Rapid spread of cell site simulation is stimulation for US dissenters
via Flickr © Ervins Strauhmanis (CC BY 2.0)
- Devices can eavesdrop on and track mobile calls in real-time
- A powerful weapon in the battle against terrorism but...
- A lack of regulation and oversight (judicial and otherwise) is a major cause of concern
- Agencies buying StingRay equipment have to sign non-disclosure agreements
As the inauguration of he who will be President Donald J. Trump gets ever closer, civil liberties groups in the US are more than usually exercised about the unregulated Big Brother surveillance tactics now routinely employed by a variety of federal and state agencies. One technology that is causing particular concern is cell site simulation, of which the most common iteration is the StingRay. This is an easily portable piece of kit (about the size of a carry-on suitcase) that mimics the characteristics and a capabilities a mobile phone tower whilst actually eavesdropping on and tracking individual mobile voice and data calls in real time.
What is particularly worrying about the use of StingRay, which is manufactured by the Harris Corporation, is that law enforcement agencies the length and breadth of the US actually have to sign binding 'non-disclosure' agreements with the company when they buy the equipment in which they promise not to disclose that they use the technology even in cases where the defendants have been brought to trial entirely because of what was obtained via the use of StingRay itself.
Only last month a new report from the House Reform and Government Oversight Committee raised concerns about the growing unregulated use of these surveillance technologies, commenting, “Cell-site simulator use inside the United States raises far-reaching issues concerning the use, extent and legality of government surveillance authority."
It is peculiar story, not the least because the laws in many States require that enforcement agencies must obtain search warrants before the devices can be used - and then only for specific purposes and periods of time. However, in a swathe of cases across the nation the police and other organisations have refused to disclose information during court cases on the grounds that they have signed secrecy agreements with a private company.
The FBI requires the Harris Corporation and other manufacturers of similar cell site simulation devices to provide it with detailed notification of every sale made to whichever law enforcement agency. The FBI then contacts each organisation and compels them to sign a 'non-disclosure agreement' that prevents the police etc from telling the public that they have bought the devices. The FBI defends the use of the non-disclosure regime by arguing that any information about cell site simulation that might be revealed in a court of law during a trial could help provide the the means to circumvent the technology.
The influential American Civil Liberties Union (ACLU), long a thorn in the side of overweening government agencies and high-handed state and municipal bodies says, "potentially unconstitutional government surveillance on this scale should not remain hidden from the public… and it certainly should not be concealed from judges."
Meanwhile, the Electronic Frontier Foundation, the international non-profit-making digital rights organisation headquartered in San Francisco, has called the devices “an unconstitutional, all-you-can-eat data buffet.”
A necessary curtailment on individual privacy or a sledgehammer to crack a nut?
StingRay, the most common and popular cell site simulator, is actually a suite of devices that can be mounted in vehicles, manned aircraft and drones. The hand-held version is called KingFish. However, other devices do exist, including including the aptly-named Dirtbox from Digital Receiver Technology of Maryland, which is a subsidiary of the Boeing Corporation.
The devices can work in either active or passive mode and intercept the content of phone calls directly to access and extract data such as International Mobile Subscriber Identity (IMSI) numbers and Electronic Serial Numbers (ESN). They also locate and track cellular devices, and, by extension, their users. Basically, the StingRay forces mobile phones and other cellular device within its transmission area to disconnect from a legitimate service provider cell site and to connect instead to the StingRay.
The StingRay Mark II can simulate four cell sites and thus access, monitor and extract data being carried over four different network operators simultaneously. It can also operate on 2G, 3G, and 4G networks at the same time.
Unsurprisingly, the FBI is an enthusiastic user of StingRay and its ilk. A recent report by the US House of representatives found that the G-Men have at least 194 cell-site simulators in use across the country. meanwhile the the US Marshals Service has 70, Immigration and Customs Enforcement has 59 and the dreaded Internal Revenue Service has two. The simulators cost between US$80,000 and $500,000 depending on their capabilities.
ACLU, which attempts to monitor the use and spread of cell site simulators, calculates that in 2014 more than 62 law enforcement agencies in 23 states (not including the District of Columbia) owned StingRays and have signed non-disclosure agreements. ACLU also revealed that the states of California, Florida, North Carolina and Texas are the most prolific users of the devices.
However, a minority are holding out against the unreasonable demands of the manufacturers. For example, last year Santa Clara County in California decided not to buy a StingRay because of the "onerous restrictions" imposed by the Harris Corporation in regard to what Santa Clara County would be permitted to disclose under nationally applicable Freedom of Information requests.
It is evident that in an era of unparalleled international terrorism law enforcement agencies must make use of all available technologies that could help prevent attacks and atrocities from happening. However, what is very concerning in regard to cell site simulators is the lack of any meaningful oversight (judicial and otherwise) that, were it mandated, could perhaps help control the widespread trawling of networks and the bulk interception of data the vast majority of which is innocent traffic passing between innocent people.
As Christopher Soghoian, a principal technologist at ACLU, says, “Lack of oversight is huge here. There are very real privacy interests at stake when the government sends probing electronic signals into the homes of innocent people. This is not a scalpel. It is a shotgun."
What is required is an agreed policy to oversee and control the use of cell site simulators and the US House of Representatives report ends by asking Congress to design and impose a nationwide protocol governing the use of such technologies and requiring all law enforcement and other agencies to be "clear and candid" with the US court system when cell site simulators have been used in criminal investigations. Otherwise, it says, true justice cannot be seen to be done.
Raushaunah Muhammad, a spokesmen for the G-Men said, “The FBI does not comment on specific tools or techniques.”