Judge: Stingrays Are 'Simply Too Powerful' Without Adequate Oversight

New submitter managerialslime sends news that an Illinois judge has issued new requirements the government must meet before it can use cell-site simulators, a.k.a. "stingrays," to monitor the communications of suspected criminals. While it's likely to set precedent for pushing back against government surveillance powers, the ruling is specific to the Northern District of Illinois for now. What is surprising is Judge Johnston’s order to compel government investigators to not only obtain a warrant (which he acknowledges they do in this case), but also to not use them when "an inordinate number of innocent third parties’ information will be collected," such as at a public sporting event. This first requirement runs counter to the FBI’s previous claim that it can warrantlessly use stingrays in public places, where no reasonable expectation of privacy is granted. Second, the judge requires that the government "immediately destroy" collateral data collection within 48 hours (and prove it to the court). Finally, Judge Johnston also notes: "Third, law enforcement officers are prohibited from using any data acquired beyond that necessary to determine the cell phone information of the target. A cell-site simulator is simply too powerful of a device to be used and the information captured by it too vast to allow its use without specific authorization from a fully informed court."

A step in the right direction

[Anonymous Coward]

But in the end, these court orders and government actions do little. These organizations are almost clandestine in nature and are just going to do what they want. Props to GNAA.

Re:A step in the right direction

[bhcompy]

They'll still use it, but it will not be used in court, rather it will be used to gather information until another method of making a charge stick is found. It's not fruit of the poison tree at that point.

Re:A step in the right direction

[sumdumass]

Well, it is still fruit of the poison tree but is only known as such if someone is willing to admit that was how they found the information.

Parallel construction largely relies on a lie being in place. If at any time it is discovered that this other source or means was crafted due to the illegal connections, it can and likely would be toss out with it.

Re:A step in the right direction

[Frobnicator]

Well, it is still fruit of the poison tree but is only known as such if someone is willing to admit that was how they found the information.

Parallel construction largely relies on a lie being in place. If at any time it is discovered that this other source or means was crafted due to the illegal connections, it can and likely would be toss out with it.

One neat thing about this type of deception is that the bigger it grows, the harder it is to hide. One person can keep a secret. Two people struggle to keep a secret. Hundreds of people cannot keep a secret, there will be a media leak by with a citation as a "confidential source not authorized to talk to the media."

If that happened it would not be one case tossed. It would be at least one case tossed and thousands of other cases re-opened for investigation, and intense scrutiny and a nasty public relations backlash.

We had a situation in a local PD where a highly acclaimed officer was caught faking field sobriety tests, falsifying reports and even the discovery of dashcam video showing the tazering of a sober person while shouting at them. In addition to the officer losing their job and various awards, there were various convictions overturned, convictions expunged, and several settlements allegedly of a quarter million dollars each were issued.

When discovered the impact to the groups is huge.

Discovery of illegal wiretaps and illegal records and failure to disclose potentially exculpatory evidence? That's the kind of thing that gets mass terminations and prison time for officers.

Re:

[chihowa]

You have far too much faith in the system. The DEA outright admitted to using parallel construction (One DEA official had told Reuters: "Parallel construction is a law enforcement technique we use every day. It's decades old, a bedrock concept.") and no cases were reopened or even scrutinized.

If somebody at a little local PD does some sleazy illegal stuff, people may go to jail. When whole branches of the federal government start doing illegal stuff in an organized manner, it becomes the de facto law of the

Re:

[chihowa]

Or maybe they're getting tips [washingtonpost.com] from domestic and foreign intelligence [reuters.com] agencies and not just from innocuous tippers who won't testify. But if you want to trust them implicitly, then go right ahead.

Re:

[bigpat]

But in the end, these court orders and government actions do little. These organizations are almost clandestine in nature and are just going to do what they want.

The point of the law, as always, isn't about some wishful thinking about those who would choose to violate the law. It applies to how we want to act within the law. Murder, rape, theft, fraud, are all illegal and yet still happen far too often. The point of having a clearly defined line is to let people know when they have crossed over it.

Next step?

[tgrigsby]

Perhaps carriers should be forced, by law, to encrypt their traffic such that the police would necessarily be forced to ask for the keys to decrypt the calls from a specific phone?

Re:

[sumdumass]

Stingrays wouldn't suffer any setback in this light. They work by simulating a cell tower and it is very difficult to find out that you are not connected to a legitimate tower.

Either way, the handset would have to negotiate the encryption key in which they capture or just mimic, or it would have to be hard coded into the system in which they already mimic. The same people producing the stingrays are likely the same producing the cell towers. Even if they are not, they are designed so your handset will not k

Re:

[david_thornley]

3G and 4G require the network to identify itself. You either need the carrier private key or downgrade the link to 2G (what most stingray class devices do)

So I'm likely to know I'm on a Stingray. Do you think I could sort of wardrive to try to locate the device? Or should I just call a random friend and talk about it and say bad things about the FBI and law enforcement while on the line?

Re:

[sumdumass]

I've often thought about crap like that. Get a few burner phones, find a stingray and say we are moving two kilos of cocaine, the pot is in and we need to move a bale or something. Perhaps talk about someone selling explosives and going to pick them up at a specific time and location and wanting backup to watch your back. Then identifying myself as an older person driving a car which make and model and license matches that of the local judge or something. Perhaps the mayor's wife or family or something like

Re:

[ShaunC]

So I'm likely to know I'm on a Stingray. Do you think I could sort of wardrive to try to locate the device?

Kinda. You can install AIMSICD [github.io] on an Android phone; it displays a map of cell towers and alerts you when the presence of a stingray is likely. An icon in the phone's status bar will change from green, to yellow, to orange, to red indicating the threat level. I've seen a couple of yellows, which means something weird is going on with tower IDs, but isn't necessarily dangerous. If you got an orange or red icon you could pull up the tower map, find the dot, and drive towards it (or very fast away from it!).

Re:

[IamTheRealMike]

There are apps for Android that claim to do exactly that. I believe some of them warn you if you were downgraded to 2G unexpectedly or if encryption was switched off by the cell site.

Two problems. One is nobody uses such apps. It needs to be integrated with the OS really. And another is that apparently the makers of the Stingray devices have a device that can attack 3G networks as well. This latter device is only rumoured and last time I researched it, I concluded almost nothing is known about how it works,

FBI to Judge Johnston

[Anonymous Coward]

"We don't use stingrays. Prove to us that we do. Neither ownership nor signing out a stingray constitutes proof. Should you be able to prove it we will issue an NSL and shut you down based upon National Security considerations. Also we have the President, Administration, CIA, NSA and Homeland Security on our side."

Problem solved!

Wow, did a troll just get +5

[rsilvergun]

Seriously. We're not talking about the CIA here. You want to build a Stingray? There are plans online. It's not hard. If I was a crook I'd say let 'em use one against me in the way you're suggesting. Without a court order it gets thrown out. If you want to stop worrying about the rest of the bad guys out there then go have a look at what Bernie Sanders is doing...

Re:

[niftymitch]

I expect my calls to be private even on the street.
Someone has to make an encryption app for the calls where you exchange keys in person and they are never on the network.

Expectation of privacy needs to be reviewed. Definitions of privacy should not be capricious.
There is privacy in a crowded noisy room.
There is privacy in the middle of an open field.
There is privacy in the home.
There is privacy in the bedroom (hotels have bedrooms).
There is privacy in a special RF shielded, sound deadening special room.

A conversation in a restaurant while on a date has privacy expectation.
There is privacy in the confessional of the catholic church.

To subject the population to privacy rules

Re:

[Coren22]

Perhaps it was modded down because it has nothing to do with stingray use by police?

Re:

[Coren22]

Wow, you have really lost your mind over this, it is lovely to see I am getting to you finally, you are starting to correct some of the issues, though you did still ignore much of my responses yet again. I guess I shouldn't expect too much from you.

Re:

[Coren22]

That is easy, no.

Re:

[Coren22]

http://slashdot.org/comments.p... [slashdot.org]

Why do you keep asking me to repeat myself? Do you have short term memory loss?

Re:

[Coren22]

http://slashdot.org/comments.p... [slashdot.org]

Is reading too much to ask? You ask the question, read the freaking answer. Yes, you claimed that DNS wasn't needed by trying to say that it uses more resources to run than a hosts file.

Re:

[Coren22]

I'm not the AC, but I'll bite.

Come at me bro.

Re:

[Coren22]

The smell might knock me out, but it is highly unlikely you could. You would probably hide behind your mom.

Re:

[Coren22]

What, are you going to try and sit on me?

Re:

[Coren22]

So responding to the question three times is running away...I see...you are deranged aren't you?

Re:

[Zontar The Mindless]

Better yet, come meet me here - you know where I am!

So does the rest of the planet, including me. As you know quite well, Mr Internet Tough Guy.

Re:

[Coren22]

You are my hero. How did you resist the burning poop gag though?

Re:

[Noah Haders]

Modded down because it's offtopic...

Steve Irwin agrees

[JoeyRox]

Crikey!

Re:

[wisnoskij]

I came here to make the same joke. I don't have any mod points, but I believe that this should be upvoted.

Re:

[bluefoxlucid]

Ay, mate, gotta watch for the tail 'cause it's reeeeeallly pointy!

Re:

[Tommy Carpenter]

dammit I came here to say the same thing!

Great

[clonehappy]

So the three-letter-agencies and the local yokels will have to just continue using parallel construction. Isn't it amazing how many detailed and accurate "anonymous tips" the police receive?

Re:

[rsborg]

So the three-letter-agencies and the local yokels will have to just continue using parallel construction. Isn't it amazing how many detailed and accurate "anonymous tips" the police receive?

Not sure how Stingrays wouldn't be supremely helpful to parallel construction. Sure they can't prove it with the call records, but now they might be taken to task for even using them at all.

Police State no-likey this.

Re:Great

[NormalVisual]

It's usually a little more subtle than that. Once the evidence is discovered via illegal means, the information is forwarded on to the local law enforcement folks, who then might tail the suspect until they do something *provably* illegal (tail light out, improper lane change, loitering, etc.). Once they have an excuse to detain the suspect, they can use dogs (also questionable, IMO) or whatever other *actual, documented* means (as opposed to "theoretical" means) to get the evidence that will then stand up to scrutiny in court. I imagine it often happens that the arresting officers themselves aren't even let in on the secret by their bosses. They're just told to look for a specific person or make/model of car with this license plate number, and find a reason to pull it over.

Your basic premise is sound though - it's still nothing more than a near-bulletproof means of gaining evidence illegally and keeping the true means by which it was discovered from the court. Lies of omission are still lies.

Re:

[Budgreen]

ohio state highway patrol (turnpike) works this way.

only they can once a week seem to pull someone over for an improper lane change or faulty license plate light and magically find 10 keys of coke hidden in a secret compartment inside the gas tank,

I drive through there with marker lights out all the time, but i'm not doing anything illegal so I won't get stopped.. but i guarantee if i had a trunk full of weed and only let my blinker flash twice before changing lanes, i would be in jail,

Meh, you do what you can

[rsilvergun]

Just because some asshats will still break the law doesn't mean we should give up on enforcing it.

Why use stingrays at all?

[hawguy]

Is there any information a stingray can collect that the cellular carriers don't also collect?

The stingray just seems like an end-run around getting a court order to subpoena the information from the carriers.

Re:

[AHuxley]

They get location, tech details about a call (unique ID numbers, traffic data), If needed voice prints, voice or message content, mapping or gov malware push down to allow a phone to be activated (live mic) or tracked.
"Turns Out Police Stingray Spy Tools Can Indeed Record Calls" (10.28.15)
http://www.wired.com/2015/10/s... [wired.com]
Why? Parallel construction. It gets around needing a warrant, taking to/entering details into any court system or having any telco database knowing who is been looked at.
Both court

Re:

[ShaunC]

Is there any information a stingray can collect that the cellular carriers don't also collect?

Yes, everyone else's information in addition to the hypothetical suspect's, with zero requirement for any semblance of probable cause.

The stingray just seems like an end-run around getting a court order to subpoena the information from the carriers.

Right, that's the whole point. The court would never grant a subpoena for information about "everyone who was in the area of Main St. and 4th Ave. on January the 9th," so they're subverting the court altogether.

Fuck no

[Anonymous Coward]

Any government official who eavesdrops on the communications of US citizens should get the death penalty. No exceptions.

FINALLY!

[tgrigsby]

Someone who gets it!

Without getting stupidly extremist ("Death to eavesdroppers"? Really?!), our law enforcement and judicial systems have gotten off into the weeds and need to be reminded that the spirit of the Constitutional amendments that grant privacy are designed to limit personal exposure down to only what is needed to investigate specific crimes committed by specific individuals. The idea of casting a wide net and picking up everyone doing anything wrong will always be attractive and based on the faulty logic that our judicial system is perfect in discerning proof of offense from misleading and incomplete evidence. The Constitution, on the other hand, assumes the judicial system is imperfect and must be held to a high standard that assumes imperfection.

Cell phone company to only allow registered towers

[Anonymous Coward]

This is something that as the CEO of a cell phone company you could fight against.

Why hasn't someone simply said "No, the phones we issue will not connect to anything short of a proper registered cell phone tower which WE own, stingrays will be ignored".

Or is that somethign that isn't technically possible? I'm sure there's a way. And I for one would be quite willing to be restricted to the coverage area of a specific network IF that also ensured that I was guaranteed to not be fooled by a stingray.

Alterna

Re:

[PPH]

This is something that as the CEO of a cell phone company you could fight against.

If you wanted to be harrassed by TLAs for the rest of your life.

I have a phone that displays the difference between a secure call/data connection and an unsecure (unencrypted) one. It is an ancient Motorola RAZR V3. Now, correct me if I'm wrong, but in the case of more modern phones, this feature has been dropped. And I'd guess that this was at the request of law enforcement.

Re:

[Anonymous Coward]

Did you count the number of letters in FCC? Notice it's the same number of letters as in FBI and CIA and NSA? Those are all known as TLAs and they all whore around town together. They certainly aren't going to cock-block each other.