House Oversight Committee Calls For Stingray Device Legislation

from the and-only-two-decades-from-their-first-appearance dept

The Congressional Committee on Oversight and Government Reform has issued its recommendations on the use of cell site simulators (a.k.a. “Stingrays,” presumably to Harris Corporation’s trademark erosion dismay) by law enforcement. Its recommendations are… that something needs to be done, preferably soon-ish. (h/t Chris Soghoian)

Congress should pass legislation to establish a clear, nationwide framework for when and how geolocation information can be accessed and used.

Before it reaches this conclusion, the Committee spends a great deal of time recounting the history of both the devices’ usage, as well as any steps taken (most of them very recently) to govern their use.

The report [PDF] points to the Supreme Court’s Jones decision, albeit not in a very helpful way. The justices punted on the warrant question, leaving it up to lower courts’ interpretation as to whether or not tracking someone with a GPS device violated their privacy. The only thing they did agree on was the intrusion onto the property to install the device on the petitioner’s vehicle. Everything else was left unclear, including the lack of a bright line for how much location tracking equals unconstitutional tracking.

Cell site simulators can perform the same function and, until recently, every law enforcement agency in possession of the devices deployed them without seeking search warrants. The DOJ finally suggested warrants might be necessary in 2015, which would only be about 18 years since DOJ elements began using Stingray devices.

A 1997 DOJ guidance bulletin discussed the agency’s views on what legal authority governed the various law enforcement surveillance options, including “cell-site simulator.” According to the 1997 guidance, DOJ took the position that “it does not appear that there are constitutional or statutory constraints on the warrantless use of such a device.” According to a chart that was issued with the guidance, court orders, search warrants, and subpoena requirements were not applicable when deploying this device.

For most law enforcement agencies, the lack of a warrant requirement has allowed them to disguise their Stingray deployments. Most have sought pen register orders instead for this form of real-time location tracking. Others have used parallel construction to hide use of IMSI catchers from courts, defendants, and, in some cases, the prosecutors they work with. This was all heavily encouraged by the FBI’s nondisclosure agreement, which it made law enforcement officials sign before allowing them to purchase the devices.

Now, they’re everywhere. The IRS has its own devices and feds are attaching IMSI catchers to planes and flying them over cities in hopes of tracking down suspects. What’s more concerning is the devices’ capabilities, which federal and local law enforcement agencies all swear they’ve never used.

In testimony before the Committee, DOJ and DHS both confirmed the simulator devices they use do not intercept any communications or content from the cellular devices to which they connect. Specifically, DOJ confirmed that between January 1, 2010 and September 2, 2015, its component agencies using the technology—the FBI; the Drug Enforcement Administration (DEA); the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF); and U.S. Marshals Service (USMS)—only collected dialing, routing, signaling and addressing information in domestic criminal investigations and did not use the devices to collect the content of communications. While the current DOJ and DHS policies require the cell-site simulators to be configured as pen registers and to not collect content, some of the cell-site simulator models used by law enforcement components within DOJ and DHS would be capable of collecting content if the devices had the necessary software installed.

The Committee points out that if the federal government doesn’t hand down universal controls for the deployment of these devices, the situation will only devolve from here.

Further, the Committee notes that these devices are available all over the world and with even fewer usage restrictions. And the tech is more widely available than the US government would hope, which means those who care little for policies, guidance, or federal law won’t hesitate to deploy these themselves.

It is possible, if not likely, bad actors will use these devices to further their aims. Criminals and spies, however, will not be adopting the DOJ and DHS policies and procedures or any other ethics of surveillance. They will not be self-limiting in their use of these devices so as to not capture the content of others’ conversations. Criminals could use these devices to track potential victims or even members of law enforcement. One can imagine scenarios where criminals or foreign agents use this type of technology to intercept text messages and voice calls of law enforcement, corporate CEOs, or elected officials.

The report notes that devices are already for sale on foreign websites, and those selling them are suggesting purchasers set them up in high-traffic areas (near banks, restaurants, hospitals, etc.) for maximum effectiveness. On top of that, hobbyists and researchers have been able to put together their own IMSI catchers, all without the guidance or assistance of companies who sell their devices to a highly-restricted list of government agencies. The secret is out — and has been out for years. While any legislation would do little to deter bad actors, it would at least allow the US to act as a role model for foreign governments to emulate and give it some sort of (belated) moral high ground to stand on when restricting US companies from selling surveillance tech to governments with human rights abuse track records.

If nothing else, the hope is that the legislation called for will result in a cohesive, coherent ruleset that’s also Constitutionally-sound. Obviously, this will be met with law enforcement resistance, as anything that implements a warrant requirement generally does.

Filed Under: , , ,
Companies: harris corporation

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “House Oversight Committee Calls For Stingray Device Legislation”

Subscribe: RSS Leave a comment
18 Comments
Anonymous Coward says:

Important point to remember with cell-site simulators

They work as well as they do because the legitimate cell sites operated by the telephone companies have absolutely terrible security. If cell phones did a halfway decent job at authenticating the tower and the circuit, the concerns about content interception would be overblown. Instead, most of the privacy is attained by a gentleman’s agreement to avert ones’ ears.

Anonymous Coward says:

Re: Where's the FCC?

Hoodwinked. The FCC issued a special authorization permit based on the law enforcement lie that these devices are for “emergency use only”. A few petitions have been sent their way that point out that the usage pattern of the devices is not consistent with the conditions of the permit, as well as at least some of the underlying illegalities. (They violate the Communications Act directly due to their unlicensed, interfering use of spectrum, as well as the Cellular Radiotelephone Service’s rules about device relationships even if you had a spectrum license etal.)

DannyB (profile) says:

Hypothesis about Stingray secrecy

Given how this article points out that Stingrays are everywhere, even for sale on foreign web sites, I would say that may validate my hypothesis (reproduced below). Basically, the secret hack has escaped. The vulnerability in the design of the cellular networks cannot be easily, cheaply nor quickly fixed.

Hypothesis about Stingray secrecy

(previously posted to TD)

Law enforcement is extremely secretive about Stingray. Why? Their suppliers even require them to sign agreements with extreme conditions. Why?

  1. The wireless network standards were designed when we were still using Windows 3.1.

  2. The designers may have considered security, in some sense, but not in a way that can withstand 21st century attacks. The security may be in large part due to obscurity.

  3. Stingray is not authorized by the mobile network operators who have not given Stingray any SIMs (subscriber identity module) or other cryptographic keys necessary to access the network. Those network operators have exclusive rights to spectrum which Stingray is subverting.

  4. Stingray works by compromising the security of the network. Effectively a genuine hack or intrusion into the network.

  5. There may be no effective fix short of redesigning the network.

  6. If the mechanism of the hack were generally known, mass chaos could ensue.

  7. The network operators are strongly against this but powerless to do anything about it, other than potentially litigate.

  8. The secrecy of Stingray is largely due to several factors such as:

A. If the mechanism of the attack became generally known, there could be vast numbers of unauthorized "stingrays" compromising everyone’s privacy — including (OMG!) rich and powerful people!

B. It would be possible for a network of distributed "stingray" clones to disrupt mobile network service by tricking nearby phones to connect to fake networks. What if this were deliberately done during an emergency?

C. The creators / operators of genuine(tm) Stingray devices don’t want to be exposed to the potential of litigation for actionable things that Stingray may be doing as part of its operation. Including disrupting networks, stolen proprietary or trade secret information, having compromised individuals into divulging network secrets, keys, etc.

This hypothesis would explain observed evidence about why those who built Stingray want desperately to keep it secret. Please consider. The secrecy is so important, that it leads to:

  1. Dismissing or disposing of prosecutions rather than reveal any information about Stingray.

  2. Binding agencies and organizations using Stringray to high levels of secrecy, including keeping THE VERY EXISTENCE of Stingray a secret.

  3. Outright Brazen Perjury a.k.a. Parallel Construction, which is a euphemism for conspiracy to lie to the court and the defense, concealing discoverable information.

The behavior of those behind Stingray fits this hypothesis. They want to use it "for truth, justice and the corporate way", but are desperately fearful of the secret hack escaping.

Anonymous Coward says:

Hate to point this out, but...

I did a bit of looking around. Now, I don’t advocate breaking the law, and I would not do so myself, however I think with $100 you can buy a Raspberry Pi, an hour of programming, and a software defined radio and replicate about 65% of what a Stingray can do, including geo-location.

If you want to go full up illegal, you can download the software from a few places on TOR and get about 85% of what a stingray will do.

For about $500 and some knowlege of electronics, you can do about 90-95% of what a stingray will do.

All for a bit of dosh and willingness to commit an almost untraceable crime.

The real solution is to allow a cell phone around you at all.

Chris Brand (profile) says:

Would be nice if they addressed the NDAs

It seems that the whole Stingray situation would likely have been much better if there hadn’t been those NDAs in place (less incentive for “parallel construction” a.k.a. “lying to the courts”, for example). Pity they didn’t address that, too, because that means we can have all the same issues when the next cool toy for law enforcement appears.

Coyne Tibbets (profile) says:

Maybe backwards

IMSI catchers are getting so common it’s getting to where you’re more likely to connect to one of those than to a regular cell tower.

Maybe we’re thinking about this backwards.

Maybe the proper approach is to simply order law enforcement (i.e. government) to operate the entire cell network. Yeah, no privacy, but that ship has apparently sailed already. Certainly Congress isn’t going to help–three guesses what any IMSI catcher law is going to do for privacy: nothing, nothing and nothing.

But think of the benefits: Coverage would improve. No more roaming. No more “can you hear me now” shill commercials. No more data caps. Probably many more.

Turn the networks into a true public service.

Surely worth at least a think.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...