US Judge Throws Out Cell Phone 'Stingray' Evidence For The First Time (reuters.com) 118
An anonymous reader quotes a report from Reuters: For the first time, a federal judge has suppressed evidence obtained without a warrant by U.S. law enforcement using a stingray, a surveillance device that can trick suspects' cell phones into revealing their locations. U.S. District Judge William Pauley in Manhattan on Tuesday ruled that defendant Raymond Lambis' rights were violated when the U.S. Drug Enforcement Administration used such a device without a warrant to find his Washington Heights apartment. Stingrays, also known as "cell site simulators," mimic cell phone towers in order to force cell phones in the area to transmit "pings" back to the devices, enabling law enforcement to track a suspect's phone and pinpoint its location. The DEA had used a stingray to identify Lambis' apartment as the most likely location of a cell phone identified during a drug-trafficking probe. Pauley said doing so constituted an unreasonable search. The ruling marked the first time a federal judge had suppressed evidence obtained using a stingray, according to the American Civil Liberties Union, which like other privacy advocacy groups has criticized law enforcement's use of such devices. "Absent a search warrant, the government may not turn a citizen's cell phone into a tracking device," Pauley wrote. FBI Special Agent Daniel Alfin suggests in a report via Motherboard that decrypting encrypted data fundamentally alters it, therefore contaminating it as forensic evidence.
What? (Score:2)
Re: (Score:1)
Re: (Score:1)
Encrypting and decrypting are fundamentally the same operation, so whatever you say about one applies to the other as well.
Please stop using ROT13
Re: (Score:2)
I use ROT 25! It is way more secure.
Re: (Score:2)
ENcrypting alters the data.
DEcrypting puts the data back into it's original state.
"Puts it back" = alters.
This seems like a data vs information discussion to me.
Re: (Score:2, Informative)
Well, he's right. With an arbitrary algorithm and arbitrary key, encrypted data can be decrypted to absolutely anything. In particular, data might have been arranged so that it can be decrypted in multiple intelligible ways, only one of which reflects a true plot, and the other of which are just made up shit to confuse anyone who tries to decrypt it. Hell, some encryption utilities allow people to create shadow partitions with no important data in it, so if you give the "wrong" key, it still likes you're gi
Re: (Score:2)
Do so and be found in contempt as soon as the Judge orders you to provide the correct decryption key.. Go to jail to stay you are..
Re: (Score:1)
Give them several keys, they cannot compel you to say which one is correct and cannot prove there are more keys. Think of it this way, you have a safe and inside is a collection of papers that have conflicting information. You can be forced to open the safe, but not to comment on which papers are true, nor to reveal that there are more papers hidden in the walls.
Re: (Score:2)
Can I give them 2^x keys, where 'x' is the encryption key size?
Re:What? (Score:5, Informative)
Re: (Score:1)
I think you're right. There's an additional problem though. Once a key is broken, how do you know the encrypted data isn't just the original + something and re-encrypted?
Re:What? (Score:4, Informative)
A valid point, but not really related specifically to encryption. Once evidence of any kind is gathered, how do you know the evidence is entirely original?
I expect you meant "how do we know the evidence is unaltered." Typically a hash of the data is collected at the point of collection and stored along with other details (filename, length, date/time stamp, collector information) with the collected forensics data. So the hash value can be recomputed and verify that whatever file you're looking at is the same as at the point of collection. Additionally, the standard 'chain of custody' checks can be done to verify that that hash never changed at any point in the history of custody after it was collected. If a key is available, the defense could do their own decryption to confirm that the plaintext presented is the same as the plaintext they produce from a file with the correct hash. Min
Re: (Score:2)
Re: (Score:2)
I think he means more in general, like at the end of the day if all the documents are signed and everything appears correct you just have to trust that the whole system isn't broken and the investigators tampered with the evidence and covered it up. A hash doesn't protect against that since they could simply calculate a new hash and pretend that was the right one the whole time.
Why would you grant such trust at a time when we're reading stories about prosecutors and investigators simply making things up? There was even a story about a guy who had been exonerated in such a case yet still sits in prison for years afterward.
Therefore, when court evidence is presented it should always be treated as suspect until the system can prove otherwise.
Re: (Score:2)
If the entire system is corrupted top-to-bottom it can "prove" anything it wants, was his point.
Re: (Score:2)
How do you know that the data was collected correctly though? Maybe the packet capture software has been modified to insert illegal material on command, after which it calculates the hash.
Unless they have someone independently capturing those packets I can't see how they can prove that they are genuine. I could rig up a quick demo in court of some software that proves the viability of this technique, and I guarantee that they won't be allowing the defence to examine the source code of the stingray.
Re: (Score:2)
Yep. If it's actually true that you live in a society where things have degraded to the point that you can't trust the system not to be systemically corrupt, you should probably leave and go somewhere else.
There are checks in any good system, but if you can't have a reasonable expectation that two members of that system won't collude, there's not much that can be done. You have too many defectors, and the particular system you are playing in is headed a bad place and you should probably quit until it gets
Re: (Score:2)
AFAIK, if the original data was well-encrypted, there should be no correlation between it and the plain-text data. Depending on the process used to decrypt it, you could literally come up with ANY output data you want?
Re:What? (Score:5, Informative)
"decrypting encrypted data fundamentally alters it" What? If the decrypted data doesn't match the data that was encrypted, you failed to decrypt it properly. On a purely technical level I guess he's correct. Encrypted, the data is just a bunch of jazz and whirly bangs. Once decrypted it's actual data, so on a purely superficial level, with no understanding of encryption, I guess he's right. Damnit
This a typical /. summary that mistakes what was actually said to make it sound more interesting. The agent said decrypted data is different from what was taking by the warrant, and thus you are not turning using the actual information taken in the search (i.e. the encrypted data) but that it still is forensically sound; he never said that's "contaminating it as forensic evidence" just it may still be less forensically sound than the actual encrypted data. /. seems to imply somehow that makes the decrypted data not valid as evidence which clearly is BS.
Re: (Score:2)
Tomorrow's Headline: (Score:1)
Body of New York judge found in river by Pokemon Go player.
Re: (Score:2)
Is that to say that the judge would beat down the people who came to kill him? Otherwise, how does his power somehow equate to not ending up in a river?
Re: (Score:2)
Throw them all out. (Score:5, Insightful)
Bernard Seidler, Lambis' lawyer, noted that occurred a week after his client was charged. He said it was unclear if the drug case against Lambis would now be dismissed.
This "War on Drugs" has proven to be a failure. Just regulate it like alcohol. And instead of sending these folks to jail, send them to rehab - an evidence based rehab like the Western Europeans do.
Prosecutors like to say that some addicts need that "Come to Jesus" moment of getting arrested to get clean - and they have zero evidence to back that claim up. But the truth is that rehabilitation in the USA is a joke. It's not evidence based and when it fails, the program doesn't get blamed but the addict; when the opposite should be the case. I don't have to work for an antibiotic to work. It works or it doesn't. If someone has to "want" to change then you don't have an evidence based treatment but a placebo.
Poor Lindsey Lohan has been in and out of rehab and her character is blamed when in fact the rehab places she's gone to are pretty much garbage.
So, until we as a country grow up and stop this moralizing and hypocrisy about drug use, we are going to be pissing billions of dollars a year away on things that don't work.
Re:Throw them all out. (Score:5, Insightful)
The war on drugs, like the war on terror, isn't fought with the intention to win.
Re: (Score:3)
Re: (Score:1)
It is far better to leave people, who are not harming others, alone.
The problem with this approach is we are, in general, too compassionate to walk by as someone writhes in agony from a cheetos-and-lard induced heart attack. We expect society to help them. So total disregard for one's health DOES have a cost to others. But it's tough to know where to draw the line
Re:Why rehabilitate the unwilling? (Score:5, Informative)
It is far better to leave people, who are not harming others, alone.
The problem with this approach is we are, in general, too compassionate to walk by as someone writhes in agony from a cheetos-and-lard induced heart attack. We expect society to help them. So total disregard for one's health DOES have a cost to others. But it's tough to know where to draw the line
You just did. As a society, we show compassion. But interfering with property rights is not okay. Just as someone that owns a book has every right to burn it, each person owns their own body and has every right to destroy that, too, without interference. In fact, owning YOURSELF is the first step is recognizing any human rights at all. Sure, we go out of our way to warn people about what they are doing "Hey if you keep eating cheetos and sitting all the time you will die sooner" - but they still have the final say in the matter. So there's the line.
Also, be sure that you distinguish between "society" and "government", because they are not the same. There's a quote from, I think, Thomas Paine that spells it out pretty well... ah - here it is:
Re: (Score:2)
Yeah, and if I want to douse myself in gasoline and light the match in front of my workplace should be legal too. Fuck it if I'm mentally incapable of distinguising fact from fantasty. Its my body, I can do with it any way I please!
Re: (Score:3)
The front of your work place is public property. You could hurt, annoy or damage the property of someone that matters.
If you want to burn yourself, do it where you won't bother anyone.
Re: (Score:1)
Re: (Score:2)
Yes, you should. Suicide isn't a crime (attempted suicide IS), and shouldn't be (neither should making the attempt and failing).
Suicidal urges shouldn't make you liable for prison (doesn't usually happen, but it is a crime punishable by prison in many places), though a therapist might ought to be mandatory....
Re: (Score:3)
And we run into the issue that there are medical problems that make the victim irrational, and therefore unwilling to seek help. If we could count on people making rational decisions from their point of view, that would be great. If you've decided that your desire to sit around and eat Cheetos all the time is greater than your desire to be healthy, I can respect that decision while thinking it's stupid. If you are sitting around eating Cheetos because you're suffering from clinical depression, and won't
Re: (Score:2)
That's the problem with a free society. It expects and requires a certain level of personal responsibility from competent adults. In your example, making sure you're not leaving behind debt or dependents and keeping your affairs in order. And the problem with empowering a government to treat everyone like they can't be trusted to responsible, and you end up with some group of bureaucrats or other deciding where you should go to school, what you're allowed to eat (or not), where you will live, what you ca
Re: (Score:3)
That's just it, drugs generally do really bad things to people and those around them and many are helpless to break the cycle of dependency.
Would you have us stand back and watch while people self destruct, killing themselves a little bit at a time? Where I get there is a limit to what government can do in a free society, but this question does not have a binary answer in the case of illicit drug use. Just taking the controls off and "making it legal" condemns a lot of people to needless lives of torment
Re: (Score:2)
And how many of those "bad things" result from the fact that drugs are illegal?
The question is not "are drugs bad", rather, it should be "is there more harm to society from making drugs legal/illegal?"
Re: (Score:2)
Illicit drug use has historically shown to be a public health and welfare problem. Opium is the prime example, but other recreational drugs have similar negative affects upon users.
Don't be blind, there are valid arguments to NOT just legalize everything here and let the chips fall where they may and just blindly advocating for such legalization w/o at least acknowledging the issues being raised with your idea is plain stupid.
Re: (Score:3)
You failed, once again, to get the point. The question is not whether drugs have negative consequences.
The issue is not that illicit drugs are bad (although, I don't accept that this is fully true: what about marijuana?), the issue is that making drugs illegal may cause more problems for society than legalizing them.
You
Re: (Score:2)
It may seem I'm missing your point, but I don't think that's true. I may not be answering your objections directly, but that's because you've not addressed my point. I think though that you are trying to dodge the point I'm trying to make that at least SOME drugs need to be prohibited for the good of all with your legalization of marijuana mantra..
So... Let's get into *specific* details....
Apart from weed... What drugs are you saying should be legalized? I get the impression that you want to take an arg
Re: (Score:2)
Since you made a (wrong) guess about me, I am going to take a guess about you: someone you know has had their lives ruined by illegal drugs.
I am not arguing that drugs don't devastate people's lives. I am quite sure they do. So do alcohol and gambling. I am arguing that making them illegal makes the devastation worse and spreads the damage to people who might not be damaged by drugs. How many people die from taking adulterated drugs or
Re: (Score:2)
Well you are wrong about me, I've not had anybody close to me suffer from addiction. As close as I've come is an uncle who I saw about three times in my life and the conversations I've had with my grandmother who was an RN who worked at a methadone clinic...You are also wrong about your facts...
You are crazy to even try to make the claim that making drugs illegal hasn't kept anybody from taking them. Of course it has, that much is obvious despite your claims otherwise. Has it been 100% effective? Obviousl
Re:Why rehabilitate the unwilling? (Score:4, Insightful)
That's just it, drugs generally do really bad things to people and those around them and many are helpless to break the cycle of dependency. Would you have us stand back and watch while people self destruct, killing themselves a little bit at a time?
I'd be more inclined to agree with you if it was treated more like an illness and less like a crime. Criminalization might be good for those who choose to stay away from drugs because it is against the law, but it does nothing for the people actually using drugs. In fact, it makes everything worse. Don't tell me the effects of smoking a little pot is worse than the effects of being arrested for smoking pot, because it's just not true. Sure, it takes a lot of courage to go to an AA meeting and say you have an alcohol problem but I think it takes even more to say you have a drug problem. Same goes for clean, consistent quality - that street drugs may have all sorts of bad shit in them might scare some away, but it only makes it more dangerous for the actual users.
By far most people who are really fucked up on drugs and get real destructive to those around them have some really bad shit in their past they want to get away from, this "gateway drug" theory is only looking at the steps not why people really take them. I read this story recently about a girl (17) who was now in rehab, started smoking pot at 12 and shot heroin at 14. Sure A followed B but if you listened even a little bit to her life's story you'd know she was ready to jump on any high to get away from the past. The vast, vast majority without psychological trauma will puff a little joint and get a buzz and that was it. Then there's a few with addictive personalities who can get addicted to anything from work and sex to gambling and drugs, but fuck it we're adults. I want to life my life even though you can't control yours.
Re: (Score:2)
That's just it, drugs generally do really bad things to people and those around them and many are helpless to break the cycle of dependency.
Would you have us stand back and watch while people self destruct, killing themselves a little bit at a time? Where I get there is a limit to what government can do in a free society, but this question does not have a binary answer in the case of illicit drug use. Just taking the controls off and "making it legal" condemns a lot of people to needless lives of torment and early death, just as strict drug laws and enforcement with zero tolerance and total commitment to eradication of illegal substance use consumes vast resources, full jails and lives beset by a different kind of torment.
I don't think there's a simple answer, but what we have now is a complete failure. Where I live there is a 24 year old girl who sold heroin to a guy who overdosed and died. While she was out on bail awaiting trial she sold heroin to another guy who also overdosed and died. After both trials I think she got a total of 40 years. Where I live we don't have parole or early release in my state. So her useful life is essentially over. Granted, it wasn't a smart move on her part, but most of us can look
Re: (Score:2)
I think it's a bit short sighted to say what we've done has failed... It may not have produced the results we where told it would, but I don't think it's fair to say it's a failure and needs to be scrapped. Especially given the alternative that total legalization would thrust upon us. You simply cannot legalize everything, I don't care how bad you think our current enforcement efforts have messed things up, there are illicit drugs out there which are exceedingly addictive and damaging to the person and so
Re: (Score:3)
Would you have us stand back and watch while people self destruct, killing themselves a little bit at a time?
We do that all the time with lot's of things, including drugs which are already legal, like alcohol, tobacco, and pharmaceuticals. Some of these pharmaceuticals, by the way, are identical to illegal drugs, but in a more pure and profitable form. For example, people under extreme pain may be prescribed or given diamorphine as a pain killer. You might know it by its more common name, heroin [wikipedia.org].
I disagree with the legalization argument, based on the fact it will be really bad for a lot of people to fall into drug dependency.
You hold the more common viewpoint of how addiction actually works, i.e. that you take the drug too much and then you ar
Re: (Score:3, Insightful)
Re: (Score:3)
People who can't afford to care for their children properly, shouldn't be able to breed as their offspring become a burden on society. The only answer is controlled breeding, Your logic is the same as those who justified eugenics.
Re: (Score:2)
Re: (Score:2)
Colorado fucked up legalisation badly. Overregulated, every plant tracked from seed to bud etc etc.
California has it right. Wild west, rules set by county. Many of which have pot as their number 1 cash crop and the core of their economies. Not just Humboldt and Trinity either.
Re: (Score:2)
Agree, but please don't assume that all "drugs" users require rehab. Most have their use under control, in fact alcohol gets more people addicted than most illegal drugs do.
Re: (Score:3)
Oh these things are useful and the evidence they generate is valid for criminal prosecution, Just get a warrant before you use it... Case closed..
You would think. . . (Score:2)
. . . .that the fact that technological deception (i.e. the Stingray claiming to be a cell tower) all by itself would taint the evidence, under the long-established "Fruit of the Poison Tree [cornell.edu]" doctrine. . . it's only been the law of the land for 96 years.
Then again, IANAL, there may be some legal subtleties I fail to grasp.
Re:You would think. . . (Score:5, Informative)
Re: (Score:2)
I'm not sure how this device is a problem. It operates in public spaces and impersonates a cell tower in order to obtain location information. It does not collect the content (audio) of any calls, just the meta-data and signaling information between the tower and the phone.
How's this different from what investigators are free to do when gathering information about a suspect? They can follow you around in public, observe you in your back yard (as long as they and their equipment stay in public spaces).
Re:You would think. . . (Score:4, Interesting)
, just the meta-data and signaling information between the tower and the phone.
That is actually not true. Stingray devices are capable of "active" attacks where they act as a man-in-the-middle between cell phones and legitimate towers, thereby decrypting and recording calls. As far as the metadata is concerned, there is a legal history of requiring warrants to get that information from phone companies. The fact that technologically it is possible to directly get it by snooping with a stingray doesn't make it clear cut that it is actually legal for the police to do so, as was demonstrated here. As an analogy, if the FBI developed a technology that allowed them to read minute EM leakage off phone wires from 100ft away, it wouldn't suddenly become legal for them to tap your land line with that.
Re: (Score:2)
It's also worth pointing out that that decision didn't split along liberal / conservative lines. It split along liberterian / statist lines. I suspect if the
Re: (Score:2)
If you like this kind of ruling by the Supreme Court (which also includes police cannot take drug sniffing dogs onto your porch without a warrant, police cannot use an IR device or future tech to see through your walls without a warrant, or, in applicable to this case, police cannot attach a tracker to your car without a warrant -- turning your cell into a body tracker without a warrant is even worse) be sad Scalia died. He was instrumental in these cases and wrote some of the opinions.
Like most judges, yo
Re: (Score:3)
The Stingray becomes a man in the middle. There's nothing passive about it. Imagine the real case of a plugging in a twisted pair tap on a phone line and you'll have a relatively accurate analogy.
Why the heck aren't there apps that warn you when a new cell tower pops up in an area? It seams like a relatively simple system to beat, or does it act entirely like an existing tower ID's and all?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It's not passive. The stingray device has to broadcast a signal that is equivalent to "I am the best cell tower around here". In other words, it tricks your device into talking to it, instead of the real cell tower.
Imagine that you employ a cleaner for your house and a policeman delays the real cleaner and impersonates th
Re: (Score:3)
Why the heck aren't there apps that warn you when a new cell tower pops up in an area?
There's AIMSICD [github.com], although I'm not sure how accurate it is. I played with it a bit last year and got a few yellow warnings, so the app detects something, but it's possible those were due to legitimate roaming or tower-sharing mechanisms. When protests were ongoing in Baltimore last year, multiple people with the app reported seeing orange warnings, which mean there's definitely some fuckery going on nearby, and red warnings, which mean the user's specific phone is being targeted.
My big problems with AIMSICD
Re: (Score:3)
The Stingray becomes a man in the middle. There's nothing passive about it. Imagine the real case of a plugging in a twisted pair tap on a phone line and you'll have a relatively accurate analogy.
Why the heck aren't there apps that warn you when a new cell tower pops up in an area? It seams like a relatively simple system to beat, or does it act entirely like an existing tower ID's and all?
For that matter, arent tower locations known? If a new one appears across the street, or is driving down the street, something is up.
Re: (Score:2)
The police are not allowed to impersonate anyone they want. They can not impersonate your lawyer, and nor can they impersonate your phone company or ISP in order to gain access to your tech.
They can impersonate a generic criminal, but they are not for example allowed to impersonate you and ask a bank teller to tell them about all of your recent transactions.
To do those things requires a warrant (well, except impersonating your lawyer, that is always illegal, you can't get a warrant to do it.)
Re: (Score:2)
One of the problems is that due to the nature of how cellphones work, and how the stingray works, people who are not suspects or legitimate surveillance targets are going to have their data intercepted too. Even supposing the police do get a warrant to intercept Joe's cellphone traffic, the stingray will, by design, also vacuum up the cellphone traffic of anyone else in the vicinity. That is not legal. Compare to a scenario where the police get a warrant to tap Joe's landline. They have permission to tap Jo
Re: (Score:2)
So.... What's the difference between that and taking your photo in a public place and capturing the images of bystanders? I don't see your argument as valid based on the surveillance happening to collect non-targeted individuals' information as a result.
A phone tap DOES collect from non-targeted individuals who happen to call that phone line as well... Are their constitutional rights violated with the warranted wire tap? Nope.. But you are discussing stuff that is covered under a warrant...
Re: (Score:3)
In a way, I'm not sure this is really an issue. Apparently the device will now require that a search warrant be granted before it is used to collect evidence, at least in that jurisdiction.
However, I wonder if this will be overturned on appeal (not that it matters to the perp as the evidence collected has now been tossed) because the police are free to lie to you when questioning you. How's that different from a device claiming to be a valid cell tower? Or, how's that different than using a directional
Re: (Score:3, Insightful)
... How can the RF emitted by your cell phone, observed from a public space not be legally obtained evidence? ...
it is a little different with a general radio-frequency emission. in the case where you are emitting RF voluntarily, locating and tracking that emission requires no special permissions. you are effectively yelling in a place, and they are following the sound.
in the case of the stingray, it is giving false information to your phone, and your phone is identifying itself to a 'stranger'. in this case you are still emitting RF, and they could still locate and track that emission, but without the stingray, they
Re: (Score:1)
To be a little more clear, the Stingray 'forces' the phone to respond - that is more than just listening.
Re:You would think. . . (Score:5, Insightful)
Your base assumption is false, the police do not have blanket powers to lie to you. There are very specific rules about how and when police can lie. They can not for example lie and tell you that they are your lawyer. Nor can they, If your lawyer is present and they make an offer, claim "we were lying when we offered you immunity in exchange for testimony".
They are also not allowed to disable your internet, knock on your door and say "I am from your ISP, here to fix your internet" unless they have a warrant.
That situation seems to me to be the most direct comparison of a sting ray. They are preventing your phone from interacting with the network and instead pretending to be that network.
That is radically different from passively listening.
Case law supporting my claim (Score:3)
Here is an arstechnica article reporting on a judge ruling that the "cut the internet, then claim to fix it" lie is illegal:
Arstechnica story [arstechnica.com]
and here is a link to the official ruling:
arstechnica hosted court ruling. [arstechnica.net]
Re: (Score:2)
I didn't say they have blanket powers to lie, but they can tell you things which are false. Things like "Your partner is telling us everything about this, you need to come clean to protect yourself." Or, they can call you and say you won free tickets to something, just show up at a specified place and time to collect them, then arrest you when you do.
You are correct to point out that there ARE some things they simply cannot do or lie about. But apart from a very narrow range of constitutional issues, it
Re: (Score:2)
Inserting a listening device into the phone system has traditionally been called wiretapping, and it has been illegal without a warrant for a long time. The police are apparently trying to use a technological device to tap phones without a warrant, and that's illegal. I don't see that telephone conversations should be legally different now that we're using different technology.
Re: (Score:2)
I don't see that telephone conversations should be legally different now that we're using different technology.
Somehow they are along with a host of other rights and constitutional prtections, see: NSA, FISA, PATRIOT Act I & II, NDAA for a start along with incremental encroachments that stretch back decades.
Why?
Same reasons they've used to frighten people out of their privacy and civil rights and expand the scope and power of government going that's been the drum-beat for decades, now.
"Terrists, pedos, and mass-shooters, Oh My! Shut up and give Us more Power or you'll Die!"
You have to consider that, with so many
Broken Windows (Score:1)
Since NYC is really big on Broken Windows policing, what's the penalty for an illegal wiretap?
Parallel Construction (Score:2)
So does Mitnick get his record expunged? (Score:2)
"Absent a search warrant, the government may not turn a citizen's cell phone into a tracking device," Pauley wrote.
So does that mean Kevin Mitnick can successfully petition to have his record expunged and civil rights restored?
As I recall he was hunted down by passive tracking of his analog cellphone.
Fruit of the poison tree (Score:2)
A time honoured legal concept, (it's almost a century old now), that the judiciary should loudly, enthusiastically, and explicitly embrace again. It's been conspicuous mostly by its absence for far too long now, and it's good to see Judge Pauley doing his part to restore its currency.