DHS Probably Didn't Clone Phones To Intercept Protesters' Communications
from the more-fuckedupness-from-the-feds dept
More information continues to leak out about the federal government's ad hoc anti-riot strike force (or whatever) that made its nationwide debut in Portland, Oregon. The federal officers -- composed of DHS components, US Marshals Service, and Federal Protective Services -- made an immediate impression on the nation as unmarked officers hauled protesters off in unmarked vehicles to undisclosed locations for questioning.
The feds immediately made things worse, resulting in a restraining order being sought after federal officers refused to stop attacking journalists, lawyers, and observers present at the protests. The DHS also began compiling "intelligence reports" on journalists covering the Portland protests, as well as other journalists who had published leaks about the federal response in Oregon.
Information obtained by Ken Klippenstein for The Nation shows the DHS and other federal agencies acting like they were headed to a war with foreign combatants, rather than limiting themselves to protecting federal buildings in Portland.
A current DHS official described a colleague with expertise in electronic surveillance who was being deployed to Portland. But for what purpose? “Extracting information from protester’s phones,” the DHS official said. While in Portland, an interagency task force involving DHS and the Justice Department used a sophisticated cell phone cloning attack—the details of which remain classified—to intercept protesters’ phone communications, according to two former intelligence officers familiar with the matter.
Cell phone cloning involves stealing a phone’s unique identifiers and copying them to another device in order to intercept the communications received by the original device. The former intelligence officials described it as part of a “Low Level Voice Intercept” operation, declining to go into further detail—one of them citing the sensitive nature of the surveillance tool and the other an ongoing leak investigation within I&A [Intelligence & Analysis].
If this is accurate, there are some obvious First and Fourth Amendment issues here. Targeting protesters engaged in protected speech is already wrong, but seeking to intercept their communications is something that requires a whole lot of probable cause. Wiretapping requirements are more stringent (or at least, they're supposed to be) than they are for other types of searches because of the obvious subversion of privacy expectations.
Beyond that, engaging in sophisticated cloning attacks is not "Low Level Voice Intercept." This term -- at least when used by the US military -- simply means scanning airwaves to find radio and mobile transmissions. Once located, they can be listened to. This generally refers to radio chatter, not the cloning of phones to eavesdrop on private communications between individuals.
This suggests the use of Stingray device to snag device identifiers and (possibly) engage in call interception. Stingray devices are capable of intercepting communications, but we've never seen one used that way domestically. It may not have happened here either, but it certainly would have helped identify devices and locate surveillance targets. The DHS has a warrant requirement for Stingray deployment, but there's no mention of warrants in this article. Some exceptions apply, but the DHS would still need a pen register order and that would also require a judge's okay.
That this was used domestically to possibly spy on people engaged in peaceful protests is concerning. That it was used to try to find evidence to back President Trump and AG Bill Barr's ridiculous assertions that "anitfa" is an organized terrorist group is even worse. And if this is indeed what happened, it seems unlikely federal officers (which may have included "volunteers" from the DEA) had the probable cause necessary to snoop on private communications.
Even former spies are uncomfortable with the tactics used here.
The former intelligence officers agreed that the Low Level Voice Intercept operation had been conducted on the ground, was far more invasive than aerial surveillance, and involved equipment that I&A did not have access to.
“[There were] at least two federal agencies and there was some spooky shit going on,” one former intelligence officer said of the Portland operation.
It's still unclear what the DHS actually did here. The article refers to the same actions as both "intercepting communications" and "extracting information." Undoubtedly, there's some "spooky shit" going on, but none of the former officials were present for whatever spookiness the DHS engaged in. The DHS has Stingrays and could have used them illegally. But it seems more likely it sent out an expert to help federal agents pull information from devices seized from protesters. The "cloning" discussed most likely refers to cloning the device's contents, rather than the device itself. This is common when phones are seized by law enforcement. Again, a warrant is required but the cloning often occurs before the warrant is sought to ensure law enforcement has access to it.
Then there's this, which suggests a DOJ component brought in a phone-cracking device (GrayKey, Cellebrite, etc.) to make it easier to extract device contents.
A current DHS official described how a colleague who was being deployed to Portland had alluded to using the Drug Enforcement Agency (DEA), part of the Justice Department, for the purposes of accessing protesters’ phones. “He said he needed some sort of ‘special key’ in order to …He said that DEA has that capability and vaguely alluded to possibly borrowing or using one from another agency once he got to Portland.”
If the DHS actually engaged in the interception of cellphone communications, it would be breaking new domestic surveillance ground. But it seems more likely it accessed a bunch of devices' contents and made copies of the data. Until more information surfaces, it's probably safe to assume federal agencies weren't listening in on private communications.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 1st amendment, dhs, federal protective services, portland, protests, stingray, surveillance, us marshals
Reader Comments
Subscribe: RSS
View by: Time | Thread
Two out of five
Of the WaPo interviewed abductees, two of them had their phones seized and not returned weeks later. One of them was still giving a google GPS signal so they were able to track its movements.
[ link to this | view in chronology ]
I don't understand the title of this piece. From the details, it appears SOME federal agency probably did clone phones. They probably did so, without a warrant, to examine the contents of the phones, especially the message caches from texting apps.
What likely didn't happen was DHS monitoring live communications during the protests.
Tim, can you tidy up the title a bit so it can't have multiple widely varying meanings/implications please?
[ link to this | view in chronology ]
Re:
"Cloning" means SIM card cloning, and it is looking like that is not what happened.
[ link to this | view in chronology ]
I'm not so sure I'd refer to the Portlandia Bowl protests as being "peaceful"
[ link to this | view in chronology ]
Re:
Nope. Definitely not peaceful - because the cops were rioting (H/t T.Greg Douchette).
[ link to this | view in chronology ]
Re: Re:
So there were absolutely no violent protests before the cops showed up? No damage to buildings and property?
[ link to this | view in chronology ]
Prove that the violence was directly instigated by peaceful protesters instead of outside agitators/the police — and that the violence was instigated by peaceful protesters during the protests. Maybe then you’ll have a point.
[ link to this | view in chronology ]
Re:
Outside agitators or not, the protests included violence and property damage. While it was not committed by the vast majority of protesters, violence and damage did occur during the protests.
Don't forget, even the instigators of the violence started the protests as "peaceful protesters" but later engaged in violence and destruction.
[ link to this | view in chronology ]
Re: Re:
Bullcrap. Instigators were never there for peaceful protest. They were there to cause trouble or discredit the peaceful protestors. Stop trying to lump all protestors together.
[ link to this | view in chronology ]
If we're going to judge protestors
If we're going to judge protestors by the occasional one that does violence, can we also judge police officers by the ones that attack -- and sometimes kill -- peaceful protestors? We have a lot of examples.
Can we also judge elected officials by the number of lies and misstated facts they say and echo?
Can we judge our court system by the justices who adjudicate inconsistently, often based on who the suspect is?
Can we judge major corporations by the decisions made by their officers?
I can go on and on and on, and for some reason we are cruel and quick to judge the people, and yet when it comes to institutions and establishment, we cut them a mulligan every fucking time.
[ link to this | view in chronology ]
No no, that standard only goes one way
Well of course, I mean it would hardly be reasonable to apply the same standards to both the nobility and the peasantry as everyone knows the nobility deserve extra special treatment and exceptions due to their terribly burdensome positions, while the peasantry is a loose rabble that must be kept in check by the most stringent of measures lest they start thinking such absurd thoughts as 'equal treatment under the law is a desirable goal and should be the default'.
[ link to this | view in chronology ]
This sounds like you want to lump peaceful protestors into the same group as violent protestors, outside agitators who used the protests as a cover, and the police who instigated (and used) far more violence than the peaceful protestors ever did. Maybe rethink your position on the matter, hmm?
[ link to this | view in chronology ]
Re: Re:
While it was not committed by the vast majority of protesters, violence and damage did occur during the protests.
So what you're saying is that sometimes you're judged by the company you keep, and if one of the people in your company is doing something they shouldn't, others should stop them out of some moral duty.
Great. Now let's start applying that logic to police who stand by and do nothing while their colleagues choke people to death.
[ link to this | view in chronology ]
Re: Re:
"Outside agitators or not, the protests included violence and property damage. "
Of course there was. The Portland police used tear gas and rubber bullets unprovokedly even on obviously peaceful marches and journalists.
At that point, when peaceful protests become the subject of police brutality, all bets are off. I think your Founding Fathers would like to have a word with you about what happens when the redcoats start brutalizing people for congregating in the streets. I'm sure the innocent british landowners and tea merchants would like to talk about the widespread vandalism and destruction they experienced as a result.
"...even the instigators of the violence started the protests as "peaceful protesters""
People keep talking about the instigators of violence and yet every news article keeps describing WHITE people killing BLACK people rather than those hundreds of thousands of black protestors managing to off people.
It appears the "law & order" crowd just keep forgetting that people who are fired upon may react.
[ link to this | view in chronology ]
'How dare they do to us what we've been doing to them?!'
It appears the "law & order" crowd just keep forgetting that people who are fired upon may react.
It's rather like watching a schoolyard bully who's been punching and smacking others around with no punishments because one of their parents runs the school cry foul and whine about how victimized they are when the other students, after seeing that reporting them to the staff accomplishes nothing, decide to start punching and smacking them back.
[ link to this | view in chronology ]
Re: 'How dare they do to us what we've been doing to them?!'
It's exactly like that, yes.
And the US is so full of these entitled asshats it suffices to almost get a president democratically elected.
I think it's too late to expect the US to ever be able to even return to the pretense of unity by now. Either the current alt-right crowd wins completely, making even living in the place eventually impossible for anyone too liberal for their taste...or the saner portion of the US citizenry somehow manages to rid itself of that cancer.
Sadly the only options known to accomplish that is bloody revolution or civil war, both of which come with baggage. And neither solution is "clean" - hell, I'd argue most of the current issues come from the previous civil war never being truly won and properly finished.
Unfortunately a lot of the blame lies with the vast majority of citizens who found it too inconvenient or laborious to persistently counter those who made it their personal religion to persecute minorities and preserve their "racial" entitlements.
Eternal vigilance was not observed and with the price of freedom deemed too expensive by those enjoying it the most, the remaining shreds of that quality of american life is now going away, barring miraculous luck or the spontaneous resurrection of the founding fathers.
[ link to this | view in chronology ]
Re:
"Outside agitator" is a meaningless slur used to dismiss protesters since the civil rights era. Racists wanted to sell the notion that blacks wouldn't be so damn uppity if it weren't for those "outside agitator" communists and radicals. MLK was repeatedly called an agitator.
[ link to this | view in chronology ]
If you believe none of the protests against racial injustice haven’t once been infiltrated or coöpted by people looking to use the protests as cover for destroying property/inciting violence — and that includes both fuckbois like the Proud Boys and undercover cops — you’re probably a Republican voter.
[ link to this | view in chronology ]
Agents Provocateur = Undercover Law Enforcement?
Well there's a frightening thought. I don't see a (legitimate) law-enforcement function of using officers to incite protestestors to engage in violence. It's obvious entrapment.
Yes, the FBI did this sort of thing in the Hoover years, (They may still.) but that's because the Bureau was unapologetically operating as secret police looking to embarrass or entrap dissidents (e.g. civil liberties activists). Hoover steered the FBI towards espionage against [what he assumed to be] enemies of establishment.
If non-FBI undercover officers are, while on duty, serving as undercover operatives to incite violence, it qualifies the department they're in as also secret police, failing to serve the people of the United States, nor the Constitution of the United States.
Hence if such undercover-agents were deposed, I'd very interested in what they believed their purposes and mission was. What is the law-enforcement purpose of provoking a legal protest to violence?
I can't think of an acceptable answer.
I can only think he was there to provide his riot-control brethren justification to go loud on the otherwise peaceful crowd. That's Some Bullshit
I'm not saying it doesn't happen, but if it happened on the books (id est undercover, rather than off duty) that would be an indictment of the precinct's legitimacy and function as a public law enforcement agency. (Ergo, why should our taxes pay their salaries?)
[ link to this | view in chronology ]
Use of force by the police to quell legal protests.
That’s it. That’s the purpose.
[ link to this | view in chronology ]
Re: Agents Provocateur = Undercover Law Enforcement?
"What is the law-enforcement purpose of provoking a legal protest to violence?"
One word. Reichstagsfeuer.
Google it.
[ link to this | view in chronology ]
Re: Re: Agents Provocateur = Undercover Law Enforcement?
Oh I've been there.
[ link to this | view in chronology ]
Re:
Infiltration definitely happens. But I don't have a hardon for "nonviolence" in the face of a fascist police state, nor do a good chunk of the protesters.
[ link to this | view in chronology ]
Nonviolence in the face of violent police
Nonviolence in the face of police violence can work because they're so eager to open hostilities, and because footage of that can reach the rest of the world.
Nobody like jackbooted thugs oppressing civilians. It looks really bad.
Before the internet and ubiquitous phone cameras, you had to have friendly news teams and a news agency that would actually report on the footage. That was harder because they were all pro-establishment.
Now, you can post it on Twitter or YouTube, and if its too spicy for them, it'll still spread underground as Streisand material.
I'm not saying the people won't have to fight violently, but when they do it won't be at protests facing the riot squads.
[ link to this | view in chronology ]
I'm proud to make this my 10,000th comment.
— John Lennon
(Also: 10,000 comments? I think I might need a break from commenting here. 😅)
[ link to this | view in chronology ]
Re: Re: Re:
Cam you definitively link all the protesters to the violence? No you can't there are peaceful elements along with violent elements and also unrelated elements trying to stir up trouble. Unless you can prove which one is which you can't say in good faith that the protests itself was violent in nature and all the protesters all guilty of violence.
Equating the violent incidents with the protest itself is a right wing republican tactic currently being used to avoid the issue of having to acknowledge or even recognize systemic racism in our police and courts.
[ link to this | view in chronology ]
Re: Re: Re:
Is conflating violence with property damage a willful act of deception, or are you so attached to capitalism that you really don't see a difference?
[ link to this | view in chronology ]
Re: Re: Re: Re:
Oops. Meant to reply to toplevel post.
[ link to this | view in chronology ]
So... "probably"... whatever that's worth.
But still quite invasive snooping (ie. searching and spying) and clearly illegal crap, without warrants they would have been required to obtain -- but didn't.
(Is anyone surprised?)
[ link to this | view in chronology ]
On the technical side, can anyone elaborate on the need to access the physical device? There is plenty from the blue leaks data suggesting that Facebook and Google and even titkok are giving full cooperation on the server side anyway... so what is the point of accessing the phone anyway? Plant a Trojan before giving it back perhaps?
[ link to this | view in chronology ]
Re:
This is done for multiple reasons. The cloning enables unlimited snooping as lomg as the clone exists, its undetectable by the users and leaves no paperwork trail. Law enforcement going to google for the data creates a good deal of records that are admissible in court. The government on this case puts a high value in not leaving damning evidence behind.
[ link to this | view in chronology ]
Quick clarification.
I think the term "low level voice interception" used in the article actually meand a technical term meaning "closer to the hardware level" as ised im computer programing terms rather than an abstract a low volume activity. It probably means the cloning is both simpler and undetectable by the user plus ultimately being impossible to prove in court by plaintiffs as the clonning leaves no paper trail on its own.
[ link to this | view in chronology ]
With all this clandestine snooping, data theft and eavesdropping I think it's time that at least journalists if not everyone should have a poison pill that releases a swarm of viruses on the neardowell systems. This would be a step up from the virus vault USB keys some have already taken to carrying when traveling.
[ link to this | view in chronology ]
I'm sorry, but you're hopelessly naive if you think stingrays aren't already being deployed all the time, ethics and laws be damned.
[ link to this | view in chronology ]