The filing suggests that dozens of phones that were in airplane mode during the riot, or otherwise out of cell service, were caught up in the trawl. Nor could users erase their digital trails later. In fact, 37 people who attempted to delete their location data following the attacks were singled out by the FBI for greater scrutiny.
Google requires a three-step process for geofence warrants to narrow their scope to only those most likely to be guilty of a crime. In the first and broadest step, the FBI asked Google to identify all devices in a 4-acre area, including the Capitol and its immediate surroundings, between 2 pm and 6:30 pm on January 6. Google initially found 5,653 active devices that “were or could have been” within the geofence at that time. When Google added in data from devices that only connected to its servers later that day, or the next, the number increased to 5,723. (Location History works in airplane mode because phones can continue to receive GPS satellite signals.)
Connecting to your carrier’s network inherently depends on you identifying yourself to it and anyone able to obtain administrative access. Activating airplane mode will fully disable the cellular radio transmit and receive capabilities, which will prevent your phone from being reached from the cellular network and stop your carrier (and anyone impersonating them to you) from tracking the device via the cellular radio. The baseband implements other functionality such as Wi-Fi and GPS functionality, but each of these components is separately sandboxed on the baseband and independent of each other. Enabling airplane mode disables the cellular radio, but Wi-Fi can be re-enabled and used without activating the cellular radio again. This allows using the device as a Wi-Fi only device.
Having worked in law enforcement and seen the crazy things computer forensics guys are capable of, I wouldn’t carry a phone with me if government surveillance was in my threat model. If I absolutely had to carry a phone it would be on airplane mode and in a faraday bag when not in use. It also wouldn’t be used at locations I frequent like my home, workplace, or stores I routinely visit because that would leave bread crumbs for tracking.
Why are you asking about GrapheneOS? The article didn’t mention it. The article is about Google complying with FBI warrants requesting its Location History data. By default GrapheneOS doesn’t include Google Play Services. If your phone doesn’t have Google Play Services, you won’t be supplying Google with the Location History data at issue.
Apps need location permission to access your location, and even then, you can just toggle off location in settings, so even apps with location permission can’t get access to it.
Only APM protects against this, even if you disable your SIM card or remove it from the phone, your phone will still talk to the cell towers, and only APM disables that.
Cellular service providers can comply with FBI warrants too, and they have the ability to track the location of their customers.
Locations provided by cellular service providers would be less precise than from Google’s data, wouldn’t they? I have a vague recollection of reading that cell service location locates you to within about half a mile in urban areas, while Google’s data will probably be to within a few metres.
Yes, the cell tower will generally be less precise than Google’s location estimate. And critically, the cell towers only identify you by your IMEI. They may well not know your identity beyond that. Google knows the identity of almost all of their users.