Warrantless Collection Of Cellphone Data By Law Enforcement On The Rise, As Is The Use Of Stingray Tower Spoofers
from the millions-of-'incidental'-records dept
As we covered last week, cellphone tower “dumps” are increasingly being used by law enforcement to track criminals. These “dumps” provide LEOs with the information gathered every time someone’s cell phone contacts the tower, whether it’s to make a call, send a text or email or access the web.
This vast amount of data being sought is obtained with a court order, which has a much lower bar than a search warrant, which requires probable cause. The ease in which this data is obtained is one concern. The other concern is that many law enforcement agencies have little to nothing in the way of guidelines for dealing with this collected data — often allowing it to be stored for years, completely unmiminized. Agencies also are under no obligation to inform citizens that their data has been collected.
USA Today has compiled some more information about how these tower dumps are used, as well as on how common they are becoming. As was noted in our original article, requests for these data dumps has jumped over 75% over the last five years (according to Verizon) and more than 1.3 million requests were made in 2011 alone (Verizon and AT&T combined).
Here’s how one particular case utilized data dumps to search for a suspect.
In October 2012, in Colorado, a 10-year-old girl vanished while she walked to school. Volunteers scoured Westminster looking for Jessica Ridgeway.
Local police took a clandestine tack. They got a court order for data about every cellphone that connected to five providers’ towers on the girl’s route. Later, they asked for 15 more cellphone site data dumps…
The tower dump data helped police choose about 500 people who were asked to submit DNA samples. The broad cell-data sweep and DNA samples didn’t solve the crime, though the information aided in the prosecution. A 17-year-old man’s mother tipped off the cops, and the man confessed to kidnapping and dismembering the girl, hiding some of her remains in a crawl space in his mother’s house. He pleaded guilty and last month was sentenced to more than 100 years in prison.
To sum up, tons of data was collected, resulting in a broad sampling of 500 people’s DNA, and yet it was an old-fashioned tip that resulted in the arrest and indictment of the suspect. What should be considered a troubling incursion on our civil liberties is viewed by law enforcement as just another tool in the toolset, albeit one that goes long on data and comes up short on results.
From this lowered bar (court orders), police use previously obtained cellphone tower dumps as justification for even more tower dumps, along with any other information that they can gather without having to obtain a warrant: home addresses, call records, locations and the content of texts. This data is combined with the info gathered by other surveillance technology, including plate readers and traffic cams, to generate very precise recreations of a person’s actions and movements — all without a warrant or any concern for the amount of unrelated data gathered.
The intrusion goes even deeper than bulk data dumps, though.
Local and state police, from Florida to Alaska, are buying Stingrays with federal grants aimed at protecting cities from terror attacks, but using them for far broader police work…
Typically used to hunt a single phone’s location, the system intercepts data from all phones within a mile, or farther, depending on terrain and antennas.
Stingray devices give law enforcement agencies roaming cell tower impersonators to grab even more data with, bypassing both search warrants and the wireless providers themselves.
Law enforcement agencies don’t want to talk about these devices, something the manufacturer has an active hand in.
Initially developed for military and spy agencies, the Stingrays remain a guarded secret by law enforcement and the manufacturer, Harris Corp. of Melbourne, Fla. The company would not answer questions about the systems, referring reporters to police agencies. Most police aren’t talking, either, partly because Harris requires buyers to sign a non-disclosure agreement.
Beyond not wanting to talk about the devices, agencies are also reluctant to discuss what guidelines (if any) they have in place to help safeguard civil liberties. As it stands now, most of these devices are deployed covertly, with citizens having no idea their local law enforcement even possesses this capability.
Documents obtained by Indianapolis Star indicate the Indiana state police own a Stingray device valued at nearly $375,000. Unsurprisingly, the state police have no interest in discussing this purchase.
[O]fficials at Indiana’s largest police agency aren’t saying what they do with the technology; they’re mum on whose data they’ve collected so far; and they’re not talking about what steps they take to safeguard the data.
Citing concerns that releasing any information would endanger public safety by hindering the agency’s ability to fight crime and combat terrorism, they won’t even say whether they ask a judge for a search warrant before they turn the equipment on.
There it is again — concerns about intrusive technology and untargeted data hauls being waved away by throwing out the word “terrorism” and claiming that revealing any information would “endanger public safety.” It’s a cop-out — one that dodges every potential issue by appealing to fear.
The reality is that very few people know how these are being deployed. The power of the device lends itself to abuse, or at the very least, overuse. As the article points out, police in South Carolina used tower dumps to investigate items being stolen from vehicles and in Miami, the police department deployed a Stingray to spy on protesters at a world trade conference.
According to the documents, 25 police departments around the country have contracts with Harris Corp. These devices may be expensive, but utilizing the word “terrorism” when applying for a grant from the DHS generally makes the tech more affordable. These devices also appear to be loaned out freely to other agencies, meaning the actual count of law enforcement agencies with access to this technology is considerably higher than the 25 listed.
This unofficial sharing program vastly increases the amount of data gathered — as well as the potential for the civil liberties violations. While one agency may have guidelines affecting use and destruction of gathered data, the agency borrowing it may have nothing in place at all. And, considering the fact that no agency wants to talk about their usage of Stingrays, it’s safe to assume whatever safeguards are in place are lax and full of loopholes.
Outdated laws have combined with expansive readings of the Third Party Doctrine to give law enforcement agencies nearly unlimited access to vast amounts of data. The rise of cellphones has been fortuitous for agencies with unquenchable thirsts for data, providing millions of metadata points for millions of users. And, like our intelligence agencies, these law enforcement agencies are operating largely under the cover of “darkness,” actively avoiding (or directly thwarting) any attempts at oversight.