hailstorm – Techdirt (original) (raw)
Stories filed under: "hailstorm"
Prosecutors Say Cops Don't Need Warrants For Stingrays Because 'Everyone Knows' Cell Phones Generate Location Data
from the we'll-let-you-know-when-you-have-an-expectation-of-privacy dept
Up in Baltimore, where law enforcement Stingray device use hit critical mass faster and more furiously than anywhere else in the country (to date…) with the exposure of 4,300 deployments in seven years, the government is still arguing there’s no reason to bring search warrants into this.
The state’s Attorney General apparently would like the Baltimore PD’s use of pen register orders to remain standard operating procedure. According to a brief filed in a criminal case relying on the warrantless deployment of an IMSI catcher (in this case a Hailstorm), the state believes there’s no reason for police to seek a warrant because everyone “knows” cell phones generate data when they’re turned on or in use. (h/t Brad Heath of USA Today)
The whereabouts of a cellular telephone are not “withdrawn from public view” until it is turned off, or its SIM card removed. Anyone who has ever used a smartphone is aware that the phone broadcasts its position on the map, leading to, for example, search results and advertising tailored for the user’s location, or to a “ride-sharing” car appearing at one’s address. And certainly anyone who has ever used any sort of cellular telephone knows that it must be in contact with an outside cell tower to function.
The state’s brief folds in parts of the Third Party Doctrine and the Supreme Court’s 1979 Smith v. Maryland decision to make a truly terrible argument that because certain aspects of cell phones involuntarily create location data, the Fourth Amendment never comes into play.
Matt Blaze rephrases the state’s argument slightly, exposing the ridiculousness of this assertion.
"People let people into their houses sometimes, therefore no warrant is needed to search houses". Or something. https://t.co/XncuaZvdwW
— matt blaze (@mattblaze) January 14, 2016
“People let people into their houses sometimes, therefore no warrant is needed to search houses”. Or something.
The state follows this up by arguing that, because the use of a pen register order to deploy an IMSI catcher is not expressly forbidden by local statutes, the evidence shouldn’t be suppressed.
There was no cellular tracking device statute in effect at the time. There was an order from a neutral magistrate, finding probable cause to authorize precisely what was done in this case; the closest applicable statute does not contain an exclusionary provision. Thus, the court erred in excluding evidence in this case.
All well and good, except that the only reason there was no statute in place is because local law enforcement spent years keeping its cell phone tracking devices hidden from judges and defendants, obscuring the technology through parallel construction and misleading pen register order requests. This case is no different than the hundreds preceding it. The magistrate judge signing the pen register order had no idea what the Baltimore PD was actually doing. The presiding judge in this prosecution declared the Baltimore PD’s pen register request contained “material misrepresentations” on his way towards granting the suppression of evidence.
For the state to claim everything was above board and no Fourth Amendment violations occurred is rather audacious, considering it spent months dodging discovery requests related to the methods used to locate the defendant.
The request, asking for no more than what the State was compelled to disclose pursuant to Maryland Rule 4-263, sought: 1) “records, notes, and documents” relating to the Baltimore Police Department’s investigation into a second suspect from the April 27, 2014 shooting; as well as 2) information “indicating how Mr. Andrews was located at 5032 Clifton Avenue.”
Over two months later, on January 8, 2015, the State responded to the discovery request. The State claimed not to “possess information related to the method used to locate the Defendant at 5032 Clifton Avenue.” (T1 9) This turned out to be false.
In fact, the state did not turn over its IMSI catcher-related information until mid-May 2015, more than seven months from the point it was originally requested. That’s a long time to withhold information on a Hailstorm deployment the state now claims was both perfectly legal and intruded on no one’s privacy.
Filed Under: 4th amendment, baltimore, cell phones, expectation of privacy, hailstorm, imsi catchers, police, stingrays, warrants
The IRS Has A Stingray As Well Because Of Course It Does
from the you-get-a-Stingray!-and-you-get-a-Stingray!-every-agency-gets-a-Stingray! dept
Did this sort of thing come about because someone at the nation’s most hated agency whined that “everyone else was getting one?” Because there seems to be no logical explanation for this:
The Internal Revenue Service is the latest in a growing list of US federal agencies known to have possessed the sophisticated cellphone dragnet equipment known as Stingray, according to documents obtained by the Guardian.
Invoices obtained following a request under the Freedom of Information Act show purchases made in 2009 and 2012 by the federal tax agency with Harris Corporation, one of a number of companies that manufacture the devices.
No explanation will be forthcoming. The documents The Guardian obtained were heavily redacted and requests for comments were met with silence. But there it is: the IRS not only has a Stingray, but it paid $65,000 to upgrade it to the Hailstorm model, allowing it to continue to intercept calls and data without being locked out by upgraded cell networks.
It appears the agency does have the legal authority to deploy the devices. (The IRS is part of the Treasury Department and not subject to the new, exception-loaded warrant requirement handed down by the DOJ.)
[Former IRS Deputy Commissioner Mark] Matthews said there are currently between 2,000 and 3,000 “special agents” in the IRS who form the criminal investigation division (CID). They have the ability to get PEN register orders – the only authority needed to use Stingray devices.
Considering the criminal activity the IRS investigates most frequently — tax evasion — rarely involves highly-mobile suspects or the use of burner phones, it seems unlikely the IRS’s Stingray sees much use. Then again, it does partner with other law enforcement agencies in criminal investigations, presumably under the Al Capone Theory of “tax evasion, if nothing else.”
He said the IRS on its own usually uses gentler investigation tactics. But increasingly, investigating agents from the agency are brought on board for joint operations with the FBI and other agencies when the latter need financial expertise to look at, for example, money laundering from drug organisations.
Even if the IRS is frequently assisting with these investigations, it’s pretty much guaranteed that whatever agency it’s partnering with already has this technology on hand. The IRS’s acquisition of a cell tower spoofer would seem to be redundant, at best. Then again, maybe it’s redundancy the government wants. Can’t have drug-running suspects slipping out of sight just because the local DEA office’s Stingray is in the shop.
Of course, the IRS’s Stingray could become the go-to device in the future, if federal law enforcement agents are looking for a way to circumvent the DOJ’s new warrant requirement. They could send IRS agents with pen register paperwork to obtain permission to deploy cell tower spoofers.
But at the same time, the IRS’s Stingray device seems to be more a product of “because it’s available” thinking. Why not have one on hand, just in case? When the news arrives that Fish and Wildlife or the US Postal Inspector’s Office has one, it will be greeted with “of course they do” shrugs, because that’s just the way things go these days.The US government is sold on the “essentialness” of cell tower simulators and with funding for devices often tied to ever-swelling budget lines for Wars A (Drugs) and B (Terrorism), no agency should have to go without.
Filed Under: hailstorm, irs, stingray, surveillance, warrants
Companies: harris corp.
Law Enforcement Agencies Scramble For Pricey Cell Tower Spoofer Upgrades As Older Networks Are Shut Down
from the losing-the-tech-arms-race-to-slow-moving-service-providers dept
The surveillance device that dare not speak its name (thanks, FBI!) is on its last legs… or at least one version is. Cyrus Farivar at Ars Technica reports that law enforcement agencies are moving quickly to avoid being locked out of the cell tower spoofing racket.
Documents released last week by the City of Oakland reveal that it is one of a handful of American jurisdictions attempting to upgrade an existing cellular surveillance system, commonly known as a stingray.
The Oakland Police Department, the nearby Fremont Police Department, and the Alameda County District Attorney jointly applied for a grant from the Department of Homeland Security to “obtain a state-of-the-art cell phone tracking system,” the records show.
The Stingray is Harris Corporation’s most infamous product. But the original version has its limitations. While the nation’s cell phone carriers have largely moved on to 3G/4G networks, Stingray devices without optional upgrades haven’t. All they can access is 2G, the default connection when nothing better is available. Those looking to capture cell activity on 3G and 4G networks will need to purchase Harris’ “Hailstorm” upgrade… which also means they’ll need to start generating paperwork and asking federal and local governments for funds. The problem with these actions is that they have the tendency to expose those in need of new capabilities.
Other locales known to be in the process of related federally-funded upgrades include Tacoma, Wash.; Baltimore, Md.; Chesterfield, Va.; Sunrise, Fla.; and Oakland County, Mich. There are likely many more, but such purchases are often shrouded in secrecy.
FOIA requests have turned up some information, but much of it is redacted and many more requests have been refused or ignored. With the federal government itself instructing local law enforcement to cover up its acquisition and use of tower spoofers, the FOIA process becomes even more of an uphill battle.
Law enforcement can’t be happy to see 2G networks being switched off. When you’re in the untargeted dragnet business, 2G is a willing supplier of “business records.”
2G networks are notoriously insecure. Handsets operating on 2G will readily accept communication from another device purporting to be a valid cell tower, like a stingray. So the stingray takes advantage of this feature by jamming the 3G and 4G signals, forcing the phone to use a 2G signal.
What’s considered a criminal act when performed by a civilian is just SOP for law enforcement. The same can be said for the fake sworn documents (warrant requests, subpoenas) obtained to cover the use of these devices. The manufacturer with the most devices in use is no better than the agencies it sells to. When approached about this scramble for upgrades, Harris Corporation borrowed the NSA’s Glomar.
“We do not comment on solutions we may or may not provide to classified Department of Defense or law enforcement agencies,” Jim Burke, a spokesman for Harris, told Ars.
The timeline for 2G shutoff is still vague. Verizon says “by the end of the decade.” AT&T says 2017. So there’s still some time for law enforcement agencies to avoid being bypassed by the slow rollout of network upgrades. But between now and then, these agencies need to put together nearly $500,000 just to stay current. And as usual, as much as possible about the process will be obscured, because otherwise the terrorists criminals win.
“Once that’s disclosed then the targets of the technology will know how to avoid it,” [Alameda County Assistant DA Michael] O’Connor, the assistant district attorney, told Ars. “Once the bad guys understand how to beat it then they will.”
It seems like all the bad guys would need to know is that the technology exists and is being used and just stay off their cell phones. But in this day and age, being completely unconnected while away from home is untenable, if not nearly impossible. Communication is key in criminal enterprises, and the steady disappearance of pay phones doesn’t leave them with many options. O’Connor completely overstates the “exposure” danger and follows it up with this:
“It can’t easily be resolved—the public’s right to know, the Fourth Amendment rights of people who might be subject to this kind of analysis and the needs of law enforcement to keep sources confidential especially in a day and age when the bad guys have acquired considerable technology that is turned against good guys.”
One: if it can’t “easily be resolved,” why not err on the Fourth Amendment/public knowledge side, rather than on the cop side? Two: the bad guys’ “considerable technology” isn’t lapping law enforcement’s. This ridiculous claim has been used as justification for warrantless cell phone searches, and it failed to move the Supreme Court justices. Pushing this narrative now just makes the pusher look like the sort of credulous rube who would put together a Powerpoint presentation on food-trucks-as-terrorist-vehicles.
The bright side here is that more paperwork is being generated… which eventually means more of the public will know their local law enforcement is scooping up their location/connection info (most likely without a warrant) at any given time and is not above killing their network to do it.
Filed Under: 2g, 3g, hailstorm, law enforcement, non-disclosure agreements, police, privacy, spoofing, stingray, tower spoofing
Companies: harris corp.
Michigan State Politicians Looking Into Sheriff Department's Use Of A Cell Tower Spoofer
from the 'we-haven't-discussed-it-because-9/11' dept
More news has surfaced of cell tower spoofers being deployed without the public’s knowledge. This time it’s the Oakland County (Michigan) Sheriff’s Department rolling out an upgraded Stingray device from Harris Manufacturing, known as “Hailstorm.” The sad thing here is that the opportunity for public input presented itself pre-rollout but local politicians slept on the issue.
Oakland County commissioners asked no questions last March before unanimously approving a cellphone tracking device so powerful it was used by the military to fight terrorists.
Now, though, some privacy advocates question why one of the safest counties in Michigan needs the super-secretive Hailstorm device that is believed to be able to collect large amounts of cellphone data, including the locations of users, by masquerading as a cell tower.
“I don’t like not knowing what it’s capable of,” said county Commissioner Jim Runestad, R-White Lake Township, who has met in recent weeks with sheriff’s officials about his concerns.
Harris, as it has been noted, heads off criticism and the impertinent questions of the public by tying up law enforcement officials with restrictive non-disclosure agreements. These NDAs have proven handy for some LEOs — particularly in Florida where officials made the case that the restrictions of the contract prevented them from seeking warrants before using the cell tower spoofer.
State politicians are now attempting to have a belated discussion of the technology’s privacy implications, thanks in part to prompting by local journalists. The Michigan House Oversight Committee brought in Christopher Soghoian, policy analyst from the ACLU and former magistrate judge Brian Owsley. (Recording embedded below.)
Soghoian’s concerns aren’t simply about the privacy implications or the secrecy Harris has shrouded its technology in, but also the fact that there’s no way to track misuse of the equipment.
What’s particularly worrisome is there is no telltale sign they’ve been used, Soghoian said: “It doesn’t leave a trace. No one would ever catch you.” That means no one would know if police misused the device or activated it without a warrant, Soghoian said.
Owsley, in his statement to the committee, noted that the first time discussion of this technology occurred in his courtroom, it was presented by law enforcement as something along the lines of a pen register. As Owsley points, all it takes in most cases to get a pen register granted is a pulse. As long as both the magistrate judge and the law enforcement official are technically alive, the pen register will be signed off on.
That law enforcement portrayed cell tower spoofing in this fashion is no surprise, since it gives them the greatest chance of securing permission to deploy it. (The NSA/FBI did the same thing in order to push through its bulk phone metadata program.) Unlike regular pen registers, however, Stingrays/Hailstorms are deployed in cases where law enforcement may not even have a known phone number. Instead, they may be working off a list of numbers potentially tied to the subject of their investigation, or are just waiting for communications to originate from a certain location.
Now that the technology is finally being questioned, representatives of the Oakland County Sheriff’s Department are stepping up to defend their acquisition.
Undersheriff Michael McCabe said, “Hailstorm helps us capture fugitives from the law, people wanted for murder and rape” and can be used only with a search warrant. He said the federal Homeland Security Act bars him from discussing Hailstorm, but he elaborated at length about what it doesn’t do.
Interestingly, McCabe cites the Homeland Security Act as prohibiting discussion, rather than the manufacturer’s restrictive NDA. The county also cited “homeland security” terminology in its refusal to release requested documents about the Hailstorm device.
The county denied The News’ Freedom of Information Act request, saying the information is protected by anti-terror laws and includes “investigating records compiled for law enforcement purposes that would disclose law enforcement investigative techniques or procedures.”
Law enforcement officials in one of the safest counties in Michigan are conjuring up terrorism as an excuse for deploying a questionable device, as well as to avoid having to answer any tough questions about its capabilities or usage.
Undersheriff McCabe claims the device is used to go after “people wanted for murder and rape,” while simultaneously claiming the DHS won’t allow the department to talk about its non-terrorist-related use. He also claims it’s not used without a warrant, a statement the county itself isn’t allowing anyone to verify. (Among the documents requested were returned warrants on closed cases.) The Sheriff’s Department refuses to discuss the technology (other than to highlight how great it is at catching bad guys) or back up its statements with documentation and somehow expects the public to be just fine with all of this. With state politicians now looking into its Hailstorm usage, the normal combination of obfuscation and bluster likely won’t keep these details secret for much longer.
Filed Under: hailstorm, michigan, mobile phones, oakland county, privacy, spoofing, stingray
Companies: harris manufacturing