DC Court Says Metro Police Need Warrants To Deploy Stingrays

from the another-win-for-the-4th dept

Another warrant requirement for Stingray use has been established. Again, it's not a federal decision, so jurisdiction is limited, but there's now another case to cite when fighting warrantless Stingray use in federal courts.

This decision comes from the DC Appeals Court (very much not the DC Circuit Court of Appeals). The case involves the Metro PD's use of a Stingray to track two phones: the suspect's and one he had stolen. The lower court handed the government a win. After pointing out there was plenty of time (around 10 hours between report of crime and Stingray deployment) to obtain a warrant (thus no exigent circumstances exception), the court decided the evidence derived from the tracking fell into the "inevitable discovery" exception since the tracking of the stolen phone would have led officers to the suspect.

The problem is the officers testifying for the Metro PD could not say for sure which phone they were tracking: the suspect's or the phone he had allegedly stolen from the victim. The lower court cut the cops some slack, allowing for the possibility of they were tracking a phone (the victim's) the suspect had no privacy interest in.

The appeals court, however, doesn't read it the same way. First, it goes further than the lower court, deciding the use of Stingray devices requires a warrant. As it points out in its opinion [PDF], the use of Stingray devices is far more invasive than other tracking methods. To begin with, it does something historic cell site location data and/or GPS trackers can't: locate a suspect no one's actively tracking.

With a cell-site simulator, however, police no longer need to track a person visually from some starting location or physically install a tracking device on an object that is in, or will come into, his or her possession. Instead, they can remotely activate the latent tracking function of a device that the person is almost certainly carrying in his or her pocket or purse: a cellphone. As the present case demonstrates, police officers first obtain subscriber information and real-time location information from the target‘s telecommunications provider to narrow down the search area. They then proceed to that area with a cell-site simulator, which they use to force the person‘s cellphone to identify itself and reveal its exact location. It is in this sense that a cell-site simulator is a locating, not merely a tracking, device: A cell-site simulator allows police officers who possess a person‘s telephone number to discover that person‘s precise location remotely and at will.

Further, Stingray devices force peoples' phones to relinquish information to law enforcement.

A final consideration is that when the police use a cell-site simulator to locate a person‘s cellphone, the simulator does not merely passively listen for transmissions sent by the phone in the ordinary course of the phone‘s operation. Instead, the cell-site simulator exploits a security vulnerability in the phone—the fact that cellphones are, in the words of the defense expert, ― "dumb devices," unable to differentiate between a legitimate cellular tower and a cell-site simulator masquerading as one — and actively induces the phone to divulge its identifying information.

Which flows directly into this determination:

The preceding considerations lead us to conclude that the use of a cell-site simulator to locate Mr. Jones‘s phone invaded a reasonable expectation of privacy and was thus a search.

There are reasons the court feels a warrant requirement is necessary -- ones that involve government responsibility and accountability.

[T]he simulator‘s operation involve[s] exploitation of a security flaw in a device that most people now feel obligated to carry with them at all times. Allowing the government to deploy such a powerful tool without judicial oversight would surely ―shrink the realm of guaranteed privacy "far below that which existed when the Fourth Amendment was adopted." Kyllo, 533 U.S. at 34. It would also place an individual in the difficult position either of accepting the risk that at any moment his or her cellphone could be converted into tracking device or of forgoing ― "necessary use of" the cellphone.

The government argued cellphone users have no expectation of privacy in location information they know (or should know) is being broadcast to third parties. The appeals court disagrees, pointing to the Supreme Court's decision on wiretap use.

Contrary to the government‘s argument, Katz makes clear that a person does not lose a reasonable expectation of privacy merely because he or she is made aware of the government‘s capacity to invade his or her privacy. When Katz was issued, the public and the courts were well aware of the government‘s capacity to wiretap and eavesdrop through technological means, yet the Supreme Court did not find this fact determinative of the question whether individuals possess a reasonable expectation of privacy in their conversations.

[...]

A person‘s awareness that the government can locate and track him or her using his or her cellphone likewise should not be sufficient to negate the person‘s otherwise legitimate expectation of privacy.

The court also shoots holes in the government's "inevitable discovery" theory. At some point, the officers switched from tracking a phone with zero privacy interest (the victim's) to tracking the suspect's phone. When they did this, they screwed themselves out of a warrant exception. The court decides the government doesn't get to pile up wrongs and ask the court to view them as "right."

[H]ere the government is asking us to find inevitable discovery where the police had mutually exclusive options and, for whatever reason, chose the option that turned out to be unlawful. The inevitable-discovery doctrine does not apply in this type of situation.

The good faith exception is killed off as well, thanks to the secrecy surrounding the Metro PD's ownership and deployment of a Stingray device.

The Supreme Court has not, however, recognized the applicability of the good-faith exception in a situation remotely like the present one—where the police, not acting pursuant to a seemingly valid warrant, statute, or court opinion, conducted an unlawful search using a secret technology that they had shielded from judicial oversight and public scrutiny. See supra note 26. Indeed, assuming the police believed the warrantless use of the cell-site simulator to be lawful, they could not have reasonably relied on that belief, given the secrecy surrounding the device and the lack of law on the issue.

As for the government's argument suppression of evidence isn't needed to deter future wrongdoing because the PD now abides by DOJ guidance recommending search warrants for Stingray use, the court finds its assertions hollow.

The government has not cited any case in which a court has declined to apply the exclusionary rule based on the government‘s representation that it will not engage in unlawful conduct in the future. [...] And given that the DOJ policy memorandum does not describe any sort of enforcement mechanism that would ensure compliance with the policy, and given that the present administration or a subsequent one may well revise this policy, we are not convinced that the need to deter future constitutional violations is lacking.

And with that, the government loses almost all of its evidence, as well as the testimony of one of its witnesses. The conviction obtained is also reversed. The concurring opinion points out something that clearly separates Stingray cellphone tracking from other cellsite location info collection methods: it turns people's cellphones into investigative tools by law enforcement. And it doesn't do this voluntarily, no matter how the government might choose to misread the Third Party Doctrine. It does it by forcing all phones in the area to connect with the Stingray device and cough up their identifying info, including location.

This decision stands next to the one in Maryland as the first court-determined Stingray warrant requirements. More will come, although it's not entirely clear at this point which way these decisions will go. The Supreme Court is set to hear a case on warrantless access to historic cell site data. Whatever's decided there will factor into ongoing courtroom discussions about warrantless deployment of cell tower spoofers.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Anonymous Anonymous Coward (profile), 28 Sep 2017 @ 1:04pm

    Another piece of the conundrum

    Then there are all the other phones being tracked by the cell-sight simulator that are not targets of the investigation. Remember that the cell phones and the IMSI are both dumb pieces of equipment and cannot discern whether the particular cell phone, or imitation cell tower are the correct ones, unless some human gives proper instructions, if they do. If they know to. If they give a rats ass. If non targeted cell phone operators know how to, and/or have the capacity to determine real vs imitation cell sites.

    No mention of those others rights to privacy, and no discussion of how law enforcement uses or excludes that information.

    In some ways, a disappointing conclusion. In other ways, a positive step.

    reply to this | link to this | view in chronology ]

  • identicon
    David, 28 Sep 2017 @ 2:35pm

    Good grief.

    A person‘s awareness that the government can locate and track him or her using his or her cellphone likewise should not be sufficient to negate the person‘s otherwise legitimate expectation of privacy.

    Essentially, the government here appears to have argued that the Fourth Amendment only precludes the government from doing impossible things. Or at least, that the government may do whatever it likes as long as its citizens do not suspect it having the capacity or audacity to do it.

    Or expressed differently, heeding the Constitution is for wimps.

    reply to this | link to this | view in chronology ]

    • icon
      stderric (profile), 28 Sep 2017 @ 3:20pm

      Re: Good grief.

      I got the impression that it meant the opposite -- that as long as we believe the government capable of doing something, we have no expectation of privacy from their doing it. They only have to get a warrant to use stuff nobody believes could actually exist... which would fall under some sort of 'national security' exception anyway.

      reply to this | link to this | view in chronology ]

      • identicon
        David, 28 Sep 2017 @ 3:38pm

        Re: Re: Good grief.

        Ah, you are right. I got carried away and confused the "Constitution is for wimps" and "Constitution is for dumbasses" argument lines.

        Different forms of contempt for the constituents.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 28 Sep 2017 @ 3:58pm

        Re: Re: Good grief.

        comprehension fail.

        3rd party doctrine has been around for a good while, try a little google-fu and look it up!

        reply to this | link to this | view in chronology ]

        • icon
          stderric (profile), 28 Sep 2017 @ 5:29pm

          Re: Re: Re: Good grief.

          David and I weren't talking about anything that specific. We were going for the fact that the appeals court rejected the government's argument that 'if the public knows or believes the government has the skill and/or technology to do something, then the government is free to apply that technique without warrants or even any regard to the Constitution.'

          Example: Citizens know the FBI is probably pretty good at B&E. They also know the Agency must have high-tech wireless surveillance cameras. The FBI is free to hide cameras in everyone's bathrooms for no particular reason.

          reply to this | link to this | view in chronology ]

  • identicon
    Marlon Brandobo, 28 Sep 2017 @ 4:56pm

    encryption

    It shouldn't be too hard to encrypt connections to cell towers, the carrier could issue a public key to be stored in the phone keystore. Phones couldn't connect to a stingray as it wouldn't have the correct key.

    reply to this | link to this | view in chronology ]

    • icon
      Madd the Sane (profile), 28 Sep 2017 @ 5:02pm

      Re: encryption

      And what happens when the government wants to use the private key for a case? All it takes for that to fall apart is the weakest link.

      reply to this | link to this | view in chronology ]

    • identicon
      David, 29 Sep 2017 @ 4:53am

      Re: encryption

      Uh, GSM is encrypted (unlike first-generation cellphones). Putting aside the strength of the somewhat aged encryption, eavesdropping on GSM connections is impractical.

      But that's not what Stingray's, also known as cellphone tower spoofers do: they announce themselves as cellphone towers and take over the respective duties including an encrypted connection.

      So if you are suddenly having better reception than you are used to, that's a bad sign.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 29 Sep 2017 @ 10:22am

        Re: Re: encryption

        But that's not what Stingray's, also known as cellphone tower spoofers do: they announce themselves as cellphone towers and take over the respective duties including an encrypted connection.

        As usual, the solution is not simply "encryption" but encryption with proper authentication and key management. The tower should have to prove it's a "real" tower before the phone encrypts stuff to it. But this technical fix isn't enough, because then the government would just order cellphone companies to help—and they do have the location information of all their customers, plus anyone roaming on their network.

        What we really need is Tor for mobile networks. It's possible to do a zero-knowledge proof that you're a subscriber, without revealing which subscriber you are; and the rest is basically vanilla onion-routing. Then your provider wouldn't know where you are, so couldn't tell the police. (Until onion-routing is banned, but that ban would have to be upheld in court.)

        reply to this | link to this | view in chronology ]

      • icon
        Bergman (profile), 29 Sep 2017 @ 9:22pm

        Re: Re: encryption

        There's another aspect to all of this as well.

        Given how the main difference between a personal computer and a cellphone is that one has a sim card and the other does not (and even that line is blurred by the existence of VoIP technology and cellular data connections), when the government argues that there is no warrant requirement to use a stingray device, they are asserting several things:

        1) It is not interception of electronic communications.
        2) It is not unauthorized access of a computer system.
        3) It does not violate a reasonable expectation of privacy.

        Since all government/law enforcement exemptions to wiretapping laws, eavesdropping laws and the CFAA absolutely require that the government have a warrant, and not having a warrant voids the exemption, then it follows that operating a stingray is not eavesdropping, wiretapping, interception or unauthorized access.

        Any attempt at prosecuting someone for using a stingray as a private citizen would require that the DoJ destroy their own loophole.

        So if you can get ahold of one, feel free to use it.

        reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 29 Sep 2017 @ 10:26am

    We also need to address...

    The established policy of the department of justice to implement new technologies without review or oversight, both of their reliability to produce sound evidence worthy of the courts, and in regards to the human and Constitutional rights they might violate.

    The conduct of our law enforcement agencies regarding telephone spoofers, considering the extreme measures taken to keep this technology from the public eye or from review is an indictment of these departments, that they no longer serve to enforce law in the service of the public, rather are driven by more perverse incentives toward their own gains.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.