NYPD Says Releasing Basic Stingray Contract Info Will Result In A Supercriminal Apocalypse

from the some-prime-ass-talking-going-on-here dept

Secrecy still continues to shroud law enforcement Stingray use, in large part because courts have been far too receptive to the government's insistence that the release of any details at all would result in the expensive tech being rendered instantly useless.

The NYPD has decided to go past the usual "law enforcement means and methods" obfuscatory tactics and push a rather novel narrative about why it would be "dangerous" for IMSI catcher info to make its way into the public domain. (I mean more so… I guess.)

Joseph Cox of Motherboard reports the NYPD's latest opacity play involves hoodie-wearing males operating laptops in underlit rooms and comic book supervillain-esque levels of coordinated criminal activity.

In a recent case, the New York Police Department (NYPD) introduced a novel argument for keeping mum on the subject: Asked about the tools it uses, it argued that revealing the different models of IMSI catchers the force owned would make the devices more vulnerable to hacking.

In the words [PDF] of the NYPD's Gregory Antonsen, hackers would be able to crack open Stingrays like OPM records if the department were to turn over Harris Corp. contract info and nondisclosure agreements to the New York branch of the ACLU in response to its FOIL request. Also: terrorism.

The purpose of this affidavit is to explain the reasons that disclosing the Withheld Records would cause grave damage to counterterrorism and law enforcement operations, and so could endanger the lives or safety of New Yorkers.

Additionally, disclosing the Withheld Records would reveal confidential and non-routine criminal investigative techniques, which would hamper ability to conduct operations and would permit perpetrators to evade detection. Moreover, disclosure of the Withheld Records would jeopardize the ability of NYPD to secure its information technology assets.

After detailing the use of Stingrays to perform a variety of heartwarming investigations (tracking down a missing elderly person, rescuing someone from sex trafficking, etc.), Antonsen gets down to business. According to the NYPD's theory, any information released about the NYPD's IMSI catcher contracts could be "scrutinized" by bad guys who would be able to infer from extremely limited information the extent of the department's cellphone-tracking capabilities. It's basically the mosaic theory, but without the mosaic.

But the far stupider assertion is the one made without any supportive citations -- just a far-fetched hypothetical.

The CSS technologies are also critical and essential information technology assets. As such, all CSS technologies require periodic software updates. Public disclosure of the specifications of the CSS technologies in the NYPD's possession from the Withheld Records would make the software vulnerable to hacking and would jeopardize ability to keep the technologies secure. Of great concern is that a highly sophisticated hacker could use the knowledge of CSS technologies to invade the CSS software undetected, thus creating a situation in which law enforcement personnel are lured into a situation based on a misleading cell-phone location and are then trapped and ambushed.

The ACLU's Chris Soghoian has responded [PDF] to the NYPD's assertions. As to the claims that providing contract information would somehow result in sophisticated criminals finding ways to route around this surveillance, Soghoian points out that every Stingray device -- no matter its capabilities -- can be defeated by even the dumbest thug… and all without having to scour a redacted invoice for clues.

The most effective countermeasure, which can be used by anyone at no cost is to simply turn off a phone or put it into airplane mode. This will thwart tracking by any model of Stingray. Knowing the models of Stingrays that the NYPD uses does not make this countermeasure more or less effective. It is 100% effective regardless of which models of Stingrays the NYPD uses.

Soghoian went easy on the "but criminals will beat our IMSI catchers" argument. The "but we'll be hacked" argument is treated with all the respect it deserves: none.

It would be a serious problem if the costly surveillance devices purchased by the NYPD without public competitive bidding are so woefully insecure that the only thing protecting them from hackers is the secrecy surrounding their model names.

He also chides the NYPD for making claims the federal government isn't even willing to make.

The Harris Corporation, which in addition to manufacturing Stingrays has been awarded public contracts for securing the President's communications and supplying secure radios used by the U.S. Army, is clearly capable of designing secure products for its government customers that does not rely on keeping secret the mere existence of the devices for their security.

Soghoian also points out that the release of other information would similarly have zero effect on the devices' capabilities. Because they spoof cell towers, it does criminals no good to know how many the NYPD has or even where they tend to deploy them. A cellphone can't tell it's connected to a BS "tower." And just because the NYPD may be more likely to deploy them in certain areas does not guarantee that avoiding those areas will allow criminals to avoid detection.

And this wonderful paragraph snarkily deflates the NYPD's paranoid ravings its tech officers deploy as justification for continued secrecy.

Inspector Antonsen also claims that knowing the number of Stingrays owned by the NYPD may enable an extremely well-resourced criminal group to orchestrate a greater number of simultaneous hostage situations than the number of Stingrays available to the NYPD. Even assuming that such a sophisticated criminal group made the unlikely decision to rely on its knowledge of the number of Stingrays in the possession to use cell phones in executing such a hypothetical event, knowing that number will not help them as it is almost certainly the case that one, if not multiple, federal law enforcement agencies would step in and assist the NYPD with their own cellular surveillance technology. Moreover, this hypothetical is no different from saying that at some point some criminal group may be able to overwhelm the number of police cars that the NYPD owns or the number of police officers on the force.

It's hard to believe law enforcement is still throwing out these tired arguments after nearly a decade of incremental exposure of Stingray information. The NYPD wants publicly-available information (Stingray names, suggested retail prices) to somehow be the first cat successfully stuffed back into the bag. Since it has no legitimate arguments to justify this cat stuffing, tech officers are resorting to hypothetical scenarios even the most-handwavingest of sci-fi writers wouldn't feel comfortable inserting into their speculative fiction.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: criminals, foia, hackers, imsi catcher, nypd, stingray, transparency

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 24 Sep 2016 @ 4:51am

    A cellphone can't tell it's connected to a BS "tower."
    I am not sure this is true.

    Each cell tower has a unique ID associated with it, like a MAC address of a network interface. This ID is part of the cell standards (CDMA or GSM). The ID number actually encodes information like the telco that owns it.

    A cellphone will connect to the strongest signal it can find, irrespective of anything else, as long as it is permitted to connect. And that decision, permission to connect, is made by the tower itself. E.g your phone provider is telco1, but the strongest signal is from a tower owned by telco2, but if telco2 doesn't allow 1's handsets to connect, the phone will then go to the next strongest signal, and the next, until it finds a connection it's allowed to establish.

    Sometimes telco's will buy the rights to use another telco's towers, to expand their coverage without having to install towers (or expand capacity on existing towers) themselves. So in this case, if telco1 had such an agreement with telco2, then telco2's tower may indeed let you connect, even tho you belong to telco1.

    It is this that IMSI catchers take advantage of. In fact anyone, with the right technical knowledge and electronics skills, could make their own IMSI catcher.

    So, an IMSI catcher just broadcast a stronger signal (whether due to just being closer than other towers or by being more powerful in general) and permits any phone to connect. Then it creates it's own connection to a 'real' tower, and passes the signals through. Basically, it's just a classic Man-In-The-Middle (MitM) attack.

    While it's certainly possible that the cell tower ID it uses is copied from a 'real' tower, like a MAC address it could probably be changed, I would find that unlikely. I'm pretty sure the telco's would be protesting that appropriation of their property. Actually using their unique identifying prefixes (or suffixes, I forget which it is) would probably in itself be illegal - certainly in the without-warrant type usages these devices seem to be being used in. I don't find it plausible that the telcos are unaware of these devices, or unaware of each time they are used. Hell, they probably originated from standard test rigs that telco technicians/engineers use as part of their own testing, maintenance, and surveying when determining the best location for a new tower. The standard testing/maintenance they perform on their own infrastructure would pick up these devices as either another telco's tower in the same area, or an unknown one of their own towers, which surely would raise alarm bells.

    Therefore if you have a list of known cell IDs in the area, and you are using software that identifies this information, then you (or the phone) could know that you are not connecting to a known tower, and, possibly, it is not a 'tower' that is using your telco's ID number.

    There are many apps out their that can display, log and provide this information. There are open-source "cell-tower mapping" projects underway that create databases of celltowers, their unique ID numbers, and their location. Some of these apps operate entirely inthe background, recording all teh cell tower IDs and locations using GPS, and upload that data automatically to the project for inclusion in the database. So if a new tower, especially if it doesn't use a known telco ID string, pops up, and then disappears hours or days later, then that's a good bet that an IMSI catcher is being used.

    So, create a database of all know celltowers, and there are probably apps out there that can let you force your phone to only connect to that known list, refusing to connect to any unknown tower. Of course, this will only protect the content of communications, not location info, as even if your phone refuses to connect to this unknown tower, it can still pick up the general broadcast that a phone sends when it's looking for a tower to connect to.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.