NY Court Orders Sheriff To Reveal Details On Stingray Mobile Phone Surveillance

from the finally,-a-victory dept

For quite some time now, we’ve been covering how various law enforcement agencies have been using “Stingray” (or similar) cell tower spoofing devices to track the public. Beyond the questionable Constitutionality of such mass surveillance techniques, what’s been really quite incredible is the level of secrecy surrounding such devices. We’ve written about how the US Marshals have “intervened” in various court cases to hide info about the use of Stingrays — and even telling local law enforcement to lie about their use of the devices. We’ve written about law enforcement officials claiming “terrorism” as the reason for needing Stingrays, but then using them for everyday law enforcement. We’ve written about the company that makes Stingrays, Harris Corp., forcing police to sign non-disclosure agreements barring them from revealing any info about their use. It also appears that Harris Corp. misled the FCC to receive approval for its mobile tower spoofing capabilities. Some police departments have even withdrawn evidence rather than talk about their use of Stingrays.

Thankfully, there’s been growing concern about these devices. Congress has been investigating and now it appears at least some courts are getting skeptical about the use of Stingrays. The New York Civil Liberties Union (NYCLU) has highlighted that a judge in one of its cases has ordered the Erie County Sheriff’s Office to reveal information to the public about its Stingray operations. The full ruling [pdf] is worth reading. While denying the NYCLU’s claim that the Sheriff’s Office didn’t conduct a thorough search as required, the judge is not at all impressed by the redactions in the documents that were released:

The purchase orders should have been disclosed in their entirety, without redaction of the various words, phrases, and figures thus far withheld. The purchase orders (and more particularly the redacted words, phrases, and prices), were not “compiled for law enforcement purposes” in the sense meant by the statute but, even if they were, their disclosure would not: “interfere with law enforcement investigations or judicial proceedings”; “identify a confidential source or disclose confidential information relating to a criminal investigation,” meaning a particular ongoing one; or “reveal [non-‘routine’] criminal investigative techniques or procedures, meaning techniques a knowledge of which would permit a miscreant to evade detection, frustrate a pending or threatened investigation, or construct a defense to impede a prosecution…. Further, the purchase orders (or, more precisely, the information redacted therefrom), although clearly constituting inter-agency materials” (the other agency involved was Erie County and its Office of the Comptroller), amount entirely to “instructions to staff that affect the public”…. Indeed, the instructions set forth in the purchase orders?’in essence, “Pay this bill of this vendor for this item purchased by the Sheriff’s Office at this price”?was and is of quintessentially compelling interest to and of undeniable impact upon the taxpaying public.

Finally, the Court finds that the purchase orders, and particularly the matters redacted therefrom, are not “specifically exempted from disclosure by state or federal statute” …. The Court rejects respondent’s arguments that the disclosure sought here would, if made, violate a particular federal statute, regulatory scheme, and executive order forbidding (and indeed criminalizing) the export of certain sensitive technology without government license or the illicit revelation of sensitive information about such sensitive technology to foreign nationals. The Court instead is convinced by petitioner’s argument that the disclosure of public records pursuant to New York’s Freedom of Information Law and the within judicial directive — even records concerning respondent’s ownership and use of a cell site simulator device — does not amount to the actual export of such arms, munitions, or defense technology. Further, the Court is satisfied by showing on this record that petitioner, a New York not-for-profit corporation, is not a “foreign person,” meaning that the disclosures sought by it pursuant to FOIL would not in fact run afoul of related federal legal restrictions on the revelation of sensitive technical data about export-restricted arms or technology.

Got that? Basically the court rejects the Sheriff’s Office’s contention that disclosing this information was somehow “exporting munitions” to “foreign persons.”

Oh, as for the non-disclosure agreement with Harris Corp.? The judge notes that a non-disclosure agreement is not a federal regulation:

At the outset, the Court notes its agreement with petitioner’s observation that the FBI-drafted non-disclosure agreement is not itself a federal statute specifically exempting anything from disclosure….

In fact, later in the order, the court says that the non-disclosure agreement itself should be disclosed:

Likewise, the Court concludes that this public record ought to have been disclosed in its entirety. As indicated, the agreement was entered into between the FBI and respondent as an apparent pre-condition of respondent’s being allowed to acquire and use the cell site simulator. The gist of the letter is not a recitation of the technological capabilities of the device or even the “hows” and “whens” or the advantages of its use for law enforcement purposes, but rather simply the need for the Sheriff’s Office to avoid disclosing the existence, the technological capabilities, or any use of the device to anyone, lest “individuals who are the subject of investigation … employ countermeasures to avoid detection,” thereby endangering the lives and safety of law enforcement officers and others and compromising criminal law enforcement efforts as well as national security. The Court has no difficulty in concluding that the agreement (or, more precisely, each redacted-at-length passage of it) was not “compiled for law enforcement purposes” in the sense meant by the statute…. Again, even if it was, the Court would conclude that the disclosure of the non-disclosure agreement would not thwart or prejudice any particular ongoing law enforcement investigation or pending prosecution…. Nor, the Court concludes, would the disclosure of the non-disclosure agreement “identify a confidential source or disclose confidential information relating to a criminal investigation,” again meaning a specific ongoing one, or “reveal” other than “routine” “criminal investigative techniques or procedures”….

There’s a lot more, including other documents, and all of that leads the judge to also grant attorney’s fees to the NYCLU. It will be interesting to see if the Sherriff’s Office challenges this, but it’s a pretty complete win for transparency in an area that law enforcement has been trying to keep totally secret for quite some time now.

Filed Under: , , , , , ,
Companies: aclu, nyclu

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NY Court Orders Sheriff To Reveal Details On Stingray Mobile Phone Surveillance”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Re: Re:

Beat me to it.

There is no way, after all the shady tricks they’ve used to keep the details of these things secret, and any information relating to them, that they’ll allow a judge to get away with forcing the details public. I fully expect the documents demanded to be seized by another government agency, who will undoubtedly spin some ridiculous story about how they absolutely cannot be released.

Anonymous Coward says:

Re: Re: What does the public need to know?

That if you carry a phone, the government can listen in any time that they want.

• The on-off switch on your phone does not mechanically disconnect the battery from the circuit.

• A software implant capable of turning on the microphone remotely is probably capable of turning on the camera remotely too.

Of course, pictures from the inside of your pocket may be less exciting than sounds captured there.

Anonymous Coward says:

Re: Re: What does the public need to know?

/Paranoid theory

Yes. Well, Professor Matt Blaze is a well-known paranoid. (“How Law Enforcement Tracks Cellular Phones”, Dec 13, 2013.)

… there are other phone-related surveillance tools at law enforcement’s disposal as well. There’s some evidence, for example, that the FBI has the ability to install surveillance malware on the devices of high-value targets, and this could possibly include cellphones.

Just because the NSA utilized a capability during the counter-insurgencies in Iraq and Afghanistan does not necessarily mean that some podunk county sheriff’s department gets to play with all the cool toys.

Rapnel (profile) says:

Re: What does the public need to know?

The public needs to know whether or not these systems, among others, are being used legally and pass constitutional muster. Mass surveillance (a.k.a. “bulk collections”) is a pretty bold concept to press (nay, insist) legality.

Or perhaps you would like to submit that we are kept man that can be tapped and tracked at will by a government that has twisted your best interests to serve its own?

Our new Technological Tools of Tyranny are not under the proper lock and key. Trust no one.

Anonymous Coward says:

I’m looking forward to seeing the non-disclosure agreement between law enforcement and Harris Corp. As the judge states, this particular non-disclosure agreement is not a federal law and has no legal weight behind it. The non-disclosure agreement belongs in the public domain, seeing as the public is paying for the StingRay devices law enforcement agencies purchase using taxpayer dollars.

Anonymous Coward says:

The public should know that StingRays can be used to re-flash a phone’s firmware and install malware/spyware thanks to law enforcement having the private SIM card keys for everyone’s cellphones, as reported by the Intercept newspaper. I believe the article is called “The Great SIM card heist”.

With these two pieces of the puzzle (SIM keys and StingRays) law enforcement is able to issue remote commands to anyone’s smartphone. The phone will accept the commands because they’ll think the commands are coming from the mobile wireless network carriers (AT&T and Verizon) due to the private SIM card keys matching.

The public also needs to know about the airplanes and unmanned drones flying around over people’s houses. Due to these aircraft flying at a higher altitudes than cellular ground towers, this gives drones a much larger radio signal range. Which in turn means they’re more effective at mass cellphone surveillance and malware insertion than ground based StingRay devices.

There’s still plenty for the public to learn and be appalled about. If there’s one thing the public hates, it’s government messing with their cellphones. The government knows this, hence all the secrecy.

GEMont (profile) says:

One Judge to Rule them all. One Judge to Bind them.

I can only wonder how long it will take the NSA to send this judge his Obedience Instructions, and for the judge to reverse his decisions in favor of police secrecy.

In fact, this judge must be a pillar of decency, if he has not already received at least a preliminary “we are watching” shot over the bow from the spook agencies in charge of judicial conformity.

Could we have actually found an honest, law abiding judge who does not snort cocaine on weekends and rent under age hookers on a regular basis??

Will wonders never cease??

Anonymous Coward says:

re-flashing firmware- while possible- would be quite visible and intrusive on any blanket scale. Also- it’s completely unnecessary. The hardware architecture of phones gives the telco/stingray authority over the device; it doesn’t matter what software you run on top of that- you can’t fix it with rooting & custom rom.

Encryption keys, passwords, apn’s, call/text/data logs, emails, file index’s, contacts, gps logs, thumbnails. -all small files kept in known memory locations that can be accessed and dumped through the baseband.

Now does it make sense why they’d pay to fly these things around? …a very very expensive thing to do; surely not justified by collecting esn’s, imsi’s, and intercepting random calls- all of which could be done from the phone company. The reasonable assumption, given known facts, is that stingrays are data vacuums- collecting intell to seed parallel constructed cases.

To be clear- I’m all for catching criminals- but this is an abortion of due process and the fundamental values of a just society.

GEMont (profile) says:

Re: Re:

And it has only just begun to get interesting.

Wait till you see what they get caught doing next year.

After all, since there are no consequences for any of these actions against the US public, there is absolutely no reason whatsoever to curtail, or slow down the process of blanket surveillance of citizens, or to control what is being done with the information thus gathered.

They’re not all that worried about getting caught any more either.

While the Presidente’ does keep saying publically that he is against it, he does absolutely nothing to stop it and everything he does do, tells the forces of lawless order that he approves of their methods and bids them continue.

Because the technology allows it, the USA will become far more authoritarian and evil than any of the past evil empire regimes. The members of Regime USA have already become drunk with power due to their immunity from prosecution, and the truckloads of cash they’re siphoning out of the tax-payer’s pocket, and they are eagerly seeking ways and means to escalate the process for even more fun and profit.

And why not?

After all, the US Public is once again, footing the entire bill.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...