On Wednesday, most cell phones in the US received a jarring alert at the same time. This was a test of the Wireless Emergency Alert (WEA) system, also commonly known as the Presidential Alert. This is an unblockable nationwide alert system which is operated by Federal Emergency Management Agency (*not* the President, as the name might suggest) to warn people of a catastrophic event such as a nuclear strike or nationwide terrorist attack. The test appears to have been mostly successful, and having a nationwide emergency alert system certainly doesn’t seem like a bad idea; but Wednesday’s test has also generated concern. One of the most shared tweets came from antivirus founder John McAfee.

Tweet by McAfee claiming that the Presidential Alert is tracking americans through a non-existent E911 chip

While there are legitimate concerns about the misuse of the WEA system and myriad privacy concerns with cellular phones and infrastructure (including the Enhanced 911, or E911, system) the tweet by McAfee gets it wrong.

How the WEA System Works

The Wireless Emergency Alert system is the same system used to send AMBER Alerts, Severe Weather Notifications, and Presidential Alerts to mobile devices. It works by sending an emergency message to every phone provider in the US, which  then push the messages to every cell tower in the affected area. (In the case of a Presidential Alert, the entire country.) The cell towers then broadcast the message to every connected phone. This is a one-way broadcast that will go to every cell phone in the designated area, though in practice not every cell phone will receive the message.

McAfee’s tweet gets two key things wrong about this system: There is no such thing as an E911 chip, and the system does not give “them” the information he claims.  In fact, the Presidential Alert does not have any way to send data about your phone back to the mobile carrier, though your phone is sending data to mobile carriers all the time for other reasons.

Privacy Issues with Enhanced 911

This isn’t to say that there aren’t serious privacy issues with the E911 system. The E911 system was developed by the FCC in the early 2000’s after concerns that the increased use of cellular telephones would make it harder for emergency responders to locate a person in crisis. With a landline, first responders could simply go to the billing location for the phone, but a mobile caller could be miles from their home, even in another state. The E911 standard requires that a mobile device be able to send its location, with a high degree of accuracy, to emergency responders in response to a 911 call. While this is a good idea in the event of an actual crisis, law enforcement agencies have taken advantage of this technology to locate and track people in real time. EFF has argued that this was not the intended use of this system and that such use requires a warrant.

What’s more, the mobile phone system itself has a huge number of privacy issues: from mobile malware which can control your camera and read encrypted data, to Cell-Site Simulators which can pinpoint a phone’s exact location, to the “Upstream” surveillance program exposed by Edward Snowden, to privacy issues in the SS7 system that connects mobile phone networks to each other. There are myriad privacy issues with mobile devices that we should be deeply concerned about, but the Wireless Emergency Alert system is not one of them.

A tweet from Snowden about the "Upstream" surveillance program

There are legitimate concerns about the misuse of the wireless emergency alert system as well. There could be a false alarm issued through the system, sparking unnecessary panic, as happened in Hawaii earlier this year.For many, the idea that a president could use the WEA to push an unblockable message to their phones is deeply disturbing and sparked concerns that the system could be used to spread unblockable propaganda.  Unlike other emergency alerts, the presidential alert can’t be turned off in phone software, by law. Fortunately for us, activating the WEA system is more complicated than say, sending a tweet. To send out a Presidential Alert the president would have to, at the very least, convince someone in charge of the WEA system at FEMA to send such a message, and FEMA staffers may be reluctant to send out a non-emergency message, which could decrease the effectiveness of future emergency alerts. 

As with any new system that is theoretically a good idea, we must remain vigilant that it is not misused. There are many legitimate reasons to be concerned about cellular privacy. It’s important that we keep an eye on the real threats and not get distracted by wild conspiracy theories.

Tags