After a battling the US Department of Justice in a court for two and a half years, the American Civil Liberties Union of Northern California has emerged victorious and has been given access to documents that spell out the details about the US federal government’s use of Stingrays surveillance devices.
“For years, the government has shrouded in secrecy its use of StingRays, also called ‘cell site simulators’,” Linda Lye, staff attorney at ACLU North California, noted in a blog post. “By mimicking a cell tower, cell site simulators trick nearby devices into transmitting their location and identifying information. When used to track a suspect’s cell phone, they also gather information about the phones of countless bystanders who happen to be nearby.”
The documents confirmed that:
- Some Stingrays can intercept the actual content of phone calls and text messages (although, apparently, they are usually configured not to do so), and some can be used to wirelessly flash the firmware of a cell phone so that law enforcement could intercept conversations using a suspect’s cell phone as the bug
- Some Stingrays can block all mobile communication
- Stingrays can be used to spy on innocent bystanders as they collect device IDs, the numbers someone dials, the duration of the call, and so on.
- Law enforcement agents are advised never to mention Stingrays as the tool that they are asking a judge to allow them to use to perform surveillance. Instead, the requests usually say that its a device that “detects radio signals emitted from wireless cellular telephones in the vicinity of the Subject that identify the telephones,” or a generic pen register/trap and trace device.
Lye points out another fact that worries digital rights advocates.
“DOJ announced that going forward it will seek a warrant based on probable cause to use a Stingray, subject to certain exceptions,” she noted. The authorities want emergency installation of cell site simulators to be possible in “emergency situations”, which include “activity characteristic of organized crime” and “an ongoing attack of a protected computer (one used by a financial institution or U.S. government) where violation is a felony.”
“While such crimes are potentially serious, they simply do not justify bypassing the ordinary legal processes that were designed to balance the government’s need to investigate crimes with the public’s right to a government that abides by the law,” says Lye.