Documents Pried Out Of DOJ's Hands Confirm Stingray Devices Can Be Used To Intercept Communications
from the but-we-never-use-them-that-way!-never?-well...-hardly-ever! dept
Something long-believed but short of official documentation has now been confirmed: Stingray devices can intercept phone calls.
[N]ewly released documents confirm long-held suspicions that the controversial devices are also capable of recording numbers for a mobile phone’s incoming and outgoing calls, as well as intercepting the content of voice and text communications. The documents also discuss the possibility of flashing a phone’s firmware “so that you can intercept conversations using a suspect’s cell phone as a bug.”
The information appears in a 2008 guideline prepared by the Justice Department to advise law enforcement agents on when and how the equipment can be legally used.
The closest we've come to official confirmation of this capability is the DOJ's 2015 "official guidance" on Stingray warrant requirements, which noted that all devices must comply with the pen register requirements, which means the interception of phone numbers only. Any device used by agencies under its control must not use them for the interception of communications.
It also would suggest they're not allowed to use them to obtain cell site location data, as that information can't be obtained with pen register orders. The documents obtained by the ACLU (after a protracted legal battle) clarify this in the opening pages.
111. Invocation of 18 U.S.C. 2702(c)(4) to receive prospective cell site: Reliance on this provision to allow repeated, perspective collection of cell site data may be problematic. Judicious use of this provision is advised. Advise the field that the more prudent course of action is to obtain a search warrant under Rule 41 for repeated disclosures of prospective cell site information because Rule 41 has prospective effect.The document also handily suggests that a good way to get around pen register limitations and/or warrant requirements is to just ask the service provider for the data ("a service provider can voluntarily disclose historical cell site data..."). Anything handed over voluntarily apparently doesn't implicate the Fourth Amendment, even though the location data was generated by the person with the phone, rather than autonomously by the cell phone provider. But that's the Third Party Doctrine for you.
Following that are instructions for "Emergency Wiretap Orders," which directly mentions utilizing IMSI catchers to intercept communications.
Obtain the following, relevant facts: 1) circumstances giving rise to the emergency situation; 2) who, if known, is using the target phone/facility/location; 3) how the target phone/facility/location was identified; 4) when the phone/facility/location was last known to be used; 5) most recent criminal activity; and 6) basis for belief that phone/facility/location will be used for communications concerning the crime, i.e. what evidence is there that the perpetrator is acting in concert with others -- what communications will be obtained.More confirmation here, in wording that is echoed by the DOJ's 2015 cell tower spoofer guidance:
Digital analyzers/cell site simulators/triggerfish and similar devices may be capable of intercepting the contents of communications and, therefore, such devices must be configured to disable the interception function, unless interceptions have been authorized by a Title III order.And for those of you who'd like to play along at home, several of the pages can be printed out and used for your own game of Stingray court order Mad Libs.
You won't have to read all the way to the end, though. Most of the interesting stuff happens in the first few pages, but in true bureaucratic fashion, the bulk of the 71 pages is made up of duplicated responsive documents.
These documents, of course, only deal with the DOJ and its agencies. Whatever's being issued as guidance here doesn't necessarily carry over to local law enforcement agencies using these devices. Considering the intense secrecy surrounding IMSI catchers, it's safe to say they've been deployed to collect communications without a warrant (or at least a warrant that directly refers to the device and its intended use), and we do know they've been using them as ad hoc tracking devices by grabbing cell site location data. When the lid finally comes off entirely, I'm sure we'll see a great number of constitutional violations tracing back to IMSI catchers.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, fake mobile towers, imsi catchers, stingray, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
But look on the bright side
After all, the only exemption to such violations being a crime REQUIRES a warrant.
So they're not crimes. The nature of the law in the US is that anything not specifically prohibited is legal.
If use of a Stingray without a warrant is not interception of communications, and using one to turn a phone into a bug via a firmware update doesn't require a warrant either, then it would be completely legal to do that to anyone, by anyone.
Why bother with a FOIA request for the head of the FBI's email, when you can simply tap his phone 100% legally?
[ link to this | view in thread ]
Well of course
[ link to this | view in thread ]
Re: But look on the bright side
The rules only apply to plebs such as yourself. For specific examples; See Hilary Clinton's email server.
"If use of a Stingray without a warrant is not interception of communications, and using one to turn a phone into a bug via a firmware update doesn't require a warrant either, then it would be completely legal to do that to anyone, by anyone."
See my first response.
"Why bother with a FOIA request for the head of the FBI's email, when you can simply tap his phone 100% legally?"
... and again; see my first response.
[ link to this | view in thread ]
Re: But look on the bright side
[ link to this | view in thread ]
Re: Well of course
[ link to this | view in thread ]
Re: Well of course
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
use as a bug
[ link to this | view in thread ]
Re: Re: Well of course
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
It will be a fire they can never put out and that is the way they want it. Why do your job, when your job and power is insured by not doing it.
[ link to this | view in thread ]
Re: But look on the bright side
[ link to this | view in thread ]
Re: use as a bug
Yes.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
1) Terrorism! Also pedophiles. Probably.
2) Dunno. Who cares, it only says 'if'.
3) Map. Dart. Throw.
4) The past.
5) Very recently.
6) Everyone is probably guilty of things & stuff.
[ link to this | view in thread ]
Re: Re: Re: Well of course
i believe these extra-constitutional intrusions by the donut eaters classify as hacking by anyone but Empire's definition...
AND, i have ZERO doubt that if they have the capability of snorfling up everything AND the conversations themselves, they will do so...
why not ? ? ? there is ZERO effective oversight...
there is an asymptotically close to ZERO chance you will get caught...
who says krime don't pay ? ? ?
[ link to this | view in thread ]
Re: But look on the bright side
[ link to this | view in thread ]
TD misses the story again.
Here you have an "official" conformation that firmware can be changed- If a hacker can change firmware, they can change everything else. It's much worse then "intercepting communication content", It's full bore subversion. People already know how to hack it; a quick youtube search will reveal everything. Search: baseband hacking, baseband blackhat...etc
Cellular baseband processor's effectively give full device authority over to the cell station. This is fact, not speculation. Therefore, cellular devices are all backdoored, by design- semantics be damned- it's a "functional equivalent" of a hardware based backdoor. Some of us cryptogeeks have known and been warning about this for age's... No one listens..
This should be common public knowledge by now; instead we get absurd counter-intelligence sponsored legal theatre about backdooring cellphone encryption, the coverage of which endlessly repeats and reinforces the false assumptions that the devices are secure in the first place, and leaves the average person with the belief that his/her cellphone definitely isn't backdoored, cause the gov lost that battle. There is no need to back door encryption when the device itself is backdoored.
Perhaps they're under duress, but TD and tech news media in general have failed miserably on their coverage of such topics. It would seam an ethical imperative to shout fire in a crowded theatre, when the theatre actually is on fire. Nation-state and Corporate control of hardware based backdoors isn't somehow magically limited to dystopian sci-fy; it's very much a part of our current modern world.
Personally I doubt that it's limited to cellphones- but I don't have much legitimate factual reference to back my speculation on that.
[ link to this | view in thread ]
https://theintercept.com/2015/02/19/great-sim-heist
So they can fly a drone equipped with "dirtboxes" over your house at 2am and reflash your phones firmware to download malware updates enabling key logging, bugging your microphone, and cracking all the encryption applications running on the insecure hardware devices know as smartphones.
Everyone who thought the NSA and GCHQ stole all those private simcard keys to simply listen in on voice calls were thinking small potatoes. They did it to reflash your firmeware using StingRays mounted in the nose of UAV drones. Or I suppose they could do it the low-tech, old fashioned way by driving a van past your house, but that method is slow and outdated compared to using drones to do it.
[ link to this | view in thread ]
The appropriate response to the National Security card
[ link to this | view in thread ]
Re: use as a bug
“They [NSA] can absolutely turn them [iPhones] on with the power turned off to the device,” Snowden replied.
(http://www.wired.com/2014/06/nsa-bug-iphone/)
Their capabilities don't just stop with turning the phone on while it's powered off. I read elsewhere they can use the cameras and mics as well. Looking for the citation.
[ link to this | view in thread ]
Re: TD misses the story again.
I'm right there with you, been saying the same thing for years only to be shunned as a paranoid conspiritard. The last laugh has very little value in this circumstance. Now if we could get on to the part were people start caring that they're living in The Minority Report. Funny they spun up a series from the movie as well. How appropriate.
[ link to this | view in thread ]