WEBVTT
00:00:00.165 --> 00:00:13.330
music
00:00:13.330 --> 00:00:22.570
Herald: so the NSA is spying, and was
spying, and we had Snowden, we have a lot
00:00:22.570 --> 00:00:31.669
of documents to look at, and there is some
new research on how they used geolocation
00:00:31.669 --> 00:00:38.570
methods in mobile networks. It is done by
the University of Hamburg and we have here
00:00:38.570 --> 00:00:46.890
Erik who will present this research to you
and he has done this for the German
00:00:46.890 --> 00:00:52.080
government and for the NSA
Untersuchungsausschuss which we call "NS
00:00:52.080 --> 00:01:03.160
Aua", which means "NS Ouch", kind of. He
is a PhD student and holds a master's in
00:01:03.160 --> 00:01:06.430
physics so give him a warm applause
00:01:06.450 --> 00:01:14.710
applause
00:01:16.470 --> 00:01:18.280
Herald: And for those coming later please
00:01:18.280 --> 00:01:22.550
go to your seats and try to be quiet. Yep,
thank you.
00:01:22.550 --> 00:01:26.340
Erik Sy: Hello. I'm really happy to have
00:01:26.340 --> 00:01:32.030
you all here and I welcome you to my talk
about geolocation methods in mobile
00:01:32.030 --> 00:01:39.680
networks. My name is Eric Sy and I'm a PhD
student at the University of Hamburg. So,
00:01:39.680 --> 00:01:47.229
at the beginning I want to point out why
I'm giving this talk. So the German
00:01:47.229 --> 00:01:53.299
parliamentary investigative committee
wanted to find out about the German
00:01:53.299 --> 00:01:59.909
involvement in US drone strikes and then
the German government officials claimed
00:01:59.909 --> 00:02:05.729
that they do not know anything or they do
not know any possibility how to use a
00:02:05.729 --> 00:02:11.120
phone number for targeting drone strikes
and the investigative committee did not
00:02:11.120 --> 00:02:15.850
really believe this statement and so they
asked our research group at the University
00:02:15.850 --> 00:02:26.250
of Hamburg to prepare a report and we
handed in that report to the Bundestag and
00:02:26.250 --> 00:02:31.070
it was very soon after what's also
published by netzpolitik.org
00:02:31.070 --> 00:02:32.570
thank you for that
00:02:33.800 --> 00:02:39.080
Applause
00:02:39.080 --> 00:02:45.519
E: And it contains like technical
methods and approximates the accuracy to
00:02:45.519 --> 00:02:51.739
localise mobile phones and it also points
out which technical identifiers are
00:02:51.739 --> 00:03:01.530
required to conduct such geolocation. Now
I give you my agenda for today. First I
00:03:01.530 --> 00:03:05.769
will speak about the purpose of
geolocation data and then we are looking
00:03:05.769 --> 00:03:11.900
into a broad variety of different
approaches to conduct such a geolocation
00:03:11.900 --> 00:03:19.269
in mobile networks, and then we specify on
drones and look into the technical methods
00:03:19.269 --> 00:03:26.260
which can be conducted with drones, and
and then I'm going to point out which
00:03:26.260 --> 00:03:34.930
technical identifiers we can use for such
a geolocation. And lastly I'm going to sum
00:03:34.930 --> 00:03:42.900
up. So, the purpose of geolocation data:
it is a neutral technology, so we can use
00:03:42.900 --> 00:03:49.080
it for rescue missions, for example if
somebody got lost in the forest or in the
00:03:49.080 --> 00:03:53.940
mountains, we can use geolocation data to
find that person and rescue the person.
00:03:53.940 --> 00:04:03.129
Or, if you ever used Google Traffic, there
you you can profit from monitoring traffic
00:04:03.129 --> 00:04:12.269
conditions. But we can also use it to
invade the privacy of persons, for example
00:04:12.269 --> 00:04:16.519
if we identify people on surveillance
footage, or if
00:04:16.519 --> 00:04:23.960
we track the location of a certain
individual over a longer period, and
00:04:23.960 --> 00:04:32.160
certainly we can use this data for
targeting drone strikes. However I want to
00:04:32.160 --> 00:04:41.190
point out that this data, that they are
not suitable to prove the identity of a
00:04:41.190 --> 00:04:46.740
person. So if somebody is conducting a
drone strike based on this data, then he
00:04:46.740 --> 00:04:54.180
is actually not knowing who he is going to
kill. So, on the right side you see an
00:04:54.180 --> 00:04:59.360
image of an explosion site from a Hellfire
missile. A Hellfire missile is usually
00:04:59.360 --> 00:05:06.280
used by these drones and you can
approximate that the blast radius is
00:05:06.280 --> 00:05:14.340
around 20 meters. So we would consider a
targeted drone strike if we have a
00:05:14.340 --> 00:05:21.970
geolocation method which can determine the
position of a person more precise than 20
00:05:21.970 --> 00:05:29.820
meters in radius. So, the first approach
which I want to present are time
00:05:29.820 --> 00:05:36.280
measurements and the symbol which you will
see down there it's a base station, for
00:05:36.280 --> 00:05:43.449
for the next couple of slides. And a base
station... this is the point in a mobile
00:05:43.449 --> 00:05:50.759
network where your phone connects to. On
the slides you can certainly interchange
00:05:50.759 --> 00:05:57.569
this base station with an IMSI-catcher.
IMSI-catcher is something like a fake base
00:05:57.569 --> 00:06:04.861
station from a third party and you could
even build it yourself. So, the method
00:06:04.861 --> 00:06:11.880
used to calculate the position of a phone
is for time measurements trilateration.
00:06:11.880 --> 00:06:19.020
You have to know that that signal is
usually traveling with the speed of light,
00:06:19.020 --> 00:06:25.160
so when you measure the time you can also
measure the distance. And here there are
00:06:25.160 --> 00:06:33.800
three methods presented. There are "Time
of Arrival", where the signal moves from
00:06:33.800 --> 00:06:42.120
the hand phone to the three base stations
and the accuracy is between 50 and 200
00:06:42.120 --> 00:06:47.690
meters. This really depends on the cell
size and they can be more precise or less
00:06:47.690 --> 00:06:55.240
precise. So, then we have "Time Difference
of Arrival," which is like a round-trip
00:06:55.240 --> 00:07:02.699
measurement, and we have an "Enhanced
Observed Time Difference," where the
00:07:02.699 --> 00:07:09.759
mobile phone actually computes the
location within the cell, and the accuracy
00:07:09.759 --> 00:07:17.930
is between 50 to 125 meters.
So, and the next method which I want to
00:07:17.930 --> 00:07:25.030
present are angular measurements. When you
conduct angular measurements, then you
00:07:25.030 --> 00:07:30.410
determine the direction of arrival from
the signal and afterwards you do a
00:07:30.410 --> 00:07:35.930
calculation which is called triangulation
and therefore you have to know the
00:07:35.930 --> 00:07:42.280
position of the base station, but also the
alignment of your antenna and for this
00:07:42.280 --> 00:07:48.199
method there's certainly two base stations
or IMSI-catchers sufficient to determine
00:07:48.199 --> 00:07:55.539
the position of the mobile phone. The
accuracy is usually in field experiments
00:07:55.539 --> 00:08:01.530
between 100 and 200 meters and the
challenge for this method but also for the
00:08:01.530 --> 00:08:11.909
ones on the previous slides is that on the
normal mobile cells you don't have a line
00:08:11.909 --> 00:08:18.550
of sight to each base station from your
mobile phone and so the signal gets
00:08:18.550 --> 00:08:27.800
disturbed by buildings in the way and then
the accuracy becomes worse. So the next
00:08:27.800 --> 00:08:33.175
method I want to show you, I think most of
you will know a little bit about GPS and
00:08:33.175 --> 00:08:41.210
how it's calculated. So satellites, GPS
satellites, broadcast their time and their
00:08:41.210 --> 00:08:48.220
position, and the mobile phone uses again
trilateration to calculate its position
00:08:48.220 --> 00:08:53.650
and the accuracy is usually below 10
meters, but it depends a little bit on the
00:08:53.650 --> 00:09:02.440
chipset within the mobile phone, and then
the base station can request the position
00:09:02.440 --> 00:09:09.340
of the phone by issuing a radio... or by
issuing a request with the radio resource
00:09:09.340 --> 00:09:16.700
location service protocol. So another
method which I want to present is the
00:09:16.700 --> 00:09:21.860
mining of Internet traffic. Some
smartphones send GPS coordinates or the
00:09:21.860 --> 00:09:29.580
names of nearby Wi-Fi networks, which are
also called SSIDs, to online services, and
00:09:29.580 --> 00:09:36.910
usually these allow the determination of
the position around or below 10 meters,
00:09:36.910 --> 00:09:44.600
and it is certainly possible to intercept
this traffic and evaluate the geolocation.
00:09:44.600 --> 00:09:51.200
So here I have two quotes for you, and the
first one it effectively means that anyone
00:09:51.200 --> 00:09:57.375
using Google Maps on a smartphone is
working in support of a GCHQ system. This
00:09:57.375 --> 00:10:05.183
quote comes from the Snowden archive and
was issued in the year 2008. So we
00:10:05.183 --> 00:10:10.113
certainly see that there's
some proof that at least at those days,
00:10:10.113 --> 00:10:16.900
that they enter, some third parties
intercepted those traffic and use it for
00:10:16.900 --> 00:10:27.150
determining the geolocation, and if you
want to work with, or determine the
00:10:27.150 --> 00:10:34.480
location with the SSIDs, it is necessary
that you have a map where a certain Wi-Fi
00:10:34.480 --> 00:10:40.260
access points are located. And therefore
we have also something like... like a
00:10:40.260 --> 00:10:47.400
proof that this has been done by the NSA
and this is the mission victory dance,
00:10:47.400 --> 00:10:53.390
where they are mapping the Wi-Fi
fingerprint in every major town in Yemen,
00:10:53.390 --> 00:10:59.130
and in Yemen also a lot of drone strikes
are conducted. So, let's go to next
00:10:59.130 --> 00:11:07.210
method. Signalling System No. 7 is a
protocol which is used for communication
00:11:07.210 --> 00:11:15.520
between network providers, and network
providers need to know where, in which
00:11:15.520 --> 00:11:21.570
cell, a mobile phone is located to... to
enable the communication, and these
00:11:21.570 --> 00:11:27.880
informations are saved in location
registers, and a third party can easily
00:11:27.880 --> 00:11:35.777
request these location informations. I
want to refer to the talk by Tobias Engel,
00:11:35.777 --> 00:11:40.707
which... he gave a talk two years ago
which really goes into the details of this
00:11:40.707 --> 00:11:48.310
method, and maybe if you like to, there
are also commercial services available to
00:11:48.310 --> 00:11:58.430
access this data. So, let's talk about
drones. We do not have very solid proofs
00:11:58.430 --> 00:12:05.980
that geolocation methods are conducted by
drones, but we have certainly hints. A
00:12:05.980 --> 00:12:15.000
hint is this GILGAMESH system, which is
based on the PREDATOR drones, and is a
00:12:15.000 --> 00:12:22.090
method for active geolocation, which
describes an IMSI-catcher so... but if
00:12:22.090 --> 00:12:28.590
anybody of you has access to more
documents... yeah it would be nice to have
00:12:28.590 --> 00:12:37.170
a look. So...
applause
00:12:39.283 --> 00:12:45.580
E: So, the easiest method would be
certainly to request for GPS coordinates,
00:12:45.580 --> 00:12:54.030
and there you just replace the base
station with a drone. But the method which
00:12:54.030 --> 00:13:01.054
is better, or which I think is the
preferred one: Angular measurements.
00:13:02.196 --> 00:13:08.680
Angular measurements, if you have a look
in our report, there we approximated that
00:13:08.680 --> 00:13:14.430
the accuracy of these methods are between
five and thirty five meters in radius from
00:13:14.430 --> 00:13:20.830
an altitude of two kilometers, and if you
get closer to the mobile phone it becomes
00:13:20.830 --> 00:13:28.360
more accurate. So, it would be, to some
extent, sufficient to conduct a targeted
00:13:28.360 --> 00:13:35.550
drone strike on this data, and in the
meantime, since this report was handed
00:13:35.550 --> 00:13:42.250
over to the Bundestag, I also found other
work which described that they are able to
00:13:42.250 --> 00:13:47.910
achieve an accuracy of one meter from
three kilometers altitude for small
00:13:47.910 --> 00:13:55.980
airplanes. You have to know that those
sensors to measure the angle of arrival,
00:13:55.980 --> 00:14:03.320
that they are usually located within the
wings and within the front of the plane,
00:14:03.320 --> 00:14:07.416
and when the plane becomes larger it's
also easier to have a more accurate
00:14:07.416 --> 00:14:16.435
measurement. Then I want to point out that
a single measurement can be sufficient to
00:14:16.435 --> 00:14:22.290
determine the location of a mobile phone.
If we can assume that the target is on the
00:14:22.290 --> 00:14:28.210
ground. So if you assume that the target
is maybe in a building in Yemen, so a
00:14:28.210 --> 00:14:34.160
single measurement would be sufficient on
a low building in Yemen. And a sky scraper
00:14:34.160 --> 00:14:42.180
would be more difficult. So, and the big
advantage of these methods is that
00:14:42.180 --> 00:14:48.290
environmental parameters have a very low
influence, since we can have a almost line
00:14:48.290 --> 00:14:59.670
of sight, which allows a better accuracy.
So now I'm going to talk about the
00:14:59.670 --> 00:15:06.770
identifiers which can be used for
geolocation. Certainly the phone number
00:15:06.770 --> 00:15:13.810
and each IMSI-catcher or base station can
request, can issue an identity request to
00:15:13.810 --> 00:15:22.510
a mobile phone, and then receive the IMSI
or EMI. The IMSI is something like a
00:15:22.510 --> 00:15:31.350
unique description for a certain customer
in the the mobile network and the EMI is
00:15:31.350 --> 00:15:41.080
like a unique serial number for an device.
So, when we include those methods of
00:15:41.080 --> 00:15:51.020
mining Internet traffic, then we can also
add a lot of more identifiers, for example
00:15:51.020 --> 00:15:59.746
an Apple ID or Android ID, MAC address,
even cookies or user names. If you are
00:15:59.746 --> 00:16:06.126
interested in this, you can have a look at
the link I provided there. That there's a
00:16:06.126 --> 00:16:14.490
very interesting paper about this. So I
come to my last slide, my summary. I
00:16:14.490 --> 00:16:21.701
showed you multiple, or a lot of different
methods to localize a mobile phone, and I
00:16:21.701 --> 00:16:27.180
pointed out that a single drone can
localize a mobile phone with accuracy
00:16:27.180 --> 00:16:33.180
which is sufficient to conduct a targeted
drone strike. Since this document was
00:16:33.180 --> 00:16:39.350
handed over to the Bundestag, they also
never denied that these methods can be
00:16:39.350 --> 00:16:51.000
used for... or that the accuracy of these
methods... is true. So then I pointed out
00:16:51.000 --> 00:16:58.410
that as an identifier the phone number,
the IMSI, and the EMI each can be used for
00:16:58.410 --> 00:17:05.720
the geolocation of a mobile phone, and the
last information which I want to give you
00:17:05.720 --> 00:17:11.760
is that geolocation methods cannot prove
the identity of a person, and this is
00:17:11.760 --> 00:17:21.281
really important to know, that we are
not... yeah. That when we conduct, or when
00:17:21.281 --> 00:17:25.880
somebody is conducting these drone
strikes, that they are not aware who is
00:17:25.880 --> 00:17:30.920
actually using the phone, and so and I can
happen that they are killing the wrong
00:17:30.920 --> 00:17:39.920
person. So I thank you very much, I thank
my colleagues and my family and everybody.
00:17:39.920 --> 00:17:41.740
applause
00:17:41.740 --> 00:17:49.930
Herald: Thank you.
applause
00:17:49.930 --> 00:17:54.430
H: That's great. Thank you very much. It's
the first talk we have here today where we
00:17:54.430 --> 00:18:00.540
can have a lot of questions. So come on.
You have the microphones, number 1, number
00:18:00.540 --> 00:18:07.080
2, number 3, number 4, and ask your
questions. It's the only chance to have
00:18:07.080 --> 00:18:19.606
this man answering them. No questions?
Here's someone. No. Yeah. Sorry!
00:18:19.606 --> 00:18:22.252
Microphone: No problem.
H: Number 4.
00:18:22.252 --> 00:18:28.190
Microphone 4: Hello. Do you know why we
are located in London right now when we
00:18:28.190 --> 00:18:32.680
use Google Maps here?
H: "Do you know", can you ask me again,
00:18:32.680 --> 00:18:34.590
"do you know why we are located in
London?"
00:18:34.590 --> 00:18:35.500
M4: Yes.
H: Here?
00:18:35.500 --> 00:18:38.990
M4: When we use Google Maps, we are
located in London.
00:18:41.330 --> 00:18:47.430
H: Do you know that? The Congress is
located in London. Do you know why?
00:18:47.430 --> 00:18:51.350
E: I'm not aware.
M4: Okay, I thought this was on plan.
00:18:51.350 --> 00:18:53.370
H: Okay.
M4: Thank you
00:18:53.370 --> 00:18:57.950
H: Number 1.
Microphone 1: Okay, so on slide 12 you
00:18:57.950 --> 00:19:01.610
showed this angle of arrival-
H: Can you please be quiet, we can't
00:19:01.610 --> 00:19:04.450
understand the questions unless you're
quiet. Sorry.
00:19:04.450 --> 00:19:11.340
M1: Okay, so, on slide 12 you showed the
angle of arrival method executed by a
00:19:11.340 --> 00:19:18.350
drone. Is this a passive method or does it
require some cooperation by either the
00:19:18.350 --> 00:19:21.040
phone company or by the targeted mobile
phone?
00:19:21.040 --> 00:19:26.170
E: It can be conducted passively. Like, if
you call the phone or page the phone
00:19:26.170 --> 00:19:33.751
multiple times and you see which phone is
answering this paging... okay, it needs to
00:19:33.751 --> 00:19:39.620
be active in a way that you contact the
phone, but you don't need an active IMSI-
00:19:39.620 --> 00:19:45.000
catcher for it. You just phone or call the
phone, and then you see which phone is
00:19:45.000 --> 00:19:51.690
answering, and then you know where the
phone is situated.
00:19:51.690 --> 00:19:53.690
M1: Thanks.
E: Yeah.
00:19:53.690 --> 00:19:58.660
H: I see that we have a question over
there so can you just ask your question
00:19:58.660 --> 00:20:00.660
please?
M8: Here?
00:20:00.660 --> 00:20:04.520
H: Yes, number 8, please.
M8: Thank you for the talk. I'd like to
00:20:04.520 --> 00:20:11.080
ask a question about tracking unpowered
mobile phones: I mean you mentioned lots
00:20:11.080 --> 00:20:16.300
of methods for phones which are both...
with both have their batteries inserted
00:20:16.300 --> 00:20:21.290
and are actively operating. Could you
elaborate a bit about the methods of
00:20:21.290 --> 00:20:26.880
tracking phones, which seem to be off
turned off from the users point of view,
00:20:26.880 --> 00:20:30.418
and maybe also something about those who
have their batteries removed?
00:20:34.310 --> 00:20:39.058
E: Actually, if you really turn off your
phone over a long period, let's say a
00:20:39.060 --> 00:20:45.010
couple of months, I think you are safe,
but... laughter Buf if you...
00:20:45.010 --> 00:20:52.530
M8: That's good to know.
E: But, actually, like if you have a base
00:20:52.530 --> 00:20:57.490
station and somebody is switching off his
phone and maybe he is meeting somebody
00:20:57.490 --> 00:21:02.980
else at that point and somebody else is
also switching off his phone, then it can
00:21:02.980 --> 00:21:09.470
be suspicious, but it really depends
whether somebody is looking into this data
00:21:09.470 --> 00:21:15.200
or not.
H: Thank you. Number 8 again.
00:21:15.200 --> 00:21:24.560
M8: I had a short question: As you
described, we are somehow dependent on the
00:21:24.560 --> 00:21:33.220
good winning of the NSA, for instance, and
I wanted to ask if there's some way to
00:21:33.220 --> 00:21:40.230
avoid geolocation or use Google Maps
without sending identity to location
00:21:40.230 --> 00:21:45.420
services.
E: That is fairly difficult. I would
00:21:45.420 --> 00:21:51.600
assume that GPS phones are a little bit
better to avoid geo-locationing,
00:21:51.600 --> 00:21:58.180
especially if you add additional GPS
spoofing, because they are... The network
00:21:58.180 --> 00:22:04.050
cells are really large and so it's more
difficult to track you within the network
00:22:04.050 --> 00:22:10.620
cell, but if you have a drone right above
you and you emit a physical signal, then
00:22:10.620 --> 00:22:17.640
the drone will always be able to localize
where the signal came from. So it's
00:22:17.640 --> 00:22:19.820
difficult, because it's physically
difficult.
00:22:19.820 --> 00:22:23.390
M8: Okay.
H: Thanks. Number 1, please.
00:22:23.390 --> 00:22:28.691
M1: So, I have a question about the
physicalities of receiving a... or
00:22:28.691 --> 00:22:35.490
localizing or making angular measurement
of a phone within a densely populated
00:22:35.490 --> 00:22:40.530
area, where there's possibly tens of
thousands of phones within the receptional
00:22:40.530 --> 00:22:48.140
area of a 3-kilometer-high drone. That
would obviously require you to be more
00:22:48.140 --> 00:22:54.580
sensitive on one hand than this cell tower
and on the other hand also receive at the
00:22:54.580 --> 00:22:58.240
same time and sort out all kinds of
interference.
00:22:58.240 --> 00:23:06.060
E: You usually a cell can be between,
let's say 200 meters, and 3 or 30
00:23:06.060 --> 00:23:11.560
kilometers in size, so 3 kilometers in
altitude it's not very high.
00:23:11.560 --> 00:23:18.330
M1: So you assume that the drone does a
pre-selection. We are digital beamforming
00:23:18.330 --> 00:23:24.960
on the ground path and only looks at a
cell of interest, because it knows from
00:23:24.960 --> 00:23:31.960
the network, the suspect is in that cell.
E: It depends on the area: In an urban
00:23:31.960 --> 00:23:37.770
area you have to reduce the size of the
cell, otherwise you would receive too many
00:23:37.770 --> 00:23:45.210
signals, but in a countryside you can have
larger cells or you can cover a larger
00:23:45.210 --> 00:23:49.230
area.
M1: Regarding covering larger areas: Did
00:23:49.230 --> 00:23:53.310
you take, considering that these drones
aren't really like our quadcopter size,
00:23:53.310 --> 00:24:01.360
they're more airplane-sized, proper
airplanes, did you take the classical
00:24:01.360 --> 00:24:06.830
synthetic aperture radar techniques of
observing something for a long time while
00:24:06.830 --> 00:24:11.640
flying straight over it and then
integrating over it into account? Because
00:24:11.640 --> 00:24:16.650
that's usually where we get our high-
resolution radar imagery of the earth.
00:24:16.650 --> 00:24:22.450
E: You can conduct multiple measurements
or you just conduct one, if you know that
00:24:22.450 --> 00:24:26.710
the target is on the ground.
M1: So, did that account for your
00:24:26.710 --> 00:24:31.470
estimated accuracy?
E: It's not necessary to integrate.
00:24:31.470 --> 00:24:36.020
M1: Okay, thanks.
H: Thank you. We have a question from the
00:24:36.020 --> 00:24:39.590
internet.
Signalangel: Yes, the internet wants to
00:24:39.590 --> 00:24:43.500
know if there are attributes, which you
can change of the phone, to stop
00:24:43.500 --> 00:24:47.010
surveillance. Attributes like the email,
for example.
00:24:47.010 --> 00:24:51.730
E: Can you please repeat the question?
S: Are there attributes of the phone,
00:24:51.730 --> 00:24:53.560
which you can change, to stop
surveillance?
00:24:53.560 --> 00:24:58.740
E: Yes, certainly you can fake the IMEI
or the IMSI. That is also another reason why
00:24:58.740 --> 00:25:06.300
it's not sufficient to prove the identity,
because any phone can just take these
00:25:06.300 --> 00:25:09.261
data.
S: And we have a second question, which
00:25:09.261 --> 00:25:18.090
is: Does the GSM network have a feature
which allows anyone to get the GPS data
00:25:18.090 --> 00:25:29.100
from the phone?
E: Yeah..., it would be..., that.., and
00:25:29.100 --> 00:25:32.530
the radio resource location service
protocol.
00:25:32.530 --> 00:25:38.230
S: So, thank you.
laughter
00:25:38.230 --> 00:25:39.120
E: Yeah.
H: Okay, number five.
00:25:39.120 --> 00:25:46.260
Microphone 5: Hello, you delivered you
work to the NSA Untersuchungsausschuss and
00:25:46.260 --> 00:25:51.920
they, the Bundestag did not say anything
about it, but is there a statement from
00:25:51.920 --> 00:25:56.540
the NSA Untersuchungssausschuss?
E: And the government said something about
00:25:56.540 --> 00:26:04.500
it. They said that, that they washed their
hands and said we did everything nicely
00:26:04.500 --> 00:26:09.300
because we added also a disclaimer to the
data we provided and that the disclaimer
00:26:09.300 --> 00:26:18.370
says that the NSA is forced to, to stick
to the German law and that they are not
00:26:18.375 --> 00:26:20.725
allowed to do whatever they want with this
data.
00:26:23.120 --> 00:26:29.640
M5: Thank you.
H: Very nice, number 6, please.
00:26:29.640 --> 00:26:38.270
M6: Hello, on slide 12, you got, you
specify the accuracy of about five meters
00:26:38.270 --> 00:26:44.266
for two drones. So how does it scale if
you would use more than two drones? For
00:26:44.266 --> 00:26:49.150
example 10 or whatever.
E: I think that there was a small
00:26:49.150 --> 00:26:52.910
misunderstanding. Actually, one drone is
sufficient.
00:26:52.910 --> 00:26:57.140
M6: Okay, so could you use more than one
drone?
00:26:57.140 --> 00:27:00.800
E: Yeah, you can use as many as you want
but one is sufficient.
00:27:00.800 --> 00:27:05.450
laughter
M6: Yeah, but that, of course. But does
00:27:05.450 --> 00:27:09.980
the accuracy increase by using more than
one?
00:27:09.980 --> 00:27:16.140
E: Yeah if you go closer to the target and
then their accuracy increases.
00:27:16.140 --> 00:27:22.990
M6: Okay, but with the same distance but
more than one drone?
00:27:22.990 --> 00:27:27.470
E: Actually not.
M6: Okay, thank you.
00:27:27.470 --> 00:27:32.559
H: Number four, please.
M4: Also referring to the accuracies, you
00:27:32.559 --> 00:27:37.520
were talking about field experiments and
so on. Did you conduct those yourself or
00:27:37.520 --> 00:27:39.600
where did you get all the information
from?
00:27:39.600 --> 00:27:43.760
E: These are some references, there you
can find the field experiments.
00:27:43.760 --> 00:27:46.700
M4: Thank you very much.
H: Number two, please.
00:27:46.700 --> 00:27:50.640
M2: Thank you very much for the
interesting talk. My question is regarding
00:27:50.651 --> 00:27:56.251
the fingerprint which you can use on many
phones to unlock the phone. Is there
00:27:56.251 --> 00:28:01.371
currently and if not will there, do you
think there will be a possibility that for
00:28:01.371 --> 00:28:05.290
example an app which requires the
fingerprint identification on the phone
00:28:05.290 --> 00:28:10.270
that this is also passively read and by
that you increase the identification of
00:28:10.270 --> 00:28:19.120
persons? Did you understand the question?
E: Yeah, but I think this is like based on
00:28:19.120 --> 00:28:25.960
the GSM network and the other I think that
that's based on the operating system.
00:28:25.960 --> 00:28:30.090
M2: So currently using this technology,
there they couldn't be, there, it's not
00:28:30.090 --> 00:28:33.240
possible to link this?
E: No.
00:28:33.240 --> 00:28:37.520
M2: Ok, thank you.
H: Ok, number one, please.
00:28:37.520 --> 00:28:40.800
M1: My question is actually about the
civil use of geolocation service not so
00:28:40.800 --> 00:28:44.660
much about phones. So, you mentioned that
every time you use an online service that
00:28:44.660 --> 00:28:51.370
use geolocation you send the SSids of
nearby Wi-Fi networks and with every
00:28:51.370 --> 00:28:57.760
request you actually enrich a Wi-Fi map,
Wi-Fi database of either Google, if it's
00:28:57.760 --> 00:29:04.220
on Android, or Apple if it's on iOS. Now,
there was a talk at CCC here in 2009 when
00:29:04.220 --> 00:29:09.420
this technology was still nascent and that
back then was called Skyhook but then the
00:29:09.420 --> 00:29:15.630
speaker had this provocative question:
Shouldn't this Wi-Fi map be public domain
00:29:15.630 --> 00:29:21.410
instead of just a belonging proprietary
and belonging either to Apple or Google
00:29:21.410 --> 00:29:25.910
nowadays? So, haven't we lost that
struggle? I mean we can't keep our SSids
00:29:25.910 --> 00:29:31.040
private, so shouldn't it be public domain?
E: Yeah it would be a good idea to make it
00:29:31.040 --> 00:29:35.660
public domain I said since also a lot of
positive things can be created with this
00:29:35.660 --> 00:29:40.146
technology, like helping people in
emergency situations.
00:29:42.753 --> 00:29:48.470
H: Okay ...
M1: I wanted to take the chance to say
00:29:48.470 --> 00:29:51.500
thanks for this talk. I'm one of the
people who actually commissioned the
00:29:51.500 --> 00:29:57.180
analysis because I work in the inquiry,
and it was extremely helpful for us to
00:29:57.180 --> 00:30:02.000
have the analysis done because we, like
you said, keep being confronted with
00:30:02.000 --> 00:30:07.560
Secret Service people who tell us that no
way can mobile phone numbers help in the
00:30:07.560 --> 00:30:12.040
secret war. So yeah I just wanted to say
thanks.
00:30:12.040 --> 00:30:20.120
applause
H: Yeah, thank you very much.
00:30:20.120 --> 00:30:26.410
H: Great, so thank you also very, very
much for your work and keep on going with
00:30:26.410 --> 00:30:26.988
that.
00:30:26.988 --> 00:30:31.738
music
00:30:31.738 --> 00:30:52.000
subtitles created by c3subtitles.de
in the year 2018. Join, and help us!