Leaked Documents Expose The US Government's Cell Phone Surveillance Options
from the and-they-are-legion-(and-expensive) dept
The Intercept has done it again. An anonymous source “concerned about the militarization of domestic law enforcement” has handed the site a catalog of cell phone surveillance equipment. Many of the products discussed in the pages are making their public debut, presumably to the deep chagrin of the manufacturers and the government agencies that use them.
While much of the equipment’s capabilities has been sussed out with FOIA requests and the occasional courtroom disclosure, the leaked documents confirm that many law enforcement agencies not only have the technology to sweep up cell phone information in bulk, but also to intercept phone calls and text messages.
There is also a long list of newly-exposed product names that will be making their way into a host of future FOIA requests: Deerpark, Radiance, Carman, Garuda, Gilgamesh, Twister, Nebula…
Interesting (and disturbing) details are contained in data sheets on the products, including what the government feels are the potential drawbacks of the equipment. Harris’ Blackfin, for instance, can intercept GSM voice communications as well as SMS messages from “preloaded target lists.” In addition, the Blackfin can perform denial-of-service attacks on local phone networks and geolocate targeted phones. Perhaps the biggest surprise? The Blackfin is small enough to be worn surreptitiously by the operator.
Digital Receiver Technology, manufacturer of the US Marshals Service’s flying “DRTboxes,” also has some impressive technology on display. Its equipment supports “target lists of up to 10,000 entries” and can intercept (and record) voice communications over both digital and analog signals.
KeyW sells a product that tracks locations of cell phone users, targeting up to 500 cell phones at a time. Bonus: it can also negatively affect GSM networks to better track targets. (Referred to on the item’s page as “Deny, Disrupt, Degrade and Deceive.”)
Then there’s this device, which is apparently an “in-house” offering produced by the NSA’s Tailored Access Operations team.
This little spy box is built for use in “fixed-wing aircraft,” like the FBI’s Cessnas or unmanned drones. Bonus: it can be upgraded in the field, which presumably means firmware/software updates can be pushed to the system remotely.
Other notes of interest:
The government considers Deerpark’s inability to wreak havoc on phone service a drawback (“does NOT cause denial of service“).
The NSA-developed Nebula can “lock and hold traffic from 12 miles away.”
AST’s airborne ICARUS can geolocate Push-To-Talk handsets and RF tags.
Boeing’s S-100 helicopter drone’s fact sheet contains the warning that it cannot be armed with weapons.
This page shows just how low-profile some of this cell phone tracking hardware is.
Or, if it makes more sense logistically, you can just cram $180k worth of tracking equipment into a backpack.
Most of the pages note what authority is needed to deploy the equipment, with most citing Title 10/Title 50. The statutes pertain to military operations (Title 10) and military intelligence efforts (Title 50), with the latter sometimes encompassing the CIA’s efforts. However, the documents contain fact sheets for equipment now being used by US law enforcement agencies, suggesting the transfer to domestic surveillance use occurred before law enforcement-specific rules were in place. The years of secrecy surrounding the devices further suggest domestic guidance trailed deployment by a sizable margin.
Finally, there are the forensic devices. The NSA SigDev team’s CYBERHAWK basically cracks cell phones open and empties them of their contents.
“Exploitation includes phonebook, names, SMS, media files, text, deleted SMS, calendar items and notes.”
The only drawback is that the operator must have possession of the handset to extract all of this information. It can’t be collected “over the air.” A competing product offered by TEEL (Cellbrite) does the same thing, but works on “95% of phones,” encompassing more than the GSM handsets CYBERHAWK is limited to.
The obvious problem is we don’t know how much of this military equipment has ended up in the hands of law enforcement. We do know most of Harris’ products have, thanks to the waiver it acquired (by lying) from the FCC. We also know Digital Receiver Technology is, at minimum, selling its products to federal law enforcement.
Local law enforcement agencies are using equipment developed for military use in war zones as domestic surveillance devices. When seeking these products (or the financial aid to acquire them), law enforcement agencies routinely mention the threat of terrorism… before using them to track people suspected of petty crimes. As the EFF’s Jennifer Lynch points out in The Intercept article, there is no public record of any law enforcement agency using these devices to apprehend a terrorist or disrupt a terrorist attack.
Federal agency policies pertaining to these devices now contain warrant requirements, but with large enough loopholes, warrants will rarely have to be sought. The rules governing the use at the local level are still mostly secret. What has been divulged suggests agencies are still obscuring the use of the devices through the use of parallel construction or stretching pen register statutes to cover the large scale interception of connection and location data and, potentially, the communications themselves.