Court Documents Show Canadian Law Enforcement Operated Stingrays Indiscriminately, Sweeping Up Thousands Of Innocent Phone Owners
from the bleeding-edge-meets-zero-fucks-given dept
A wide-ranging criminal investigation involving eleven suspects has resulted in the reluctant disclosure of Stingray data by Canadian law enforcement. The Toronto PD and the Royal Canadian Mounted Police joined forces to deploy a surveillance dragnet that swept up thousands of innocent Canadians, as Kate Allen reports for the Toronto Star.
Toronto police and RCMP officers deploying controversial “Stingray” surveillance technology over a two-month period swept up identifying cellphone data on more than 20,000 bystanders at malls, public parks and even a children’s toy store.
As police sought cellphone data for 11 suspects in a 2014 investigation, they deployed a Stingray — also known as an IMSI catcher — at three dozen locations, including the middle of Yorkville, at the Dufferin Mall, at Vaughan Mills Mall, near Trinity Bellwoods Park, near Kensington Market, and at a Toys ‘R’ Us store in Richmond Hill.
These sweeps occurred years before either law enforcement agency admitted to possessing and deploying Stingray devices. In prior years, Canadian prosecutors dropped charges rather than discuss the devices in open court. This case must have been too big to let go. It involved 50 raids, 112 arrests, and a plethora of charges ranging from gun possession to murder.
Multiple defendants are now challenging the evidence derived from the multiple Stingray deployments, arguing that it was gathered unlawfully. The courts may decide to see it the defendants’ way, but it’s unlikely these deployments broke the agencies’ own policies. Pretty much every law enforcement agency anywhere that has acquired a Stingray has deployed first and developed policies after their Stingray use could no longer be kept secret. The agencies involved here are no exception:
An RCMP spokesperson said that policy regarding deployment and resting time is “still being developed,” and that interim guidelines state that the devices will generally operate for three minutes, though may be operated for longer periods under certain circumstances and if permitted by a judge.
From what’s contained in the tracking logs submitted as evidence in these cases, there appears to have been very little done to limit the tracking of non-suspects.
According to the logs, police deployed the device at three dozen locations between March 18 and May 23, 2014. In all, the device logged approximately 25,000 captures. The same cellphones may have been captured more than once in that time, since police used the device multiple times at some locations; with those repeat locations excluded, a minimum of 20,000 bystanders in Toronto and the GTA saw their cellphone data swept up.
At one location — a condo where a target was suspected to live — law enforcement operated the device for nearly ten minutes, sweeping up 1,400 cellphones.
Many of the logs show violations of the limitations law enforcement set for itself when applying for a warrant. The officer obtaining the affidavit failed to mention the device’s ability to act as a tracking device. The officer also stated the device would only be operated for three minutes at a time, followed by two minutes of “rest” — a minor concession meant to limit the impact on phone operation in the area. Instead of doing either of these things, officers switched frequencies every three minutes, running the device pretty much uninterrupted during each deployment.
This whole thing started out with the RCMP farming out the warrant request to a novice — one who probably swore to his own “training and expertise” while combining boilerplate cribbed from other warrants with his subject matter inexperience.
According to court documents, the Toronto police sergeant who obtained the warrant testified he had never used an IMSI catcher before, and that he copied and pasted a set of “standard” wording used in a warrant for a previous case. The RCMP’s program manager for deployment of the technology testified that the standard wording was written “by people that are not operators of the equipment so they didn’t fully understand the capabilities and how it operated.”
To reiterate: the Stingrays were (and are) being deployed in an operational policy vacuum. According to a statement given to the Star, the policies the RCMP said it would draw up after it publicly admitted it owned and used Stingrays still aren’t in place. An interim policy, instituted in 2017, is the only internal legal framework guiding Stingray use. In practice, this means the RCMP isn’t controlling deployments. In this case, it also meant sending an amateur to do a professional’s job when it came to securing a warrant. Put it all together and you have the mess both law enforcement agencies created by simply assuming no one would ever find out they’d been using these devices.