House Oversight Committee Calls For Stingray Device Legislation

from the and-only-two-decades-from-their-first-appearance dept

The Congressional Committee on Oversight and Government Reform has issued its recommendations on the use of cell site simulators (a.k.a. "Stingrays," presumably to Harris Corporation's trademark erosion dismay) by law enforcement. Its recommendations are… that something needs to be done, preferably soon-ish. (h/t Chris Soghoian)

Congress should pass legislation to establish a clear, nationwide framework for when and how geolocation information can be accessed and used.

Before it reaches this conclusion, the Committee spends a great deal of time recounting the history of both the devices' usage, as well as any steps taken (most of them very recently) to govern their use.

The report [PDF] points to the Supreme Court's Jones decision, albeit not in a very helpful way. The justices punted on the warrant question, leaving it up to lower courts' interpretation as to whether or not tracking someone with a GPS device violated their privacy. The only thing they did agree on was the intrusion onto the property to install the device on the petitioner's vehicle. Everything else was left unclear, including the lack of a bright line for how much location tracking equals unconstitutional tracking.

Cell site simulators can perform the same function and, until recently, every law enforcement agency in possession of the devices deployed them without seeking search warrants. The DOJ finally suggested warrants might be necessary in 2015, which would only be about 18 years since DOJ elements began using Stingray devices.

A 1997 DOJ guidance bulletin discussed the agency’s views on what legal authority governed the various law enforcement surveillance options, including “cell-site simulator.” According to the 1997 guidance, DOJ took the position that “it does not appear that there are constitutional or statutory constraints on the warrantless use of such a device.” According to a chart that was issued with the guidance, court orders, search warrants, and subpoena requirements were not applicable when deploying this device.

For most law enforcement agencies, the lack of a warrant requirement has allowed them to disguise their Stingray deployments. Most have sought pen register orders instead for this form of real-time location tracking. Others have used parallel construction to hide use of IMSI catchers from courts, defendants, and, in some cases, the prosecutors they work with. This was all heavily encouraged by the FBI's nondisclosure agreement, which it made law enforcement officials sign before allowing them to purchase the devices.

Now, they're everywhere. The IRS has its own devices and feds are attaching IMSI catchers to planes and flying them over cities in hopes of tracking down suspects. What's more concerning is the devices' capabilities, which federal and local law enforcement agencies all swear they've never used.

In testimony before the Committee, DOJ and DHS both confirmed the simulator devices they use do not intercept any communications or content from the cellular devices to which they connect. Specifically, DOJ confirmed that between January 1, 2010 and September 2, 2015, its component agencies using the technology—the FBI; the Drug Enforcement Administration (DEA); the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF); and U.S. Marshals Service (USMS)—only collected dialing, routing, signaling and addressing information in domestic criminal investigations and did not use the devices to collect the content of communications. While the current DOJ and DHS policies require the cell-site simulators to be configured as pen registers and to not collect content, some of the cell-site simulator models used by law enforcement components within DOJ and DHS would be capable of collecting content if the devices had the necessary software installed.

The Committee points out that if the federal government doesn't hand down universal controls for the deployment of these devices, the situation will only devolve from here.

Further, the Committee notes that these devices are available all over the world and with even fewer usage restrictions. And the tech is more widely available than the US government would hope, which means those who care little for policies, guidance, or federal law won't hesitate to deploy these themselves.

It is possible, if not likely, bad actors will use these devices to further their aims. Criminals and spies, however, will not be adopting the DOJ and DHS policies and procedures or any other ethics of surveillance. They will not be self-limiting in their use of these devices so as to not capture the content of others’ conversations. Criminals could use these devices to track potential victims or even members of law enforcement. One can imagine scenarios where criminals or foreign agents use this type of technology to intercept text messages and voice calls of law enforcement, corporate CEOs, or elected officials.

The report notes that devices are already for sale on foreign websites, and those selling them are suggesting purchasers set them up in high-traffic areas (near banks, restaurants, hospitals, etc.) for maximum effectiveness. On top of that, hobbyists and researchers have been able to put together their own IMSI catchers, all without the guidance or assistance of companies who sell their devices to a highly-restricted list of government agencies. The secret is out -- and has been out for years. While any legislation would do little to deter bad actors, it would at least allow the US to act as a role model for foreign governments to emulate and give it some sort of (belated) moral high ground to stand on when restricting US companies from selling surveillance tech to governments with human rights abuse track records.

If nothing else, the hope is that the legislation called for will result in a cohesive, coherent ruleset that's also Constitutionally-sound. Obviously, this will be met with law enforcement resistance, as anything that implements a warrant requirement generally does.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • identicon
    Anonymous Coward, 22 Dec 2016 @ 1:09pm

    Important point to remember with cell-site simulators

    They work as well as they do because the legitimate cell sites operated by the telephone companies have absolutely terrible security. If cell phones did a halfway decent job at authenticating the tower and the circuit, the concerns about content interception would be overblown. Instead, most of the privacy is attained by a gentleman's agreement to avert ones' ears.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Dec 2016 @ 1:21pm

    Where's the FCC?

    I thought such things were already illegal under FCC rules.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Dec 2016 @ 1:46pm

      Re: Where's the FCC?

      Oh, they are. And if you bought one and started using it you'd probably be on the hook for 30 years in jail as they throw every subparagraph in CFAA at you and resisting arrest for asking what you're under arrest for.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Dec 2016 @ 6:10am

      Re: Where's the FCC?

      Hoodwinked. The FCC issued a special authorization permit based on the law enforcement lie that these devices are for "emergency use only". A few petitions have been sent their way that point out that the usage pattern of the devices is not consistent with the conditions of the permit, as well as at least some of the underlying illegalities. (They violate the Communications Act directly due to their unlicensed, interfering use of spectrum, as well as the Cellular Radiotelephone Service's rules about device relationships even if you had a spectrum license etal.)

      reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 22 Dec 2016 @ 1:50pm

    Hypothesis about Stingray secrecy

    Given how this article points out that Stingrays are everywhere, even for sale on foreign web sites, I would say that may validate my hypothesis (reproduced below). Basically, the secret hack has escaped. The vulnerability in the design of the cellular networks cannot be easily, cheaply nor quickly fixed.

    Hypothesis about Stingray secrecy

    (previously posted to TD)

    Law enforcement is extremely secretive about Stingray. Why? Their suppliers even require them to sign agreements with extreme conditions. Why?

    1. The wireless network standards were designed when we were still using Windows 3.1.

    2. The designers may have considered security, in some sense, but not in a way that can withstand 21st century attacks. The security may be in large part due to obscurity.

    3. Stingray is not authorized by the mobile network operators who have not given Stingray any SIMs (subscriber identity module) or other cryptographic keys necessary to access the network. Those network operators have exclusive rights to spectrum which Stingray is subverting.

    4. Stingray works by compromising the security of the network. Effectively a genuine hack or intrusion into the network.

    5. There may be no effective fix short of redesigning the network.

    6. If the mechanism of the hack were generally known, mass chaos could ensue.

    7. The network operators are strongly against this but powerless to do anything about it, other than potentially litigate.

    8. The secrecy of Stingray is largely due to several factors such as:

    A. If the mechanism of the attack became generally known, there could be vast numbers of unauthorized "stingrays" compromising everyone's privacy -- including (OMG!) rich and powerful people!

    B. It would be possible for a network of distributed "stingray" clones to disrupt mobile network service by tricking nearby phones to connect to fake networks. What if this were deliberately done during an emergency?

    C. The creators / operators of genuine(tm) Stingray devices don't want to be exposed to the potential of litigation for actionable things that Stingray may be doing as part of its operation. Including disrupting networks, stolen proprietary or trade secret information, having compromised individuals into divulging network secrets, keys, etc.

    This hypothesis would explain observed evidence about why those who built Stingray want desperately to keep it secret. Please consider. The secrecy is so important, that it leads to:

    1. Dismissing or disposing of prosecutions rather than reveal any information about Stingray.

    2. Binding agencies and organizations using Stringray to high levels of secrecy, including keeping THE VERY EXISTENCE of Stingray a secret.

    3. Outright Brazen Perjury a.k.a. Parallel Construction, which is a euphemism for conspiracy to lie to the court and the defense, concealing discoverable information.

    The behavior of those behind Stingray fits this hypothesis. They want to use it "for truth, justice and the corporate way", but are desperately fearful of the secret hack escaping.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Dec 2016 @ 2:11pm

    Good news!

    I for one have got to say that I hope this trend of addressing the Constitutional implications of using a technology once it's become so old that it's probably been supplanted by an entirely different, newer technology continues unabated.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Dec 2016 @ 2:51pm

    Hate to point this out, but...

    I did a bit of looking around. Now, I don't advocate breaking the law, and I would not do so myself, however I think with $100 you can buy a Raspberry Pi, an hour of programming, and a software defined radio and replicate about 65% of what a Stingray can do, including geo-location.

    If you want to go full up illegal, you can download the software from a few places on TOR and get about 85% of what a stingray will do.

    For about $500 and some knowlege of electronics, you can do about 90-95% of what a stingray will do.

    All for a bit of dosh and willingness to commit an almost untraceable crime.

    The real solution is to allow a cell phone around you at all.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Dec 2016 @ 2:52pm

    Hate to point this out, but...

    s/solution is/solution is not/

    reply to this | link to this | view in chronology ]

  • identicon
    Chris Brand, 22 Dec 2016 @ 4:57pm

    Would be nice if they addressed the NDAs

    It seems that the whole Stingray situation would likely have been much better if there hadn't been those NDAs in place (less incentive for "parallel construction" a.k.a. "lying to the courts", for example). Pity they didn't address that, too, because that means we can have all the same issues when the next cool toy for law enforcement appears.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Dec 2016 @ 5:57pm

    All I ask for when it comes to the law, is an ability to fight against what I think is wrong. Law enforcement can use what they want against me, but I expect a fighting chance to defend myself. A stingray and parallel construction takes that opportunity away from me.

    reply to this | link to this | view in chronology ]

  • icon
    art guerrilla (profile), 23 Dec 2016 @ 4:27am

    oh, okay...

    a couple decades late, and no real action, but someone *might* think about closing the barn door (slightly) after all the horses are out...
    democracy at work for you, kampers...

    reply to this | link to this | view in chronology ]

  • identicon
    Yes, I know I'm commenting anonymously, 23 Dec 2016 @ 11:29am

    small question

    A few parliamentarians spent a long time in developing the idea they should write a law.
    Why did they not create a proposal for such a law?

    reply to this | link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 23 Dec 2016 @ 12:06pm

    Maybe backwards

    IMSI catchers are getting so common it's getting to where you're more likely to connect to one of those than to a regular cell tower.

    Maybe we're thinking about this backwards.

    Maybe the proper approach is to simply order law enforcement (i.e. government) to operate the entire cell network. Yeah, no privacy, but that ship has apparently sailed already. Certainly Congress isn't going to help--three guesses what any IMSI catcher law is going to do for privacy: nothing, nothing and nothing.

    But think of the benefits: Coverage would improve. No more roaming. No more "can you hear me now" shill commercials. No more data caps. Probably many more.

    Turn the networks into a true public service.

    Surely worth at least a think.

    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.