Documents Pried Out Of DOJ's Hands Confirm Stingray Devices Can Be Used To Intercept Communications

from the but-we-never-use-them-that-way!-never?-well...-hardly-ever! dept

Something long-believed but short of official documentation has now been confirmed: Stingray devices can intercept phone calls.

[N]ewly released documents confirm long-held suspicions that the controversial devices are also capable of recording numbers for a mobile phone’s incoming and outgoing calls, as well as intercepting the content of voice and text communications. The documents also discuss the possibility of flashing a phone’s firmware “so that you can intercept conversations using a suspect’s cell phone as a bug.”

The information appears in a 2008 guideline prepared by the Justice Department to advise law enforcement agents on when and how the equipment can be legally used.

The closest we've come to official confirmation of this capability is the DOJ's 2015 "official guidance" on Stingray warrant requirements, which noted that all devices must comply with the pen register requirements, which means the interception of phone numbers only. Any device used by agencies under its control must not use them for the interception of communications.

It also would suggest they're not allowed to use them to obtain cell site location data, as that information can't be obtained with pen register orders. The documents obtained by the ACLU (after a protracted legal battle) clarify this in the opening pages.
111. Invocation of 18 U.S.C. 2702(c)(4) to receive prospective cell site: Reliance on this provision to allow repeated, perspective collection of cell site data may be problematic. Judicious use of this provision is advised. Advise the field that the more prudent course of action is to obtain a search warrant under Rule 41 for repeated disclosures of prospective cell site information because Rule 41 has prospective effect.
The document also handily suggests that a good way to get around pen register limitations and/or warrant requirements is to just ask the service provider for the data ("a service provider can voluntarily disclose historical cell site data..."). Anything handed over voluntarily apparently doesn't implicate the Fourth Amendment, even though the location data was generated by the person with the phone, rather than autonomously by the cell phone provider. But that's the Third Party Doctrine for you.

Following that are instructions for "Emergency Wiretap Orders," which directly mentions utilizing IMSI catchers to intercept communications.
Obtain the following, relevant facts: 1) circumstances giving rise to the emergency situation; 2) who, if known, is using the target phone/facility/location; 3) how the target phone/facility/location was identified; 4) when the phone/facility/location was last known to be used; 5) most recent criminal activity; and 6) basis for belief that phone/facility/location will be used for communications concerning the crime, i.e. what evidence is there that the perpetrator is acting in concert with others -- what communications will be obtained.
More confirmation here, in wording that is echoed by the DOJ's 2015 cell tower spoofer guidance:
Digital analyzers/cell site simulators/triggerfish and similar devices may be capable of intercepting the contents of communications and, therefore, such devices must be configured to disable the interception function, unless interceptions have been authorized by a Title III order.
And for those of you who'd like to play along at home, several of the pages can be printed out and used for your own game of Stingray court order Mad Libs.


You won't have to read all the way to the end, though. Most of the interesting stuff happens in the first few pages, but in true bureaucratic fashion, the bulk of the 71 pages is made up of duplicated responsive documents.

These documents, of course, only deal with the DOJ and its agencies. Whatever's being issued as guidance here doesn't necessarily carry over to local law enforcement agencies using these devices. Considering the intense secrecy surrounding IMSI catchers, it's safe to say they've been deployed to collect communications without a warrant (or at least a warrant that directly refers to the device and its intended use), and we do know they've been using them as ad hoc tracking devices by grabbing cell site location data. When the lid finally comes off entirely, I'm sure we'll see a great number of constitutional violations tracing back to IMSI catchers.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: doj, fake mobile towers, imsi catchers, stingray, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 2 Nov 2015 @ 4:47am

    This is the latest attack on person-hood ffs next they'll ask for a ham sandwich while they collect all the details of your personal life.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Nov 2015 @ 6:43am

      Re:

      I wouldn't put it past the USG to hide spying provisions in the lunch menu.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Nov 2015 @ 10:49am

      Re:

      If we gave them ham sandwiches, maybe we could finally get a few of 'em indicted for their crimes.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Nov 2015 @ 4:59am

    This from the people that cannot be bothered to get a warrant because it's too hard for them to take the time to do their jobs right.

    link to this | view in chronology ]

  • icon
    Bergman (profile), 2 Nov 2015 @ 5:33am

    But look on the bright side

    If using a Stingray does not require a warrant, then using one cannot be a violation of either the Computer Fraud and Abuse Act or an interception of telephone communications.

    After all, the only exemption to such violations being a crime REQUIRES a warrant.

    So they're not crimes. The nature of the law in the US is that anything not specifically prohibited is legal.

    If use of a Stingray without a warrant is not interception of communications, and using one to turn a phone into a bug via a firmware update doesn't require a warrant either, then it would be completely legal to do that to anyone, by anyone.

    Why bother with a FOIA request for the head of the FBI's email, when you can simply tap his phone 100% legally?

    link to this | view in chronology ]

    • identicon
      AJ, 2 Nov 2015 @ 5:56am

      Re: But look on the bright side

      "So they're not crimes."

      The rules only apply to plebs such as yourself. For specific examples; See Hilary Clinton's email server.

      "If use of a Stingray without a warrant is not interception of communications, and using one to turn a phone into a bug via a firmware update doesn't require a warrant either, then it would be completely legal to do that to anyone, by anyone."

      See my first response.

      "Why bother with a FOIA request for the head of the FBI's email, when you can simply tap his phone 100% legally?"

      ... and again; see my first response.

      link to this | view in chronology ]

    • icon
      That One Guy (profile), 2 Nov 2015 @ 5:58am

      Re: But look on the bright side

      No no, it's still completely illegal for you or any other member of the public to tap into someone's private communications, the only reason it's 'legal' for the FBI/DOJ/police to do so is because the vast majority of judges turn into spineless cowards the second they see a badge and/or someone utters the magic words 'National security'.

      link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 2 Nov 2015 @ 6:53pm

        The appropriate response to the National Security card

        Have you no sense of decency, sir, at long last? Have you left no sense of decency?

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Nov 2015 @ 8:43am

      Re: But look on the bright side

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Nov 2015 @ 5:02pm

      Re: But look on the bright side

      putting their own update on your phone is still a Trespass to Chattel without a warrant. ... even if that IS a civil complaint.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Nov 2015 @ 5:48am

    Well of course

    It works as a cell tower so it makes sense that it would have all the capabilities of a regular one.

    link to this | view in chronology ]

    • identicon
      Anonymous Anonymous Coward, 2 Nov 2015 @ 6:05am

      Re: Well of course

      Does a regular cell tower do firmware updates? I think they might be a bit more than just cell towers.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 2 Nov 2015 @ 8:01am

        Re: Re: Well of course

        The fact that any firmware update can be done without human input at the device being updated should be of concern to everybody. If a law enforcement agency can do an update without a human at the device to start (or at least consent to) the update, so can a hacker!

        link to this | view in chronology ]

        • icon
          art guerrilla (profile), 2 Nov 2015 @ 2:29pm

          Re: Re: Re: Well of course

          "If a law enforcement agency can do an update without a human at the device to start (or at least consent to) the update, so can a hacker!"

          i believe these extra-constitutional intrusions by the donut eaters classify as hacking by anyone but Empire's definition...

          AND, i have ZERO doubt that if they have the capability of snorfling up everything AND the conversations themselves, they will do so...

          why not ? ? ? there is ZERO effective oversight...
          there is an asymptotically close to ZERO chance you will get caught...

          who says krime don't pay ? ? ?

          link to this | view in chronology ]

    • identicon
      Anonymous Anonymous Coward, 2 Nov 2015 @ 6:05am

      Re: Well of course

      Does a regular cell tower do firmware updates? I think they might be a bit more than just cell towers.

      link to this | view in chronology ]

  • identicon
    AJ, 2 Nov 2015 @ 6:21am

    You want to see the feds go bat shit crazy, wait until someone figures how to hack the damn thing. Then drives around until they find one in use, and turns it on them. Or even better, creates their own, and targets the gov... if it hasn't happened already lol.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Nov 2015 @ 6:47am

      Re:

      "This is a violation of our rights and must be stopped!"

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Nov 2015 @ 8:23am

      Re:

      When that day comes, my guess is that the almighty FBeye will insist on the hole remaining open, because it would be to difficult to change, as well as they will try to expand their powers to catch these "dangerous" hackers.
      It will be a fire they can never put out and that is the way they want it. Why do your job, when your job and power is insured by not doing it.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Nov 2015 @ 7:28am

    use as a bug

    does that mean that is can be used to xmit audio from the mic even when the user is not making phone calls?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Nov 2015 @ 8:45am

      Re: use as a bug

      "does that mean that is can be used to xmit audio from the mic even when the user is not making phone calls?"

      Yes.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Nov 2015 @ 9:29am

      Re: use as a bug

      We've long been aware of this ability.

      “They [NSA] can absolutely turn them [iPhones] on with the power turned off to the device,” Snowden replied.

      (http://www.wired.com/2014/06/nsa-bug-iphone/)

      Their capabilities don't just stop with turning the phone on while it's powered off. I read elsewhere they can use the cameras and mics as well. Looking for the citation.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Nov 2015 @ 8:09am

    I've been saying this for a very long time and everyone told me that I didn't know what I was talking about. It's nice to see that my concerns are finally validated.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Nov 2015 @ 11:00am

    Obtain the following, relevant facts: 1) circumstances giving rise to the emergency situation; 2) who, if known, is using the target phone/facility/location; 3) how the target phone/facility/location was identified; 4) when the phone/facility/location was last known to be used; 5) most recent criminal activity; and 6) basis for belief that phone/facility/location will be used for communications concerning the crime...
    Yeah, that'll be hard:

    1) Terrorism! Also pedophiles. Probably.
    2) Dunno. Who cares, it only says 'if'.
    3) Map. Dart. Throw.
    4) The past.
    5) Very recently.
    6) Everyone is probably guilty of things & stuff.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Nov 2015 @ 5:13pm

    TD misses the story again.

    I warned of these capabilities here years ago, and was dismissed and treated like a conspiracy theorist- even though I posted ample supporting technical evidence.

    Here you have an "official" conformation that firmware can be changed- If a hacker can change firmware, they can change everything else. It's much worse then "intercepting communication content", It's full bore subversion. People already know how to hack it; a quick youtube search will reveal everything. Search: baseband hacking, baseband blackhat...etc

    Cellular baseband processor's effectively give full device authority over to the cell station. This is fact, not speculation. Therefore, cellular devices are all backdoored, by design- semantics be damned- it's a "functional equivalent" of a hardware based backdoor. Some of us cryptogeeks have known and been warning about this for age's... No one listens..

    This should be common public knowledge by now; instead we get absurd counter-intelligence sponsored legal theatre about backdooring cellphone encryption, the coverage of which endlessly repeats and reinforces the false assumptions that the devices are secure in the first place, and leaves the average person with the belief that his/her cellphone definitely isn't backdoored, cause the gov lost that battle. There is no need to back door encryption when the device itself is backdoored.

    Perhaps they're under duress, but TD and tech news media in general have failed miserably on their coverage of such topics. It would seam an ethical imperative to shout fire in a crowded theatre, when the theatre actually is on fire. Nation-state and Corporate control of hardware based backdoors isn't somehow magically limited to dystopian sci-fy; it's very much a part of our current modern world.

    Personally I doubt that it's limited to cellphones- but I don't have much legitimate factual reference to back my speculation on that.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Nov 2015 @ 9:36am

      Re: TD misses the story again.

      You're right, the things you're addressing have been long known. It takes a awful lot these days to mobilize the public these days but this imho is a worthy cause.
      I'm right there with you, been saying the same thing for years only to be shunned as a paranoid conspiritard. The last laugh has very little value in this circumstance. Now if we could get on to the part were people start caring that they're living in The Minority Report. Funny they spun up a series from the movie as well. How appropriate.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Nov 2015 @ 6:39pm

    Why did the NSA and GCHQ hack into the largest simcard manufacturer in the world to steal private simcard keys for everyone's cellphones?

    https://theintercept.com/2015/02/19/great-sim-heist

    So they can fly a drone equipped with "dirtboxes" over your house at 2am and reflash your phones firmware to download malware updates enabling key logging, bugging your microphone, and cracking all the encryption applications running on the insecure hardware devices know as smartphones.

    Everyone who thought the NSA and GCHQ stole all those private simcard keys to simply listen in on voice calls were thinking small potatoes. They did it to reflash your firmeware using StingRays mounted in the nose of UAV drones. Or I suppose they could do it the low-tech, old fashioned way by driving a van past your house, but that method is slow and outdated compared to using drones to do it.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.