FBI investigators used a court order authorizing access to cellphone customer data to quietly deploy a powerful surveillance technology known as "stingrays," privacy groups contend in a new court filing [PDF] that claims the devices are overly invasive.
Your cellphone can be singled out by its international mobile subscriber identity, or IMSI, which then makes it possible to secretly determine your whereabouts using stingray devices, also known as IMSI catchers. The law enforcement tool troubles security experts and civil libertarians alike because it mimics cellphone towers. Stingrays track the locations of mobile devices, including those that are not targeted but are nearby.
IMSI catchers can also be adjusted to capture the content of communications, although the government claims that was not done in this case.
An expert in 2010 showed spectators at a technology conference in Las Vegas that IMSI catchers could be built at home for as little as $1,500, exposing a potential weakness in cellphone security. Thirty cellphones in the room reportedly attempted to connect to his do-it-yourself tower, and anyone in the room who made a call while connected to it received an automated message that said their communications were being recorded.
The government's pursuit of an alleged tax fraudster that began in Northern California and is now playing out in an Arizona courtroom has become the first major constitutional challenge to stingrays. Law enforcement agencies using the technology have held it close to the chest, and the public has little knowledge of it.
"The government prevented the court from making an informed determination on the warrant application," said Linda Lye, staff attorney for the ACLU of Northern California. "Maybe the court would have said, 'No, I'm not going to grant this at all because of the impact on third parties.' Maybe the court would have said, 'OK, you can do this, but let's follow these safeguards and procedures to make sure that third-party privacy is protected."
The point of warrants is to ensure that searches are confined only to those who are the focus of an investigation, added Hanni Fakhoury, a staff attorney for the Electronic Frontier Foundation. They're also designed to make certain nothing is left to the discretion of individual officers, something framers of the Constitution had in mind after British soldiers prior to the Revolutionary War conducted door-to-door searches at will.
"If you read the warrant affidavit, it has absolutely zero mention at all of IMSI catchers and stingrays or fake cellphone towers or any explanation of the technology," Fakhoury said. "Courts are busy, judges are busy; they rely on the government in good faith to explain what they're doing."
When a federal judge in Texas this year did grasp the technology, he denied an application by Drug Enforcement Administration investigators who wanted to use a stingray.
"They did not address what the government would do with the cell phone numbers and other information concerning seemingly innocent cell phone users whose information was recorded by the equipment," Magistrate Judge Brian Owsley wrote in June. "While these various issues were discussed at the hearing, the government did not have specific answers to these questions. Moreover, neither the special agent nor the assistant United States attorney appeared to understand the technology very well."
The U.S. attorney's office in Phoenix declined to comment in response to the most recent case. But federal prosecutors stated in an Aug. 20 filing that all they had to do was show how a communications device, in this case an aircard, would provide evidence of a crime. They're not required to specify how the device would be located, such as with a stingray.
"Defendant was perpetrating a multi-million dollar tax fraud scheme, and he hid his tracks through the use of encrypted emails, money mules, layers of false identities, forged documents, forged identification cards, and botnets and/or proxies," the filing reads. " ... The alleged inconvenience and intrusiveness of the aircard location operation (which went undetected by an individual who appeared to spend a significant portion of every day seeking to avoid detection or identification) was reasonable under the circumstances."
"Stringray" also happens to be the brand name for an IMSI catcher offered by the Harris Corp., but it's also used to generically describe the technology. Other manufacturers offer the devices to law enforcement as well.