Documents Pried Out Of DOJ's Hands Confirm Stingray Devices Can Be Used To Intercept Communications
from the but-we-never-use-them-that-way!-never?-well...-hardly-ever! dept
Something long-believed but short of official documentation has now been confirmed: Stingray devices can intercept phone calls.
[N]ewly released documents confirm long-held suspicions that the controversial devices are also capable of recording numbers for a mobile phone’s incoming and outgoing calls, as well as intercepting the content of voice and text communications. The documents also discuss the possibility of flashing a phone’s firmware “so that you can intercept conversations using a suspect’s cell phone as a bug.”
The information appears in a 2008 guideline prepared by the Justice Department to advise law enforcement agents on when and how the equipment can be legally used.
The closest we’ve come to official confirmation of this capability is the DOJ’s 2015 “official guidance” on Stingray warrant requirements, which noted that all devices must comply with the pen register requirements, which means the interception of phone numbers only. Any device used by agencies under its control must not use them for the interception of communications.
It also would suggest they’re not allowed to use them to obtain cell site location data, as that information can’t be obtained with pen register orders. The documents obtained by the ACLU (after a protracted legal battle) clarify this in the opening pages.
111. Invocation of 18 U.S.C. 2702(c)(4) to receive prospective cell site: Reliance on this provision to allow repeated, perspective collection of cell site data may be problematic. Judicious use of this provision is advised. Advise the field that the more prudent course of action is to obtain a search warrant under Rule 41 for repeated disclosures of prospective cell site information because Rule 41 has prospective effect.
The document also handily suggests that a good way to get around pen register limitations and/or warrant requirements is to just ask the service provider for the data (“a service provider can voluntarily disclose historical cell site data…”). Anything handed over voluntarily apparently doesn’t implicate the Fourth Amendment, even though the location data was generated by the person with the phone, rather than autonomously by the cell phone provider. But that’s the Third Party Doctrine for you.
Following that are instructions for “Emergency Wiretap Orders,” which directly mentions utilizing IMSI catchers to intercept communications.
Obtain the following, relevant facts: 1) circumstances giving rise to the emergency situation; 2) who, if known, is using the target phone/facility/location; 3) how the target phone/facility/location was identified; 4) when the phone/facility/location was last known to be used; 5) most recent criminal activity; and 6) basis for belief that phone/facility/location will be used for communications concerning the crime, i.e. what evidence is there that the perpetrator is acting in concert with others — what communications will be obtained.
More confirmation here, in wording that is echoed by the DOJ’s 2015 cell tower spoofer guidance:
Digital analyzers/cell site simulators/triggerfish and similar devices may be capable of intercepting the contents of communications and, therefore, such devices must be configured to disable the interception function, unless interceptions have been authorized by a Title III order.
And for those of you who’d like to play along at home, several of the pages can be printed out and used for your own game of Stingray court order Mad Libs.
You won’t have to read all the way to the end, though. Most of the interesting stuff happens in the first few pages, but in true bureaucratic fashion, the bulk of the 71 pages is made up of duplicated responsive documents.
These documents, of course, only deal with the DOJ and its agencies. Whatever’s being issued as guidance here doesn’t necessarily carry over to local law enforcement agencies using these devices. Considering the intense secrecy surrounding IMSI catchers, it’s safe to say they’ve been deployed to collect communications without a warrant (or at least a warrant that directly refers to the device and its intended use), and we do know they’ve been using them as ad hoc tracking devices by grabbing cell site location data. When the lid finally comes off entirely, I’m sure we’ll see a great number of constitutional violations tracing back to IMSI catchers.
Filed Under: doj, fake mobile towers, imsi catchers, stingray, surveillance
Comments on “Documents Pried Out Of DOJ's Hands Confirm Stingray Devices Can Be Used To Intercept Communications”
This is the latest attack on person-hood ffs next they’ll ask for a ham sandwich while they collect all the details of your personal life.
Re: Re:
I wouldn’t put it past the USG to hide spying provisions in the lunch menu.
Re: Re: Re:
…So that’s why the rice in the pudding is so crunchy!
Re: Re:
If we gave them ham sandwiches, maybe we could finally get a few of ’em indicted for their crimes.
This from the people that cannot be bothered to get a warrant because it’s too hard for them to take the time to do their jobs right.
But look on the bright side
If using a Stingray does not require a warrant, then using one cannot be a violation of either the Computer Fraud and Abuse Act or an interception of telephone communications.
After all, the only exemption to such violations being a crime REQUIRES a warrant.
So they’re not crimes. The nature of the law in the US is that anything not specifically prohibited is legal.
If use of a Stingray without a warrant is not interception of communications, and using one to turn a phone into a bug via a firmware update doesn’t require a warrant either, then it would be completely legal to do that to anyone, by anyone.
Why bother with a FOIA request for the head of the FBI’s email, when you can simply tap his phone 100% legally?
Re: But look on the bright side
“So they’re not crimes.”
The rules only apply to plebs such as yourself. For specific examples; See Hilary Clinton’s email server.
“If use of a Stingray without a warrant is not interception of communications, and using one to turn a phone into a bug via a firmware update doesn’t require a warrant either, then it would be completely legal to do that to anyone, by anyone.”
See my first response.
“Why bother with a FOIA request for the head of the FBI’s email, when you can simply tap his phone 100% legally?”
… and again; see my first response.
Re: But look on the bright side
No no, it’s still completely illegal for you or any other member of the public to tap into someone’s private communications, the only reason it’s ‘legal’ for the FBI/DOJ/police to do so is because the vast majority of judges turn into spineless cowards the second they see a badge and/or someone utters the magic words ‘National security’.
Re: Re: The appropriate response to the National Security card
Have you no sense of decency, sir, at long last? Have you left no sense of decency?
Re: But look on the bright side
https://en.wikipedia.org/wiki/Parallel_construction
Re: But look on the bright side
putting their own update on your phone is still a Trespass to Chattel without a warrant. … even if that IS a civil complaint.
Well of course
It works as a cell tower so it makes sense that it would have all the capabilities of a regular one.
Re: Well of course
Does a regular cell tower do firmware updates? I think they might be a bit more than just cell towers.
Re: Re: Well of course
The fact that any firmware update can be done without human input at the device being updated should be of concern to everybody. If a law enforcement agency can do an update without a human at the device to start (or at least consent to) the update, so can a hacker!
Re: Re: Re: Well of course
“If a law enforcement agency can do an update without a human at the device to start (or at least consent to) the update, so can a hacker!”
i believe these extra-constitutional intrusions by the donut eaters classify as hacking by anyone but Empire’s definition…
AND, i have ZERO doubt that if they have the capability of snorfling up everything AND the conversations themselves, they will do so…
why not ? ? ? there is ZERO effective oversight…
there is an asymptotically close to ZERO chance you will get caught…
who says krime don’t pay ? ? ?
Re: Well of course
Does a regular cell tower do firmware updates? I think they might be a bit more than just cell towers.
You want to see the feds go bat shit crazy, wait until someone figures how to hack the damn thing. Then drives around until they find one in use, and turns it on them. Or even better, creates their own, and targets the gov… if it hasn’t happened already lol.
Re: Re:
“This is a violation of our rights and must be stopped!”
Re: Re:
When that day comes, my guess is that the almighty FBeye will insist on the hole remaining open, because it would be to difficult to change, as well as they will try to expand their powers to catch these “dangerous” hackers.
It will be a fire they can never put out and that is the way they want it. Why do your job, when your job and power is insured by not doing it.
use as a bug
does that mean that is can be used to xmit audio from the mic even when the user is not making phone calls?
Re: use as a bug
“does that mean that is can be used to xmit audio from the mic even when the user is not making phone calls?”
Yes.
Re: use as a bug
We’ve long been aware of this ability.
“They [NSA] can absolutely turn them [iPhones] on with the power turned off to the device,” Snowden replied.
(http://www.wired.com/2014/06/nsa-bug-iphone/)
Their capabilities don’t just stop with turning the phone on while it’s powered off. I read elsewhere they can use the cameras and mics as well. Looking for the citation.
I’ve been saying this for a very long time and everyone told me that I didn’t know what I was talking about. It’s nice to see that my concerns are finally validated.
Yeah, that’ll be hard:
1) Terrorism! Also pedophiles. Probably.
2) Dunno. Who cares, it only says ‘if’.
3) Map. Dart. Throw.
4) The past.
5) Very recently.
6) Everyone is probably guilty of things & stuff.
TD misses the story again.
I warned of these capabilities here years ago, and was dismissed and treated like a conspiracy theorist- even though I posted ample supporting technical evidence.
Here you have an “official” conformation that firmware can be changed- If a hacker can change firmware, they can change everything else. It’s much worse then “intercepting communication content”, It’s full bore subversion. People already know how to hack it; a quick youtube search will reveal everything. Search: baseband hacking, baseband blackhat…etc
Cellular baseband processor’s effectively give full device authority over to the cell station. This is fact, not speculation. Therefore, cellular devices are all backdoored, by design- semantics be damned- it’s a “functional equivalent” of a hardware based backdoor. Some of us cryptogeeks have known and been warning about this for age’s… No one listens..
This should be common public knowledge by now; instead we get absurd counter-intelligence sponsored legal theatre about backdooring cellphone encryption, the coverage of which endlessly repeats and reinforces the false assumptions that the devices are secure in the first place, and leaves the average person with the belief that his/her cellphone definitely isn’t backdoored, cause the gov lost that battle. There is no need to back door encryption when the device itself is backdoored.
Perhaps they’re under duress, but TD and tech news media in general have failed miserably on their coverage of such topics. It would seam an ethical imperative to shout fire in a crowded theatre, when the theatre actually is on fire. Nation-state and Corporate control of hardware based backdoors isn’t somehow magically limited to dystopian sci-fy; it’s very much a part of our current modern world.
Personally I doubt that it’s limited to cellphones- but I don’t have much legitimate factual reference to back my speculation on that.
Re: TD misses the story again.
You’re right, the things you’re addressing have been long known. It takes a awful lot these days to mobilize the public these days but this imho is a worthy cause.
I’m right there with you, been saying the same thing for years only to be shunned as a paranoid conspiritard. The last laugh has very little value in this circumstance. Now if we could get on to the part were people start caring that they’re living in The Minority Report. Funny they spun up a series from the movie as well. How appropriate.
Why did the NSA and GCHQ hack into the largest simcard manufacturer in the world to steal private simcard keys for everyone’s cellphones?
https://theintercept.com/2015/02/19/great-sim-heist
So they can fly a drone equipped with “dirtboxes” over your house at 2am and reflash your phones firmware to download malware updates enabling key logging, bugging your microphone, and cracking all the encryption applications running on the insecure hardware devices know as smartphones.
Everyone who thought the NSA and GCHQ stole all those private simcard keys to simply listen in on voice calls were thinking small potatoes. They did it to reflash your firmeware using StingRays mounted in the nose of UAV drones. Or I suppose they could do it the low-tech, old fashioned way by driving a van past your house, but that method is slow and outdated compared to using drones to do it.