'It Looks Like You're Trying To Harvest Cell Phone Data...:' Quick-Start Guides For IMSI Catchers Leaked

from the CTRL-ALT-WTF dept

The Intercept has obtained user manuals for Harris Corporation's IMSI catchers, colloquially known as Stingrays, thanks to an anonymous leaker. The documents appear to have come from a Florida law enforcement agency. This would be the public's first chance to see these documents in unredacted form. These operating manuals have been held onto tighter by law enforcement agencies than nondisclosure agreements or info on investigations utilizing this technology.

The documents show what's so attractive about Stingrays: their power and their ease of use.

Richard Tynan, a technologist with Privacy International, told The Intercept that the “manuals released today offer the most up-to-date view on the operation of” Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the “Stingray II” device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously.

The tech can be deployed easily thanks to a relatively user-friendly interface and offers an array of tools to be used that go beyond simply tracking the location of a targeted phone. Not only can these devices snag every phone that happens to be in range of the device, but the IMSI catcher can force every phone in the area to come down to its level, so to speak.

In order to maintain an uninterrupted connection to a target’s phone, the Harris software also offers the option of intentionally degrading (or “redirecting”) someone’s phone onto an inferior network, for example, knocking a connection from LTE to 2G.

However one might feel about the lawfulness of deploying mass surveillance to track -- in most cases -- a single suspected criminal, there has to be at least some concern that law enforcement can downgrade paying customers' connections while performing an investigation.

The user's manual [PDF] uses telco jargon almost ironically, referring to targeted phones as "subscribers" (who haven't intentionally signed up for law enforcement tracking) and the towers officers will be spoofing as "providers" (the cell companies whose connection will be replaced/downgraded as law enforcement sees fit). Lists of "subscribers" and "providers" can be imported and exported. "Subscribing" numbers can be given nicknames to more easily separate them from the countless other cell phone numbers swept up during the device's deployment.

Much of what's in the documents isn't exactly surprising. A lot of this has been sniffed out by FOIA requesters and defense lawyers, but until this point, the underlying details have mostly been implied -- read between redactions and parsed from deliberately-obtuse law enforcement testimony.

Harris can't be happy these documents have leaked. A warning on the Gemini control software manual [PDF] states that Harris must be allowed to challenge any disclosure of the contents of these documents -- which presumably includes law enforcement compliance with defense production requests. Law enforcement agencies can't be happy either, as it shows just how much power many of them have at their fingertips. But nothing stays a secret forever, especially when the surveillance technology in question has gone from overseas deployment against enemy combatants to chasing down fast food thieves in local neighborhoods.

Three can keep a secret if two of them are dead, as the saying goes. With hundreds of law enforcement agencies deploying cell tower spoofers thousands of times, the FBI's bullshit nondisclosure demands are apparently no replacement for a pile of silenced corpses.

Filed Under: imsi catcher, law enforcement, manual, stingray, surveillance
Companies: harris corp.

The IRS Has A Stingray As Well Because Of Course It Does

from the you-get-a-Stingray!-and-you-get-a-Stingray!-every-agency-gets-a-Stingray! dept

Did this sort of thing come about because someone at the nation's most hated agency whined that "everyone else was getting one?" Because there seems to be no logical explanation for this:

The Internal Revenue Service is the latest in a growing list of US federal agencies known to have possessed the sophisticated cellphone dragnet equipment known as Stingray, according to documents obtained by the Guardian.

Invoices obtained following a request under the Freedom of Information Act show purchases made in 2009 and 2012 by the federal tax agency with Harris Corporation, one of a number of companies that manufacture the devices.

No explanation will be forthcoming. The documents The Guardian obtained were heavily redacted and requests for comments were met with silence. But there it is: the IRS not only has a Stingray, but it paid $65,000 to upgrade it to the Hailstorm model, allowing it to continue to intercept calls and data without being locked out by upgraded cell networks.

It appears the agency does have the legal authority to deploy the devices. (The IRS is part of the Treasury Department and not subject to the new, exception-loaded warrant requirement handed down by the DOJ.)

[Former IRS Deputy Commissioner Mark] Matthews said there are currently between 2,000 and 3,000 “special agents” in the IRS who form the criminal investigation division (CID). They have the ability to get PEN register orders – the only authority needed to use Stingray devices.

Considering the criminal activity the IRS investigates most frequently -- tax evasion -- rarely involves highly-mobile suspects or the use of burner phones, it seems unlikely the IRS's Stingray sees much use. Then again, it does partner with other law enforcement agencies in criminal investigations, presumably under the Al Capone Theory of "tax evasion, if nothing else."

He said the IRS on its own usually uses gentler investigation tactics. But increasingly, investigating agents from the agency are brought on board for joint operations with the FBI and other agencies when the latter need financial expertise to look at, for example, money laundering from drug organisations.

Even if the IRS is frequently assisting with these investigations, it's pretty much guaranteed that whatever agency it's partnering with already has this technology on hand. The IRS's acquisition of a cell tower spoofer would seem to be redundant, at best. Then again, maybe it's redundancy the government wants. Can't have drug-running suspects slipping out of sight just because the local DEA office's Stingray is in the shop.

Of course, the IRS's Stingray could become the go-to device in the future, if federal law enforcement agents are looking for a way to circumvent the DOJ's new warrant requirement. They could send IRS agents with pen register paperwork to obtain permission to deploy cell tower spoofers.

But at the same time, the IRS's Stingray device seems to be more a product of "because it's available" thinking. Why not have one on hand, just in case? When the news arrives that Fish and Wildlife or the US Postal Inspector's Office has one, it will be greeted with "of course they do" shrugs, because that's just the way things go these days.The US government is sold on the "essentialness" of cell tower simulators and with funding for devices often tied to ever-swelling budget lines for Wars A (Drugs) and B (Terrorism), no agency should have to go without.

Filed Under: hailstorm, irs, stingray, surveillance, warrants
Companies: harris corp.

FBI Says It Has No Idea Why Law Enforcement Agencies Are Following The Terms Of Its Stingray Non-Disclosure Agreements

from the geez,-all-these-law-enforcers-take-our-agreement-so-LITERALLY dept

The FBI doesn't want to talk about its Stingray devices. It definitely doesn't want local law enforcement agencies talking about them. It forces any agency seeking to acquire one to sign a very restrictive non-disclosure agreement that stipulates -- among other things -- that as little information as possible on IMSI catchers makes its way into the public domain, which includes opposing counsel, prosecutors' offices and judges. The NDAs also instruct agencies to drop prosecutions if disclosure appears unavoidable. We know this because two NDAs have actually been obtained through Freedom of Information requests.

Now that Stingray usage and its attendant secrecy have been questioned by high-ranking DC legislators, the FBI is apparently feeling it should be a bit more proactive on the Stingray info front, presumably in hopes of heading off a more intrusive official inquiry. So, it has offered some "clarification" on its Stingray policies -- including the NDAs it makes local agencies sign.

The "clarification" seems to contradict a great deal of what the FBI's own NDAs require.

In a handful of criminal cases around the country, local police officers have testified in recent months that non-disclosure agreements with the FBI forbid them from acknowledging the use of secret cellphone-tracking devices. In some, prosecutors have settled cases rather than risk revealing, during court proceedings, sensitive details about the use of the devices.

The FBI, however, says such agreements do not prevent police from disclosing that they used such equipment, often called a StingRay. And only as a “last resort” would the FBI require state and local law enforcement agencies to drop criminal cases rather than sharing details of the devices’ use and “compromising the future use of the technique.”

To date, the bureau hasn’t invoked that provision, FBI spokesman Christopher Allen said in a statement to The Washington Post.

Let's compare the official statement with statements found in the agreement signed with a New York sheriff's department. The FBI says it's OK for law enforcement agencies to disclose Stingray usage in this "clarification." Here's the NDA:

The Erie County Sheriff's Office shall not, in any civil or criminal proceeding, use or provide any information concerning the Harris Corporation wireless collection equipment/technology… beyond the evidentiary results obtained through the use of the equipment/technology including, but not limited to, during pre-trial matters, in search warrants and related affidavits, in discovery, in response to court ordered disclosure, in other affidavits, in grand jury hearings, in the State's case-in-chief, rebuttal, or on appeal, or in testimony in any phase of civil or criminal trial, without the prior written approval of the FBI.

Hmm.

The FBI also denies it instructs agencies to toss cases rather than face possible exposure of Stingray usage. The NDA:

In addition, the Erie County Sheriff's Office will, at the request of the FBI, seek dismissal of the case in lieu of using, or providing, or allowing others to use or provide, any information concerning the Harris Corporation wireless collection equipment/technology [...] if using or providing such information would potentially or actually compromise the equipment/technology.

This "clarification" is mostly bullshit, but it's all in the wordcraft. Everything the FBI stated here could be technically factual. It may have never explicitly directed agencies to dump cases or hide Stingray usage. Instead, it has relied on law enforcement agencies to follow the restrictions laid out in the NDAs -- something they've apparently done without ever bothering to approach the FBI for permission to turn over Stingray information during court cases.

To say these NDAs do not prevent law enforcement agencies from acknowledging the use of Stingray devices is only true insofar as the NDAs themselves are apparently just a pile on unenforceable words. The implication, however, is that these agencies will see their Stingray privileges yanked if they cough up information. Or, in the best case scenario, law enforcement officials will be sternly talked to by FBI officials for breaching the agreement.

As for the claim that the FBI has never directly instructed a law enforcement agency to toss a case rather than disclose information? That may be true, as well as being completely unverifiable. Agencies appear to be taking these agreements literally -- which is, of course, the point of ANY WRITTEN AGREEMENT -- and proactively dropping cases rather than risk breaching the terms of the NDA.

The FBI is washing its hands of the Stingray secrecy mess it created. This "clarification" is astoundingly disingenuous. The FBI forces agencies into these agreements and then steps back and says, "Hey. we didn't make them do this. They just interpreted the agreement to mean exactly what it says it means." It passes the buck to local cop shops, blaming them for not seeking the second opinions these agreements clearly discourage.

If this "clarification" is actually going to approach something akin to honesty, the FBI needs to immediately begin rescinding its non-disclosure agreements. It can't force agencies into restrictive agreements and then throw up its hands and claim it has no idea why these agencies might be interpreting these highly-restrictive NDAs so literally. This is a nasty, self-serving cheap shot wrapped in the guise of transparency.

Filed Under: fbi, imsi catchers, law enforcement, nda, non-disclosure agreements, stingray
Companies: harris corp.

Baltimore PD Has Deployed Stingray Devices Over 4,300 Times, Instructed By FBI To Withhold Info From Courts

from the 'to-sever-and-deflect' dept

Say what you will about the Baltimore PD and its cell tower spoofers (like... "It would rather let accused criminals go than violate its [bogus] non-disclosure agreement with the FBI…" or "It hides usage of these devices behind pen register/trap and trace warrants and then argues the two collection methods are really the same thing…"), but at least it's making sure the hundreds of thousands of dollars it's spent on the technology isn't going to waste.

On Wednesday, Baltimore police Det. Emmanuel Cabreja said the department has deployed the device, called Hailstorm, and similar technology about 4,300 times since 2007.

As the AP notes, the number of deployments admitted to here is the largest ever made public. This doesn't necessarily mean the rate of usage (more than once a day, on average) is out of the ordinary, however. Thanks to the very restrictive non-disclosure agreement the FBI forces law enforcement agencies to sign (while falsely claiming "the FCC made us do it!"), information on cell tower spoofers has very rarely been disclosed.

Det. Cabreja confirmed the ultra-restrictive terms of the FBI's NDA, which forbids law enforcement agencies from producing any information on Stingray devices, no matter who's asking for it.

Cabreja said under questioning from defense attorneys that he did not comply with a subpoena to bring the device to court because of a nondisclosure agreement between the Baltimore police and the Federal Bureau of Investigation.

“Does it instruct you to withhold evidence from the state’s attorney and the circuit court of Baltimore city, even if upon order to produce?” asked defense attorney Joshua Insley.

“Yes,” Cabreja replied, saying he spoke with the FBI last week about the case.

There's nothing quite like hearing confirmation that two law enforcement agencies worked together to withhold information from a party being prosecuted by directly violating a court order. But it gets even better. The Baltimore PD's NDA was made public, and it shows the State's Attorney's office signing off on withholding Stingray information from judges and defendants, as well as agreeing to toss cases if exposure seems unavoidable. In contrast, the Erie County Sheriff's Department's agreement obtained by the NYCLU only contained signatures from law enforcement officials.


The courts -- at least in Baltimore -- seem to be tiring of this secrecy. Baltimore judge Barry Williams has previously questioned the Baltimore PD's citation of its non-disclosure agreement with the FBI, with one memorably pointing out that the PD "doesn't have a non-disclosure agreement with this court." Unfortunately, if the Baltimore PD prioritizes its NDA over its obligation to obey court orders and turn over requested evidence, then it does actually have an NDA "with the court," albeit one the court never agreed to. If the FBI says Stingray info isn't going to be turned over -- no matter who's asking for it -- that information will remain hidden, even if it means tossing criminal cases.

Filed Under: baltimore, baltimore police, doj, fbi, imsi catcher, nda, secrecy, stingray, surveillance, transparency
Companies: harris corp.

Senator Asks FCC To Explain Its Involvement In The Proliferation Of Stingray Devices

from the let-the-finger-pointing-begin! dept

Despite the feds' best efforts to keep IMSI catchers (Stingray devices, colloquially and almost certainly to the dismay of manufacturer Harris Corporation, as they head to becoming the kleenex of surveillance tech) a secret, there's still enough information leaking out around the edges of the FBI's non-disclosure agreements to provoke public discussion.

The discussion appears to have reached the top of the food chain. Sen. Bill Nelson -- following the lead of Senators Leahy and Grassley -- has sent a letter to FCC chairman Tom Wheeler asking the following:

[image credit: Julian Sanchez]

Dear Chairman Wheeler:

On Feb. 23, The Washington Post published a front-page article “Secrecy around Police Surveillance Equipment Proves a Case’s Undoing.” That article indicated that the Tallahassee Police Department and other law enforcement agencies around the country have been using a device called the StingRay to collect cell phone call information.

That article and previous others concerning the device reveal the StingRay was certified for use by the Federal Communications Commission (FCC), contingent upon the conditions that StingRay’s manufacturer sell these devices solely to federal, state, and local public safety and law enforcement; and that state and local law enforcement agencies must coordinate in advance with the Federal Bureau of Investigation (FBI) before acquiring or using this equipment. According to the article, these devices now have been purchased by 48 law enforcement agencies in 20 states and the District of Columbia and used in hundreds of cases.

Yep, the devices are pretty much everywhere and no one wants to talk about them. When the US Marshals Service isn't stepping in to physically remove Stingray-related documents, local law enforcement agencies are disguising their use of these devices behind vague warrants and subpoenas.

What Sen. Nelson wants to know is what the FCC knows about Stingrays.

What information the FCC may have had about the rationale behind the restrictions placed on the certification of the StingRay, and whether similar restrictions have been put in place for other devices;

Whether the FCC inquired about what oversight may be in place to make sure that use of the devices complied with the manufacturer’s representations to the FCC at the time of certification; and

A status report on the activities of the “task force” you previously formed to look at questions surrounding the use of the StingRay and similar devices.

What we DO know so far about the interplay of Harris, the FBI and the FCC is that the first two parties have been less than forthright with the third. Harris managed to push its devices past the FCC by implying they would only be used in emergencies -- even though it was already clear at the point it made that statement that law enforcement agencies were frequently deploying them in non-emergency situations.

The FBI has performed its own obfuscation, implying in a letter to law enforcement agencies that the FCC required the signing off a non-disclosure agreement with the FBI. The FCC has since denied this, and obtained documents indicate it's the FBI that wants to control the flow of information regarding Stingrays, not the other way around.

I imagine the FCC would be compliant with this request, considering its past relationship with the FBI and Harris. But it can expect to run into significant resistance from the DOJ, which still believes that the long-exposed technology should still be afforded NSA-level secrecy -- especially when answers to Sen. Nelson's questions will likely expose its less-than-honest dealings with the FCC.

Sen. Nelson deserves some extra praise for being willing to put himself in an awkward situation. As the ACLU's Chris Soghoian notes, the senator has picked a very public fight with his second biggest campaign contributor.


Somebody needs to provide some answers and, while it's really the FBI that should be talking at this point, the FCC's take on this -- and its dealings with the FBI -- should be enlightening. The FBI's insistence on secrecy is not only screwing defendants during the discovery process, but it's also harming local law enforcement itself, which has shown an alarming willingness to drop cases/charges rather than reveal the use of Stingray devices.

Filed Under: bill nelson, doj, fbi, fcc, imsi catcher, imsi catchers, stingray, us marshals
Companies: harris corp.

Senators Leahy & Grassley Quiz DOJ & DHS About Secret Fake Phone Towers Intercepting Calls

from the good-for-them dept

We've written plenty about Stingrays and other "IMSI Catcher" devices that allow law enforcement to set up what are effectively fake cell phone towers, designed to intercept calls and locate certain individuals. These devices are deployed in near total secrecy, often by law enforcement who got them from the federal government. There is little to no oversight over how these are used (and abused). The attempts to keep the details a total secret represent really egregious behavior from all involved. As we've covered, police have claimed that non-disclosure agreements with the manufacturers (such as Harris Corp.) prevent them from getting a warrant to use the devices. The DOJ, somewhat famously, had a whole plan for how to mislead judges about the use of these devices, with official documentation telling DOJ officials to be "less than explicit" and "less than forthright" to judges about how the tech was being used. In some cases, the US Marshals have stepped in and seized documents from local police forces to block them from being released in response to FOIA requests.

In short, law enforcement really doesn't want how it uses these devices revealed. And yet, reporters and activists keep digging up more information, including the WSJ finding out that the US Marshals (them again!) have been putting airborne versions of these devices, called DRT boxes, on airplanes and flying them over cities, likely scooping up information on tons of innocent people with no warrant.

At least some in our government are concerned about this. Senators Patrick Leahy and Chuck Grassley have been pressing government officials on this, and before the holidays sent a letter to Attorney General Eric Holder and Homeland Security Boss Jeh Johnson demanding answers. One very interesting tidbit is that in response to some of this public disclosure, the FBI now, at least, gets warrants before using the technology -- but the Senators would like more details:

We wrote to FBI Director Comey in June seeking information about law enforcement use of cell-site simulators. Since then, our staff members have participated in two briefings with FBI officials, and at the most recent session they learned that the FBI recently changed its policy with respect to the type of legal process that it typically seeks before employing this type of technology. According to this new policy, the FBI now obtains a search warrant before deploying a cell-site simulator, although the policy contains a number of potentially broad exceptions and we continue to have questions about how it is being implemented in practice. Furthermore, it remains unclear how other agencies within the Department of Justice and Department of Homeland Security make use of cell-site simulators and what policies are in place to govern their use of that technology.

But, still, the Senators would like a few more details:

The Judiciary Committee needs a broader understanding of the full range of law enforcement agencies that use this technology, the policies in place to protect the privacy interests of those whose information might be collected using these devices, and the legal process that DOJ and DHS entities seek prior to using them.

For example, we understand that the FBI’s new policy requires FBI agents to obtain a search warrant whenever a cell-site simulator is used as part of a FBI investigation or operation, unless one of several exceptions apply, including (among others): (1) cases that pose an imminent danger to public safety, (2) cases that involve a fugitive, or (3) cases in which the technology is used in public places or other locations at which the FBI deems there is no reasonable expectation of privacy.

We have concerns about the scope of the exceptions. Specifically, we are concerned about whether the FBI and other law enforcement agencies have adequately considered the privacy interests of other individuals who are not the targets of the interception, but whose information is nevertheless being collected when these devices are being used. We understand that the FBI believes that it can address these interests by maintaining that information for a short period of time and purging the information after it has been collected. But there is a question as to whether this sufficiently safeguards privacy interests.

The specific questions being asked:

1. Since the effective date of the FBI’s new policy:

a. How many times has the FBI used a cell-site simulator?
b. In how many of these instances was the use of the cell-site simulator authorized by a search warrant?
c. In how many of these instances was the use of the cell-site simulator authorized by some other form of legal process? Please identify the legal process used.
d. In how many of these instances was the cell-site simulator used without any legal process?
e. How many times has each of the exceptions to the search warrant policy, including those listed above, been used by the FBI?

2. From January 1, 2010, to the effective date of the FBI’s new policy:

a. How many times did the FBI use a cell-site simulator?
b. In how many of these instances was the use of a cell-site simulator authorized by a search warrant?
c. In how many of these instances was the use of the cell-site simulator authorized by some other form of legal process? Please identify the legal process used.
d. In how many of these instances was the cell-site simulator used without any legal process?
e. In how many of the instances referenced in Question 2(d) did the FBI use a cell-site simulator in a public place or other location in which the FBI deemed there is no reasonable expectation of privacy?

3. What is the FBI’s current policy on the retention and destruction of the information collected by cell-site simulators in all cases? How is that policy enforced?

4. What other DOJ and DHS agencies use cell-site simulators?

5. What is the policy of these agencies regarding the legal process needed for use of cell-site simulators?

a. Are these agencies seeking search warrants specific to the use of cell-site simulators?
b. If not, what legal authorities are they using?
c. Do these agencies make use of public place or other exceptions? If so, in what proportion of all instances in which the technology is used are exceptions relied upon?
d. What are these agencies’ policies on the retention and destruction of the information that is collected by cell-site simulators? How are those policies enforced?

6. What is the Department of Justice’s guidance to United States Attorneys’ Offices regarding the legal process required for the use of cell-site simulators?

7. Across all DOJ and DHS entities, what protections exist to safeguard the privacy interests of individuals who are not the targets of interception, but whose information is nevertheless being collected by cell-site simulators?

Anyone taking bets on how few of these questions will actually be answered?

Filed Under: chuck grassley, drt boxes, imsi catchers, patrick leahy, privacy, stingray, stingrays, us marshals, warrants
Companies: boeing, harris corp.

FCC Denies It Requires Law Enforcement To Sign A Non-Disclosure Agreement With The FBI Before Deploying Stingray Devices

from the another-'agency-said/agency-said'-story dept

We know the FBI doesn't want anyone talking about Stingray cellphone snooping systems. Local law enforcement officials aren't exactly forthcoming about this information either, citing either non-disclosure agreements or the US government itself as justifications for extensive cover-ups. Now, the FCC -- which has been sort of on the sideline during these non-discussions -- has waded into it, releasing a statement that directly contradicts a document released by the Tacoma Police regarding its use of Stingray devices.

Last month, Muckrock posted a heavily-redacted (everything but the two opening paragraphs) document it obtained from the Tacoma Police Department. In it, FBI Special Agent Laura Laughlin justified all the black ink that followed by name-dropping the FCC (the same agency Harris misled in order to have its devices approved). [pdf link]

We have been advised by Harris Corporation of the Tacoma Police Department's request for acquisition of certain wireless collection equipment/technology manufactured by Harris Corporation. Consistent with the conditions on the equipment authorization granted to Harris Corporation by the Federal Communications Commission (FCC), state and local law enforcement agencies must coordinate with the Federal Bureau of Investigation (FBI) to complete this non-disclosure agreement prior to the acquisition and use of the equipment/technology authorized by the FCC authorization.

The FCC is now saying that this is the first it's heard of being part of the Stingray secrecy process.

We do not require that state and local law enforcement agencies have to complete one or more non-disclosure agreements with the Federal Bureau of Investigation prior to acquisition and/or use of the authorized equipment. We have no documents responsive to your request.

But that's not entirely true. There is a requirement that almost exactly matches up with Agent Laughlin's claims -- one that Harris specifically requested and that the FCC granted.

As early as May 2010, Harris Corporation asked that the FCC put restrictions on law enforcement acquisition of its StingRay trackers, documents released to MuckRock by the FCC in response to another FOIA request show. Emails obtained by the ACLU of Northern California indicate that Harris made its request for licensing restrictions based on concerns from the FBI “over the proliferation of surreptitious law enforcement surveillance equipment.”

Here's the request:

To further support its request for confidentiality, Harris underscores the need for confidentiality by requesting that the Commission condition the Harris license applications as outlined below to prevent and address concerns regarding the proliferation of surreptitious law enforcement surveillance equipment:

(1) The marketing and sale of these devices shall be limited to federal/state/local public safety and law enforcement officials only; and,
(2) State and local law enforcement agencies must advance coordinate with the FBI the acquisition and use of the equipment authorized under this authorization.

This request was granted by the FCC in 2012.

There are only slight differences in what's being said by Laughlin and what was actually granted. The FCC requires (at Harris' request) that local law enforcement coordinate with the FBI before purchase and use of Stingray devices. Laughlin's statement appears to indicate that the FCC requires the signing of an NDA, but that appears to be the FBI's own inserted stipulation. Nothing explicitly states that the lack of an NDA means no Stingray purchase, at least not as far as the FCC is concerned. But it may keep law enforcement agencies from getting the FBI's go-ahead.

So, is the FCC the "good guy" in this Stingray mess? Probably not, or at least not as blameless as it would first appear. Chris Soghoian, the ACLU's principal technologist, points out that the FCC has actively pushed surveillance policies. Even if it hasn't in this case, it's quite obviously deferring to the FBI in this matter, basically stating (when you add the denial and subtract the granted stipulation), "Go ask your father the FBI." The FCC can't necessarily demand an NDA be signed before obtaining a cell tower spoofer, but it can make law enforcement route their requests through another government agency.

Filed Under: fbi, fcc, nda, stingray
Companies: harris corp.

Internal Emails Show Harris Corp. Misled The FCC On Stingray Device Usage In Order To Receive Approval

from the support-group-for-Stingray-lies-now-includes-roughly-everybody dept

Harris Corporation's Stingray cell tower spoofers are swiftly becoming synonymous with government lying. The FBI has specifically instructed law enforcement agencies to lie about the use of these products, which basically puts the agencies in the position of lying to courts when producing evidence or securing warrants.

Law enforcement agencies would probably lie anyway, even without the federal government's nudge. Many chose to read the restrictive non-disclosure agreements Harris includes as meaning they should withhold this information from local courts -- rather than simply seal the documents or redact them.

So, it comes as no surprise that the web of lies also includes lying to other federal agencies. The lies originate from Harris itself.

New documents obtained by the ACLU of Northern California appear to show the Florida-based Harris Corporation misleading the Federal Communications Commission while seeking authorization to sell its line of Stingray cell phone surveillance gear to state and local police. The documents raise the possibility that federal regulatory approval of the technology was based on bad information.

Harris says its devices are FCC-approved, but what it doesn't specify is the very limited approval it has actually received. An email from a Harris representative to FCC employees [pdf link] contains the following paragraph.

Just want to make you aware of the question below we received regarding the application for the Sting Fish. I know many of these questions are generated automatically but it sounds as if there is some confusion about the purpose of the equipment authorization application. As you may recall, the purpose is only to provide state/local law enforcement officials with authority to utilize this equipment in emergency situations.

As the ACLU points out, Stingray (or "Sting Fish") usage had long since surpassed the "emergency use only" restriction -- if that ever existed at all. Routine investigations utilize these devices all the time. Just one of several examples: when the Tallahassee police department's use of Stingrays came to light, the court noted that it had deployed the technology (without a warrant) more than 200 times, with less than 30% of the deployments being for department-labelled "emergencies."

Law enforcement agencies are secretly acquiring and deploying these devices in violation of the limited FCC approval, and have been doing so for years -- well ahead of this 2010 statement. And Harris is telling them that it's OK. The ACLU has written a letter to FCC chairman Tom Wheeler [pdf link] asking him open an investigation into the use of Stingray devices. If Wheeler obliges, the FCC is going to face a united front of zipped lips. The FBI already locks the Dept. of Justice out of its investigations. There's no chance it's going to be more obliging of a tangentially-related federal agency.

Filed Under: approval, cell phones, fcc, law enforcement, police, spectrum, stingray, surveillance
Companies: harris, harris corp.

Law Enforcement Agencies Scramble For Pricey Cell Tower Spoofer Upgrades As Older Networks Are Shut Down

from the losing-the-tech-arms-race-to-slow-moving-service-providers dept

The surveillance device that dare not speak its name (thanks, FBI!) is on its last legs… or at least one version is. Cyrus Farivar at Ars Technica reports that law enforcement agencies are moving quickly to avoid being locked out of the cell tower spoofing racket.

Documents released last week by the City of Oakland reveal that it is one of a handful of American jurisdictions attempting to upgrade an existing cellular surveillance system, commonly known as a stingray.

The Oakland Police Department, the nearby Fremont Police Department, and the Alameda County District Attorney jointly applied for a grant from the Department of Homeland Security to "obtain a state-of-the-art cell phone tracking system," the records show.

The Stingray is Harris Corporation's most infamous product. But the original version has its limitations. While the nation's cell phone carriers have largely moved on to 3G/4G networks, Stingray devices without optional upgrades haven't. All they can access is 2G, the default connection when nothing better is available. Those looking to capture cell activity on 3G and 4G networks will need to purchase Harris' "Hailstorm" upgrade… which also means they'll need to start generating paperwork and asking federal and local governments for funds. The problem with these actions is that they have the tendency to expose those in need of new capabilities.

Other locales known to be in the process of related federally-funded upgrades include Tacoma, Wash.; Baltimore, Md.; Chesterfield, Va.; Sunrise, Fla.; and Oakland County, Mich. There are likely many more, but such purchases are often shrouded in secrecy.

FOIA requests have turned up some information, but much of it is redacted and many more requests have been refused or ignored. With the federal government itself instructing local law enforcement to cover up its acquisition and use of tower spoofers, the FOIA process becomes even more of an uphill battle.

Law enforcement can't be happy to see 2G networks being switched off. When you're in the untargeted dragnet business, 2G is a willing supplier of "business records."

2G networks are notoriously insecure. Handsets operating on 2G will readily accept communication from another device purporting to be a valid cell tower, like a stingray. So the stingray takes advantage of this feature by jamming the 3G and 4G signals, forcing the phone to use a 2G signal.

What's considered a criminal act when performed by a civilian is just SOP for law enforcement. The same can be said for the fake sworn documents (warrant requests, subpoenas) obtained to cover the use of these devices. The manufacturer with the most devices in use is no better than the agencies it sells to. When approached about this scramble for upgrades, Harris Corporation borrowed the NSA's Glomar.

"We do not comment on solutions we may or may not provide to classified Department of Defense or law enforcement agencies," Jim Burke, a spokesman for Harris, told Ars.

The timeline for 2G shutoff is still vague. Verizon says "by the end of the decade." AT&T says 2017. So there's still some time for law enforcement agencies to avoid being bypassed by the slow rollout of network upgrades. But between now and then, these agencies need to put together nearly $500,000 just to stay current. And as usual, as much as possible about the process will be obscured, because otherwise the terrorists criminals win.

"Once that's disclosed then the targets of the technology will know how to avoid it," [Alameda County Assistant DA Michael] O’Connor, the assistant district attorney, told Ars. "Once the bad guys understand how to beat it then they will."

It seems like all the bad guys would need to know is that the technology exists and is being used and just stay off their cell phones. But in this day and age, being completely unconnected while away from home is untenable, if not nearly impossible. Communication is key in criminal enterprises, and the steady disappearance of pay phones doesn't leave them with many options. O'Connor completely overstates the "exposure" danger and follows it up with this:

"It can't easily be resolved—the public's right to know, the Fourth Amendment rights of people who might be subject to this kind of analysis and the needs of law enforcement to keep sources confidential especially in a day and age when the bad guys have acquired considerable technology that is turned against good guys."

One: if it can't "easily be resolved," why not err on the Fourth Amendment/public knowledge side, rather than on the cop side? Two: the bad guys' "considerable technology" isn't lapping law enforcement's. This ridiculous claim has been used as justification for warrantless cell phone searches, and it failed to move the Supreme Court justices. Pushing this narrative now just makes the pusher look like the sort of credulous rube who would put together a Powerpoint presentation on food-trucks-as-terrorist-vehicles.

The bright side here is that more paperwork is being generated… which eventually means more of the public will know their local law enforcement is scooping up their location/connection info (most likely without a warrant) at any given time and is not above killing their network to do it.

Filed Under: 2g, 3g, hailstorm, law enforcement, non-disclosure agreements, police, privacy, spoofing, stingray, tower spoofing
Companies: harris corp.