FBI Attempts To Prevent Disclosure of Stingray Use By Local Cops

Ever since the public became aware that law enforcement is making use of StingRay devices — hardware that imitates a cellular tower so that nearby mobile devices connect to it — transparency advocates have been filing Freedom of Information Act requests to see just how these devices are being used. But these advocates have now found that such requests relating to local police are being shunted to the FBI, who then acts to prevent disclosure.

ACLU lawyer Nathan Wessler says, "What is most egregious about this is that, in order for local police to use and purchase stingrays, they have to get approval from the FBI, then the FBI knows that dozens of police departments are using them around the country. And yet when members of the press or the public seek basic information about how people in local communities are being surveilled, the FBI invokes these very serious national security concerns to try to keep that information private."

Downtime [Offtopic]

[Soulskill]

Before anyone asks: we've been down most of the day because of a disk that went bad in one of our servers. Siteops has been slaving away at a lengthy restore, and hopefully we're good to go, now. Apologies!

Re:

[iONiUM]

I've been using Slashdot for many years, and I have never seen it go down for an entire day. DICE.....

Re:

[Snotnose]

Ahhh, I'd figured you flipped the switch to Beta, only to find out it was still Alpha.

Re:

[Anonymous Coward]

Wouldn't it make more sense to post an actual story about this rather than some random comment in an article?

Re:

[Soulskill]

Maybe -- we try to avoid navel-gazing, but if the failure case is unique enough we might post something. That said, we wouldn't run anything until the siteops team finishes their postmortem, and I wanted to head off the speculation so it didn't send multiple stories into offtopic-land.

Re:

[ganjadude]

thanks for the info, ive been confused all day with the static page at work, i thought maybe they got sick of me on here!

Re:

[Bite The Pillow]

Is this Bennett Hasselton's alt? Because when I think "shut down slashdot because of one user" I naturally leap to a conclusion.

If not, sorry weedman for accusing you of supernatural ignorance. Seriously, I apologise mary jane sir for suggesting super-universal dorkmanitude, if it is not appropriate.

If I am right, however, I will gladly mail you a rusty rake with which to fuck yourself sideways.

Again, if it is my error, keifbrother, I humbly genuflect and beg forgiveness.

Re:

[ganjadude]

no no no, what I mean is, i didnt think /. was down, i thought it was a corp block on /. that was blocking me

and no, i am not bennet. but i am interested in what he has to say about the idea

Can I still have the rusty rake though?

Re:

[Bite The Pillow]

That sounds like something diceslot would do. Well, obviously wouldn't, but would, you know what I mean.

And hell no, that's a nice rake. I've been keeping it very rusty, just for one specific asshole. I don't know if you have tried to maintain a rusty rake, but believe me, it is almost a full time job making sure that rake is rusty enough, and that the handle won't jut break off wherever it feels it might want to. The handle must be disciplined.

I'd actually like to know how best to discipline a rusty ra

Re:

[BronsCon]

Are you... the rake-ist?

Re:

[stealth_finger]

thanks for the info, ive been confused all day with the static page at work, i thought maybe they got sick of me on here!

That's what I thought, fine, fine, fine access denied. I thought they'd blocked it but that didn't seem right as it would've taken a little bit of effort and direction from above. Apparently not and huzzah.

Re:

[X0563511]

I find it alarming that a single disk failure could take you down like that...

Re:Downtime [Offtopic]

[Soulskill]

It was more than a simple hardware failure -- the storage cluster software we're using had an issue that not only obliterated data, but managed to take out its own repair functionality. We had proper backups and didn't lose anything permanently, but had to do a much larger rebuild than if a disk just died.

Re:

[rickb928]

Clearly you should have been on your way to not only assist in recovery, but directing the redesign to prevent this in the future.

What a were you thinking, posting instead of solving the /.'s world's problems?

Re:

[laurencetux]

because they need to find out what went wrong first before they can correct it??

and besides having one guy on the team doing slightly better than just repeating NEWS AT 11 should keep the noise down.

Re:

[Bronster]

The coward might laugh at your storage cluster, but I'm laughing too, because I've heard this song before.

And every time I see another one of these, I am reminded why I run standalone replicas with the replication right up at the application level with integrity checks to ensure that a failure in one place doesn't wipe other things.

http://blog.fastmail.com/2014/... [fastmail.com]

People are right to laugh that a single bad disk can take your site offline for hours because the storage cluster software screwed up. I don't u

Re:

[Nethead]

Speaking of points of failure. I was helping out at a site that our corporate overlords purchased (makes things for airliners) that had an old SGI server that had one HD in it that is the boot device. They know nothing about SGI nor how to back it up, they don't have support for it. They say this is mission critical.

Fuck me running.

I think I'll have to build up a BSD box and dig through the garage for an old Adaptec SCSI card, maybe I can dd it, I hope.

Or let it die, they deserve it.

Re:

[tompaulco]

In my experience, the least reliable piece of equipment in a raid cluster is the raid controller software or hardware. I have literally never seen a hard drive fail and the raid controller seemlessly rebuild onto hot spare. I've worked in a company that had a half million dollar SAN which experienced outages several times a year and they were generally not due to a problem with a drive.

Re:

[Bonzoli]

I've seen it work many a time on my older IBM AIX raid controllers. Usually when there is a problem, the controller is throwing an error on a disk being bad. Had already rebuilt it to the spare, and is telling you it needs replaced?
When it didn't work correctly, almost every time the logs were not being monitored and the second disk fail took the server down. Then the blame went on the crappy raid array. Lets get a SAN, cough. There was once a time when the firmware of the controller wasn't upgrad

Re:

[tompaulco]

I was not in the IT department, and didn't have a lot of faith in the IT department, but for what we paid on support and equipment costs on the SAN, it certainly should not have failed as often as it did. In fact, I think we even had remote monitoring so the company was supposed to notify us if there were issues with any of the devices or the firmware.

Re:

[X0563511]

A box with raid can still die, if the RAID controller isn't the best.

But even then, you should be able to blow up a whole rack and stay online. Redundancy isn't just a buzzword.

Slashdot Slashdotted ... was:Downtime [Offtopic]

[redelm]

... and the failover was a Raspberry Pi model A. Ample :)

Serious, this is the first prime-time multi-hour outage I can recall in 17 years. Far better than most sites!

Re:

[ColdWetDog]

* A * disk went bad?

You guys still running this thing on Malda's old netbook?

Re:

[Soulskill]

Waste not, want not.

Re:

[Pikoro]

So when should we expect to see a post on dice jobs for new slashdot server admins. Of all the sites to go down for something like this, Slashdot is the last one I expected.

Send me an email and I'll send you a resume and set up your back end properly. Sheesh

Since you are replying...

[Futurepower(R)]

Funny.

Since you are replying, I have a question: Isn't Dice top management rather ignorant about technology?

Slashdot is important. Dice top management doesn't seem to understand or value Slashdot.

Re:Since you are replying...

[Soulskill]

Well, as I mentioned in another comment [slashdot.org], the problem was more than a simple hardware failure. From what I've heard hanging around the siteops team while they worked on it yesterday, the problem wasn't something easily foreseeable -- complex software has complex interactions, sometimes. Keep in mind that we're also sharing infrastructure with SourceForge and a few smaller sites.

Also, for as much abuse as Dice takes around here, they really had nothing to do with the outage. Our infrastructure and teams were in place before the acquisition, and Dice doesn't interfere with that. It's our own fault. As for valuing Slashdot -- the degree to which they've left us alone to operate the site suggests to me they value it just fine. They haven't done anything to the editorial side -- I go months at a time without even interacting with anybody from Dice. People who dislike the Beta like to blame Dice for it, but it isn't as if we didn't do site redesigns before the acquisition.

Re:

[Soulskill]

He actually worked for us before the acquisition, writing for our standalone news site experiment. Later on he moved over to Dice and took over their news site instead.

He goes through the same submission process as everyone else, and we don't post everything he submits. I suppose you could call that "interaction" if you want, but we don't discuss submissions with him any more than we do with the average user.

Re:

[Mousit]

Almost good to go. The RSS feeds are still not updating as of 07:30 Central today. Last entry in RSS is yesterday at 09:16 (the SpaceX post), almost 24 hours ago.

Re:

[Soulskill]

Should be updating correctly now. Thanks for the note.

Re:

[Colin Castro]

This is the guy the FBI claims it stopped when they "uncover" terrorist plots. Luckily this guy posted as Anonymous Coward, they'll never find you now!

How is this even necessary?

[generic_screenname]

Law enforcement has access to this information *anyway* via the phone company. Many, probably most carriers are complying with warrantless wiretaps *anyway* - Verizon and ATT are known to do so. Is it really that goddamn hard for the police to ask for this data? And why does the FBI need to hide this?

Re:

[the_Bionic_lemming]

I guess it's to save a few minutes from having to call up a few carriers and ask for the dumps?

Re:

[thieh]

My guess is that they don't want to keep people for liasion to these companies on payroll, either because the police officers are becoming increasingly impaired in their social skills (As seen in increased frequency of PR messups and no-knock raids all over the place. If only they can spend time having someone to talk to people...) or being part of anti-union tactic (Most police forces in North america are unionized afaik)

Re:

[gl4ss]

phone company might ask for a warrant you know...

whereas they can try to argue that you're transmitting in public so they don't need a warrant. of course they wouldn't like to actually have to tell that in public.

never mind that use of such devices would be highly illegal and against fcc regulations and that such devices are a crime against the person making the call and the phone company as well.

they know they're fucked if the information of how the devices are used gets out so they don't want it out.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Etherwalk]

And why does the FBI need to hide this?

Because they are doing it everywhere.

This is the most likely reason.

By withholding details they let what seems to be a relatively small program expand until it covers the vast majority of cell traffic.

Re:

[swb]

It's either critical to national security or it isn't. In the former case why the hell are we pissing it away on trivial shit ranging from drug smuggling to murder?

I would guess if you talked to DEA/FBI/CIA, they would tell you that drug running and financial crimes are prime funding for terrorism and that the "real" reason they're so zealous about going after it is not because they give a shit about somebody getting high but that it allows them to gather intel and/or weaken terrorist organizations by disru

Re:

[geekmux]

And why does the FBI need to hide this?

...For my money this is another blurring of the traditional line between Federal and State power. The Feds really need to concern themselves with bad actors from aboard and leave the States to do their own thing with mundane domestic criminals.

Let's not bullshit ourselves. The only line that is consistently being blurred here by law enforcement is the line between legal and illegal, particularly at the level most critical the the People.

This IS the reason they're slightly hesitant to reveal information ironically (and allegedly) protected by a Freedom of Information Act. Oddly enough, I'm not sure why they even hesitate. They might as well brag about it. Not like we can do a damn thing about it. There are no mechanisms left.

All I have to say

Re:

[SwashbucklingCowboy]

Great line from Sneakers!

Re:

[AHuxley]

The cost of asking the phone company?
Letting a phone company flag or set a number been logged in a database. If staff or other nations have access to that phone company database then all legal wiretaps might get seen by a few different people or other intelligence agencies. The US seems to have found out over the years that it cannot trust its own tame telcos internal networking.

Re:

[AmiMoJo]

They don't want to wait. If they want to figure out what number someone is calling from they don't want to submit multiple requests and wait for them to clear, they want real-time access to the victim's calls.

Re:

[Agent0013]

And why does the FBI need to hide this?

If you aren't doing anything wrong, then you have nothing to hide! Right! I guess they know they are doing something wrong then.

It's called and end-run

[rahvin112]

The FBI provides a grant for the local police department to buy these because it's a legal grey area. The department purchases and runs them at the request of the FBI who reimburse the expenses. The FBI gets a copy of the data. The FBI is likely required by law to get a warrant to use these, where the locals aren't. So the FBI gets the locals to run the stuff then collects the data from the locals in normal legal data sharing agreements. (this is where the FOI requests fall flat, they should be requesting the financial agreement data between the FBI and locals to show that the FBI not only purchased the stingrays but pays the locals to run them).

This end runs around the FBI's restriction. The FOI requests are a serious threat to the program by exposing the FBI deliberately breaking the law so the FBI declares national security and covers it up even though the vast majority (and likely all) of the times these are used is against drug crime, not terrorism.

Declaring national security to avoid disclosing information is an end run around open government and allows people in government to break the law and violate peoples rights without the fear of disclosure. Every time embarrassing information or evidence of crime lays in data that should be public someone in government will declare it secret on national security grounds.

Re:It's called and end-run

[skr95062]

According to the FBI they don't need a warrant when using a sting ray, as anyone that they might pick up using it has "No Expectation of Privacy".
That statement was made a few weeks ago by the FBI no less.

Re:

[Colin Castro]

Which doesn't make sense, how can they run a machine like this legally, that's like me putting an antenna up at fort meade and going, "No, no, it's ok, there's no expectation of privacy," all while I link to and download all the information people and equipment on the base are sending. I'd go right to jail.

Re:

[fustakrakich]

Every time embarrassing information or evidence of crime lays in data that should be public someone in government will declare it secret on national security grounds.

Yes, they have to. It goes all the way up.

I wish I could use this excuse

[Anonymous Coward]

Imagine everything you could get away with.

"Do you know how fast you were going?" "National security"

"Why are you home so late?" "National security"

"Why did I find a camera in the toiler?" "National Security"

"Why does my television record everything I say?" "National Security"

"Why does windows bluescreen?" "National Security"

So what, exactly, does the FBI do?

[fuzzyfuzzyfungus]

If the FOIA request is being made under the applicable state law, what does the FBI do about it? Is there a federal statute somewhere to the effect that 'no state public records law shall be construed as to release anything that might make the terrorists win and so on'? Do they have no official recourse; but a suitable amount of knowledge about how to throw a spanner in the process in a given state?

It would seem that, if they are farming out the operation to a bunch of local cops who aren't cleared to do much beyond write traffic tickets, the data can't be too seriously 'national security' imperiling, nor would the mere interaction with the FBI change the fact that state agents are operating under the open records laws of their state, so how does this work?

I assume that gathering all the names and adding them to an enemies list is an end in itself for the FBI, they get off on that kind of thing; but do they have any other ability to use the data?

Re:

[Anonymous Coward]

the FBI does the exact same thing that the CIA, ATF, DHS, NSA, ABC, DEF, GHI, etc... do.... take your tax dollars, demand more tax dollars, and then lock you up without giving a reason.

rise up, pussies.

Re:

[AHuxley]

Re "... but do they have any other ability to use the data?"
Parallel construction or just keeping up on slag, street crime, terms, faces, people, voice prints, images sent, gps, serial numbers in each photo or video uploaded? A vast database of interaction, who is smart and turns their phone off, two people walking towards each other who turn their phones off before a meeting but where not understood to be connected until that deeper data mining uncovered their cell logs.
Locals find the locations, federa

Will it become illegal to use non-cellular phone?

[mi]

Today, if you deposit cash into your bank account in portions under $10000, the IRS may decide, you are doing it with the intent to avoid having to report the deposit to them and seize all your money [nytimes.com] — no judge, no jury. The current nominee for Attorney General is particularly infamous [rare.us] for expanding this practice (and for distancing herself from it [rawstory.com] to win the nomination).

How soon before the FBI and lesser police start treating use of wired telephones — to eavesdrop on which the police still need these pesky Judiciary's approval — with similar suspicion? Following IRS' example, they might then start prosecuting people simply for making non-cellular calls with the intent to avoid eavesdropping.

Free Minutes?

[Anonymous Coward]

Is my device connects to one of these, can I at least get some free minutes or free data? They can even throw in some banner ads.

Government afraid of the people

[Anonymous Coward]

When the original was published, hiding spy device information was not the meaning.

there is a open source solution
https://github.com/SecUpwN/Android-IMSI-Catcher-Detector

Subpoena the wifi mapping companies

[Anonymous Coward]

They collect worldwide data on local cell towers and local wifi and GPS information. The periods of cell tower replacement should show up as abnormalities in their historical records.