CXM_SplicerLooking at the bigger picturePremium
Well the analogy is actually more like spoofing the Internet, it is not a traditional MITM attack or a simple eavesdropping; the traffic is only one way. I highly doubt (technical impossibility aside) that the FBI would spoof the Internet for a 1-2 block radius so that everyone in that radius is actually sending data to the FBI instead of the Internet. It is much easier to redirect only the target's DNS address to the FBI so that they are spoofed but no one else is.
I honestly don't know how they are operating and I wouldn't say they are beyond what your are describing but the way the article is describing it is more 'efficient' and less intrusive. If they have Verizon's cooperation in reprogramming the phone i don't see why it wouldn't happen that way.
To the best of my knowledge a PRL update can't be forced with a 3G phone. It can only be requested by the phone itself during initial provisioning and/or PRL updating (via *228 on VZW, other codes on different carriers). 4G devices work differently of course.
Anyway, they aren't using this for wiretapping, they could just as easily do that using the lawful intercept technology built into the telco switch. They're using this to triangulate the location of a mobile device faster than they otherwise could. It's not really a MITM attack as they are classically understood and aren't any real any privacy concerns if an "innocent" phone connects to their base station.
Also, they don't "spoof" the internet to wiretap someones internet connection, but they do monitor at the network edge, and by definition that means innocent packets will also be passing through the dragnet. So long as they don't monitor/record those packets there isn't a problem