traffic, then we can also[br]add a lot of more identifiers, for example

0:15:51.020,0:15:59.746
an Apple ID or Android ID, MAC address,[br]even cookies or user names. If you are

0:15:59.746,0:16:06.126
interested in this, you can have a look at[br]the link I provided there. That there's a

0:16:06.126,0:16:14.490
very interesting paper about this. So I[br]come to my last slide, my summary. I

0:16:14.490,0:16:21.701
showed you multiple, or a lot of different[br]methods to localize a mobile phone, and I

0:16:21.701,0:16:27.180
pointed out that a single drone can[br]localize a mobile phone with accuracy

0:16:27.180,0:16:33.180
which is sufficient to conduct a targeted[br]drone strike. Since this document was

0:16:33.180,0:16:39.350
handed over to the Bundestag, they also[br]never denied that these methods can be

0:16:39.350,0:16:51.000
used for... or that the accuracy of these[br]methods... is true. So then I pointed out

0:16:51.000,0:16:58.410
that as an identifier the phone number,[br]the IMSI, and the EMI each can be used for

0:16:58.410,0:17:05.720
the geolocation of a mobile phone, and the[br]last information which I want to give you

0:17:05.720,0:17:11.760
is that geolocation methods cannot prove[br]the identity of a person, and this is

0:17:11.760,0:17:21.281
really important to know, that we are[br]not... yeah. That when we conduct, or when

0:17:21.281,0:17:25.880
somebody is conducting these drone[br]strikes, that they are not aware who is

0:17:25.880,0:17:30.920
actually using the phone, and so and I can[br]happen that they are killing the wrong

0:17:30.920,0:17:39.920
person. So I thank you very much, I thank[br]my colleagues and my family and everybody.

0:17:39.920,0:17:41.740
<i>applause</i>

0:17:41.740,0:17:49.930
Herald: Thank you.[br]<i>applause</i>

0:17:49.930,0:17:54.430
H: That's great. Thank you very much. It's[br]the first talk we have here today where we

0:17:54.430,0:18:00.540
can have a lot of questions. So come on.[br]You have the microphones, number 1, number

0:18:00.540,0:18:07.080
2, number 3, number 4, and ask your[br]questions. It's the only chance to have

0:18:07.080,0:18:19.606
this man answering them. No questions?[br]Here's someone. No. Yeah. Sorry!

0:18:19.606,0:18:22.252
Microphone: No problem.[br]H: Number 4.

0:18:22.252,0:18:28.190
Microphone 4: Hello. Do you know why we[br]are located in London right now when we

0:18:28.190,0:18:32.680
use Google Maps here?[br]H: "Do you know", can you ask me again,

0:18:32.680,0:18:34.590
"do you know why we are located in[br]London?"

0:18:34.590,0:18:35.500
M4: Yes.[br]H: Here?

0:18:35.500,0:18:38.990
M4: When we use Google Maps, we are[br]located in London.

0:18:41.330,0:18:47.430
H: Do you know that? The Congress is[br]located in London. Do you know why?

0:18:47.430,0:18:51.350
E: I'm not aware.[br]M4: Okay, I thought this was on plan.

0:18:51.350,0:18:53.370
H: Okay.[br]M4: Thank you

0:18:53.370,0:18:57.950
H: Number 1.[br]Microphone 1: Okay, so on slide 12 you

0:18:57.950,0:19:01.610
showed this angle of arrival-[br]H: Can you please be quiet, we can't

0:19:01.610,0:19:04.450
understand the questions unless you're[br]quiet. Sorry.

0:19:04.450,0:19:11.340
M1: Okay, so, on slide 12 you showed the[br]angle of arrival method executed by a

0:19:11.340,0:19:18.350
drone. Is this a passive method or does it[br]require some cooperation by either the

0:19:18.350,0:19:21.040
phone company or by the targeted mobile[br]phone?

0:19:21.040,0:19:26.170
E: It can be conducted passively. Like, if[br]you call the phone or page the phone

0:19:26.170,0:19:33.751
multiple times and you see which phone is[br]answering this paging... okay, it needs to

0:19:33.751,0:19:39.620
be active in a way that you contact the[br]phone, but you don't need an active IMSI-

0:19:39.620,0:19:45.000
catcher for it. You just phone or call the[br]phone, and then you see which phone is

0:19:45.000,0:19:51.690
answering, and then you know where the[br]phone is situated.

0:19:51.690,0:19:53.690
M1: Thanks.[br]E: Yeah.

0:19:53.690,0:19:58.660
H: I see that we have a question over[br]there so can you just ask your question

0:19:58.660,0:20:00.660
please?[br]M8: Here?

0:20:00.660,0:20:04.520
H: Yes, number 8, please.[br]M8: Thank you for the talk. I'd like to

0:20:04.520,0:20:11.080
ask a question about tracking unpowered[br]mobile phones: I mean you mentioned lots

0:20:11.080,0:20:16.300
of methods for phones which are both...[br]with both have their batteries inserted

0:20:16.300,0:20:21.290
and are actively operating. Could you[br]elaborate a bit about the methods of

0:20:21.290,0:20:26.880
tracking phones, which seem to be off[br]turned off from the users point of view,

0:20:26.880,0:20:30.418
and maybe also something about those who[br]have their batteries removed?

0:20:34.310,0:20:39.058
E: Actually, if you really turn off your[br]phone over a long period, let's say a

0:20:39.060,0:20:45.010
couple of months, I think you are safe,[br]but... <i>laughter</i> Buf if you...

0:20:45.010,0:20:52.530
M8: That's good to know.[br]E: But, actually, like if you have a base

0:20:52.530,0:20:57.490
station and somebody is switching off his[br]phone and maybe he is meeting somebody

0:20:57.490,0:21:02.980
else at that point and somebody else is[br]also switching off his phone, then it can

0:21:02.980,0:21:09.470
be suspicious, but it really depends[br]whether somebody is looking into this data

0:21:09.470,0:21:15.200
or not.[br]H: Thank you. Number 8 again.

0:21:15.200,0:21:24.560
M8: I had a short question: As you[br]described, we are somehow dependent on the

0:21:24.560,0:21:33.220
good winning of the NSA, for instance, and[br]I wanted to ask if there's some way to

0:21:33.220,0:21:40.230
avoid geolocation or use Google Maps[br]without sending identity to location

0:21:40.230,0:21:45.420
services.[br]E: That is fairly difficult. I would

0:21:45.420,0:21:51.600
assume that GPS phones are a little bit[br]better to avoid geo-locationing,

0:21:51.600,0:21:58.180
especially if you add additional GPS[br]spoofing, because they are... The network

0:21:58.180,0:22:04.050
cells are really large and so it's more[br]difficult to track you within the network

0:22:04.050,0:22:10.620
cell, but if you have a drone right above[br]you and you emit a physical signal, then

0:22:10.620,0:22:17.640
the drone will always be able to localize[br]where the signal came from. So it's

0:22:17.640,0:22:19.820
difficult, because it's physically[br]difficult.

0:22:19.820,0:22:23.390
M8: Okay.[br]H: Thanks. Number 1, please.

0:22:23.390,0:22:28.691
M1: So, I have a question about the[br]physicalities of receiving a... or

0:22:28.691,0:22:35.490
localizing or making angular measurement[br]of a phone within a densely populated

0:22:35.490,0:22:40.530
area, where there's possibly tens of[br]thousands of phones within the receptional

0:22:40.530,0:22:48.140
area of a 3-kilometer-high drone. That[br]would obviously require you to be more

0:22:48.140,0:22:54.580
sensitive on one hand than this cell tower[br]and on the other hand also receive at the

0:22:54.580,0:22:58.240
same time and sort out all kinds of[br]interference.

0:22:58.240,0:23:06.060
E: You usually a cell can be between,[br]let's say 200 meters, and 3 or 30

0:23:06.060,0:23:11.560
kilometers in size, so 3 kilometers in[br]altitude it's not very high.

0:23:11.560,0:23:18.330
M1: So you assume that the drone does a[br]pre-selection. We are digital beamforming

0:23:18.330,0:23:24.960
on the ground path and only looks at a[br]cell of interest, because it knows from

0:23:24.960,0:23:31.960
the network, the suspect is in that cell.[br]E: It depends on the area: In an urban

0:23:31.960,0:23:37.770
area you have to reduce the size of the[br]cell, otherwise you would receive too many

0:23:37.770,0:23:45.210
signals, but in a countryside you can have[br]larger cells or you can cover a larger

0:23:45.210,0:23:49.230
area.[br]M1: Regarding covering larger areas: Did

0:23:49.230,0:23:53.310
you take, considering that these drones[br]aren't really like our quadcopter size,

0:23:53.310,0:24:01.360
they're more airplane-sized, proper[br]airplanes, did you take the classical

0:24:01.360,0:24:06.830
synthetic aperture radar techniques of[br]observing something for a long time while

0:24:06.830,0:24:11.640
flying straight over it and then[br]integrating over it into account? Because

0:24:11.640,0:24:16.650
that's usually where we get our high-[br]resolution radar imagery of the earth.

0:24:16.650,0:24:22.450
E: You can conduct multiple measurements[br]or you just conduct one, if you know that

0:24:22.450,0:24:26.710
the target is on the ground.[br]M1: So, did that account for your

0:24:26.710,0:24:31.470
estimated accuracy?[br]E: It's not necessary to integrate.

0:24:31.470,0:24:36.020
M1: Okay, thanks.[br]H: Thank you. We have a question from the

0:24:36.020,0:24:39.590
internet.[br]Signalangel: Yes, the internet wants to

0:24:39.590,0:24:43.500
know if there are attributes, which you[br]can change of the phone, to stop

0:24:43.500,0:24:47.010
surveillance. Attributes like the email,[br]for example.

0:24:47.010,0:24:51.730
E: Can you please repeat the question?[br]S: Are there attributes of the phone,

0:24:51.730,0:24:53.560
which you can change, to stop[br]surveillance?

0:24:53.560,0:24:58.740
E: Yes, certainly you can fake the IMEI[br]or the IMSI. That is also another reason why

0:24:58.740,0:25:06.300
it's not sufficient to prove the identity,[br]because any phone can just take these

0:25:06.300,0:25:09.261
data.[br]S: And we have a second question, which

0:25:09.261,0:25:18.090
is: Does the GSM network have a feature[br]which allows anyone to get the GPS data

0:25:18.090,0:25:29.100
from the phone?[br]E: Yeah..., it would be..., that.., and

0:25:29.100,0:25:32.530
the radio resource location service[br]protocol.

0:25:32.530,0:25:38.230
S: So, thank you.[br]<i>laughter</i>

0:25:38.230,0:25:39.120
E: Yeah.[br]H: Okay, number five.

0:25:39.120,0:25:46.260
Microphone 5: Hello, you delivered you[br]work to the NSA Untersuchungsausschuss and

0:25:46.260,0:25:51.920
they, the Bundestag did not say anything[br]about it, but is there a statement from

0:25:51.920,0:25:56.540
the NSA Untersuchungssausschuss?[br]E: And the government said something about

0:25:56.540,0:26:04.500
it. They said that, that they washed their[br]hands and said we did everything nicely

0:26:04.500,0:26:09.300
because we added also a disclaimer to the[br]data we provided and that the disclaimer

0:26:09.300,0:26:18.370
says that the NSA is forced to, to stick[br]to the German law and that they are not

0:26:18.375,0:26:20.725
allowed to do whatever they want with this[br]data.

0:26:23.120,0:26:29.640
M5: Thank you.[br]H: Very nice, number 6, please.

0:26:29.640,0:26:38.270
M6: Hello, on slide 12, you got, you[br]specify the accuracy of about five meters

0:26:38.270,0:26:44.266
for two drones. So how does it scale if[br]you would use more than two drones? For

0:26:44.266,0:26:49.150
example 10 or whatever.[br]E: I think that there was a small

0:26:49.150,0:26:52.910
misunderstanding. Actually, one drone is[br]sufficient.

0:26:52.910,0:26:57.140
M6: Okay, so could you use more than one[br]drone?

0:26:57.140,0:27:00.800
E: Yeah, you can use as many as you want[br]but one is sufficient.

0:27:00.800,0:27:05.450
<i>laughter</i>[br]M6: Yeah, but that, of course. But does

0:27:05.450,0:27:09.980
the accuracy increase by using more than[br]one?

0:27:09.980,0:27:16.140
E: Yeah if you go closer to the target and[br]then their accuracy increases.

0:27:16.140,0:27:22.990
M6: Okay, but with the same distance but[br]more than one drone?

0:27:22.990,0:27:27.470
E: Actually not.[br]M6: Okay, thank you.

0:27:27.470,0:27:32.559
H: Number four, please.[br]M4: Also referring to the accuracies, you

0:27:32.559,0:27:37.520
were talking about field experiments and[br]so on. Did you conduct those yourself or

0:27:37.520,0:27:39.600
where did you get all the information[br]from?

0:27:39.600,0:27:43.760
E: These are some references, there you[br]can find the field experiments.

0:27:43.760,0:27:46.700
M4: Thank you very much.[br]H: Number two, please.

0:27:46.700,0:27:50.640
M2: Thank you very much for the[br]interesting talk. My question is regarding

0:27:50.651,0:27:56.251
the fingerprint which you can use on many[br]phones to unlock the phone. Is there

0:27:56.251,0:28:01.371
currently and if not will there, do you[br]think there will be a possibility that for

0:28:01.371,0:28:05.290
example an app which requires the[br]fingerprint identification on the phone

0:28:05.290,0:28:10.270
that this is also passively read and by[br]that you increase the identification of

0:28:10.270,0:28:19.120
persons? Did you understand the question?[br]E: Yeah, but I think this is like based on

0:28:19.120,0:28:25.960
the GSM network and the other I think that[br]that's based on the operating system.

0:28:25.960,0:28:30.090
M2: So currently using this technology,[br]there they couldn't be, there, it's not

0:28:30.090,0:28:33.240
possible to link this?[br]E: No.

0:28:33.240,0:28:37.520
M2: Ok, thank you.[br]H: Ok, number one, please.

0:28:37.520,0:28:40.800
M1: My question is actually about the[br]civil use of geolocation service not so

0:28:40.800,0:28:44.660
much about phones. So, you mentioned that[br]every time you use an online service that

0:28:44.660,0:28:51.370
use geolocation you send the SSids of[br]nearby Wi-Fi networks and with every

0:28:51.370,0:28:57.760
request you actually enrich a Wi-Fi map,[br]Wi-Fi database of either Google, if it's

0:28:57.760,0:29:04.220
on Android, or Apple if it's on iOS. Now,[br]there was a talk at CCC here in 2009 when

0:29:04.220,0:29:09.420
this technology was still nascent and that[br]back then was called Skyhook but then the

0:29:09.420,0:29:15.630
speaker had this provocative question:[br]Shouldn't this Wi-Fi map be public domain

0:29:15.630,0:29:21.410
instead of just a belonging proprietary[br]and belonging either to Apple or Google

0:29:21.410,0:29:25.910
nowadays? So, haven't we lost that[br]struggle? I mean we can't keep our SSids

0:29:25.910,0:29:31.040
private, so shouldn't it be public domain?[br]E: Yeah it would be a good idea to make it

0:29:31.040,0:29:35.660
public domain I said since also a lot of[br]positive things can be created with this

0:29:35.660,0:29:40.146
technology, like helping people in[br]emergency situations.

0:29:42.753,0:29:48.470
H: Okay ...[br]M1: I wanted to take the chance to say

0:29:48.470,0:29:51.500
thanks for this talk. I'm one of the[br]people who actually commissioned the

0:29:51.500,0:29:57.180
analysis because I work in the inquiry,[br]and it was extremely helpful for us to

0:29:57.180,0:30:02.000
have the analysis done because we, like[br]you said, keep being confronted with

0:30:02.000,0:30:07.560
Secret Service people who tell us that no[br]way can mobile phone numbers help in the

0:30:07.560,0:30:12.040
secret war. So yeah I just wanted to say[br]thanks.

0:30:12.040,0:30:20.120
<i>applause</i>[br]H: Yeah, thank you very much.

0:30:20.120,0:30:26.410
H: Great, so thank you also very, very[br]much for your work and keep on going with

0:30:26.410,0:30:26.988
that.

0:30:26.988,0:30:31.738
<i>music</i>

0:30:31.738,0:30:52.000
subtitles created by c3subtitles.de[br]in the year 2018. Join, and help us!