If the FBI is trying to pinpoint the location of a suspect in your neighborhood, investigators could sweep up information from your mobile device just because you happen to be in proximity to their target. Civil liberties advocates are concerned that the practice is a major invasion of privacy.
The results of a Freedom of Information Act request filed by the Northern California chapter of the American Civil Liberties Union (ACLU) and the San Francisco Bay Guardian last year sheds new light on the federal government’s use of Stingrays, a surveillance technology that mimics a cellphone tower by automatically connecting with mobile devices in the area where a search is being conducted.
Stingray is a brand name, but the devices are sometimes called Triggerfish, digital analyzers, or cell site emulators. They're known to technologists as IMSI catchers, meaning they can intercept a user's International Mobile Subscriber Identity.
As the ACLU of Northern California noted recently in a blog post, Department of Justice emails obtained in response to the FOIA request, filed with the US Attorney’s Office of the Northern District of California, revealed that federal agents who sought authorization to conduct searches using this technology were "less than forthcoming" about what the devices actually do.
The issue stems from federal investigators’ request for a search warrant several years ago targeting Daniel Rigmaiden, a hacker accused of committing fraud. The search was authorized, but it seems agents never explained just how wide a net they intended to cast.
Because FBI agents used an IMSI catcher rather than, say, triangulation techniques that can utilize subscriber data to find their target, they were able to pinpoint Rigmaiden’s precise location – not only revealing that he was inside a Santa Clara apartment building, but sniffing down to the level of his exact unit.
But when a search of this kind is conducted, a Stingray automatically connects with every other mobile device in the immediate vicinity that uses the same provider (in this case, Verizon). It works by masquerading as a cell phone tower, tricking mobile devices into automatically communicating with the spy device. So any other Verizon subscribers who happened to be nearby also had their information caught up in the FBI's net.
There are various kinds of IMSI catchers, and some are capable of sweeping in the contents of communication, such as text messages. In the Rigmaiden case, investigators said were only able to access subscriber information. Investigators also reported that they “purged” unneeded data after the fact, according to ACLU staff attorney Linda Lye. But purging the data also makes it impossible to prove that the information of particular individuals was wrongfully swept up in a search.
The FOIA request was filed in April of last year. Last July, after the government failed to provide the information, a lawsuit was filed to get the documents.
The string of emails that was finally provided suggests that federal agents have been using this sort of technology in the field for some time, without clearly representing to judges that Stingrays can vacuum up third party communications data. Instead of being explicit on this point, agents from the Department of Justice merely stated that they wanted to use a mobile tracking device.
“It has recently come to my attention that many agents are still using [IMSI catchers] in the field although the pen register application does not make that explicit,” notes an internal Department of Justice email obtained through the FOIA request, referring to a different kind of search technique that is more narrowly targeted.
Lye drilled down on this point in her blog post:
“The federal government was routinely using stingray technology in the field, but failing to ‘make that explicit’ in its applications to the court to engage in electronic surveillance. When the magistrate judges in the Northern District of California finally found out what was happening, they expressed ‘collective concerns,’ according to the emails. Notably, this email chain is dated May 2011, some three years after the Stingray's use in Rigmaiden's case – meaning the government was not ‘forthright’ in its applications to federal magistrate judges for at least three years.”
After battling for months in court in a separate proceeding, the ACLU of Northern California also succeeded in unsealing the Northern District DOJ orders that authorized use of the surveillance devices. Now, the civil liberties advocates are partnering with the Electronic Frontier Foundation and other groups to file an amicus brief concerning the constitutional implications of using a Stingray to collect evidence in the Rigmaiden case. "Their use implicates the privacy interests of the suspect, as well as untold numbers of third parties as to whom there is no probable cause," the lawyers argue.
“When we read the orders, we were very, very surprised and troubled,” Lye noted in a recent conversation with the Guardian. “Because the government was arguing in the criminal proceeding in Rigmaiden, yes, we acknowledge that we’ve used this cell site emulator, and we’re even … acknowledging that the device is intrusive enough in the way it operates to constitute a search – which is a significant concession.”
For more on Stingrays, pick up next week's issue of the SFBG.