Documents Pried Out Of DOJ's Hands Confirm Stingray Devices Can Be Used To Intercept Communications

from the but-we-never-use-them-that-way!-never?-well...-hardly-ever! dept

Something long-believed but short of official documentation has now been confirmed: Stingray devices can intercept phone calls.

[N]ewly released documents confirm long-held suspicions that the controversial devices are also capable of recording numbers for a mobile phone’s incoming and outgoing calls, as well as intercepting the content of voice and text communications. The documents also discuss the possibility of flashing a phone’s firmware “so that you can intercept conversations using a suspect’s cell phone as a bug.”

The information appears in a 2008 guideline prepared by the Justice Department to advise law enforcement agents on when and how the equipment can be legally used.


The closest we’ve come to official confirmation of this capability is the DOJ’s 2015 “official guidance” on Stingray warrant requirements, which noted that all devices must comply with the pen register requirements, which means the interception of phone numbers only. Any device used by agencies under its control must not use them for the interception of communications.

It also would suggest they’re not allowed to use them to obtain cell site location data, as that information can’t be obtained with pen register orders. The documents obtained by the ACLU (after a protracted legal battle) clarify this in the opening pages.

111. Invocation of 18 U.S.C. 2702(c)(4) to receive prospective cell site: Reliance on this provision to allow repeated, perspective collection of cell site data may be problematic. Judicious use of this provision is advised. Advise the field that the more prudent course of action is to obtain a search warrant under Rule 41 for repeated disclosures of prospective cell site information because Rule 41 has prospective effect.

The document also handily suggests that a good way to get around pen register limitations and/or warrant requirements is to just ask the service provider for the data (“a service provider can voluntarily disclose historical cell site data…”). Anything handed over voluntarily apparently doesn’t implicate the Fourth Amendment, even though the location data was generated by the person with the phone, rather than autonomously by the cell phone provider. But that’s the Third Party Doctrine for you.

Following that are instructions for “Emergency Wiretap Orders,” which directly mentions utilizing IMSI catchers to intercept communications.

Obtain the following, relevant facts: 1) circumstances giving rise to the emergency situation; 2) who, if known, is using the target phone/facility/location; 3) how the target phone/facility/location was identified; 4) when the phone/facility/location was last known to be used; 5) most recent criminal activity; and 6) basis for belief that phone/facility/location will be used for communications concerning the crime, i.e. what evidence is there that the perpetrator is acting in concert with others — what communications will be obtained.

More confirmation here, in wording that is echoed by the DOJ’s 2015 cell tower spoofer guidance:

Digital analyzers/cell site simulators/triggerfish and similar devices may be capable of intercepting the contents of communications and, therefore, such devices must be configured to disable the interception function, unless interceptions have been authorized by a Title III order.

And for those of you who’d like to play along at home, several of the pages can be printed out and used for your own game of Stingray court order Mad Libs.


You won’t have to read all the way to the end, though. Most of the interesting stuff happens in the first few pages, but in true bureaucratic fashion, the bulk of the 71 pages is made up of duplicated responsive documents.

These documents, of course, only deal with the DOJ and its agencies. Whatever’s being issued as guidance here doesn’t necessarily carry over to local law enforcement agencies using these devices. Considering the intense secrecy surrounding IMSI catchers, it’s safe to say they’ve been deployed to collect communications without a warrant (or at least a warrant that directly refers to the device and its intended use), and we do know they’ve been using them as ad hoc tracking devices by grabbing cell site location data. When the lid finally comes off entirely, I’m sure we’ll see a great number of constitutional violations tracing back to IMSI catchers.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Documents Pried Out Of DOJ's Hands Confirm Stingray Devices Can Be Used To Intercept Communications”

Subscribe: RSS Leave a comment
27 Comments
Bergman (profile) says:

But look on the bright side

If using a Stingray does not require a warrant, then using one cannot be a violation of either the Computer Fraud and Abuse Act or an interception of telephone communications.

After all, the only exemption to such violations being a crime REQUIRES a warrant.

So they’re not crimes. The nature of the law in the US is that anything not specifically prohibited is legal.

If use of a Stingray without a warrant is not interception of communications, and using one to turn a phone into a bug via a firmware update doesn’t require a warrant either, then it would be completely legal to do that to anyone, by anyone.

Why bother with a FOIA request for the head of the FBI’s email, when you can simply tap his phone 100% legally?

AJ says:

Re: But look on the bright side

“So they’re not crimes.”

The rules only apply to plebs such as yourself. For specific examples; See Hilary Clinton’s email server.

“If use of a Stingray without a warrant is not interception of communications, and using one to turn a phone into a bug via a firmware update doesn’t require a warrant either, then it would be completely legal to do that to anyone, by anyone.”

See my first response.

“Why bother with a FOIA request for the head of the FBI’s email, when you can simply tap his phone 100% legally?”

… and again; see my first response.

That One Guy (profile) says:

Re: But look on the bright side

No no, it’s still completely illegal for you or any other member of the public to tap into someone’s private communications, the only reason it’s ‘legal’ for the FBI/DOJ/police to do so is because the vast majority of judges turn into spineless cowards the second they see a badge and/or someone utters the magic words ‘National security’.

art guerrilla (profile) says:

Re: Re: Re: Well of course

“If a law enforcement agency can do an update without a human at the device to start (or at least consent to) the update, so can a hacker!”

i believe these extra-constitutional intrusions by the donut eaters classify as hacking by anyone but Empire’s definition…

AND, i have ZERO doubt that if they have the capability of snorfling up everything AND the conversations themselves, they will do so…

why not ? ? ? there is ZERO effective oversight…
there is an asymptotically close to ZERO chance you will get caught…

who says krime don’t pay ? ? ?

Anonymous Coward says:

Re: Re:

When that day comes, my guess is that the almighty FBeye will insist on the hole remaining open, because it would be to difficult to change, as well as they will try to expand their powers to catch these “dangerous” hackers.
It will be a fire they can never put out and that is the way they want it. Why do your job, when your job and power is insured by not doing it.

Anonymous Coward says:

Re: use as a bug

We’ve long been aware of this ability.

“They [NSA] can absolutely turn them [iPhones] on with the power turned off to the device,” Snowden replied.

(http://www.wired.com/2014/06/nsa-bug-iphone/)

Their capabilities don’t just stop with turning the phone on while it’s powered off. I read elsewhere they can use the cameras and mics as well. Looking for the citation.

Anonymous Coward says:

Obtain the following, relevant facts: 1) circumstances giving rise to the emergency situation; 2) who, if known, is using the target phone/facility/location; 3) how the target phone/facility/location was identified; 4) when the phone/facility/location was last known to be used; 5) most recent criminal activity; and 6) basis for belief that phone/facility/location will be used for communications concerning the crime…

Yeah, that’ll be hard:

1) Terrorism! Also pedophiles. Probably.
2) Dunno. Who cares, it only says ‘if’.
3) Map. Dart. Throw.
4) The past.
5) Very recently.
6) Everyone is probably guilty of things & stuff.

Anonymous Coward says:

TD misses the story again.

I warned of these capabilities here years ago, and was dismissed and treated like a conspiracy theorist- even though I posted ample supporting technical evidence.

Here you have an “official” conformation that firmware can be changed- If a hacker can change firmware, they can change everything else. It’s much worse then “intercepting communication content”, It’s full bore subversion. People already know how to hack it; a quick youtube search will reveal everything. Search: baseband hacking, baseband blackhat…etc

Cellular baseband processor’s effectively give full device authority over to the cell station. This is fact, not speculation. Therefore, cellular devices are all backdoored, by design- semantics be damned- it’s a “functional equivalent” of a hardware based backdoor. Some of us cryptogeeks have known and been warning about this for age’s… No one listens..

This should be common public knowledge by now; instead we get absurd counter-intelligence sponsored legal theatre about backdooring cellphone encryption, the coverage of which endlessly repeats and reinforces the false assumptions that the devices are secure in the first place, and leaves the average person with the belief that his/her cellphone definitely isn’t backdoored, cause the gov lost that battle. There is no need to back door encryption when the device itself is backdoored.

Perhaps they’re under duress, but TD and tech news media in general have failed miserably on their coverage of such topics. It would seam an ethical imperative to shout fire in a crowded theatre, when the theatre actually is on fire. Nation-state and Corporate control of hardware based backdoors isn’t somehow magically limited to dystopian sci-fy; it’s very much a part of our current modern world.

Personally I doubt that it’s limited to cellphones- but I don’t have much legitimate factual reference to back my speculation on that.

Anonymous Coward says:

Re: TD misses the story again.

You’re right, the things you’re addressing have been long known. It takes a awful lot these days to mobilize the public these days but this imho is a worthy cause.
I’m right there with you, been saying the same thing for years only to be shunned as a paranoid conspiritard. The last laugh has very little value in this circumstance. Now if we could get on to the part were people start caring that they’re living in The Minority Report. Funny they spun up a series from the movie as well. How appropriate.

Anonymous Coward says:

Why did the NSA and GCHQ hack into the largest simcard manufacturer in the world to steal private simcard keys for everyone’s cellphones?

https://theintercept.com/2015/02/19/great-sim-heist

So they can fly a drone equipped with “dirtboxes” over your house at 2am and reflash your phones firmware to download malware updates enabling key logging, bugging your microphone, and cracking all the encryption applications running on the insecure hardware devices know as smartphones.

Everyone who thought the NSA and GCHQ stole all those private simcard keys to simply listen in on voice calls were thinking small potatoes. They did it to reflash your firmeware using StingRays mounted in the nose of UAV drones. Or I suppose they could do it the low-tech, old fashioned way by driving a van past your house, but that method is slow and outdated compared to using drones to do it.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...