Forgot your password?
typodupeerror
Electronic Frontier Foundation Privacy

DOJ Often Used Cell Tower Impersonating Devices Without Explicit Warrants 146

Posted by Unknown Lamer
from the bending-the-rules dept.
Via the EFF comes news that, during a case involving the use of a Stingray device, the DOJ revealed that it was standard practice to use the devices without explicitly requesting permission in warrants. "When Rigmaiden filed a motion to suppress the Stingray evidence as a warrantless search in violation of the Fourth Amendment, the government responded that this order was a search warrant that authorized the government to use the Stingray. Together with the ACLU of Northern California and the ACLU, we filed an amicus brief in support of Rigmaiden, noting that this 'order' wasn't a search warrant because it was directed towards Verizon, made no mention of an IMSI catcher or Stingray and didn't authorize the government — rather than Verizon — to do anything. Plus to the extent it captured loads of information from other people not suspected of criminal activity it was a 'general warrant,' the precise evil the Fourth Amendment was designed to prevent. ... The emails make clear that U.S. Attorneys in the Northern California were using Stingrays but not informing magistrates of what exactly they were doing. And once the judges got wind of what was actually going on, they were none too pleased:"
This discussion has been archived. No new comments can be posted.

DOJ Often Used Cell Tower Impersonating Devices Without Explicit Warrants

Comments Filter:
  • Shouldn't that headline say "without" rather than "with"?
  • I have never heard of this device before, and doing a quick search online, I was unable to find details about it. Who manufacturers it? What are the restrictions for purchasing it?
    • by cyrano.mac (916276) on Thursday March 28, 2013 @05:25PM (#43306939)
      There are no limits to what a DIY-er kan buy in China. And with SDR (software defined radio) and open source GSM software, it takes relatively little effort to build one yourself. There's even a small GSM router (20-30 euros on evilbay) that's very popular for that sort of projects. It holds the GSM modem and Wifi, so you can easily control it from a laptop.
    • by girlinatrainingbra (2738457) on Thursday March 28, 2013 @05:34PM (#43306997)
      Harris makes them. The devices are supposedly only sold to law-enforcement agencies and government agencies. Disambiguate "stingray" to find a little info:
      1 - http://en.wikipedia.org/wiki/Stingray_phone_tracker [wikipedia.org]
      2 - Wall Street Journal article [wsj.com] "'Stingray' Phone Tracker Fuels Constitutional Clash"
      3 - another WSJ article [wsj.com] about "Judge Questions Tools That Grab Cellphone Data on Innocent People"

      Essentially, the "Stingray" sends out a signal pretending to be a cell-phone tower. Your cellphone thinks it's found a great super-strong tower nearby, detaches from the real cell-phone towers and bonds to the Stingray and attempts to communicate through it. Now, the DOJ (or whomever) has performed a Man in the Middle (a href=http://en.wikipedia.org/wiki/Man-in-the-middle_attack MITM ) attack on your cell phone's communication with it's cellular service company. It impersonates a cellular tower.
      .
      Here's an interesting point from the WSJ article:

      ... Stingray equipment can be carried by hand or mounted on vehicles or even drones.
      ... The best known stingray maker is Florida-based defense contractor Harris Corp. A spokesman for Harris declined to comment.
      ... Harris holds trademarks registered between 2002 and 2008 on several devices, including the StingRay, StingRay II, AmberJack, KingFish, TriggerFish and LoggerHead. Similar devices are available from other manufacturers. According to a Harris document, its devices are sold only to law-enforcement and government agencies.
      • Re: (Score:2, Interesting)

        by Anonymous Coward

        "law-enforcement and government agencies" -- this is a common phrase in American English, but is it a legal term with precise meaning? IE, are there "law-enforcement" agents that are not "government"; like does it include bounty hunters for instance? renta-cops? school security guards? Seems far too broad.

        • Re: (Score:2, Informative)

          by Anonymous Coward

          It has no legal bearing. It just means the company won't sell one to you. You can't get one without contacts.

        • There are government agencies that are not "law enforcement" agencies, such as the NSA.

      • by morcego (260031) on Thursday March 28, 2013 @06:23PM (#43307365)

        The devices are supposedly only sold to law-enforcement agencies and government agencies.

        Gosh, I feel so much safer now :(

        Can't these guys get that this kind of stuff, in the hands of the government, is EXACTLY the problem?

        • by X0563511 (793323)

          They don't care, they only care about getting paid.

      • by Thruen (753567) on Thursday March 28, 2013 @07:17PM (#43307735)
        So, correct me if I'm wrong, but it seems like this device doesn't work on just one phone, it'll intercept every phone in the area. Is there anything stopping everyone who was around it at the time from trying to take legal action for the illegal search of all of their phones? I am asking without even knowing if there's anything to do about illegal searches in any other case. A quick google has turned up plenty on what constitutes a legal search, nothing on what to do if you're searched illegally aside from getting the evidence thrown out. Any lawyers around?
        • You can place a filter on the IME but you have to know it first, in theory they would. chris Paget did a talk on this that was VERY informative that I found while researching SDR -> http://www.youtube.com/watch?v=DU8hg4FTm0g [youtube.com]

          What he did was actually legal but if he had wanted to he could've intercepted FAR more and his comments about jamming were also pretty interesting. It's not just voice you can grab either but text and data. Very interesting to see how it works but scary that it's apparently not as secure as it could be...

        • by Anonymous Coward

          If an individual did this on his own it would be a serious cluster of felonies. However when the state does it we can bet the state will not arrest itself and sovereign immunity might block civil actions as well. But supposing that a civil suit might go forward only those with a huge amount of money could try it and the outcome might be really lousy. I can just hear the testimony filled with terms such as " I can not confirm whether the investigation is ongoing nor can I comment on any active i

      • by Anonymous Coward

        Hmm... Would this throw off GPS location reported on the phone when indoors (triangulating off the towers instead of the satellites)? Especially on drones? If it was constantly updating its broadcasted coordinates, one could possibly have an app to detect that.

        • Hmm... Would this throw off GPS location reported on the phone when indoors (triangulating off the towers instead of the satellites)? Especially on drones? If it was constantly updating its broadcasted coordinates, one could possibly have an app to detect that.

          The equipment on the towers has to support location triangulation. They effectively just have it off, and your phone will not try to use it for location, although it will continue to use it for a call while triangulating from other towers.

      • by Anonymous Coward

        I'm safe as I've programmed my iPhone to drop the call if it goes to 3 or 4 bars.
        As Jobs once said, "Fool - you're holding it wrong!"

      • by Gordonjcp (186804)

        You can confiscate them, though, because they're probably being operated without the appropriate RF licence.

        I can't wait for someone to try that out over here.

        • One question directed to you, and then a joke (I've been waiting for someone to use the word 'badge')...
          .
          Q re I can't wait for someone to try that out over here.: Where is "over here" for you?
          .
          comment regarding what Law Enforcement would say about your comment "they're probably being operated without the appropriate RF licence":
          License? We don't need no stinkin' license! --- your local LEO

          (I know that the original is "badges", but "license" works perfectly fine in this context)

          • by Gordonjcp (186804)

            I'm in the UK. The licensing authorities here take people trespassing on mobile phone frequencies pretty seriously - and pretty much anywhere else that you've paid for a licence. Furthermore, certain technically-qualified people are legally able to confiscate or shut down equipment that is causing interference.

            It doesn't matter if you're the police, if you're jamming something you get your toys taken away.

    • Aren't radio-wave-emitting devices pretty tightly regulated and controlled, considering the chaos you could cause by being able to broadcast at arbitrary frequencies despite not being recognized as having rights to that part of the spectrum?

  • Hosts file corollary (Score:5, Interesting)

    by Anonymous Coward on Thursday March 28, 2013 @05:23PM (#43306913)

    Wouldn't it be nice if the user had some visibility and control over what tower their own phone connects to. A sort of "hosts file" white-list except not for IP addresses.

    • by tqk (413719) <s.keeling@mail.com> on Thursday March 28, 2013 @05:50PM (#43307123)

      Wouldn't it be nice if the user had some visibility and control over what tower their own phone connects to.

      Wouldn't it be nice if the system had some security built into it to exert control over what tower their subscribers' phone connects to.

      It's not like this is a brand new problem that's just popped up in the age of cell-phone connectivity. Those who refuse to learn from history ...

      • by citizenr (871508) on Thursday March 28, 2013 @07:18PM (#43307749) Homepage

        GSM has no network authentication (only user authenticates to the network, network doesnt authenticate to the user).
        3G/UMTS has authentication both ways and is mitm secure (in theory = if your phone is not broken)

        Just force phone to only talk 3G and you will be secure.

      • by dkleinsc (563838)

        Wouldn't it be nice if the system had some security built into it to exert control over what tower their subscribers' phone connects to.

        It does have security! The DOJ is absolutely secure in the knowledge that it can have control over what tower a cell phone connects to.

        • by tqk (413719)

          Wouldn't it be nice if the system had some security built into it to exert control over what tower their subscribers' phone connects to.

          It does have security! The DOJ is absolutely secure in the knowledge that it can have control over what tower a cell phone connects to.

          Yeah, about that [wikipedia.org] ... Hail Caeser! :-P

    • by femtobyte (710429) on Thursday March 28, 2013 @06:06PM (#43307237)

      The $10,000 question, though, is whether the cell companies would simply hand over the full cryptographic keys to the government snoops, so the fake towers would be indistinguishable from the true. When your phone resolves 4 towers simultaneously with the same 1 identity, how does it choose the true one?

    • Jesus Christ! When I saw "Host File", I thought you were THE guy>
  • by future assassin (639396) on Thursday March 28, 2013 @05:25PM (#43306933) Homepage

    now they are using Stingrays with cell phone towers attached to them?

    • by Anomalyst (742352)
      Crocidile Dundee did not die in vain! (intentially not the guy who died for increased funniness)
  • Search warrants stipulate what the authorities are looking for and where they can look; not the tools they can use to get the job done. Do wiretap warrants stipulate the kind of recording devices that can be used? I doubt it very much.

    There is still the point at to whether the order covers the police. I might be argued that the authorities were working as an agent for Verison to gather the information.

    • Re:Tools (Score:5, Informative)

      by hawguy (1600213) on Thursday March 28, 2013 @05:45PM (#43307075)

      From the EFF article:

      The Court therefore ORDERS, pursuant to Federal Rule of Criminal Procedure 41(b); Title 18, United States Code, Sections 2703 and 3117; and Title 28, United States Code, Section 1651, that Verizon Wireless, within ten (10) days of the signing of this Order and for a period not to exceed 30 days, unless extended by the Court, shall provide to agents of the FBI data and information obtained from the monitoring of transmissions related to the location of the Target Broadband Access Card/Cellular Telephone...

      What part of that do you think authorizes the DoJ to intercept everyone's calls while looking for the target device? It might be argued that the authorities were working as agents of Verizon, but it also might be argued that Pink Unicorns did the interceptions, and I don't think the court is going to accept either one.

    • Re:Tools (Score:5, Informative)

      by TubeSteak (669689) on Thursday March 28, 2013 @05:46PM (#43307091) Journal

      It might be argued that the authorities were working as an agent for Verison to gather the information.

      If the police have a warrant for Verizon, it tells Verizon what to do.
      Otherwise, the police need a specific warrant for everything else they intend to do.

      In other words, a warrant allows for [company] to act as an agent for the State.
      It never(?) works the other way around.

    • by raymorris (2726007) on Thursday March 28, 2013 @07:11PM (#43307707)

      Search warrants stipulate what the authorities are looking for and where they can look;

      In this case the "what they are looking for" is information about the suspect's phone and the "where" is in Verizon's records. They instead peeked at other people's communications, by eavesdropping in the neighborhood. So they didn't stick to either the WHAT or the WHERE.

      Additionally, they didn't get a search warrant as they should have, but rather a lower order telling Verizon to be cooperative insofar as technical assistance. They didn't even get an supeona for Verizon to turn over records, only an order to provide tech support.

      It may be that they a request for a search warrant would have been granted, but that's for the judge to decide. The Texas judge mentioned clearly would not have signed a warrant without first adding specific limitations to reduce or eliminate having other people's phones intercepted. That seems to be the case fairly often - a judge will restrict a warrant to a very specific place, time etc., or ask for further evidence, rather than completely denying or approving the request as first presented.

      • by dgatwood (11270)

        In this case the "what they are looking for" is information about the suspect's phone and the "where" is in Verizon's records. They instead peeked at other people's communications, by eavesdropping in the neighborhood. So they didn't stick to either the WHAT or the WHERE.

        The "where" isn't in Verizon's records. Towers don't normally triangulate the location of users. However, with an appropriate court order, the instantaneous signal strength data from multiple towers can be used to locate the user. This g

        • You've explained why the agents SHOULD have gotten a search warrant allowing them to use the Stingray tool. What they DID get was an order saying:

          Verizon wireless shall provide to agents of the FBI data and information ...

          The order doesn't authorize the FBI to do anything, certainly not to violate 18 USC 2511. The order they got told Verizon to turn over the information that Verizon had. I agree, the tool they used is a useful tool. Yes, it's better than tower triangulation. They should have asked for a warrant authorizing them to use it. They didn't, though. What they asked

          • by dgatwood (11270)

            No disagreement here. They did something they should not have done, and a judge spanked them.

    • by sjames (1099)

      The problem is that the Stingray inevitably captures more than just the target cellphone and they have no warrant for that.

      • by jklovanc (1603149)

        Just as a wiretap on a business phone captures conversations of people other than the target.

        • by sjames (1099)

          But the business (or at least it's employees) is always at least one of the parties involved. It doesn't also capture the guy across the hall talking to his aunt.

          • by jklovanc (1603149)

            How about video surveillance of a location? it would capture people walking by who have nothing at all to do with the location.

            • by sjames (1099)

              And so shouldn't be permitted.

              • by sjames (1099)

                Unless it's a public place where there is no expectation of privacy.

              • by jklovanc (1603149)

                Sorry, I didn't see your tinfoil hat brigade badge. Information and images of non-targets will always be captured in any surveillance. Try to get back to reality.

                • by sjames (1099)

                  You may have missed my addendum where I note that public places where there is no expectation of privacy would be an exception.

  • by raymorris (2726007) on Thursday March 28, 2013 @05:34PM (#43306999)
    I'm assuming "our office has been working closely with the magistrate judges in an effort to address their collective concerns" as a PC way of saying "a bunch of judges are PISSED!". That's good to know. I know that the two judges I know personally would be pissed if DOJ tried something like this with them, but it's good to know these judges are as well, and action is being taken.
    • by fafalone (633739)
      By 'action is being taken' I presume you mean something along the lines of "Please don't do this again, or else... or else we'll send you an even more harshly worded letter!"
  • cops, federales, et all these days just have no damn respect for anyone's privacy or rights in general these days, it seems.
    anything or any new way they can exploit technology to spy on people is being used, to spy on the general public without probable cause, and at the cost of the taxpayers' money. we only find out about these things when the "good guys" get in trouble for breaking the law

    All freedom-loving net users should coordinate in ways to return the favor to assholes doing stuff like this. In

    • by sjames (1099)

      More to the point, more and more law enforcement agencies are proving that they have no respect for the law.

  • by Vinegar Joe (998110) on Thursday March 28, 2013 @06:13PM (#43307315)

    The emails are dated "2011".........impossible. Bush left office in January 2009. Please backdate the emails to 2007.

    Thank you

    • Re: (Score:3, Insightful)

      by rahvin112 (446269)

      This expansion of federal authority started under the Bush administration and has continued under the Obama administration. Like all Federal power expansions no future administration will argue they don't need the power as this is an issue that is without party bounds. Both parties seek expansion of federal powers and any argument that one party doesn't is window dressing to convince rubes.

      Democrat or Republican, it matters not as both parties want more power and more control over the populace. Too many peo

      • Too many people spend far too much time in either parties echo chamber to understand that.

        The Republicans didn't promise unicorns were going to come dancing out my ass.

        • Re: (Score:1, Insightful)

          by Anonymous Coward

          nor did the Democrats; they just stayed quiet and let the Republicans make everyone assume that whatever replaced Bush would be an assload of unicorns by comparison.

      • by Obfuscant (592200)

        This expansion of federal authority started under the Washington administration and has continued under the Adams administration.

        There, fixed that for 'ya. To think that every thing bad the government does started with Bush is just lunacy.

      • by jewens (993139)

        This expansion of federal authority started under the Washington administration and has continued under the Obama administration. Like all Federal power expansions no future administration will argue they don't need the power as this is an issue that is without party bounds. Both parties seek expansion of federal powers and any argument that one party doesn't is window dressing to convince rubes.

      • by drinkypoo (153816)

        This expansion of federal authority started under the Bush administration

        Yeah, George H.W. Bush, former director of the CIA. Not his failed clone.

  • WTF?! (Score:1, Offtopic)

    by SternisheFan (2529412)
    Last year I submitted an "Ask Slashdot" question about cellphone security and my android phone, and I got ripped a new a***ole by the commenters (except for one who agreed it sure does exist) for it, even lost some 'karma' points over it. "Can't happen!" Cell/ bluetooth signals are secure." Now, the comments are all " Of course, anyone with a few bucks can build one from Radio Shack parts." WTF!! Did something suddenly change since a few months ago? This tech has been around for years.

    I knew I was right!

    • by Anonymous Coward

      I'll start mad spamposting like that APK guy, I swear I will! (He hasn't posted lately, what, did he finally fall asleep or something?)

      What we witnessed between APK and his counter-troll was a rare troll courtship mating display. Now that the courtship has been accepted, the pair has slunk off under a bridge to begin "making goatse" --- all part of the beautiful cycle of life through which a new brood of tad-trolls are spawned.

      • What we witnessed between APK and his counter-troll was a rare troll courtship mating display. Now that the courtship has been accepted, the pair has slunk off under a bridge to begin "making goatse" --- all part of the beautiful cycle of life through which a new brood of tad-trolls are spawned.

        That's nice, I'd like to wish the new couple many happy years together, fighting their war on mental health.

  • Unless the judges are prepared to punish the attorneys in question with actual jail time, their pleasure is irrelevant.

  • Harris Corp CEO (Score:5, Interesting)

    by Vinegar Joe (998110) on Thursday March 28, 2013 @06:19PM (#43307351)

    My, my, my........

    "Harris Corp. President and CEO William M. Brown was appointed to President Barack Obama's National Security Telecommunications Advisory Committee on Tuesday, Florida Today reports."

    http://www.bizjournals.com/orlando/morning_call/2012/11/harris-corp-ceo-appointed-to-obama.html [bizjournals.com]

    • by Anonymous Coward

      So with Republicans, we get to be irradiated every time we fly for the illusion of safety while companies get rich thanks to Chertoff going off and starting a company.

      With Democrats, we get to have the government listen to all our calls while companies get rich and the CEO gets into the government.

      We could call this the Reverse Chertoff Maneuver. As a sexual move, it'd be down somewhere around the dirty sanchez and sucking up Santorum.

    • by BLKMGK (34057)

      I don't understand the issue here. Harris makes this tool just like Stanley makes screwdrivers. If some asshat stabs someone with a screwdriver we're not pissed at Stanley so why is someone from Harris, a company that obviously understands how this shit works, not a good choice? Maybe they will actually help them make things better?

      • by anagama (611277)

        Screwdrivers have tons of legitimate uses and a few "off label" illegitimate ones, like stabbing somebody. Stingray type devices have one purpose only, and that is to enable someone to perform a man in the middle attack and enable spying.

        Obama's appointment of this guy to a committee clearly dealing with domestic surveillance makes sense -- evil CEO for an evil Federal program. In that light, it is a big deal because it highlights one of the small details in the many that foreshadow our future, one where

        • by BLKMGK (34057)

          Wow how many strawmen in foil hats are you going to throw up? Yes, there ARE legit uses for these devices just as there are wiretaps when due process is followed. Yes the GSM system is WEAK, you or I could BUILD one of these ourselves if we wanted - it's been done and documented. They should put someone in that post that has no clue of capabilities?

          HSBC? That has fuckall what to do with this? I understand you didn't like that situation, few did, but stop frothing at the mouth long enough to focus on the poi

          • by anagama (611277)

            Yep -- just keep ignoring things and pretending nothing is going on. Be sure to insult anyone who points out the obvious.

  • Presumably, I would hope regulators at the FCC would like to have a word with the prosecutors as well.

    Then again, I have this crazy belief that law enforcement officers who drive their cruisers 25+ over the speed limit with their lights off should be thrown in jail, like any other criminal.

    • Gee, wouldn't it be far more appropriate if the PRESIDENT OF THE UNITED STATES had a conversation with his ATTORNEY GENERAL?

      But no, that would shatter far too many illusions.

    • by BLKMGK (34057)

      Actually there's a Youtube video of a woman cop pulling over another cop doing just that WITH his lights on. Cuffed his ass and arrested him too!

      • by russotto (537200)

        Actually there's a Youtube video of a woman cop pulling over another cop doing just that WITH his lights on. Cuffed his ass and arrested him too!

        Aww, that's just police courtship.

  • by Anonymous Coward on Thursday March 28, 2013 @06:32PM (#43307427)

    Smartphones are relatively powerful these days. So why aren't there any good realtime voice encryption apps? And if there are, why aren't more people using them?

    A voice encryption app would make the kind of privacy invasion described in the original article a lot more difficult.

  • by citizenr (871508) on Thursday March 28, 2013 @07:22PM (#43307773) Homepage

    We need some geeks with USRP to sloppily intercept few members of appropriation committee phones "Enemy of the State" style.
    That will get the ball rolling on those DOJ scumbags.

  • This is just the dirty act of government of the week. Dare to suggest our wonderful benign government illegally intercepting cell communications is doing any of the other things they do for a corrupt or improper reason and you are instantly branded a crackpot conspiracy theorist.

    Dare to suggest we can't trust these guys to overreach in financial regulation or that they can't be trusted if we disarm the population or not to infringe on free speech if anonymity isn't preserved, or with latest constitution shr
    • Dare to suggest that the government isn't made up of perfect, incorruptible beings who can never do any wrong and it's therefore not wise to give them essentially unlimited powers or let them exercise their powers in secrecy? You must be a terrorist!

      It's scary how many people possess the "nothing to hide, nothing to fear" mentality as if they think that people who work for the government are somehow perfect beings.

  • They "break the law" in order to follow their agenda and 'get the bad guys'. Only -- who really are the bad guys? A few hackers out there who annoy banks? More likely, mobsters who routinely extort these companies for their own databases and get paid off without the public knowing.

    But who protects us from a DOJ that knows everything, but doesn't arrest bankers and Wall Street crooks -- and meanwhile, they arrest people protesting this massive corruption for loitering in parks or on trumped up charges?

    Who pr

  • Given that the FCC busted Google for illegally intercepting materials when they were doing their wanderings, does this mean that the FCC will now bust the FBI - or more realistically, state law enforcement agencies? And is this a hint as to why Google got off so lightly when they were busted - only $7m? Or am I just a foolish optimist....

Our informal mission is to improve the love life of operators worldwide. -- Peter Behrendt, president of Exabyte

Working...