For years the government has kept mum about its use of a powerful phone surveillance technology known as a stingray.
The Justice Department and local law enforcement agencies insist that the only reason for their secrecy is to prevent suspects from learning how the devices work and devising methods to thwart them.
But a court filing recently uncovered by the American Civil Liberties Union suggests another reason for the secrecy: the fact that stingrays can disrupt cellular service for any phone in their vicinity—not just targeted phones—as well as any other mobile devices that use the same cellular network for connectivity as the targeted phone.
Civil liberties groups have long asserted that stingrays are too invasive because they can sweep up data about every phone in their vicinity, not just targeted phones, and can interfere with their calls. Justice Department and local law enforcement agencies, however, have refused to confirm this or answer other questions about the tools.
But in the newly uncovered document—a warrant application requesting approval to use a stingray—FBI Special Agent Michael A. Scimeca disclosed the disruptive capability to a judge.
“Because of the way, the Mobile Equipment sometimes operates,” Scimeca wrote in his application, “its use has the potential to intermittently disrupt cellular service to a small fraction of Sprint’s wireless customers within its immediate vicinity. Any potential service disruption will be brief and minimized by reasonably limiting the scope and duration of the use of the Mobile Equipment.”
The document was previously sealed and only came to light after the defense attorney for a defendant in the case filed a motion last year to dismiss evidence collected by the stingray. It’s the first time the ACLU has seen the FBI acknowledge the stingray’s disruptive capabilities and raises a number of questions about the nature of the disruption and whether the Federal Communications Commission knew about it when it certified the equipment.
“We think the fact that stingrays block or drop calls of cellphone users in the vicinity should be of concern to cell service providers, the FCC, and ordinary people,” says Nate Wessler, a staff attorney with the ACLU’s Speech, Privacy, and Technology Project. “If an emergency or important/urgent call (to a doctor, a loved one, etc.) is blocked or dropped by this technology, that’s a serious problem.”
Stingrays are mobile surveillance systems the size of a small briefcase that impersonate a legitimate cellphone tower in order to trick mobile phones and other mobile devices in their vicinity into connecting to them and revealing their unique ID and location. Stingrays emit a signal that is stronger than the signal of other cell towers in the vicinity in order to force mobile phones and other devices to establish a connection with them and reveal their unique ID. Stingrays can then determine the direction from which the phone connected with them, data that can then be used to track the movement of the phone as it continuously connects to the fake tower.
Although stingrays are designed to recognize 911 calls and let them pass to legitimate cell towers without connecting to the stingray, the revelation from the FBI agent raises the possibility that other kinds of emergency calls not made to 911 may not get through.
Law enforcement agencies around the country have been using variations of the stingray since the mid-’90s to track the movement of suspects in this way. The technology is used by the FBI, the Secret Service, the U.S. Marshals Service, Customs and Border Protection agents, and the Drug Enforcement Agency as well as local law enforcement agencies in more than a dozen states.
But the secrecy around their use has been extreme, due in part to nondisclosure agreements that law enforcement agencies sign with the companies that make stingrays.
Authorities in several states have been caught deceiving judges and defense attorneys about how they use the controversial technology or have simply used the devices without obtaining a warrant in order to avoid disclosing their use to a court. In other cases they have withheld information from courts and defense attorneys about how the stingrays work, refraining from disclosing that the devices pick up location data on all systems in their vicinity, not just targeted phones. Law enforcement agencies have even gone so far as to intervene in public records requests to prevent the public from learning about the technology.
The revelation in the court document is therefore significant and also raises the question: Who else knew about this capability and for how long? The FCC is responsible for certifying equipment that operates on radio frequencies to make sure that devices comply with certain technical standards and do not cause radio interference. If the companies that make stingrays failed to disclose the disruption of service to the federal agency, it would mean the devices had potentially been approved under false pretenses.
The Harris Corp. in Florida—the leading maker of stingrays for law enforcement in the U.S. and an aggressive proponent of secrecy around their use—has already been singled out for a questionable statement the company made to the FCC in a 2010 email. In the correspondence, a Harris representative told the FCC that the technology was used by law enforcement only “in emergency situations.” But according to records the ACLU obtained from the police department in Tallahassee, Florida, in nearly 200 cases that the equipment was used since 2007, only 29 percent involved an emergency. Stingrays are regularly used in day-to-day criminal investigations to track suspected drug dealers, bank robbers, and others.
Asked whether the company disclosed the stingray’s disruptive capabilities to the FCC when it sought certification, an FCC official told Wired, “We can’t comment on how the devices operate because that information is confidential in accordance with the FCC’s application process.” She said Harris had specifically “requested confidentiality in the application process.”
She also said that if “wireless customers experiencing unexplained service disruptions or interference,” they should report it to the FCC, and the agency will “investigate the causes.”
The case in which the FBI disclosed the service disruption is ongoing and involves a defendant named Claude Williams who was suspected of participating in a string of armed bank robberies. In July 2012, the FBI’s Scimeca submitted an application for a warrant to use a stingray to track Williams’ phone.
Although Scimeca was seeking authorization to use a stingray, he referred to it alternatively as mobile pen register and trap and trace equipment in his application. The nomenclature is important because the ACLU has long accused the government of misleading judges by using this term. Pen registers record the numbers dialed from a specific phone number, while trap and trace devices record the numbers that dial into a particular number. But stingrays are used primarily to track the location and movement of a device.
Although Scimeca disclosed to the magistrate that the equipment could disrupt phone service, he didn’t elaborate about how the disruption might occur. Experts suspect it has something to do with the “catch-and-release” way stingrays work. For example, once the stingray obtains the unique ID of a device, it releases it so that it can connect to a legitimate cell tower, allowing data and voice calls to go through.
“As each phone tries to connect, [the stingray] will say, ‘I’m really busy right now so go use a different tower.’ So rather than catching the phone, it will release it,” says Chris Soghoian, chief technologist for the ACLU. “The moment it tries to connect, [the stingray] can reject every single phone” that is not the target phone.
But the stingray may or may not release phones immediately, Soghoian notes, and during this period disruption can occur.
Disruption can also occur from the way stingrays force-downgrade mobile devices from 3G and 4G connectivity to 2G to get them to connect and reveal their unique ID and location.
In order for the kind of stingray used by law enforcement to work, it exploits a vulnerability in the 2G protocol. Phones using 2G don’t authenticate cell towers, which means that a rogue tower can pass itself off as a legitimate cell tower. But because 3G and 4G networks have fixed this vulnerability, the stingray will jam these networks to force nearby phones to downgrade to the vulnerable 2G network to communicate.
“Depending on how long the jamming is taking place, there’s going to be disruption,” says Soghoian. “When your phone goes down to 2G, your data just goes to hell. So at the very least you will have disruption of Internet connectivity. And if and when the phones are using the stingray as their only tower, there will likely be an inability to receive or make calls.”
Concerns about the use of stingrays is growing. Last week, Sen. Bill Nelson, D-Florida, sent a letter to the FCC calling on the agency to disclose information about its certification process for approving stingrays and any other tools with similar functionality. Nelson asked in particular for information about any oversight put in place to make sure that use of the devices complies with the manufacturer’s representations to the FCC about how the technology works and is used.
Nelson also raised concerns about their use in a remarkable speech on the Senate floor. The senator said the technology “poses a grave threat to consumers’ cellphone and Internet privacy,” particularly when law enforcement agencies use them without a warrant. He also noted that invasive devices like the stingray will inevitably force lawmakers to come up with new ways to protect privacy.
His combative speech marks the first time a lawmaker has called out the controversial technology in the public chamber. But his speech was also remarkable for another reason: Nelson’s state of Florida is home to the Harris Corp., and the company is his second biggest campaign donor.
More from Wired: