DOJ Misled Judges For Years About How It Was Using Stingray Devices To Spy On People
from the well-of-course dept
How many times does it need to be repeated? If you give law enforcement the ability to spy on people -- even with limits -- law enforcement will always blow through those limits and abuse its powers. It happens over and over and over again. And that becomes doubly true when law enforcement has worked out ways to avoid oversight. Back in 2011, the WSJ broke a huge story about the frequent use by government officials of a technique for mobile device surveillance generically called "stingray" devices (technically, there are a few products used for this, only some of which are actually called Stingrays, but the name is now used to refer to all of them). The device works by pretending to be a mobile phone tower, so devices can connect to it, and law enforcement gets all your data. It's basically a cellular man-in-the-middle attack, with law enforcement being that man in the middle. Yay.The technology has been a key component in a case involving Daniel Rigmaiden, which we wrote about last year. Rigmaiden was taken into custody (on a fraud charge) and, representing himself in court, he has sought more info on how he was tracked down -- leading to some reluctant disclosure about law enforcement using Stingray devices on questionable authority to find him. In that case, we noted that law enforcement claimed it had a court order to use the technology, but the judge was confused, asking where were the warrants for the use of the device. The judge asked how it was possible that a court order or warrant was issued without the judge ever being told about the technology used in surveillance and was told, simply, "it was a standard practice."
Indeed, that appears to be the case. The ACLU filed a bunch of FOIA (Freedom of Information Act) requests to dig into this and newly released documents show that, indeed, it was apparently standard practice by the DOJ to be "less than explicit" and less than "forthright" with judges in seeking warrants and court orders to make use of this technology. Here's an email that was revealed:
As some of you may be aware, our office has been working closely with the magistrate judges in an effort to address their collective concerns regarding whether a pen register is sufficient to authorize the use of law enforcement's WIT technology (a box that simulates a cell tower and can be placed inside a van to help pinpoint an individual's location with some specificity) to locate an individual. It has recently come to my attention that many agents are still using WIT technology in the field although the pen register application does not make that explicit.Basically, that's the DOJ admitting that it has not been forthright or explicit in letting judges know that it is going to use this extremely intrusive form of surveillance in seeking approvals. And the courts have been concerned about this. As the ACLU notes, this email was written three years after the Rigmaiden situation happened -- suggesting that the DOJ has been getting away with this sort of thing for many years, without anyone digging in. The ACLU is now arguing that this should be a reason to suppress the evidence obtained via these devices, and will ask the court to "send a clear message" that it cannot hide the truth from federal judges in seeking rubber stamps to violate the privacy of the public.
While we continue work on a long term fix for this problem, it is important that we are consistent and forthright in our pen register requests to the magistrates…
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, doj, man in the middle, privacy, stingray, surveillance, warrants
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
Fear
This is why the Justice system always needs to be fully independent to the Administration to be able to uphold law and justice without political bullying, pressure or interference.
[ link to this | view in thread ]
Re: Fear
[ link to this | view in thread ]
[ link to this | view in thread ]
OT: These ads on the bottom
They cant be seen completly, and i will not do a free click on that.
(ubuntu+chrome)
[ link to this | view in thread ]
On the other hand, if the judges just keep dismissing all cases and set those to-be-found-guilty "criminals" free and then something happens, everybody would blame the judges for not having convicted and incarcerated them.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Just Trust Us
[ link to this | view in thread ]
Re: OT: These ads on the bottom
[ link to this | view in thread ]
Re:
hint: it's to provide justice, not live in fear.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
http://www.aclu.org/maps/your-local-law-enforcement-tracking-your-cell-phones-location (a rampant problem. Its like everyone does it!)
With some political public browbeating the location data can be forced to remain in the tower and not sent and recorded centrally. Search warrants for cell tower dumps would be required for law enforcement otherwise.
We are not talking about a most efficient system but one that meets individual privacy needs.
The situation is so weird that cell phone companies will sell/give almost anyone your location but you:
http://www.propublica.org/article/cellphone-companies-will-share-your-location-data-just-not-wit h-you
My complaint would be what laws were broken and if none... wth? What protects the citizen from the government? Will anyone get fired and lose their pension for acting in a way unbecoming of a government official or by throwing out basic constitutional rights to make an admittedly hard job easier?
Having a law enforcement job is like having a job that defends the constitution (is the badge getting congressionally tarnished lately?) and it was never an easy and especially never a safe job. Apply for a job as an office worker or ice cream truck sales job if one wants to have a safer job. Being, most likely, constitutionally lazy and sloppy is a poor operational excuse.
Time for some judicial guidelines reform. Time for some tort (sentencing reform) reform, time for some copyright term reduction, time for some copyright Fair Use as easy and normal reform, time for a lot of things.
It's time.
[ link to this | view in thread ]
Government is EVIL
So John “Mr. BIG Govt” Fenderson, are you still confessing that Govt is easier to control than Corporations - "...if we had to choose between those two Bigs (and I don't think we do), then I choose Big Government. It's easier to fix the government (who is us) than major corporations (whose behavior we have little to no say in.)…"
Quote reference: John Fenderson “It's easier to fix the government…"
[ link to this | view in thread ]
Illegal search. Period.
Meanwhile, a pen register order allows intercepting called numbers *only*. Certainly not content of voice conversations or anything similar.
It seems clear, then, that if an MITM device is used with only a pen register warrant, any evidence resulting should be thrown out of court, whether or not they actually used the ability to intercept the content of voice calls or other things clearly forbidden with just a pen register. Such a policy by the courts would force LE to get the proper sort of warrant.
At the same time, there are steps private industry could take to improve the privacy of wireless customers. Namely, wireless encryption and authentication like WiFi uses. You can't accidentally connect to a WiFi network masquerading as the one you normally use; the encryption won't work (wrong key) even if the network spoofs the name of the familiar one. Similarly, it wouldn't be hard to change cellular protocols so that the phone and tower authenticate, and the phone won't connect to "towers" not belonging to the cellular provider your phone's configured to use. So if it's set up to use AT&T, it won't connect to a "tower" that doesn't authenticate itself to the phone as an AT&T tower.
This has benefits for both the public and the telco. On the public side, their privacy is more assured if a) phone-to-tower communications are all encrypted and b) their phone cannot be fooled by a spoofed tower (which might not be LE with a legitimate warrant or even LE without a warrant; it might be hackers, or the mob, or who the hell knows?). Further to that, if LE has to go through the phone company to get a live location trace, they're forced to get the proper warrant for such a thing and the telco is not going to give them anything extra (such as the ability to intercept voice call content) beyond what the warrant allows.
On the telco side, telcos love to charge LE money for access to info on their customers, and they'd be able to charge for the information that the use of Stingray devices currently lets LE get for free. Of course, this kind of thing already creates perverse incentives for telcos to sell information to LE eagerly even without a warrant, so a clear rule is needed that such information is inadmissible in court without a warrant specifically for the information used.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: OT: These ads on the bottom
[ link to this | view in thread ]
Re: Government is EVIL
The price of freedom is eternal vigilance.
(THAT should be a sign next to EVERY flag in EVERY classroom in uhmerika...)
we sheeple have slept too long: we have let a professional klass of politicians take over the vigil, and they have been -as is inevitable- co-opted and corrupted...
the korporate media are no longer the proxies of us 99%, but the lapdogs of the 1%... there is NO VIGIL, the fucking foxes are guarding the henhouse now, and all we get are horsefeathers and bullshit...
art guerrilla
aka ann archy
eof
[ link to this | view in thread ]
Re:
i can't stand the chickenshit mofo's...
oh, wait...
i'm one too...
crap, i hate it when i have to hate me, too...
art guerrilla
aka ann archy
eof
[ link to this | view in thread ]
Re: Illegal search. Period.
But if they have a warrant, they'll probably just be able to force AT&T to give them a code that says they ARE a valid tower. I know that in the past they've passed laws forcing phone companies to build easier-to-tap land lines. Since new towers can be built at any time, you can't just hardcode a list into the phones.
Although, this would STILL be a good idea, to prevent MITM from people who are NOT law enforcement.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Illegal search. Period.
Second, getting a warrant for a telco's private certificate-signing keys so as to be able to impersonate that telco to computer equipment seems like it would be a mite difficult compared to simply getting a wiretap-like order for real-time location data of a particular target to serve on said telco.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Fear
[ link to this | view in thread ]
Re: Government is EVIL
My take: government is evil, Corporations are evil-er
[ link to this | view in thread ]
Public key encryption is nice and fairly private keeing in mind the rapid advances in computer technology makes even 512 bit encryption weak these days for a concerted effort. 2048 bit wold be nice for now. The problem is that almost all the prime number combinations have been already calculated demanding elliptic and other formulas (possibly something fractal in future) to hide keys.
So we have private key encryption of unlimited bits. When you meet someone and share cell phone numbers a bit of very short range local wifi (infrared or direct connect by touch?) could share a large key for personal private encoded talking. It would be changed every time you met in person if one was worried about it.
There are some legal technicalities of international calls but expect then not to interfere between personal friends.
[ link to this | view in thread ]