stingrays – Techdirt (original) (raw)

The FBI Is Still Pretending Stingrays Are Super Secret Cop Spy Tech That Shouldn’t Be Discussed In Court

from the WHAT_YEAR_IS_IT.wav dept

When I was but a wee Techdirt boy, the FBI was telling cop shops that had borrowed or obtained Stingray devices they’d best not talk about it in court or it would be their NDA’ed ass on the line. In 2015, documents the FBI hoped no one would see (and actually told local cops they couldn’t release) showed the FBI was forcing Stingray users to drop cases, rather than discuss this repurposed war gear in court.

That was 2015. That was roughly four years after criminal defendant Daniel Rigmaiden managed to sniff out the devices through internet research and public records requests while trying to suppress the evidence that had gotten him arrested three years earlier. In other words, what’s know about Stingray devices traces back to 2008, when Rigmaiden made a concerted effort to discover how the feds had tracked his AirCard, the only thing linking him to where he actually was physically when he was arrested.

A few years after the 2011 article based on Rigmaiden’s findings, Stingrays weren’t really a secret. People generally knew what they were capable of. Still, both the FBI and Harris Corporation swore users to secrecy. If it appeared evidence derived from surreptitious deployment of cell site simulators might be discussed in open court, prosecutors and law enforcement agencies were pressured to drop cases. Or, if the case seemed promising, the FBI encouraged them to engage in “parallel construction,” i.e. finding some other way of duplicating the results obtained from Stingray devices so courts wouldn’t be aware of how this evidence was actually obtained.

We are now eight years past that inflection point. And little has changed, at least in terms of the FBI. The general public is now fully aware law enforcement possesses devices capable of spoofing cell towers to locate phones and their owners. It’s so common it’s now just a consumer commodity, as Dell Cameron reports for Wired:

The controversy around “stingrays” is so old that the tactical advantage they once offered exclusively to military spies works far more efficiently today as a commercial capability. To wit, finding a phone is now a standard feature on nearly all phones.

That’s just one of several points Cameron makes in his article discussing FBI Stingray records obtained by the ACLU. The FBI is still applying pressure, trying to maintain secrecy about a law enforcement product everyone already knows pretty much everything about at this point in time.

Documents obtained by the ACLU show, for example, that police requested technical assistance from the FBI in May 2020 during a manhunt for a gang-affiliated suspect wanted of multiple murders. “This is a serious crime and a good use of our assistance abilities,” an FBI official wrote in response to the request. Though redacted to protect the privacy of the individuals involved, the document indicates the suspect had recently attacked a female victim leaving her greatly injured.

The arguments compelling all this secrecy is difficult to square with the reality that, in the year 2023, both innocent people and criminals alike are far from naïve about how much like a tracking device cell phones actually are.

This apparent effort to terminate a criminal case occurred the same year Harris Technology ditched Stingray development because it considered the product obsolete.

How the FBI managed to justify these ongoing demands for secrecy (if they indeed ended in 2020) remains a mystery. The known ability of phones to act as tracking devices (even if users take general precautions) had long since passed the point of general knowledge. It had seeped into pop culture and from there entered the weird realm of people just trying to get paid for not working. Back to Dell Cameron:

Whether everyday people comprehend that their phones are constantly broadcasting their locations is a question best answered by the man who was caught stowing his phone in a potato chip bag so he could play golf instead of work—a trick so effective (or possibly unnecessary) that, in the end, it took an office snitch to bring him down. It’s hard to imagine the crime spree the man might’ve pulled off had he only applied this advanced telecommunications mastery toward some more felonious endeavor.

While the golfer was hailed widely as a “MacGyver” in the press, the trick he used to deceive his employer was first popularized in the 1998 thriller Enemy of the State. Early in the film, Gene Hackman’s character grabs and stuffs Will Smith’s phone into a potato chip bag (screaming at him, meanwhile, that the NSA can “read the time off your fucking watch.”)

As Cameron points out, if people know the office vending machine is stocked with ad hoc Faraday bags, there’s very little chance criminals — sophisticated or not — realize the entity most likely to rat them out has a 6.3″ screen, multiple cameras, and generates a shitload of data cops can mine without a warrant, much less a [whispers furtively] Stingray.

Give it up, g-men. We all know what you know. Stop pretending Stingrays are anything more secret than dusting for fingerprints or beating suspects with a large [tries to pronounce this correctly] foʊn ˈbʊk (???). It’s a spy tool that spies can’t even use because those being spied upon already know what it is. That it can still be used to capture the careless doesn’t mean it’s too sensitive for public consumption.

Filed Under: 4th amendment, fbi, nda, secrecy, stingrays, surveillance, transparency
Companies: harris corp.

Harris Stingray Nondisclosure Agreement Forbids Cops From Telling Legislators About Surveillance Tech

from the lying-about-the-law-to-ensure-silence dept

The FBI set the first (and second!) rules of Stingray Club: DO NOT TALK ABOUT STINGRAY CLUB. Law enforcement agencies seeking to acquire cell tower spoofing tech were forced to sign a nondisclosure agreement forbidding them from disclosing details on the devices to defendants, judges, the general public… sometimes even prosecutors.

A new wave of parallel construction washed over the land, distancing defendants from the source of evidence used against them. Pen register orders — used to cover the tracks of Stingray searches — started appearing en masse, as though it was 1979 all over again. If curious lawyers and/or judges started sniffing around, agencies were instructed to let accused criminals roam free rather than expose details about Stingray devices. According to the FBI, public safety would be irreparably damaged if Stingray details were exposed. Apparently the return of dangerous criminals to the street poses no harm to the public.

Another NDA has been uncovered, thanks to a lengthy public records lawsuit. The document finally handed over by Delaware State Police to the ACLU was once referred to as “mythical” by the DSP in court. Yes, the State Police once claimed this NDA never existed. It did so while claiming it had zero communications with Harris while acquiring its Stingray. The ACLU obviously found this hard to believe and the court sent the DSP back to search harder. The Harris NDA is real. And it’s spectacular.

The agreement, signed by a state police detective in 2010, stated that officers could not “discuss, publish, release or disclose any information pertaining to the (cell phone tracking) products” to the general public, to companies, to other governmental agencies, or even to other officers who do not have a “need to know.”

A letter attached to the agreement, and signed by Harris Corp.’s account manager, said police are not permitted to talk about the devices with “elected officials.”

“Stealth, quiet approach and skilled execution are the glue that transforms weapons and technology investments into capabilities and results,” Harris Corp.’s Michael E. Dillon said in the letter. “Only officers with arrest authority are permitted to use them (Stingrays) or have knowledge of how they work.”

Harris cited federal law for the conditions in the agreement, which it stated is similar to other “intelligence oriented aspects of your operations.”

Yes, Harris is deliberately misconstruing federal law to ban law enforcement agencies from discussing its devices with anyone, including those who oversee departments and their spending. This means the public has zero chance of knowing what surveillance tech local officers are deploying. The part of the law cited by Harris — 18 USC 2512 — simply forbids entities who are not (a) wireless service providers or (b) government contractors from advertising or selling tools that intercept wireless communications. It has absolutely nothing to say about discussing these devices with other government entities (or the general public for that matter).

But as we all are painfully aware, ignorance of the law is the bread-and-butter of law enforcement. Detective Dennis Smith signed the “mythical” document [PDF] all the way back in 2010, “binding” his agency to an agreement it could have walked away from at any time with zero consequences. (Well, maybe the loss of future business deals with Harris, but no violations of state or federal laws.)

Disappointingly, state legislators seem pretty cool about being kept in the dark by a government contractor’s bogus NDA.

[L]awmakers are some of the “worst at keeping secrets,” said [Greg] Lavelle, the Senate minority whip.

“I’m not offended that they threw public officials in there (the non-disclosure agreement),” he said.

Lavelle may not speak for the rest of the Delaware legislature, but at this point he has to. All other legislators refused to answer questions about the Harris NDA that allowed the State Police to hide information about surveillance equipment from them. Finding out agencies they oversee have been effectively lying to them should have triggered more of a response. Instead, Delaware residents get a single shrug from a state rep and silence from the rest.

Filed Under: disclosure, due process, evidence, fbi, imsi catchers, nda, stingrays, surveillance
Companies: harris

DHS Deploying Stingrays Hundreds Of Times A Year

from the not-so-much-natsec-as-it-is-basic-warrant-service dept

It’s no secret most law enforcement agencies own or have access to Stingray devices. But some deployment totals can still raise eyebrows. The Baltimore PD, for example, deployed Stingrays 4,300 times over an 8-year period — more than once per day. And it hid these behind pen register orders, so that judges, defendants, and defense lawyers had no idea exactly how the PD located suspects.

Thanks to Buzzfeed’s FOIA request, we now know another government agency has been firing up its Stingrays at least once a day. And it’s one of the nation’s largest.

A document obtained by BuzzFeed News shows the US Department of Homeland Security used secretive cell phone–tracking devices nationwide more than 1,800 times from 2013 to 2017.

The information, obtained through a Freedom of Information Act request, shows that Homeland Security Investigations, a major investigative arm of DHS, used what’s known as cell-site simulator over-the-air technology 1,885 times from Jan. 1, 2013, to Oct. 11, 2017 throughout the US.

There’s not a lot to be gleaned from the document [PDF], other than the total number of deployments and cities where they may have been deployed. Given the DHS’s purview, one would assume these are deployed only in serious criminal investigations. That assumption would be wrong, as DHS component ICE has already shown.

Sen. Ron Wyden recently asked US Immigration and Customs Enforcement for information on the agency’s use of the devices after it was determined ICE used a cell-site simulator to arrest an undocumented immigrant. Among the questIons Wyden sought answers to was what steps the agency had taken to limit interference to the phones of people not being investigated.

ICE may be making the most use of DHS Stingray devices. In its answers to Wyden’s questions, the agency made it clear it uses Stingrays for all sorts of banal things, like tracking down pretty much anyone its looking for or simply sniffing out phone details for future subpoenas.

Of course, while it’s doing this hundreds of times a year, the phone service of everyone DHS agencies aren’t looking for is interrupted. But that’s OK with ICE, because the only phone service anyone really needs is emergency service, according to director Thomas Homan.

“In all circumstances, devices are always able to dial 911 without any disruption of service,” Homan said.

So, not really a problem, according to ICE — even if ICE is doing nothing more than readying a subpoena.

This is why the Supreme Court’s take on Carpenter will be important. A ruling following the current view on third party data might encourage the federal government to ditch its voluntary Stingray warrant requirement. It will also encourage other law enforcement agencies to continue hiding evidence of Stingray use behind pen register requests, leading defendants and presiding judges to believe the phone they tracked in real time was actually just historical cell site location data.

Filed Under: dhs, imsi catcher, location, privacy, stingrays

New York Court Says NYPD Must Get Warrants To Deploy Stingrays

from the take-that-Big-Blue dept

Another court has decided warrants must accompany Stingray use. (via the New York Times) The ruling handed down earlier this month clarifies the distinction between the records obtained and the records requested. In this case, police used a pen register request to deploy their Stingray device. As the court points out, Stingray devices grab a lot more than just phone numbers.

A pen register or trap and trace warrant is authorized under New York’s CPL Art. 705.00. According to that Article, a pen register is a device that attaches to a landline phone to identify and record “the numbers dialed or otherwise transmitted” in outgoing and incoming calls.” CPL 705.00 (1). In addition, CPL 705.00 (2) defines a trap and trace as a similar device to that of the pen register that identifies the “originating number” for a call. It should be noted, however, that Article 705 does not authorize the gathering of location information using a cell phone’s Global Positioning system (GPS), nor does it authorize the gathering of additional information, that might include the content of a phone’s calls or text messages by the use of a pen register and/or trap and trace order.

[…]

_Thus, it is improper under New York Law to authorize the obtaining of any information from a suspect’s phone other that the phone numbers dialed or otherwise transmitted in outgoing and incoming calls and/or an originating phone numbe_r.

As the court notes, the addition of GPS location info changes the matrix for law enforcement paperwork. It’s not enough to settle for the lower requirements of a pen register order. Tracking and tracing people involves a higher statutory burden. And that’s exactly what this is: to deploy a Stingray, a team of officers must fire one up and roam all over the place until they home in on their target. This is completely distinct from showing up at a telco office asking for dialed digits.

Additionally, the court points out that while the information obtained (the phone’s location) might ultimately be a third party record accessible with a subpoena, the government can’t be the third party collecting the records.

[U]nlike pen register device information or that provided by the CSLI, a cell site simulator device does not involve a third party. “The question of who is recording an individual’s information initially is key.” See US v Lambis, supra, citing In re US for Historical Cell Site Data, 724 F.3d 600 [5th Circ. 2013] [distinguishing between “whether it is the Government collecting the information or requiring a third party to collect or store it, or whether it is a third party, of its own accord and for its own purposes, recording the information”]. The Lambis court continued: “For both pen register information and CSLI, the Government ultimately obtains the information from the service provider who is keeping a record of the information. With the cell-site simulator, the Government cuts out the middleman and obtains the information directly.” US v Lambis, Id.

By its very nature, then, the use of a cell site simulator intrudes upon an individual’s reasonable expectation of privacy, acting as an instrument of eavesdropping and requires a separate warrant supported by probable cause rather than a mere pen register/trap and trace order such as the one obtained in this case by the NYPD.

Presumably, the NYPD was less than forthcoming about its Stingray use. In the opening of the opinion, the court points out the location the suspect was tracked to was completely unrelated to any information the NYPD already had in hand when it took its Stingray out for a spin.

Based upon the information gathered from this order for the defendant’s cell phone, Detective Brown located and arrested the defendant three days later on April 15, 2016, inside of 1540 Sterling Place, Apartment 3E in Brooklyn, an address not previously identified as of any interest to this investigation.

The decision also notes Stingray use was “conceded” by the prosecution, suggesting it fought this disclosure for as long as it could.

This is good news for residents of New York and another small step towards a unified judicial view on Stingray deployments. Better yet, it has probably resulted in audible wailing and gnashing of teeth in the upper levels of the NYPD bureaucracy.

Filed Under: imsi catchers, nypd, privacy, stingrays, warrants

DC Court Says Metro Police Need Warrants To Deploy Stingrays

from the another-win-for-the-4th dept

Another warrant requirement for Stingray use has been established. Again, it’s not a federal decision, so jurisdiction is limited, but there’s now another case to cite when fighting warrantless Stingray use in federal courts.

This decision comes from the DC Appeals Court (very much not the DC Circuit Court of Appeals). The case involves the Metro PD’s use of a Stingray to track two phones: the suspect’s and one he had stolen. The lower court handed the government a win. After pointing out there was plenty of time (around 10 hours between report of crime and Stingray deployment) to obtain a warrant (thus no exigent circumstances exception), the court decided the evidence derived from the tracking fell into the “inevitable discovery” exception since the tracking of the stolen phone would have led officers to the suspect.

The problem is the officers testifying for the Metro PD could not say for sure which phone they were tracking: the suspect’s or the phone he had allegedly stolen from the victim. The lower court cut the cops some slack, allowing for the possibility of they were tracking a phone (the victim’s) the suspect had no privacy interest in.

The appeals court, however, doesn’t read it the same way. First, it goes further than the lower court, deciding the use of Stingray devices requires a warrant. As it points out in its opinion [PDF], the use of Stingray devices is far more invasive than other tracking methods. To begin with, it does something historic cell site location data and/or GPS trackers can’t: locate a suspect no one’s actively tracking.

With a cell-site simulator, however, police no longer need to track a person visually from some starting location or physically install a tracking device on an object that is in, or will come into, his or her possession. Instead, they can remotely activate the latent tracking function of a device that the person is almost certainly carrying in his or her pocket or purse: a cellphone. As the present case demonstrates, police officers first obtain subscriber information and real-time location information from the target‘s telecommunications provider to narrow down the search area. They then proceed to that area with a cell-site simulator, which they use to force the person‘s cellphone to identify itself and reveal its exact location. It is in this sense that a cell-site simulator is a locating, not merely a tracking, device: A cell-site simulator allows police officers who possess a person‘s telephone number to discover that person‘s precise location remotely and at will.

Further, Stingray devices force peoples’ phones to relinquish information to law enforcement.

A final consideration is that when the police use a cell-site simulator to locate a person‘s cellphone, the simulator does not merely passively listen for transmissions sent by the phone in the ordinary course of the phone‘s operation. Instead, the cell-site simulator exploits a security vulnerability in the phone—the fact that cellphones are, in the words of the defense expert, ? “dumb devices,” unable to differentiate between a legitimate cellular tower and a cell-site simulator masquerading as one — and actively induces the phone to divulge its identifying information.

Which flows directly into this determination:

The preceding considerations lead us to conclude that the use of a cell-site simulator to locate Mr. Jones‘s phone invaded a reasonable expectation of privacy and was thus a search.

There are reasons the court feels a warrant requirement is necessary — ones that involve government responsibility and accountability.

[T]he simulator‘s operation involve[s] exploitation of a security flaw in a device that most people now feel obligated to carry with them at all times. Allowing the government to deploy such a powerful tool without judicial oversight would surely ?shrink the realm of guaranteed privacy “far below that which existed when the Fourth Amendment was adopted.” Kyllo, 533 U.S. at 34. It would also place an individual in the difficult position either of accepting the risk that at any moment his or her cellphone could be converted into tracking device or of forgoing ? “necessary use of” the cellphone.

The government argued cellphone users have no expectation of privacy in location information they know (or should know) is being broadcast to third parties. The appeals court disagrees, pointing to the Supreme Court’s decision on wiretap use.

Contrary to the government‘s argument, Katz makes clear that a person does not lose a reasonable expectation of privacy merely because he or she is made aware of the government‘s capacity to invade his or her privacy. When Katz was issued, the public and the courts were well aware of the government‘s capacity to wiretap and eavesdrop through technological means, yet the Supreme Court did not find this fact determinative of the question whether individuals possess a reasonable expectation of privacy in their conversations.

[…]

A person‘s awareness that the government can locate and track him or her using his or her cellphone likewise should not be sufficient to negate the person‘s otherwise legitimate expectation of privacy.

The court also shoots holes in the government’s “inevitable discovery” theory. At some point, the officers switched from tracking a phone with zero privacy interest (the victim’s) to tracking the suspect’s phone. When they did this, they screwed themselves out of a warrant exception. The court decides the government doesn’t get to pile up wrongs and ask the court to view them as “right.”

[H]ere the government is asking us to find inevitable discovery where the police had mutually exclusive options and, for whatever reason, chose the option that turned out to be unlawful. The inevitable-discovery doctrine does not apply in this type of situation.

The good faith exception is killed off as well, thanks to the secrecy surrounding the Metro PD’s ownership and deployment of a Stingray device.

The Supreme Court has not, however, recognized the applicability of the good-faith exception in a situation remotely like the present one—where the police, not acting pursuant to a seemingly valid warrant, statute, or court opinion, conducted an unlawful search using a secret technology that they had shielded from judicial oversight and public scrutiny. See supra note 26. Indeed, assuming the police believed the warrantless use of the cell-site simulator to be lawful, they could not have reasonably relied on that belief, given the secrecy surrounding the device and the lack of law on the issue.

As for the government’s argument suppression of evidence isn’t needed to deter future wrongdoing because the PD now abides by DOJ guidance recommending search warrants for Stingray use, the court finds its assertions hollow.

The government has not cited any case in which a court has declined to apply the exclusionary rule based on the government‘s representation that it will not engage in unlawful conduct in the future. […] And given that the DOJ policy memorandum does not describe any sort of enforcement mechanism that would ensure compliance with the policy, and given that the present administration or a subsequent one may well revise this policy, we are not convinced that the need to deter future constitutional violations is lacking.

And with that, the government loses almost all of its evidence, as well as the testimony of one of its witnesses. The conviction obtained is also reversed. The concurring opinion points out something that clearly separates Stingray cellphone tracking from other cellsite location info collection methods: it turns people’s cellphones into investigative tools by law enforcement. And it doesn’t do this voluntarily, no matter how the government might choose to misread the Third Party Doctrine. It does it by forcing all phones in the area to connect with the Stingray device and cough up their identifying info, including location.

This decision stands next to the one in Maryland as the first court-determined Stingray warrant requirements. More will come, although it’s not entirely clear at this point which way these decisions will go. The Supreme Court is set to hear a case on warrantless access to historic cell site data. Whatever’s decided there will factor into ongoing courtroom discussions about warrantless deployment of cell tower spoofers.

Filed Under: 4th amendment, dc, imsi catchers, privacy, stingrays, surveillance

ICE Using Stingrays To Track Down Immigrants Because Of Course It Is

from the high-value-targets-just-means-everyone dept

As information about police use of cell tower spoofers began leaking out, those who had kept the public (including defendants, judges, and even some prosecutors) out of the loop began defending their use of domesticated military technology. They said pay no attention to the possible civil liberties violations. Just think of all the good they’re doing. They promised Stingrays would only be used on the worst of the worst, and only when time was of the essence: terrorists, murderers, kidnappers, etc.

But then even more Stingray documents made their way into the public domain. These showed the devices were deployed in bog-standard drug investigations or, worse, used just because agencies had them. This perhaps reached its nadir when a police department fired up its Stingray to hunt down someone who had stolen less than $60 worth of fast food. To make matters worse, the Stingray failed to track down the alleged thief.

Of course, anyone paying attention knew Stingrays would be used for nothing of importance, despite public officials’ statements otherwise. The first person to start digging into Stingray use was Daniel Rigmaiden, who was doing time for fraud. Not exactly the sort of crime one would associate with exigent circumstances and possible danger to the public.

And, of course, because it’s now the government’s foremost priority to toss undocumented immigrants out of the country, Stingrays are being used to accomplish this goal. And, just like the defensive statements made on behalf of IMSI catchers, the federal government has claimed it’s only interested in removing the most dangerous of undocumented individuals first. These statements are also false.

Federal officials in Detroit used a secretive tool known as a “Stingray” — which tricks cell phones into revealing their location — to find an undocumented man for deportation.

The cell-site simulator has been used in the past by federal and local law enforcement to find murder suspects, kidnap victims, drug dealers and terrorists — but sometime in March, FBI and ICE officials used it to find a 23-year-old native of El Salvador to deport him.

The alleged criminal act being used as leverage — both for the Stingray deployment and the use of ICE’s “eject” button — is a long ways from the Parade of Horribles used to justify the acquisition and use of cell tower spoofers.

According to the warrant, Carcamo-Carranza was deported in 2012 and 2015 to El Salvador, but returned to the US.

In Feb. 28, 2016, he was arrested in Shelby Township, Michigan, on suspicion of hit-and-run, but was released by local police before he was detained by ICE agent.

Also of note: ICE used a warrant to pry loose this phone number, serving one to Facebook which gave it access to Carranza’s private messages. Just throwing that in there to add a bit more skepticism for the “Going Dark” theory. A phone that might be locked isn’t the end of the line for investigators, no matter how loudly law enforcement officials sigh during press conferences while gesturing ineffectively at a pile of seized devices.

As we always knew would happen, Stingray technology would soon shift from its more limited, “higher cause” deployment into just another tool for rote policework.

Filed Under: ice, immigration, privacy, stingrays, tracking, warrants

UK Bill Would Force Service Providers To Set Up Fake Cell Towers For Surveillance Of Prisoners' Communications

from the compulsory-attendance dept

The latest arena for deployment of cell tower spoofers is prisons. Along with the diminished rights and lowered expectation of privacy afforded to prisoners, those incarcerated can now expect their cell phone calls to be blocked or intercepted.

The Register reports a new bill being introduced in the UK would give prisons legal authority to install IMSI catchers to monitor prisoners’ communications and track/locate contraband devices. The use of Stingray devices in prisons isn’t exactly new, although it hasn’t really received much attention. Last year, Motherboard reported the Scottish prison system had been deploying cell tower spoofers for one specific reasons: to make prisoners’ cell phone communications impossible. The devices blocked 2G and 3G signals, according to FOI’ed documents. (The documents also noted prisoners had already defeated the repurposed cell tower spoofers, so whatever was included in those documents is already outdated.)

In the US, prisons are using similar devices, although no one has copped to deploying a name-brand Stingray within the walls of a prison. ACLU tech head Chris Soghoian’s 2014 report on Stingray devices cites a Commerce Department paper on the use of cell tower spoofers to thwart communications and locate contraband devices.

There’s a twist in the UK legislation, though, that takes it past previous prison surveillance efforts. This bill would compel the cooperation of telcos, rather than make use of existing cell tower spoofer technology.

Provisions in the new bill will allow the Justice Secretary to order networks to deploy so-called “IMSI catchers” to prevent, detect or investigate the use of mobile phones in prisons.

Currently fake base stations can only be deployed under the legal provisions in the Prisons (Interference with Wireless Telegraphy) Act 2012, which restrict their deployment to within prison walls – and further, only allows prison governors to deploy them.

The new proposals therefore expand the ability of the state to spy on innocent citizens by further co-opting mobile phone companies’ technical abilities.

Rather than leave this to state entities possessing state-owned devices, the bill recruits cell service providers to perform the technical heavy lifting. While prison officials would be able to deploy a device inside a prison’s walls to minimize interference with outside cell phone traffic, this bill appears to encourage the deployment of fake cell towers (or the repurposing of existing cell towers) outside prison walls, which would greatly increase the possibility of disrupting legitimate cell phone use and subject a number of non-prisoners to data/communications collections by the prison.

The bill contains no wording pertaining to these two issues. There’s no requirement to minimize interference or discard irrelevant data/communications. All it does is expand the UK government’s power to compel participation in its prison surveillance efforts. This lack of regulatory specificity is par for the course, as the Register points out.

In effect, use of IMSI catchers is effectively unregulated, albeit legal for the state and bodies authorised by the state under the Data Retention and Investigatory Powers Act 2014. It remains illegal for ordinary citizens to use them.

UK law enforcement are also using IMSI catchers, but have yet to be subjected to the (belated) judicial and legislative scrutiny we see happening here in the US. Stingray use in the UK falls under legal authorities for the interception of communications, all of which were written long before police had the (portable) power to disrupt communications and harvest communications and data.

The debate over this legislation may change that. While law enforcement agencies are generally receptive to new laws that expand their power and reach, there’s always the danger legislative discussions may lead to more direct oversight and/or the removal of a few layers of opacity.

Filed Under: imsi catchers, prisoners, stingrays, surveillance, uk

House Oversight Committee Calls For Stingray Device Legislation

from the and-only-two-decades-from-their-first-appearance dept

The Congressional Committee on Oversight and Government Reform has issued its recommendations on the use of cell site simulators (a.k.a. “Stingrays,” presumably to Harris Corporation’s trademark erosion dismay) by law enforcement. Its recommendations are… that something needs to be done, preferably soon-ish. (h/t Chris Soghoian)

Congress should pass legislation to establish a clear, nationwide framework for when and how geolocation information can be accessed and used.

Before it reaches this conclusion, the Committee spends a great deal of time recounting the history of both the devices’ usage, as well as any steps taken (most of them very recently) to govern their use.

The report [PDF] points to the Supreme Court’s Jones decision, albeit not in a very helpful way. The justices punted on the warrant question, leaving it up to lower courts’ interpretation as to whether or not tracking someone with a GPS device violated their privacy. The only thing they did agree on was the intrusion onto the property to install the device on the petitioner’s vehicle. Everything else was left unclear, including the lack of a bright line for how much location tracking equals unconstitutional tracking.

Cell site simulators can perform the same function and, until recently, every law enforcement agency in possession of the devices deployed them without seeking search warrants. The DOJ finally suggested warrants might be necessary in 2015, which would only be about 18 years since DOJ elements began using Stingray devices.

A 1997 DOJ guidance bulletin discussed the agency’s views on what legal authority governed the various law enforcement surveillance options, including “cell-site simulator.” According to the 1997 guidance, DOJ took the position that “it does not appear that there are constitutional or statutory constraints on the warrantless use of such a device.” According to a chart that was issued with the guidance, court orders, search warrants, and subpoena requirements were not applicable when deploying this device.

For most law enforcement agencies, the lack of a warrant requirement has allowed them to disguise their Stingray deployments. Most have sought pen register orders instead for this form of real-time location tracking. Others have used parallel construction to hide use of IMSI catchers from courts, defendants, and, in some cases, the prosecutors they work with. This was all heavily encouraged by the FBI’s nondisclosure agreement, which it made law enforcement officials sign before allowing them to purchase the devices.

Now, they’re everywhere. The IRS has its own devices and feds are attaching IMSI catchers to planes and flying them over cities in hopes of tracking down suspects. What’s more concerning is the devices’ capabilities, which federal and local law enforcement agencies all swear they’ve never used.

In testimony before the Committee, DOJ and DHS both confirmed the simulator devices they use do not intercept any communications or content from the cellular devices to which they connect. Specifically, DOJ confirmed that between January 1, 2010 and September 2, 2015, its component agencies using the technology—the FBI; the Drug Enforcement Administration (DEA); the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF); and U.S. Marshals Service (USMS)—only collected dialing, routing, signaling and addressing information in domestic criminal investigations and did not use the devices to collect the content of communications. While the current DOJ and DHS policies require the cell-site simulators to be configured as pen registers and to not collect content, some of the cell-site simulator models used by law enforcement components within DOJ and DHS would be capable of collecting content if the devices had the necessary software installed.

The Committee points out that if the federal government doesn’t hand down universal controls for the deployment of these devices, the situation will only devolve from here.

Further, the Committee notes that these devices are available all over the world and with even fewer usage restrictions. And the tech is more widely available than the US government would hope, which means those who care little for policies, guidance, or federal law won’t hesitate to deploy these themselves.

It is possible, if not likely, bad actors will use these devices to further their aims. Criminals and spies, however, will not be adopting the DOJ and DHS policies and procedures or any other ethics of surveillance. They will not be self-limiting in their use of these devices so as to not capture the content of others’ conversations. Criminals could use these devices to track potential victims or even members of law enforcement. One can imagine scenarios where criminals or foreign agents use this type of technology to intercept text messages and voice calls of law enforcement, corporate CEOs, or elected officials.

The report notes that devices are already for sale on foreign websites, and those selling them are suggesting purchasers set them up in high-traffic areas (near banks, restaurants, hospitals, etc.) for maximum effectiveness. On top of that, hobbyists and researchers have been able to put together their own IMSI catchers, all without the guidance or assistance of companies who sell their devices to a highly-restricted list of government agencies. The secret is out — and has been out for years. While any legislation would do little to deter bad actors, it would at least allow the US to act as a role model for foreign governments to emulate and give it some sort of (belated) moral high ground to stand on when restricting US companies from selling surveillance tech to governments with human rights abuse track records.

If nothing else, the hope is that the legislation called for will result in a cohesive, coherent ruleset that’s also Constitutionally-sound. Obviously, this will be met with law enforcement resistance, as anything that implements a warrant requirement generally does.

Filed Under: house oversight committee, imsi catchers, stingrays, surveillance
Companies: harris corporation

EFF, ACLU And Public Records Laws Team Up To Expose Hidden Stingray Use By The Milwaukee Police Department

from the acronyms-to-the-rescue! dept

The EFF and ACLU — along with the assistance of a very fortuitous public records request by Stingray-tracker extraordinaire Mike Katz-Lacabe — have uncovered more hidden use of IMSI catchers by law enforcement. A criminal prosecution relying on real-time tracking of a suspect’s cell phone has finally led to the admission by Wisconsin police that they used a Stingray to locate defendant Damian Patrick.

The information wasn’t handed over to the court until the EFF, ACLU, and Katz-Lacabe’s FOIAed documents forced the government to admit it used the device. Up until that point, testimony given by officers gave the impression that tracking Patrick down only involved the use of records from his service provider. They also claimed the information pinpointing Patrick’s location in a parked vehicle was just a tip from an “anonymous source.”

As we’ve seen in other cases involving Stingrays, the government did everything it could in this case to hide the fact that it used a Stingray—from the court that issued the pen register/trap and trace order, the court that heard Patrick’s motion to suppress the evidence, and even from Patrick, himself. In police reports, the officers said only that they “‘obtained information’ of Patrick’s location; . . . had ‘prior knowledge’ that Patrick was occupying the vehicle; . . . [and] ‘obtained information from an unknown source’ that Patrick was inside the vehicle at that location.”

This charade continued through an evidentiary hearing, where the judge refused to allow the defense to coax more specific information out of the testifying officer.

[E]ven at an evidentiary hearing where officers admitted to cellphone tracking, they would only acknowledge, cryptically, that they’d received “electronic information” confirming Patrick was in the vehicle. When Patrick’s attorney asked what “electronic information” meant, the officer on the stand would say only that it involved “tracking [a] cell phone.” The judge cut off any further questioning at that point.

And that’s where Katz-Lacabe’s FOIA request played a significant role. Katz-Lacabe had obtained Stingray logs using Wisconsin’s public records laws. Contained in those logs were Stingray deployments matching up to the government’s tracking and locating of Damian Patrick. The government has now begrudgingly admitted as much, via a letter from the DOJ to the court regarding the Milwaukee Police Department’s Stingray deployment.

Per our conversation last week, the government has determined that on October 28, 2013, the Milwaukee Police Department used a cell site simulator to locate Damian Patrick. At this time, we do not intend to seek leave to supplement the record pursuant to Federal Rule of Appellate Procedure 10.

The government is still arguing that the MPD complied with the Fourth Amendment, even if it never obtained a search warrant to deploy the Stingray. In any event, the affidavit it submitted (for what appears to be a pen register order, rather than a warrant) did not mention the use of a Stingray. Still, it argues no evidence should be suppressed… because circular reasoning.

[T]he government also argues it didn’t violate the Fourth Amendment in this case because it actually got a warrant—or maybe, in the alternative, the equivalent of a warrant (the police had a warrant to arrest (not search) Patrick and a court order (not a search warrant) to track Patrick’s phone). In a confusing and somewhat circular argument, the government asserts that because it submitted a “sworn affidavit” in support of its request for the pen/trap order, the order must have actually been a search warrant—if it hadn’t been a warrant, then it “wouldn’t have needed a finding of probable cause, which it contained.”

Dumping probable cause into a pen register application is a nice nod to the Fourth Amendment, but it’s not required and it doesn’t turn a court order into a warrant. An arrest warrant is not a search warrant, and it’s likely the MPD would not have been able to serve its arrest warrant without the use of its Stingray-obscuring pen register order. The admission that Stingray surveillance should require the use of a warrant is, again, a nice nod to the Fourth Amendment, but it means nothing if that’s not how the Milwaukee PD actually operates. And, yet again, the long battle to uncover evidence of Stingray tracking makes it clear the PD is hiding this information from judges when applying for court orders and warrants.

Filed Under: imsi catcher, milwaukee, milwaukee pd, police, secrecy, stingrays
Companies: aclu, eff

Prosecutors Say Cops Don't Need Warrants For Stingrays Because 'Everyone Knows' Cell Phones Generate Location Data

from the we'll-let-you-know-when-you-have-an-expectation-of-privacy dept

Up in Baltimore, where law enforcement Stingray device use hit critical mass faster and more furiously than anywhere else in the country (to date…) with the exposure of 4,300 deployments in seven years, the government is still arguing there’s no reason to bring search warrants into this.

The state’s Attorney General apparently would like the Baltimore PD’s use of pen register orders to remain standard operating procedure. According to a brief filed in a criminal case relying on the warrantless deployment of an IMSI catcher (in this case a Hailstorm), the state believes there’s no reason for police to seek a warrant because everyone “knows” cell phones generate data when they’re turned on or in use. (h/t Brad Heath of USA Today)

The whereabouts of a cellular telephone are not “withdrawn from public view” until it is turned off, or its SIM card removed. Anyone who has ever used a smartphone is aware that the phone broadcasts its position on the map, leading to, for example, search results and advertising tailored for the user’s location, or to a “ride-sharing” car appearing at one’s address. And certainly anyone who has ever used any sort of cellular telephone knows that it must be in contact with an outside cell tower to function.

The state’s brief folds in parts of the Third Party Doctrine and the Supreme Court’s 1979 Smith v. Maryland decision to make a truly terrible argument that because certain aspects of cell phones involuntarily create location data, the Fourth Amendment never comes into play.

Matt Blaze rephrases the state’s argument slightly, exposing the ridiculousness of this assertion.

"People let people into their houses sometimes, therefore no warrant is needed to search houses". Or something. https://t.co/XncuaZvdwW

— matt blaze (@mattblaze) January 14, 2016

“People let people into their houses sometimes, therefore no warrant is needed to search houses”. Or something.

The state follows this up by arguing that, because the use of a pen register order to deploy an IMSI catcher is not expressly forbidden by local statutes, the evidence shouldn’t be suppressed.

There was no cellular tracking device statute in effect at the time. There was an order from a neutral magistrate, finding probable cause to authorize precisely what was done in this case; the closest applicable statute does not contain an exclusionary provision. Thus, the court erred in excluding evidence in this case.

All well and good, except that the only reason there was no statute in place is because local law enforcement spent years keeping its cell phone tracking devices hidden from judges and defendants, obscuring the technology through parallel construction and misleading pen register order requests. This case is no different than the hundreds preceding it. The magistrate judge signing the pen register order had no idea what the Baltimore PD was actually doing. The presiding judge in this prosecution declared the Baltimore PD’s pen register request contained “material misrepresentations” on his way towards granting the suppression of evidence.

For the state to claim everything was above board and no Fourth Amendment violations occurred is rather audacious, considering it spent months dodging discovery requests related to the methods used to locate the defendant.

The request, asking for no more than what the State was compelled to disclose pursuant to Maryland Rule 4-263, sought: 1) “records, notes, and documents” relating to the Baltimore Police Department’s investigation into a second suspect from the April 27, 2014 shooting; as well as 2) information “indicating how Mr. Andrews was located at 5032 Clifton Avenue.”

Over two months later, on January 8, 2015, the State responded to the discovery request. The State claimed not to “possess information related to the method used to locate the Defendant at 5032 Clifton Avenue.” (T1 9) This turned out to be false.

In fact, the state did not turn over its IMSI catcher-related information until mid-May 2015, more than seven months from the point it was originally requested. That’s a long time to withhold information on a Hailstorm deployment the state now claims was both perfectly legal and intruded on no one’s privacy.

Filed Under: 4th amendment, baltimore, cell phones, expectation of privacy, hailstorm, imsi catchers, police, stingrays, warrants