Leaked Documents Expose The US Government's Cell Phone Surveillance Options

from the and-they-are-legion-(and-expensive) dept

The Intercept has done it again. An anonymous source "concerned about the militarization of domestic law enforcement" has handed the site a catalog of cell phone surveillance equipment. Many of the products discussed in the pages are making their public debut, presumably to the deep chagrin of the manufacturers and the government agencies that use them.

While much of the equipment's capabilities has been sussed out with FOIA requests and the occasional courtroom disclosure, the leaked documents confirm that many law enforcement agencies not only have the technology to sweep up cell phone information in bulk, but also to intercept phone calls and text messages.

There is also a long list of newly-exposed product names that will be making their way into a host of future FOIA requests: Deerpark, Radiance, Carman, Garuda, Gilgamesh, Twister, Nebula…

Interesting (and disturbing) details are contained in data sheets on the products, including what the government feels are the potential drawbacks of the equipment. Harris' Blackfin, for instance, can intercept GSM voice communications as well as SMS messages from "preloaded target lists." In addition, the Blackfin can perform denial-of-service attacks on local phone networks and geolocate targeted phones. Perhaps the biggest surprise? The Blackfin is small enough to be worn surreptitiously by the operator.


Digital Receiver Technology, manufacturer of the US Marshals Service's flying "DRTboxes," also has some impressive technology on display. Its equipment supports "target lists of up to 10,000 entries" and can intercept (and record) voice communications over both digital and analog signals.


KeyW sells a product that tracks locations of cell phone users, targeting up to 500 cell phones at a time. Bonus: it can also negatively affect GSM networks to better track targets. (Referred to on the item's page as "Deny, Disrupt, Degrade and Deceive.")

Then there's this device, which is apparently an "in-house" offering produced by the NSA's Tailored Access Operations team.


This little spy box is built for use in "fixed-wing aircraft," like the FBI's Cessnas or unmanned drones. Bonus: it can be upgraded in the field, which presumably means firmware/software updates can be pushed to the system remotely.

Other notes of interest:

The government considers Deerpark's inability to wreak havoc on phone service a drawback ("does NOT cause denial of service").

The NSA-developed Nebula can "lock and hold traffic from 12 miles away."

AST's airborne ICARUS can geolocate Push-To-Talk handsets and RF tags.

Boeing's S-100 helicopter drone's fact sheet contains the warning that it cannot be armed with weapons.

This page shows just how low-profile some of this cell phone tracking hardware is.


Or, if it makes more sense logistically, you can just cram $180k worth of tracking equipment into a backpack.


Most of the pages note what authority is needed to deploy the equipment, with most citing Title 10/Title 50. The statutes pertain to military operations (Title 10) and military intelligence efforts (Title 50), with the latter sometimes encompassing the CIA's efforts. However, the documents contain fact sheets for equipment now being used by US law enforcement agencies, suggesting the transfer to domestic surveillance use occurred before law enforcement-specific rules were in place. The years of secrecy surrounding the devices further suggest domestic guidance trailed deployment by a sizable margin.

Finally, there are the forensic devices. The NSA SigDev team's CYBERHAWK basically cracks cell phones open and empties them of their contents.

"Exploitation includes phonebook, names, SMS, media files, text, deleted SMS, calendar items and notes."
The only drawback is that the operator must have possession of the handset to extract all of this information. It can't be collected "over the air." A competing product offered by TEEL (Cellbrite) does the same thing, but works on "95% of phones," encompassing more than the GSM handsets CYBERHAWK is limited to.

The obvious problem is we don't know how much of this military equipment has ended up in the hands of law enforcement. We do know most of Harris' products have, thanks to the waiver it acquired (by lying) from the FCC. We also know Digital Receiver Technology is, at minimum, selling its products to federal law enforcement.

Local law enforcement agencies are using equipment developed for military use in war zones as domestic surveillance devices. When seeking these products (or the financial aid to acquire them), law enforcement agencies routinely mention the threat of terrorism… before using them to track people suspected of petty crimes. As the EFF's Jennifer Lynch points out in The Intercept article, there is no public record of any law enforcement agency using these devices to apprehend a terrorist or disrupt a terrorist attack.

Federal agency policies pertaining to these devices now contain warrant requirements, but with large enough loopholes, warrants will rarely have to be sought. The rules governing the use at the local level are still mostly secret. What has been divulged suggests agencies are still obscuring the use of the devices through the use of parallel construction or stretching pen register statutes to cover the large scale interception of connection and location data and, potentially, the communications themselves.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: catalog, cia, leak, nsa, phones, police, police militarization, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    That One Guy (profile), 21 Dec 2015 @ 2:20am

    "Need to know your honor, and you don't need to know. Just sign the papers."

    What has been divulged suggests agencies are still obscuring the use of the devices through the use of parallel construction or stretching pen register statutes to cover the large scale interception of connection and location data and, potentially, the communications themselves.

    With regards to evidence laundering, while it's bad enough that the public had no idea about tech like this and how it was being used, worse in the sense that they're supposed to act as a check against abuse is that I imagine the vast majority of judges had no idea either.

    Any judges looking through the list have got to be wondering just how often they've been lied to when it comes to what they thought they were authorizing, versus what was actually being done. It's one thing to authorize use of a device when you've been told it can only do A, but when you find out that it can also do B, C and D as well...

    link to this | view in thread ]

  2. identicon
    annonymouse, 21 Dec 2015 @ 4:16am

    So how long until there is a local friendly fire incident and civilian lives are lost?

    Ah, who am I kidding, it has happened already. We just have to wait for the info to eventually leak after the coverups.

    link to this | view in thread ]

  3. identicon
    Klaus, 21 Dec 2015 @ 4:25am

    I find the lack of seriousness disturbing

    Whoever wrote the information for those slides was either in a rush and didn't have his material proof-read, or was a ne'er-do-well at school.

    From the Blackfin:
    "BF II is designed to body worn..."
    "...of a preloaded target lists..."

    It's not the grammar that concerns me (mine is far from perfect), but there is something disturbing in seeing a technical catalogue that lacks polish. The Intercept don't identify the source, or state what the catalogue is actually for, but whatever it's purpose, I can't help but think that the US government regards security and privacy lightheartedly; a bit of a in-joke at the American people's expense.

    A bit like police forces barring smart cops...

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 21 Dec 2015 @ 4:43am

    Re: I find the lack of seriousness disturbing

    "lacks polish"

    If you've seen the NSA and GCHQ slides you will see it's not out of the ordinary.

    link to this | view in thread ]

  5. icon
    That One Guy (profile), 21 Dec 2015 @ 4:49am

    Re: Re: I find the lack of seriousness disturbing

    Of course. I mean come on, all they're dealing with is the privacy and security of the public, it's not like those are important things that warrant real consideration and serious treatment, right? /s

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 21 Dec 2015 @ 4:54am

    FCC

    We do know most of Harris' products have, thanks to the waiver it acquired (by lying) from the FCC.

    As if though the FCC really cares. It didn't exactly rescind the waiver or prosecute anyone, did it? Instead, by not doing so it sent a big message to law enforcement that they could basically do what they wanted without worrying about the FCC.

    link to this | view in thread ]

  7. icon
    That One Guy (profile), 21 Dec 2015 @ 4:55am

    Re: FCC

    They're just taking their cues from others in the government. If you can get away with lying to congress, what's a few 'least untruthful answers' to the FCC?

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 21 Dec 2015 @ 5:20am

    It feels a bit weird seeing that Cellebrite UFED device marked "SECRET // NOFORN", when they have product placement of (the next generation of) it on CSI: Cyber.

    link to this | view in thread ]

  9. identicon
    AJ, 21 Dec 2015 @ 5:22am

    If I were a bad guy, I think I would just not own a cell phone. From the looks of all the resources and energy going into technology to catch these guys via cell phone, there can't be much left for good ole police work.

    On the up side. If you forget what the wife asked you to grab at the market, you can drop by and see Bubba at your local police station and have him play the conversation back for you....

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 21 Dec 2015 @ 5:24am

    Re:

    We just have to wait for the info to eventually leak after the coverups.

    The primary purpose of mass surveillance to intimidate potential leakers and find those that go ahead anyway. This is why there will be find continuing support in the government for mass surveillance. They don't like being exposed, so to prevent it they intend to expose everyone else.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 21 Dec 2015 @ 5:25am

    Re: Re:

    "there will be continuing"

    link to this | view in thread ]

  12. icon
    That One Guy (profile), 21 Dec 2015 @ 5:35am

    Re:

    'Not own a cell phone'? That sounds like mighty suspicious behavior to me, I'm sure they're right on tracking potential terrorists who do something like that with... uh... well, I'm sure they can track people who do that.

    I mean it would be pretty freakin' stupid if they spent all this time and money developing tracking mechanism that become completely useless the second their target refuses to play along, right?

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 21 Dec 2015 @ 5:38am

    I think I'll revert to point-2-point morsecode...

    link to this | view in thread ]

  14. icon
    Agonistes (profile), 21 Dec 2015 @ 6:09am

    I'll take one of each.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 21 Dec 2015 @ 6:29am

    carrier pigeon's for sale 129.99.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 21 Dec 2015 @ 7:17am

    Re: I find the lack of seriousness disturbing

    "something disturbing in seeing a technical catalogue that lacks polish"

    Probably originally written in Chinese and translated by Russians working for an Indian outsource company jointly-owned by Sony and GCHQ. Perhaps only US civilians are kept in the dark.

    link to this | view in thread ]

  17. identicon
    AJ, 21 Dec 2015 @ 7:43am

    Re: Re:

    "I mean it would be pretty freakin' stupid if they spent all this time and money developing tracking mechanism that become completely useless the second their target refuses to play along, right?"

    That's exactly right Guy, but lets take it a step further. One of the indicators helping us determine innocence and guilt, will be how well you submit to the system. Example: Not having a cell phone so that we can conveniently track you, will get you on a government watch list. This watch list will be linked to travel, gun registrations, and drone purchases. It can also be used to justify the confiscation of your colostomy bag and sex toys at all TSA checkpoints. Now... I know your concerned with security, and as a sheeple, you should be, thats why we are going to put this watch list on Hillary Clinton's personal email server. This ultra secret, top level server has even the best cryptologists in our alphabet soup agencies scratching their heads; as proven by the 10 month non-sensical extravaganza of bullshittery that's poured out of them regarding whats on it. This server will be so secure, we will leave you baffeled as to it's even existence.

    Sit back and relax Guy, your government has everything under control.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 21 Dec 2015 @ 8:40am

    Re: Re:

    Or never played along to start with.

    Like OBL.

    How long did it take to find him?

    Yes, cel tracking helped, but the tracking was of his associates - OBL never had a cel phone!

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 21 Dec 2015 @ 8:48am

    What I Find Truly Disturbing

    From the article most of this equipment is meant for use in Military operations targeted against military threats where legal justification is moot.
    Where it's being used is against civilian targets where the normal rule of law is supposedly still in force. No wonder the lies, evasions, cover ups and stonewalling by three letter agencies.

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 21 Dec 2015 @ 8:59am

    committing treasonous acts to catch people that commit small crimes, those cops must be proud keeping the spirit of jack booted thuggery alive.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 21 Dec 2015 @ 9:04am

    Another comment then. The police are at war, they consider themselves at war with the common law abiding citizen. The ones who do not immediately submit to their perceived authority, the ones that stand up for their rights that the cops pretend do not exist.

    Where else but a combat zone would you have cops executing unarmed unresisting civilians and getting away with it because the cops defense is "I feared for my life from the man I had restrained in handcuffs on the ground"

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 21 Dec 2015 @ 10:14am

    Good start, now if we knew what the NYPD and other agencies used in their 'Xray' vans...

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 21 Dec 2015 @ 10:44am

    "Deerpark, Radiance, Carman, Garuda, Gilgamesh, Twister, Nebula"

    For a second I thought they raided the dramatic personae from my last D&D campaign. This is much worse.

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 21 Dec 2015 @ 11:17am

    Re: Re: Re:

    Yes, cel tracking helped, but the tracking was of his associates...

    Even that was eventually found to be a made-up cover story. They actually found him when an informant turned him in for the reward money.

    link to this | view in thread ]

  25. icon
    tqk (profile), 21 Dec 2015 @ 11:31am

    Re: Re: I find the lack of seriousness disturbing

    Probably originally written in Chinese and translated by Russians working for an Indian outsource company jointly-owned by Sony and GCHQ.

    I've been using essentially that line to describe FLOSS software documentation for over twenty years. It helps to pipe it through Swedish Chef too.

    link to this | view in thread ]

  26. icon
    tqk (profile), 21 Dec 2015 @ 11:37am

    Re:

    It feels a bit weird ...

    No kidding. We're reading leaked reports snagged up by investigative journalists. Meanwhile they're using it in Hollywood getting free advertisement on their indoctr ... cop shows.

    link to this | view in thread ]

  27. icon
    GEMont (profile), 22 Dec 2015 @ 12:57pm

    ...out like a lamb

    Wow. Once a fascist police state gets going, it seems there is just no stopping it.

    With all of these nifty new spy toys, its pretty obvious that any thought of privacy in the US is a pure pipe dream, and the US Constitution is nothing more than ass-wipe for the forces of Order-At-Any-Price.

    Ah well, ye had a good run, America.

    Time to bend over and take it like victim now, because, when the law itself is against you, there is no place left to turn for help.

    ---

    link to this | view in thread ]

  28. icon
    MSnowdine (profile), 29 Dec 2015 @ 11:43pm

    Re: ...out like a lamb

    If anyone is bending over, it';s you.
    Nowhere to turn and headed for doom? Ah well, at least I have company.

    Now go ahead, bend over. Your informant will talk you through it. It'll be like a pipe dream...you can even pretend you're an FBI Agent.

    I'll be reading the constitution and imagining Princess on the front page, looking all real and shit.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.