Skip
Current Issue
This Month's Print Issue

Follow Fast Company

We’ll come to you.

8 minute read

Technology

How To Make A Secret Phone Call

To show how hard phone privacy can be, one artist examined the CIA, consulted hackers, and went far off the map (with a stop at Rite Aid).

Destroyed one-time-use burner phone; Incoming call on burner phone

There's a lot you can find in the depths of the dark web, but in 2013, photographer and artist Curtis Wallen managed to buy the ingredients of a new identity. After purchasing a Chromebook with cash, Wallen used Tor, virtual marketplaces, and a bitcoin wallet to purchase a fake driver's license, insurance card, social security number, and cable bill, among other identifying documents. Wallen saw his new identity, Aaron Brown, as more than just art: Brown was a political statement on the techno-surveillance age.

"I started looking into details on cell phone surveillance while I was working on Aaron Brown," Wallen said. "It opened my eyes to how insidious these little things really are."

With his latest project, "Proposition For An On Demand Clandestine Communication Network," (PropCom) Wallen doubles down on this anti-surveillance modus operandi. Step-by-step, Wallen instructs people in the laborious—and damned near impossible—art of ducking cell phone surveillance.

This time, Wallen looked elsewhere for inspiration: Namely, the CIA's faulty cell phone tradecraft used in the 2005 extraordinary rendition of Hassan Mustafa Osama in Italy, and in their surveillance of Lebanese Hezbollah. In both cases, the CIA operatives’ closed cell phone networks were undone when Italian authorities and Hezbollah acquired phone metadata.

Learning from these operational failures, Wallen conjured a clandestine cell phone network that could be used on demand. "I was interested in looking at this system from different angles," he says, "and finding ways where I could subvert it and use certain aspects of it against itself."

That "system," revealed in part by Edward Snowden's revelations about extensive phone and Internet surveillance, has given many Americans pause, and led to new personal precautions. A recent Pew survey found that 52% of American adults describe themselves as "very concerned" or "somewhat concerned" about government surveillance of their data and electronic communications in the wake of Snowden; 30% said they have sought to shield their data from the government—by strengthening privacy settings on social media, avoiding certain suspicious online search terms, and having more face-to-face conversations instead of communicating online or by phone.

Meanwhile, local, state, and federal law enforcement are now using surveillance technology like the Stingray, an "ISMI catcher" device built by Florida-based Harris Corp. that mimics a cell tower to hoover up phone metadata. Elsewhere, the U.S. Marshal Service program uses Stingray-esque "dirtboxes" on Cessna aircraft to create fake mobile cell towers in the air. Amid pervasive sensors, drones, and data collection, making a private phone call can be a Herculean task.

Nevertheless, Wallen thinks it can be done—in short, by using a prepaid "burner" phone, posting its phone number publicly on Twitter as an encrypted message, and waiting for your partner to decrypt the message and call you at a later time.

His step-by-step instructions for making a clandestine phone call are as follows:

  1. Analyze your daily movements, paying special attention to anchor points (basis of operation like home or work) and dormant periods in schedules (8-12 p.m. or when cell phones aren't changing locations);
  2. Leave your daily cell phone behind during dormant periods and purchase a prepaid no-contract cell phone ("burner phone");
  3. After storing burner phone in a Faraday bag, activate it using a clean computer connected to a public Wi-Fi network;
  4. Encrypt the cell phone number using a onetime pad (OTP) system and rename an image file with the encrypted code. Using Tor to hide your web traffic, post the image to an agreed upon anonymous Twitter account, which signals a communications request to your partner;
  5. Leave cell phone behind, avoid anchor points, and receive phone call from partner on burner phone at 9:30 p.m.—or another pre-arranged "dormant" time—on the following day;
  6. Wipe down and destroy handset.

The approach is "very passive" says Wallen. For example, "Posting an image to Twitter is a very common thing to do, [and] it’s also very common for image names to have random numbers and letters as a file name," he says. "So, if I’ve prearranged an account where I’m going to post an encrypted message, and that message comes in the form of a 'random' filename, someone can see that image posted to a public Twitter account, and write down the filename—to decrypt by hand—without ever actually loading the image. Access that Twitter account from Tor, from a public Internet network, and there’s hardly any trace that an interaction even happened."

This is not easy, of course. In fact, it's really, comically hard. "If the CIA can’t even keep from getting betrayed by their cell phones, what chance do we have?" he says.

Still, Wallen believes PropCom could theoretically keep users' activities hidden. It's hard, he emphasizes, but not impossible.

Practicing Good Opsec

Central to good privacy, says Wallen, is eliminating or reducing anomalies that would pop up on surveillance radars, like robust encryption or SIM card swapping. To understand the risks of bringing unwanted attention to one's privacy practices, Wallen examined the United States Marine Corps' "Combat Hunter" program, which deals with threat assessment through observation, profiling, and tracking. The program teaches Marines to establish a baseline to more easily key in on anomalies in any given environment.

Right: Destruction of one-time encrypted burner phone number. Left: One-time encryption of burner phone number.

"Anomalies are really bad for what I’m trying to accomplish—that means any overt encryption is bad, because it’s a giant red flag," Wallen said. "I tried to design the whole system to have as small a footprint as possible, and avoid creating any analyzable links."

After establishing these processes, Wallen began researching cell phones. As expected, it involved a lot of trial and error. "I was going out and actually buying phones, learning about different ways to buy them, to activate them, to store them, and so on," said Wallen, who eventually bought a burner phone from a Rite Aid. "I kept doing it until I felt like I’d considered it from every angle."

When it came to protecting cell phone hardware, Wallen turned to Faraday bags. Invented by English scientist Michael Faraday back in the 19th century, Faraday cages were developed for modern usage with intelligence agencies, law enforcement, and the military in mind. The cages, which can be any type of container, feature metallic shielding material that blocks radio cell, Wi-Fi, and Bluetooth connections. Now available to the public, people can transport or store their electronic devices in Faraday bags, preventing hackers, law enforcement, and spies from accessing their private data. (After consulting on commercially available Faraday bags, Wallen settled on the Ramsey Electronics STP1100.)

Faraday bag for handset

The grugq, a security researcher Wallen consulted during the conceptualization process, told the artist he liked parts of PropCom. Still, he said the plan was "possibly too complex and too fragile for real world use" and "secure, but probably fragile in practice."

He notes, for instance, that problems might arise if and when the first attempt at communication fails. One approach would be to offer multiple meeting opportunities. "So it might be ‘on receipt of a meeting signal, go to the meeting location at 8 p.m., then the next day at 7 p.m., then the next week on the same day at 9 p.m.’... this would allow a number of fallbacks without a lot of signaling traffic."

The grugq admires the subtlety of Wallen's encryption approach—a onetime pad encoding of the cell number into a filename posted to Twitter—and notes the technique could also be used to send secret messages over the web, using websites like Pastebin and encryption tools like GPG. That could eliminate the need for phone calls completely. "These days," says the grugq, "phones make the life of the clandestine operative extremely difficult."

Has Wallen tried his own system? "I've tested it and made successful communication," was all we would say.

Burn After Reading

Once Wallen had settled on the clandestine network's procedures, he got to work documenting the process step-by-step, both photographically and with text.

"The images made sense as a way to build a world for the process to exist in, conceptually and aesthetically," Wallen explained. "I wanted to establish conditions that would allow the viewer to navigate through these imagined shadows."

Early on, "Proposition For An On Demand Clandestine Communication Network" resembled a punk zine. After some refinement, the physical artifact now looks like an official government dossier—a very handsome one.

"The whole thing is packaged in a custom stamped ‘burn bag’ used by the Department of Defense, CIA, NSA, etc., to securely incinerate classified material," Wallen said, noting that it comes in a limited edition of 40 with an 8 x 10" print from the project. "I settled on this form because I like the idea of it being something physical and unique."

Locations visited by Curtis Wallen in setting up clandestine network

Hugh D’Andrade, senior designer at the Electronic Frontier Foundation, said PropCom and other artwork around surveillance was valuable for raising awareness of a complex issue. "It used to be that only geeks, techies, and lawyers were interested in surveillance and security issues," he says. "But we’ve been hearing from more and more artists that are working in these areas, and we’re glad to hear it. Complicated technical issues are often daunting to the public, but in the hands of an artist, they can become interesting and approachable."

After an exhibition at the 99¢ Plus gallery in Bushwick, Wallen plans to release "Proposition for an On Demand Clandestine Communication Network" as a free print-resolution PDF on his website. The show will feature a combination of framed photographs, unframed photographs, texts, and other ephemera. A small run of free booklets outlining the process will also be available at the opening.

Wallen cautions his audience about taking his instructions too literally. The project, he says, "was less about arriving at a necessarily practical system for evading cell phone tracking, than it was about the enjoyment of the ‘game’ of it all. In fact, I think that it is so impractical says a lot."

"Bottom line," he adds. "If your adversary is a nation state, don't use a cellphone."

Curtis Wallen's "Proposition For An On Demand Clandestine Communication Network" runs from April 4 to 26.


[Photos: Curtis Wallen]

loading