How the Government Hacks You, Chapter 13: GPS Tracking

How Does GPS Really Work?

The internationally utilized GPS system that we know today was originally a United States Department of Defense project called NAVSTAR in the 1970s. Early versions of the satellites were for military use only. Later, commercial interests from around the world wanted to make use of the positioning system that the U.S. government was building. By the turn of the century, civilians had access to ‘military grade’, hyper-accurate GPS data. In 2007, this access was made permanent.

The use of the resulting satellite network has evolved with the times. Using common commercial gear, GPS is accurate to within 10 meters now, with even better performance in open water or wilderness that is open to the sky.

GPS works through triangulation when only three satellites are available, or dead reckoning when four are in range. The latter is the level of accuracy that is expected for most modern GPS applications. The ground (or in flight) GPS device receives timing data from four satellites at once, adjusted for the time dilation caused by their own motion. This data is accurate to within three nanoseconds. By comparing these timestamps, the ground unit knows how far away each satellite is, and can therefore draw the intersecting lines back to its own location with incredible accuracy.

Some governments and government collectives have their own versions of GPS, not trusting the U.S. government’s control and administration of the network. China has BeiDou, Russia has the GLONASS network, and the E.U. has the highly accurate Galileo network, with its second generation in early testing.

GPS tracking has massive implications for personal safety and privacy when governments have access. Which, oftentimes, they do.

Why Do Governments Have Access To GPS Data?

The U.S. government has access because as previously mentioned, the DOD owns the biggest GPS network on Earth, of course. But these days it is administered and operated by Space Force as part of their mandate. Combine this ownership with the aforementioned Five Eyes hacking activities, and you have a government that can both track and manipulate GPS data at will. The current generation IIF satellites have a 15-year lifespan, so that isn’t expected to change any time soon.

Sometimes governments have legitimate agreements, covered by regional or federal law, that give them access to GPS networks. This often covers use cases ranging from emergency services getting to a location where the victim can’t speak properly (though some phone carriers illegally resell this information anyway), to cases where people are being unwillingly taken and moved - such as kidnapping and human trafficking (though the technology cuts both ways).

Some examples of public limitations set on government GPS data use come from U.S. court rulings and U.K. policy guides. The E.U. covers many of these use cases under personal data laws. Australia has actively ruled against Google in court for its confusing location data (including GPS) usage and storage policies.

Russia has gone the other route, simply restricting GPS use through legal means. This likely forces people to use GLONASS instead. China has the BeiDou system as an alternative and has gone so far as to restrict GPS use for maritime shipping. As you can see, countries have wildly different laws that ‘protect’ their citizens regarding GPS.

But on the more sinister side: Some government agencies simply ignore the laws of their own land and gain access to GPS data through illegal device planting, device hacking, malware, or system-level backdoors that exist with some GPS providers. Others use totalitarian methods and don’t even try to hide it, ranging from instant warrantless surveillance under the guise of ‘terrorism’ monitoring, to witch-hunt tactics that brand the individual as having social habits that are under investigation without any evidence whatsoever.

These darker applications of GPS tracking are the scenarios that we’re going to cover.

Government GPS Hacking Around The World

It should be noted: GPS spoofing is absolutely possible, and doing it as an ‘inside’ job would be trivial. ‘GPS hacking’ in other contexts refers to ways that governments around the world can plant, activate, or otherwise gain access to devices that send GPS signals, rather than just receive them. In essence, building a fake GPS network.

Our coverage mainly deals with governments gathering GPS information and using the resulting data, not how it can be manipulated. Just be aware that there are several methods to falsify GPS data. Don’t blindly trust a GPS client if logic dictates that it’s wrong.

Though we may be entering ethically murky territory such as GPS ankle tags for people merely suspected of a crime, something that is happening with alarming frequency throughout the world, primarily we’ll focus on blatant violations of national and international privacy laws, rights, and norms.

Let’s start with governments that purchase GPS data and services from third parties, in an attempt to circumvent their own laws and requirements for a warrant. In the U.S., the federal government has purchased GPS and other location information for millions of individuals from private companies. In particular, ICE and immigration-related services evade Fourth Amendment protections by targeting individuals and buying their location data. This appears to be in violation of a Supreme Court ruling saying they need a warrant to request such information from cell phone providers. The only difference is that money is involved this time around.

Only Vermont is regulating the government's use of data brokers for buying and selling GPS history. Outside of that state, Ventel, Babel Street, and X-Mode all have agreements with dozens of government organizations to provide third-party GPS data. The market in the U.S. alone is staggering in scope.

The U.K. attempted to enlist third-party tracking of GPS and other location data as part of their COVID-19 trace services. Massive public outcry and protests from the medical industry caused them to change plans at the last minute. Whether those third parties were going to be under direct government supervision or left unsupervised is unknown. But given that such ‘VIP’ contracts circumvent the normal bid process and often go to friends of high-ranking government officials, it’s likely to be the latter. Besides: After their GPS satellite blunders post-Brexit, third-party data might be all they have left soon enough.

These legal hacks to buy their way around privacy apply throughout the Five Eyes nations because of their intelligence-sharing agreements. As has been mentioned in past chapters, cross-spying circumvents any laws that only apply to their own residents or citizens. So laws enshrined to protect U.S. citizens from being GPS tracked by U.S. agencies are meaningless. They simply farm out that work to the U.K. And vice versa.

However, the need to use such expensive methods only exists in countries that have some measure of protection to start with. Some countries use their own version of GPS to achieve full location-tracking capabilities.

Russia, which is in a turf war with the U.S. over GLONASS, has no internal restrictions for the interception or monitoring of electronic signaling or communication. This also applies to the GLONASS-BeiDou cooperation agreement they have with China. Anyone in Russia can be tracked by the government, using any electronic means, at any time. And as of 2023, they don’t need a warrant to follow up with a property search.

Speaking of BeiDou, China’s system uses two-way communication. You can already see where this is going. Any external system that can push data to a mobile device needs to be examined carefully. Embedded backdoors in Chinese mobile devices make BeiDou a privacy horror show. Anyone with a compromised device or anyone who downloads the wrong state-sponsored app can be tracked 24/7. Even while pushing its tech firms to adopt stricter personal data standards, they have no obligation to do the same.

The other way to push a government GPS tracking agenda is via malware. In prior chapters, we discussed the Pegasus malware package, created by the NSO. It’s impossible to say that the company’s host government wasn’t involved, particularly when the Israeli Minister of Defence regulates NSO, and grants individual export licenses on a case-by-case basis. Whether the Israeli government had a direct benefit or direct access to the GPS and other data that the infected devices shared, is unknown. But we do know for a fact that the governments that Pegasus was sold to used the GPS information to track down, and in some cases imprison or kill, protestors, political reformers, and rivals.

Readers of previous chapters also know about FinSpy, which has GPS-tracking capabilities. Governments all over the world, including some of the worst human rights violators in existence, used FinSpy/FinFisher to track down the GPS signals of ‘dissidents’ and either jail or execute them. Lench IT Solutions didn’t seem to care that their product was used to murder protestors and human rights activists and continued to put out new versions of the product.

GPS tracking malware is hardly unique to Pegasus and FinSpy. As a matter of fact, it’s hit the mainstream. Commercial tracking apps that include full GPS monitoring include MobiStealth and FlexiSpy. Once installed, they have no visible footprint to the user, who can be tracked effortlessly:

“Hiding the software, once installed on the TARGET device, is easy and just takes a few taps. The software can be fully hidden on both iOS and Android devices.” - FlexiSpy FAQ

The apps can even be uninstalled remotely if the user gets suspicious. MobiStealth’s tagline is ‘Simple, Affordable and Invisible’. If they can be used for parental monitoring and employee tracking, they can be used by police on any unlocked phone. It no longer takes a hacker or cleverly disguised malware to capture a target’s GPS information… it just takes a credit card.

Planting GPS Devices

All of the above assumes that the person being tracked has a handy GPS-enabled device on their person. But what if they don’t?

Let’s talk about size for a moment. It’s late 2023, and the smallest GPS consumer product in common use is a watch. A smartwatch to be exact, something that tracks your exact running distance, maps out bike and run routes, and the like. Such a small, accurate GPS receiver would have been unheard of a decade ago.

And the smallest commercial tracking module right now is the Nano Hornet. It weighs under 3 grams and has a 10mm x 10mm x 3.8mm profile. That’s under half an inch for you imperial measurement fans.

With a small board, enclosure, and battery, you get something like the Tracki. It's about 45 mm or 1.75 inches long, running on GPS or 4G, and weighing 36 grams or 1.26 oz. It can be set for continuous surveillance, or battery saving mode that pings three to four times a day. That little piece of spycraft costs around 30 bucks on sale.

Planting GPS devices on a person of interest generally involves another medium, since you can’t reliably get someone to carry around a certain bag or wear a certain coat everywhere they go. You could try to entrap them with bait GPS objects, but normal citizens won’t take them. Attaching these devices to cars and trucks is a common method of tracking people who rely on personal transport to get to work, school, or around a metropolitan area.

In this case, we aren’t talking about anything as obvious as the ‘hot pursuit’ devices that track fleeing suspects. No, government organizations use far more covert methods of attaching GPS to the vehicle of their surveillance target. One famous example is from the U.S., where an Indiana police department charged a man with theft for removing their GPS tracker in 2018. After a two-year legal process, the state Supreme Court ruled in the man’s favor.

The size of trackers even a few years ago was several times bigger than what you see in production today. They required larger batteries and a bigger footprint for the circuitry. In the U.S. VS Jones, a 2012 case that established GPS tracking as a form of search that required a warrant, the Jeep was tagged with a device that was several inches long with an attached battery. About the same form factor as what the FBI was using a few years earlier to track students.

These days, palm-sized GPS trackers are used for shorter-term surveillance, and the size ranges up depending on how big of a battery you need between planting and retrieval.

Although the United States is (without a doubt) one of the countries most addicted to GPS tracking, they aren’t the only ones. These days, the technology is so cheap and ubiquitous, that entire countries can be tracked at the governments’ expense.

Take Uganda for example, which in 2021 announced that they were installing GPS trackers on ‘all vehicles, motorcycles, and vessels’. China covered an entire region’s transportation with GPS trackers after a 2017 decision to crack down on protests in Xinjiang. They won’t have to install them for much longer, since all new cars in China will have GPS tracking built in.

Of course, the tables can always be turned. In late 2021, the cars of nine state operatives in India were found with GPS trackers attached, as part of a tax avoidance scheme. They were attached by magnets or by drilling holes to affix the devices more permanently. However, the overwhelming majority of covert GPS tracking on cars is done by government entities.

The problem (and the associated fear of being tracked) is so common, that there are entire articles on how to bug-sweep your car to find GPS trackers. Needless to say, this kind of government hack is hardly a well-kept secret. The technique has been used so much over the last 20 years, and people are wise to it. Most simply don’t have the time or energy to do regular sweeps of their vehicle. And that’s exactly why the practice remains so successful.

In Conclusion

An individual of interest is going to be tracked, and GPS is a cheap and easy way to do it. As GPS devices get smaller, the risk of detection gets lower. As they get cheaper, more police and government forces will be able to fit them into their budget. And because GPS jamming is illegal in the UK, the EU, the U.S., and elsewhere, there’s no always-on defense against it that won’t get you arrested. Tedious manual sweeps and bug checks are the best way to detect a planted GPS device, and removing the battery from your phone or smart device is the best way to stop government entities from activating GPS device tracking remotely.

Missing the last chapter? Catch up here.