DOJ Misled Judges For Years About How It Was Using Stingray Devices To Spy On People

from the well-of-course dept

Thu, Mar 28th 2013 5:56am — Mike Masnick

How many times does it need to be repeated? If you give law enforcement the ability to spy on people -- even with limits -- law enforcement will always blow through those limits and abuse its powers. It happens over and over and over again. And that becomes doubly true when law enforcement has worked out ways to avoid oversight. Back in 2011, the WSJ broke a huge story about the frequent use by government officials of a technique for mobile device surveillance generically called "stingray" devices (technically, there are a few products used for this, only some of which are actually called Stingrays, but the name is now used to refer to all of them). The device works by pretending to be a mobile phone tower, so devices can connect to it, and law enforcement gets all your data. It's basically a cellular man-in-the-middle attack, with law enforcement being that man in the middle. Yay.

The technology has been a key component in a case involving Daniel Rigmaiden, which we wrote about last year. Rigmaiden was taken into custody (on a fraud charge) and, representing himself in court, he has sought more info on how he was tracked down -- leading to some reluctant disclosure about law enforcement using Stingray devices on questionable authority to find him. In that case, we noted that law enforcement claimed it had a court order to use the technology, but the judge was confused, asking where were the warrants for the use of the device. The judge asked how it was possible that a court order or warrant was issued without the judge ever being told about the technology used in surveillance and was told, simply, "it was a standard practice."

Indeed, that appears to be the case. The ACLU filed a bunch of FOIA (Freedom of Information Act) requests to dig into this and newly released documents show that, indeed, it was apparently standard practice by the DOJ to be "less than explicit" and less than "forthright" with judges in seeking warrants and court orders to make use of this technology. Here's an email that was revealed:

As some of you may be aware, our office has been working closely with the magistrate judges in an effort to address their collective concerns regarding whether a pen register is sufficient to authorize the use of law enforcement's WIT technology (a box that simulates a cell tower and can be placed inside a van to help pinpoint an individual's location with some specificity) to locate an individual. It has recently come to my attention that many agents are still using WIT technology in the field although the pen register application does not make that explicit.

While we continue work on a long term fix for this problem, it is important that we are consistent and forthright in our pen register requests to the magistrates…

Basically, that's the DOJ admitting that it has not been forthright or explicit in letting judges know that it is going to use this extremely intrusive form of surveillance in seeking approvals. And the courts have been concerned about this. As the ACLU notes, this email was written three years after the Rigmaiden situation happened -- suggesting that the DOJ has been getting away with this sort of thing for many years, without anyone digging in. The ACLU is now arguing that this should be a reason to suppress the evidence obtained via these devices, and will ask the court to "send a clear message" that it cannot hide the truth from federal judges in seeking rubber stamps to violate the privacy of the public.

Rigmaiden Doj Stingray Emails Declaration (PDF)Rigmaiden Doj Stingray Emails Declaration (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, doj, man in the middle, privacy, stingray, surveillance, warrants

31 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 28 Mar 2013 @ 6:11am

and of course the judges will do exactly that! i dont think! they are told what they can and cant, will or wont do. if doing what they SHOULD do so as to protect the public, they will be out of jobs. there is no way that any law enforcement agency is going to allow a judgement to stand when it may inhibit an investigation where they are determined to pin charges on someone, true or false, and where they want to instill a jail sentence because they need to 'save face' or something similar. we have the Swartze case, the 'weev' case and the Dotcom case. all cases are a farce on the behalf of the DoJ, but they wont back down, they admit they were wrong, prefering to carry on lying until one judge comes along and gives them what they want! they have dragged others down so far and the obliging judge will go the same way, not that the DoJ will worry about it in the slighest
[ link to this | view in chronology ]
- Designerfx (profile), 28 Mar 2013 @ 7:55am
  
  Re:
  not at all. Since when is the judge's job at risk? Do you understand why the judges exist?
  
  hint: it's to provide justice, not live in fear.
  [ link to this | view in chronology ]
  - Anonymous Coward, 28 Mar 2013 @ 9:16am
    
    Re: Re:
    Well given all the laws that exist, it is probably fairly easy for police, FBI et al to find one a judge has broken.
    [ link to this | view in chronology ]
Anonymous Coward, 28 Mar 2013 @ 6:12am

When perpetrated by individuals, a mitm attack will be met with severe penalties. Apparently it is completely acceptable for governmental agencies and their cronies to engage in the exact same thing. The difference, or so we are told, is that the individual has nefarious purposes while the big brother types are simply looking out for your best interests security wise - wink wink.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Mar 2013 @ 7:13am
  
  Re:
  Which kills me with laughter. I literally cannot stop laughing at the level of doublespeak required to work in the Legal Department of the Governments almost anywhere.
  [ link to this | view in chronology ]
- Anonymous Coward, 28 Mar 2013 @ 2:17pm
  
  Re:
  There are two sets of laws in America: Those for the corporations, the government, and the rich and then another set of laws for everyone else. Duh.
  [ link to this | view in chronology ]
Violated (profile), 28 Mar 2013 @ 6:39am

Fear
I am starting to think these days that Judges are afraid of the Government when they just don't seem to call them to account or to punish them for their bad actions. So it is almost like they say "Do what we say or we will fire you and give someone else your job"

This is why the Justice system always needs to be fully independent to the Administration to be able to uphold law and justice without political bullying, pressure or interference.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Mar 2013 @ 6:55am
  
  Re: Fear
  Fire them, as in drone strike?
  [ link to this | view in chronology ]
- MoreFear, 28 Mar 2013 @ 5:49pm
  
  Re: Fear
  The unprecedented berating Supreme Court judges at a state of the union address seemed to prove effective. This administration has no qualms about trying to influence the highest levels of the "independant" judiciary, so lower court judges being fearful is understandable.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Mar 2013 @ 6:59am

The only thing that will change is the method they use to get approval they need to continue.
[ link to this | view in chronology ]
angelbar (profile), 28 Mar 2013 @ 7:09am

OT: These ads on the bottom
Can be disabled?

They cant be seen completly, and i will not do a free click on that.

(ubuntu+chrome)
[ link to this | view in chronology ]
- Anonymous Coward, 28 Mar 2013 @ 7:49am
  
  Re: OT: These ads on the bottom
  Try clicking the down arrow on the bottom-right of the ad bar. I did and it hid the whole bar on mine.
  [ link to this | view in chronology ]
  - Gwiz (profile), 28 Mar 2013 @ 9:27am
    
    Re: Re: OT: These ads on the bottom
    There is also preference setting on your account page that turns it off also (if you have an account, that is)
    [ link to this | view in chronology ]
SJ, 28 Mar 2013 @ 7:12am

The judges are obviously in a rough spot. On the one side one can argue that those devices and techniques don't do any direct harm and help to convict criminals - depsite them being questionable/illegal.

On the other hand, if the judges just keep dismissing all cases and set those to-be-found-guilty "criminals" free and then something happens, everybody would blame the judges for not having convicted and incarcerated them.
[ link to this | view in chronology ]
Anonymous Coward, 28 Mar 2013 @ 7:13am

what all law enforcement agencies and the government seem to want to do is throw all justice, courts, judges and the Constitution in the trash and be given a carte blanche. they can then do what they want, when they want, to whom they want, how they want and have no come backs. trying to think of the type of society, the type of government that reminds me of. anyone help me out??
[ link to this | view in chronology ]
- madasahatter (profile), 28 Mar 2013 @ 8:19am
  
  Re:
  Nazi Germany?
  [ link to this | view in chronology ]
  - Anonymous Coward, 28 Mar 2013 @ 1:31pm
    
    Re: Re:
    I know going Godwin is a bit of a cheap shot, but let's face it: when your government starts having "secret interpretations" of laws and such, Gestapo references are inevitable.
    [ link to this | view in chronology ]
- Disgusted, 28 Mar 2013 @ 9:27am
  
  Re:
  Just about any police state or totalitarian government. There are many examples, even now, and ours is rapidly approaching that situation. The next ten years should be fun.
  [ link to this | view in chronology ]
TasMot (profile), 28 Mar 2013 @ 7:46am

Just Trust Us
We are seeing more and more that when you work for the DOJ its OK to do anything, even if its illegal. Just make sure the legal doublespeak obfusticates it. As a citizen, watch out for double jeoperdy with charges at the state and federal level (and don't even start THINKING about committing a crime because just talking about it is going to be just as bad as doing it). How do they maintain a straight face with all of these double standards.
[ link to this | view in chronology ]
special-interesting (profile), 28 Mar 2013 @ 8:23am

Is only the tip of the iceberg. Cell phone location data can be purchased for ~30/month in many states with nothing more than a request. Its an national problem and constitutional tragedy. Some of this can be mitigated with strict privacy regulation and more personal control of the phone OS but not all.

http://www.aclu.org/maps/your-local-law-enforcement-tracking-your-cell-phones-location (a rampant problem. Its like everyone does it!)

With some political public browbeating the location data can be forced to remain in the tower and not sent and recorded centrally. Search warrants for cell tower dumps would be required for law enforcement otherwise.

We are not talking about a most efficient system but one that meets individual privacy needs.

The situation is so weird that cell phone companies will sell/give almost anyone your location but you:

http://www.propublica.org/article/cellphone-companies-will-share-your-location-data-just-not-wit h-you

My complaint would be what laws were broken and if none... wth? What protects the citizen from the government? Will anyone get fired and lose their pension for acting in a way unbecoming of a government official or by throwing out basic constitutional rights to make an admittedly hard job easier?

Having a law enforcement job is like having a job that defends the constitution (is the badge getting congressionally tarnished lately?) and it was never an easy and especially never a safe job. Apply for a job as an office worker or ice cream truck sales job if one wants to have a safer job. Being, most likely, constitutionally lazy and sloppy is a poor operational excuse.

Time for some judicial guidelines reform. Time for some tort (sentencing reform) reform, time for some copyright term reduction, time for some copyright Fair Use as easy and normal reform, time for a lot of things.

It's time.
[ link to this | view in chronology ]
Anonymous Coward, 28 Mar 2013 @ 8:53am

Government is EVIL
More proof that Govt is the greater evil. The evils of Govt are boundless, unless held in check, as the authors of the US�s founding documents warned us about.

So John �Mr. BIG Govt� Fenderson, are you still confessing that Govt is easier to control than Corporations - "...if we had to choose between those two Bigs (and I don't think we do), then I choose Big Government. It's easier to fix the government (who is us) than major corporations (whose behavior we have little to no say in.)�"
Quote reference: John Fenderson �It's easier to fix the government�"
[ link to this | view in chronology ]
- art guerrilla (profile), 28 Mar 2013 @ 9:40am
  
  Re: Government is EVIL
  trotting out one of my favorite -and too true- quotes:
  
  The price of freedom is eternal vigilance.
  
  (THAT should be a sign next to EVERY flag in EVERY classroom in uhmerika...)
  
  we sheeple have slept too long: we have let a professional klass of politicians take over the vigil, and they have been -as is inevitable- co-opted and corrupted...
  
  the korporate media are no longer the proxies of us 99%, but the lapdogs of the 1%... there is NO VIGIL, the fucking foxes are guarding the henhouse now, and all we get are horsefeathers and bullshit...
  
  art guerrilla
  aka ann archy
  eof
  [ link to this | view in chronology ]
- wraparound, 29 Mar 2013 @ 7:21am
  
  Re: Government is EVIL
  Yeah corporations are easier to control...NOT In the 1950's-1960's the corporations were polluting so badly rivers were on fire, Lake Erie was dead, the London killer fog left hundreds dead, 3rd world pollution was a nightmare (read up on Texaco and Honduras)....if the environmental movement hadn't stepped in the corporations would have killed us all.
  My take: government is evil, Corporations are evil-er
  [ link to this | view in chronology ]
Androgynous Cowherd, 28 Mar 2013 @ 8:59am

Illegal search. Period.
An MITM attack on phone traffic will intercept anything that's not end-to-end-encrypted Internet traffic -- so non-VPN'd, non-HTTPS website views, the content of voice calls, etc.

Meanwhile, a pen register order allows intercepting called numbers *only*. Certainly not content of voice conversations or anything similar.

It seems clear, then, that if an MITM device is used with only a pen register warrant, any evidence resulting should be thrown out of court, whether or not they actually used the ability to intercept the content of voice calls or other things clearly forbidden with just a pen register. Such a policy by the courts would force LE to get the proper sort of warrant.

At the same time, there are steps private industry could take to improve the privacy of wireless customers. Namely, wireless encryption and authentication like WiFi uses. You can't accidentally connect to a WiFi network masquerading as the one you normally use; the encryption won't work (wrong key) even if the network spoofs the name of the familiar one. Similarly, it wouldn't be hard to change cellular protocols so that the phone and tower authenticate, and the phone won't connect to "towers" not belonging to the cellular provider your phone's configured to use. So if it's set up to use AT&T, it won't connect to a "tower" that doesn't authenticate itself to the phone as an AT&T tower.

This has benefits for both the public and the telco. On the public side, their privacy is more assured if a) phone-to-tower communications are all encrypted and b) their phone cannot be fooled by a spoofed tower (which might not be LE with a legitimate warrant or even LE without a warrant; it might be hackers, or the mob, or who the hell knows?). Further to that, if LE has to go through the phone company to get a live location trace, they're forced to get the proper warrant for such a thing and the telco is not going to give them anything extra (such as the ability to intercept voice call content) beyond what the warrant allows.

On the telco side, telcos love to charge LE money for access to info on their customers, and they'd be able to charge for the information that the use of Stingray devices currently lets LE get for free. Of course, this kind of thing already creates perverse incentives for telcos to sell information to LE eagerly even without a warrant, so a clear rule is needed that such information is inadmissible in court without a warrant specifically for the information used.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Mar 2013 @ 10:04am
  
  Re: Illegal search. Period.
  "So if it's set up to use AT&T, it won't connect to a 'tower' that doesn't authenticate itself to the phone as an AT&T tower."
  
  But if they have a warrant, they'll probably just be able to force AT&T to give them a code that says they ARE a valid tower. I know that in the past they've passed laws forcing phone companies to build easier-to-tap land lines. Since new towers can be built at any time, you can't just hardcode a list into the phones.
  
  Although, this would STILL be a good idea, to prevent MITM from people who are NOT law enforcement.
  [ link to this | view in chronology ]
  - Androgynous Cowherd, 28 Mar 2013 @ 11:20am
    
    Re: Re: Illegal search. Period.
    First of all, I propose the towers authenticate to the phones in a manner similar to how EV SSL certs work -- if the telco builds a new tower they'll sign its identification certificate with their big corporate key and phones will recognize it. It'd be similar to how Google can add a new server with a new IP address to handle gmail and browsers will happily recognize the new IP as being genuinely Google's.
    
    Second, getting a warrant for a telco's private certificate-signing keys so as to be able to impersonate that telco to computer equipment seems like it would be a mite difficult compared to simply getting a wiretap-like order for real-time location data of a particular target to serve on said telco.
    [ link to this | view in chronology ]
Anonymous Coward, 28 Mar 2013 @ 9:20am

Every day the evidence mounts that we live in a police state when will the sheeple revolt?
[ link to this | view in chronology ]
- art guerrilla (profile), 28 Mar 2013 @ 9:42am
  
  Re:
  the sheeple *are* revolting...
  i can't stand the chickenshit mofo's...
  
  oh, wait...
  i'm one too...
  crap, i hate it when i have to hate me, too...
  
  art guerrilla
  aka ann archy
  eof
  [ link to this | view in chronology ]
Jesse (profile), 28 Mar 2013 @ 10:36am

I really want to have a court examine whether or not it is legal for your average citizen to conduct themselves in the same way police do without the warrant. Isn't the warrant supposed to be the special permission police get to essentially break the law? If they don't need a warrant, can I not do the same thing?
[ link to this | view in chronology ]
Anonymous Coward, 28 Mar 2013 @ 1:39pm

Here's hoping for a continuation of common sense rulings pushing back absurd government spying. NSLs got banned just recently. Hopefully the court in this case will react appropriately to the news that the DOJ has been lying to judges for years.
[ link to this | view in chronology ]
special-interesting (profile), 29 Mar 2013 @ 4:16pm

What I would propose is a combination of public and private key encryption.

Public key encryption is nice and fairly private keeing in mind the rapid advances in computer technology makes even 512 bit encryption weak these days for a concerted effort. 2048 bit wold be nice for now. The problem is that almost all the prime number combinations have been already calculated demanding elliptic and other formulas (possibly something fractal in future) to hide keys.

So we have private key encryption of unlimited bits. When you meet someone and share cell phone numbers a bit of very short range local wifi (infrared or direct connect by touch?) could share a large key for personal private encoded talking. It would be changed every time you met in person if one was worried about it.

There are some legal technicalities of international calls but expect then not to interfere between personal friends.
[ link to this | view in chronology ]