GPS devices can be easily jammed and their data can be spoofed, particularly when tied to cellular systems, experts argue.
GPS location data from tracking devices and mobile phones has become an important component of court cases as a way to establish where people have been and when they were there.
While the U.S. Supreme Court has yet to weigh in on the constitutionality of warrantless GPS tracking, a more fundamental question may be whether GPS data is reliable enough to be admissible in court.
Todd Glassey, chief scientist of Certichron, a time data trust service, and founder of the U.S. Time Server Foundation, argues that GPS devices can be easily jammed and that their data can be spoofed, particularly when tied to cellular systems -- as offender tracking bracelets may be.
This isn't a novel concern. The U.S. Department of Defense has forbidden the use of L1 GPS -- the version of GPS available to civilians -- for military purposes since 1998, owing to data integrity and security shortcomings. The military relies on L2 GPS, which is encrypted and more accurate.
A 2003 Los Alamos National Laboratory research paper by Jon S. Warner and Roger G. Johnston, members of the lab's Vulnerability Assessment Team, states, "Civilian Global Positioning System (GPS) receivers are vulnerable to attacks such as blocking, jamming, and spoofing." The VAT had previously demonstrated that claim by simulating the hijacking of a cargo truck monitored by GPS.
The FCC has tried to prevent the sale of GPS jammers, which are illegal under the Communications Act of 1934. But schematics for a do-it-yourself GPS jamming device can be easily found online and built for less than $150. And they can be bought online through various Web sites.
For less than $2,000, says Glassey, someone could acquire the gear necessary to spoof the location of GPS bracelets issued to sex offenders or other parolees. The potential risks are obvious.
Many law enforcement entities have opted to use L1 GPS tracking bracelets to allow defendants to remain free prior to trial and to track high-risk releases like sex offenders. Often, they wed these systems to voice-recognition systems and cellular location-sensing backup systems.
But according to Glassey, the availability of call-redirectors, Vonage, Skype, and other VoIP systems means that system safeguards aren't sufficiently secure.
"The knowledge of the use of GPS test equipment to alter or affect the readings inside of GPS receivers has already made the jump from the technology community to the hacker community such that commercial products and general knowledge of how to spoof L1 GPS systems is available everywhere," Glassey explained in a technical brief he prepared for the D.C. Circuit appeal of U.S. v. Jones.
The Electronic Frontier Foundation and the American Civil Liberties Union have filed an amicus brief in that case in support of a claim by defendant Antoine Jones that his Fourth Amendment rights were violated by the warrantless placement of a GPS tracking device in his car.
But constitutional considerations aside, Glassey maintains that L1 GPS data should not be admissible in court without some other form of corroborating evidence. He contends that the reliability claims made to the court by manufacturers of GPS tracking devices are misrepresentations.
Learn more about mobile business computing at TechWeb's Mobile Business Conference & Expo in Las Vegas, May 17-21. Join us (registration required).
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.