Hey so, uh, any chance this is constitutional?
American crimefighters spend huge amounts of cash on Stingray-like devices that impersonate cellphone towers to snoop on people – and with little or no oversight.
That’s the findings of an 18-month US congressional study, which revealed the Department of Justice (DoJ) has spent $71m on 310 cellphone-tracking units between 2010 and 2014. Meanwhile, the Department of Homeland Security (DHS) spent more than $24m on another 124 pieces of hardware in the same timeframe.
State and county police forces spent at least another $2m during those four years, although the investigation estimated this was the tip of the iceberg.
Typically, we’re told, such devices are only sold to cops if the officers sign a gagging agreement with the FBI and the manufacturer to conceal the hardware’s use.
That wall of silence makes it hard for people to get hold of information to work out the true cost of their bogus phone mast deployments.
Crucially, the amount of dosh being splashed on this technology reveals just how widespread this gear is being used.
And with little scrutiny, there is a significant risk the tech is being used unconstitutionally, we’re told.
The congressional study – carried out by the House of Reps’ Committee on Oversight and Government Reform – wants the use of the snooping hardware limited. Meanwhile, lawmen continue to spend millions on the gear.
“While law enforcement agencies should be able to utilize technology as a tool to help officers be safe and accomplish their missions, absent proper oversight and safeguards, the domestic use of cell-site simulators may well infringe upon the constitutional rights of citizens to be free from unreasonable searches and seizures, as well as the right to free association,” the committee stated in a report [PDF] documenting its Stingray probe.
Mobile phones are designed to lock onto the strongest possible cellphone tower signal to make calls and send and receive texts. When a handset connects to a phone mast, it hands over information that uniquely identifies it.
By parking a Stingray or similar device near a target, crimebusters can bump up the power and get a reading from surrounding devices and identify them.
In demonstrations, such devices can slurp the identities of thousands of mobile phone users. Larger units are also mounted on planes.
It all allows cops and agents to know where a particular person is at a particular time by tracking the movements of their handset, and thus work out who their friends and associates are, or suspect them of wrongdoing based on their location.
The FBI has been using Stingray devices since at least 2008 (and the IRS since 2011), but has been keeping very quiet about their use, even dropping court cases rather than revealing how they got the information for an arrest.
Since then, the equipment’s use has spread among law enforcement.
Unfortunately, the committee’s report – dated December 19 – notes that the rules governing the use of Stingrays and other cellphone tower impersonation devices vary wildly.
To institute surveillance by normal means requires probable cause and a judge’s OK, but Stingrays are typically deployed against those designated persons of interest by the police, which requires a much lower standard of evidence.
While the DoJ and DHS have since instituted rules that they can be used only in cases of probable cause, the patchwork of state and local laws means that isn’t true for everyone.
California, Washington, Virginia, Utah, and Illinois do have such laws in place, but there is evidence that others are playing faster and looser than the Feds.
“To ensure that the use of cell-site simulators and other similar tools does not infringe on the rights guaranteed in the Constitution, the use should be limited, and a high degree of transparency is critical,” the government reform panel concluded.
“Furthermore, there must be a universal and well-understood standard by which these technologies are deployed.
Congress is best positioned to ensure that appropriate safeguards are put in place.” ®
Sponsored: Customer Identity and Access Management