DOJ Apparently Last To Know About Widespread Stingray Usage/Secrecy; Vows To Look Into It

from the 'what-is-the-deal-with-all-these-Stingrays?'-no-longer-rhetorical dept

Considering the number of documents confirming the FBI’s stranglehold on Stingray device information that have been made public in recent months (including the FBI’s nearly-blank 5,000-page FOIA response), this move by the DOJ is a surprising development.

The Justice Department will start revealing more about the government’s use of secret cellphone tracking devices and has launched a wide-ranging review into how law-enforcement agencies deploy the technology, according to Justice officials.

Senior officials have also decided they must be more forthcoming about how and why the devices are used—although there isn’t yet agreement within the Justice Department about how much to reveal or how quickly.

So… caveats, obviously. There’s more on the way, but we don’t know when we’ll get it, or how much it will actually be, but at least the DOJ will finally be taking a look at a technology that’s being deployed by law enforcement agencies — often without warrants. And when they do use warrants, they’re often obtained with misleading affidavits so as to comply with the non-disclosure agreements the FBI forces them to sign before deploying the devices.

This is also surprising, considering the FBI wrote itself a large enough loophole to ensure it never needed to bother with this sort of paperwork.

In recent months, the Federal Bureau of Investigation has begun getting search warrants from judges to use the devices, which hunt criminal suspects by locating their cellphones, the officials said. For years, FBI agents didn’t get warrants to use the tracking devices.

One wonders how the Wall Street Journal knows this, considering the FBI is the last agency that would publicly confirm or deny anything about its Stingray usage. Perhaps some more documents are on the way whether the FBI likes it or not…

But it appears outside scrutiny has finally forced the DOJ to confront the all-encompassing secrecy surrounding Stingrays — something that routinely excludes defendants and judges and sometimes stretches far enough to lock out other “good guys,” like prosecutors and states’ attorneys.

For the first time ever, legislators are beginning to ask uncomfortable questions about the technology. While the FBI can apparently blow off a majority of the US population — including the judicial system — it’s not going to have nearly as much luck fending off determined lawmakers. The technology it loves could become the technology it can no longer have — or at least see it subjected it to a number of requirements that would make it much less enjoyable to deploy.

Congressional scrutiny is never comfortable. But another contributing factor is the entities directly and indirectly involved with tracking cell phones: service providers. They’re unhappy and they’ve got a pretty good idea how often requests for data are heading their way and how specious or redundant the requests are.

Federal law-enforcement and phone-company officials also have expressed concerns that some local police authorities were abusing a legal shortcut by submitting an inordinate number of requests for cellphone information, according to people familiar with the matter.

Some of this is parallel construction. Some of this is abuse of an avenue previously used to acquire specifically-targeted information: pen register/trap and trace orders. It’s already public knowledge that law enforcement agencies — backed by the FBI’s own legal rationalizations — are using these to cover Stingray usage and/or bypass warrant requirements.

On top of this, law enforcement agencies are busy ensuring that the words “exigent circumstances” become as meaningless as “relevant” or “probable cause.”

About a year ago, Baltimore police officials began deluging some phone companies with requests for customer cellphone information, claiming it couldn’t wait for a judge’s order, according to people familiar with the matter. Normally, police need a court order to get that kind of information about a phone customer. But there is an exception for emergency requests. Phone companies’ rules vary, but they generally allow emergency requests to be fulfilled in missing-persons cases or when there is a risk of death or serious injury. Typically, the phone company employee doesn’t ask questions to verify the nature of the emergency.

No doubt the Baltimore PD used the hell out of this loophole, what with its 4,300 Stingray deployments over a seven-year period.

Whether this examination by the DOJ will result in any meaningful changes is debatable. It could easily decide that everyone’s following all the rules, at least as far as the FBI’s interpretation of statutes governing pen register orders. That it’s actually securing warrants is a positive sign, but it would be nice to see if the affidavits actually specify the devices used to perform the “search.” It’s one thing to gather data on phone calls. It’s quite another to lock down where that phone is located by sifting through everyone’s data while pretending to be a cell tower — especially considering the devices also have the capability to intercept certain communications.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DOJ Apparently Last To Know About Widespread Stingray Usage/Secrecy; Vows To Look Into It”

Subscribe: RSS Leave a comment
22 Comments
John Fenderson (profile) says:

At least it's not bad news

I want to be elated about this, but I know how these things tend to go. The DOJ will reveal some stuff everyone already knows anyway, confess to some minor abuses, change their secret policies in some secret way to look like it’s trying to stop the minor abuses it has admitted to. PR job done.

In other words, can anyone say “limited hangout”?

AJ says:

I wonder if they really think they are the only ones deploying this technology? Bet they go straight to “think of the children” when peeps start building these things in their garage, or organized/semi-organized crime start using them to their advantage. You can almost see the riotous indignation when the police and the politicians are the ones getting listened in on. I think at this point they are useless anyway, the only people that don’t know about them, or know about them and aren’t deploying countermeasures, however primitive, are the people that truly don’t have anything to hide.

tqk (profile) says:

The silence is deafening.

We know that Stingrays force every device that connects to it into 2G mode. We know that 2G isn’t secure.

We know that the NSA is unapologetically hoovering up anything it can get its hands on, storing it for whenever. Does Baltimore PD have datestamped GPS records on every device in the area? I suspect so. Would the NSA also use the opportunity to quietly slurp *whatever* from each of the devices affected? Until they say otherwise, I wouldn’t doubt it. They’ve given me no reason to.

We also know all these LEOs have data sharing agreements between each other, and we know they use this data all the time in very “creative” ways.

They’re loath to discuss any of this blaming it all on that very convenient NDA the Harris Corp. has “forced” on them. They also hate the very idea of having to get warrants to justify any of this. If they were truthful, they’d need a warrant for every device the Stingray connects to, which wouldn’t happen. Not everyone they connect to is of interest in a law enforcement investigation.

If I were the fourth amendment, I’d say this situation stinks to high heaven. I wouldn’t fault anyone for thinking that way. I’m very surprised they feel so little obligation to explain any of these apparent contradictions.

What does all that add up to? Keeping us safe in the War On Terror and the War On Drugs, or is it just Police State Light, and once they work out all the bugs inconveniencing Blacks and Chicanos, they’ll turn it onto you too?

Have a nice day.

Anonymous Coward says:

Re: Was this Stingrays in use?

Can’t say for sure, but airports are great targets for this kind of surveillance.

If you have an Android phone, check out Snoopsnitch and/or Android IMSI-Catcher Detector (AIMSICD), both of which claim to detect certain disturbances caused by these devices.

https://opensource.srlabs.de/projects/snoopsnitch
https://secupwn.github.io/Android-IMSI-Catcher-Detector/

Anonymous Coward says:

3g/2g fallback

2g has much better performance with a weak signal then 3g- the downgrade keeps calls from dropping, that’s why it’s a required fallback. This is a physics limitation partially- lower carrier frequencies can not carry as much data due to shorter radio wave lengths. Perhaps they could come up with a new encrypted 2g standard- it would be even slower, and legacy support might be an issue though. Most people will never notice poor security- dropped calls on the other hand…

John Fenderson (profile) says:

Re: 3g/2g fallback

It’s possible to make your phone refuse to fall back to 2G. The exact way you do this can vary by phone, OS, carrier, and your preferences. A web search can help you out here.

I’ve been doing this on my phone for a few years now, and haven’t noticed a problem with increased dropped calls. The problem I noticed is that some regions are only covered by 2G and so 2G must be enabled when I’m in those areas. Being a software geek, I wrote a Tasker script to handle all of these sorts of cases automatically.

Anonymous Coward says:

...sigh...

The idea that stingrays can only record imsi’s and track location is, on it’s face, as shortsighted as believing toothpicks are only capable of picking teeth. Look at what hackers can do with a base station and carrier standard baseband functionality. This information is freely available and even easy to find on youtube and such. Focusing on stingrays is missing the core of a very serious problem= the security implications of device architecture, and non user controlled hardware based hierarchical authority.

Anonymous Coward says:

stopping 2g fallback.

Network negotiation is handled via a baseband co-processor. I suspect your only causing the OS to refuse 2g- This wouldn’t stop a remote override fallback command, though it might kill the (OS) network in such a case. The baseband would still connect to 2g and have access to ram. Some (most?) stingrays must be able to handle 3g, or they wouldn’t have been caught stealing keys. The only reason 3g is any issue for such stingrays is the encryption- the keys to which can be compelled or stolen from the phone co, or scraped from the ram of the device itself. I’d be very interested and appreciative if you have any information you can share that contradicts any of the above.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...