Service provider collaboration

Contents

Description
Mitigations
Used in repressive operations

Contents

Description
Mitigations
Used in repressive operations

Service provider collaboration is the process by which an entity that has information about you because it provides a service to you is asked or legally compelled to provide that information to the State. Service provider collaboration can provide both current and historical information, and can occur both retrospectively and in real time.

State institutions

State institutions such as social services and hospitals can provide any information they have about you, including your address, marital status, social benefits, health information, etc.

Stores

Physical and digital stores can provide information about purchases made through the store, including:

Given a name: the items purchased under that name, as well as the date of the purchases.
Given an item or category of items: the names of the people who purchased the item, as well as the date of the purchases.

Additionally, physical stores can provide:

CCTV footage from cameras operated by the store.
Testimony from store employees, for example about the physical appearance of a person who made a particular purchase.

Banks

Banks can provide:

Your bank account activity, including the date, location and amount of any purchase or withdrawal you make with a card.
CCTV footage from cameras on ATMs.

Internet service providers

Internet service providers can provide:

If you follow digital best practices and use Tor: metadata about your Internet activity, such as when you use Internet.
If you don't use Tor: your Internet activity, including the list of websites you visit.

Mobile network operators can provide:

Given a name: the phone numbers registered under that name.
Given a phone number: the name under which the phone number is registered and the IMSI number^[1] of the phone in which the phone number is used.
Given an IMSI number: the phone number that is used in the phone with that IMSI number.

Additionally, given your phone number, mobile network operators can provide (current and historical) data and metadata about your phone activity:

The content of SMS and regular calls you make on your phone.
The list of websites you visit on your phone.
Your phone physical location.
Metadata about your use of end-to-end encrypted messaging applications (e.g. when you use Signal and the approximate size of messages sent or received through Signal).

This means that any of the following conditions allows the State to access (current and historical) data and metadata about your phone activity:

Knowing your name (if your phone is not anonymous).
Knowing your phone number, which they can find by monitoring or seizing a phone in contact with yours, using an IMSI-catcher, or through advanced correlation techniques^[2].
Knowing your phone IMSI number, which they can find by seizing your phone.

Online services

Websites, email providers, and other online services can provide:

The content of unencrypted communications you make through the service (e.g. social media posts, unencrypted emails).
Metadata about encrypted communications you make through the service (e.g. the sender, recipient, and date of encrypted emails).

Used in tactics: Incrimination

Mitigations

Name	Description
Anonymous phones	You can use anonymous phones to make it harder for an adversary to use the collaboration of mobile network operators to establish links between your identity and the phones you use.
Anonymous purchases	If you need to purchase an item in a store, you can purchase it anonymously to make it harder for an adversary to use the collaboration of the store to link your identity to the item.
Digital best practices	You can follow digital best practices to make it harder for an adversary to use the collaboration of service providers to obtain information about you. For example, you can: Use Tor^[3] so that an adversary cannot obtain data about your Internet activity through the collaboration of your Internet service provider. Use trusted online services^[4] that will refuse to comply with an adversary's requests to access your data, or build their service to make it technically impossible to comply with such requests. Use peer-to-peer applications such as Cwtch^[5] and Briar^[6] for communication or OnionShare^[7] for file sharing to avoid having to trust a service provider.
Encryption	You can encrypt “in-motion” data to limit the ability of untrusted service providers to collaborate with an adversary.

Used in repressive operations

Name	Description
Repression of Lafarge factory sabotage	Investigators gave the serial number of a camera to the camera manufacturer, and the manufacturer gave them the name of the store where the camera was sold^[8]. This helped investigators identify a person they accused of taking photos with the camera.
Case against Boris	With the collaboration of mobile network operators, investigators intercepted calls from Boris's phone or the phones of people close to him^[9]. They regularly listened to the intercepted calls in real time and used information from the calls to adjust ongoing physical surveillance operations. With the collaboration of the email provider, investigators gained real time access to an email address used by Boris: they were able to see emails sent and received in real time.
Repression against Zündlumpen	One clue against a suspected editor of the newspaper is that she used her bank account to order things that could be used for printing — her bank records were presumably obtained by investigators with the collaboration of the bank^[10].
Prometeo	Investigators distorted conversations obtained through phone interception to make them look suspicious^[11]. During a phone conversation involving one of the accused comrades, the phrase “tutta questa tensione sociale prima o poi scoppierà” (“all this social tension will, sooner or later, explode”) was said, which was only partially transcribed in the investigation files as “prima o poi scoppierà” (“will, sooner or later, explode”).
Mauvaises intentions	The collaboration of mobile network operators was used to link phone numbers to civil identities, to know which phone numbers were in contact with each other, to geolocate phones (both retrospectively and in real time) and to record phone calls^[12].

References

An International Mobile Subscriber Identity (IMSI) number is a number that uniquely identifies a phone, and that is sent from the phone to the mobile network operator when the phone connects to the network.

For example, if the State knows that you were in place A on Monday and in place B on Tuesday, and they know from cell tower data that a particular phone was the only phone that was also in place A on Monday and in place B on Tuesday, they can deduce the phone is yours.

https://torproject.org

https://riseup.net/en/security/resources/radical-servers

https://cwtch.im

https://briarproject.org

https://onionshare.org

https://notrace.how/resources/index.html#affaire-lafarge-les-moyens-denquetes-utilises

https://rupture.noblogs.org/post/2023/10/04/no-bars

10.

https://notrace.how/resources/index.html#die-verfolgung-von-anarchist-innen-und-kippenstummeln-im-bajuwarisch-christlichen-konigreich

11.

https://ilrovescio.info/2020/08/23/uno-scritto-di-natascia-dal-carcere-di-piacenza

12.

https://infokiosques.net/spip.php?article597