Documents Pried Out Of DOJ's Hands Confirm Stingray Devices Can Be Used To Intercept Communications
from the but-we-never-use-them-that-way!-never?-well...-hardly-ever! dept
Something long-believed but short of official documentation has now been confirmed: Stingray devices can intercept phone calls.
[N]ewly released documents confirm long-held suspicions that the controversial devices are also capable of recording numbers for a mobile phone’s incoming and outgoing calls, as well as intercepting the content of voice and text communications. The documents also discuss the possibility of flashing a phone’s firmware “so that you can intercept conversations using a suspect’s cell phone as a bug.”
The information appears in a 2008 guideline prepared by the Justice Department to advise law enforcement agents on when and how the equipment can be legally used.
The closest we’ve come to official confirmation of this capability is the DOJ’s 2015 “official guidance” on Stingray warrant requirements, which noted that all devices must comply with the pen register requirements, which means the interception of phone numbers only. Any device used by agencies under its control must not use them for the interception of communications.
It also would suggest they’re not allowed to use them to obtain cell site location data, as that information can’t be obtained with pen register orders. The documents obtained by the ACLU (after a protracted legal battle) clarify this in the opening pages.
111. Invocation of 18 U.S.C. 2702(c)(4) to receive prospective cell site: Reliance on this provision to allow repeated, perspective collection of cell site data may be problematic. Judicious use of this provision is advised. Advise the field that the more prudent course of action is to obtain a search warrant under Rule 41 for repeated disclosures of prospective cell site information because Rule 41 has prospective effect.
The document also handily suggests that a good way to get around pen register limitations and/or warrant requirements is to just ask the service provider for the data (“a service provider can voluntarily disclose historical cell site data…”). Anything handed over voluntarily apparently doesn’t implicate the Fourth Amendment, even though the location data was generated by the person with the phone, rather than autonomously by the cell phone provider. But that’s the Third Party Doctrine for you.
Following that are instructions for “Emergency Wiretap Orders,” which directly mentions utilizing IMSI catchers to intercept communications.
Obtain the following, relevant facts: 1) circumstances giving rise to the emergency situation; 2) who, if known, is using the target phone/facility/location; 3) how the target phone/facility/location was identified; 4) when the phone/facility/location was last known to be used; 5) most recent criminal activity; and 6) basis for belief that phone/facility/location will be used for communications concerning the crime, i.e. what evidence is there that the perpetrator is acting in concert with others — what communications will be obtained.
More confirmation here, in wording that is echoed by the DOJ’s 2015 cell tower spoofer guidance:
Digital analyzers/cell site simulators/triggerfish and similar devices may be capable of intercepting the contents of communications and, therefore, such devices must be configured to disable the interception function, unless interceptions have been authorized by a Title III order.
And for those of you who’d like to play along at home, several of the pages can be printed out and used for your own game of Stingray court order Mad Libs.
You won’t have to read all the way to the end, though. Most of the interesting stuff happens in the first few pages, but in true bureaucratic fashion, the bulk of the 71 pages is made up of duplicated responsive documents.
These documents, of course, only deal with the DOJ and its agencies. Whatever’s being issued as guidance here doesn’t necessarily carry over to local law enforcement agencies using these devices. Considering the intense secrecy surrounding IMSI catchers, it’s safe to say they’ve been deployed to collect communications without a warrant (or at least a warrant that directly refers to the device and its intended use), and we do know they’ve been using them as ad hoc tracking devices by grabbing cell site location data. When the lid finally comes off entirely, I’m sure we’ll see a great number of constitutional violations tracing back to IMSI catchers.