Stingray 101: How Law Enforcement Agencies And, Perhaps, Anyone Else, Can And Do Intercept Cell Phone Calls
Since February 2014, Andrew Jay Schwartzman has been writing a monthly column for the Benton Foundation’s Digital Beat blog on telecommunications and media policy issues. Drawing on his decades of experience in the field, Schwartzman provides analysis of the legal issues in the key communications debates of the day, highlighting how law and policymaking interact. Find all of Andy's articles here.
There is bipartisan concern about the serious Fourth Amendment questions surrounding their use, as exemplified by a staff report recently issued on behalf of the Republican Chair and Democratic Ranking member of the House Committee on Oversight and Government Reform. This post deals with a different question: whether use of CS simulators by state and local authorities also violates the Communications Act.
What Is A Stingray?
It is relatively easy to trick a cell phone into connecting to a CS simulator device rather than a cell-site. CS simulators then collect and store identifying information before passing the signal onto the cell phone company’s cell-site for delivery to the network. CS simulators have become an important investigative tool for law enforcement agencies. (“Stingray” is actually just one of several commercial brand names for CS simulators. They are also referred to as “IMSI catchers” because they intercept a phone’s International Mobile Subscriber Identity number.)
It is very difficult to obtain information about the frequency and ways in which CS simulators are used. Agencies using them must sign highly-restrictive non-disclosure agreements that prohibit them from publicly disclosing their use, even in court cases where CS simulator data is introduced. In some instances, prosecutors must dismiss their cases rather than reveal that CS simulators have been employed.
Despite these successful efforts to suppress disclosure of the very existence of these devices -- as well as when and how they are used -- legislators, regulators, defense attorneys, and civil liberties groups have gradually learned more and more about these practices. In 2015, under pressure from Congress and civil liberties groups, the Obama Administration imposed important limits on CS simulator use and mandated certain disclosures. But even if the incoming Trump Administration does not reverse these directives completely, they have some big loopholes. Moreover, these restrictions are not easily enforced, aggressive law enforcement officers have strong incentives to work around them, and it is difficult to detect or remediate violations.
How Stingrays Are Used
To deliver phone calls or texts to a cell phone, a carrier needs to know the location of each cell phone at all times. Thus, every few seconds, cell phone handsets look for the strongest nearby cell phone transmitter signal and send it a signal identifying themselves. CS simulators interpose themselves between the cell phone and the cell-site and fool the cell phone into thinking they are a cell-site before passing the information on to the real cell-site. This enables CS simulators to collect “metadata” information about who is called or being called, the length of the call and other important information. In some or all cases, CS simulators jam the cell-site signals to force the target cell phones to redirect their signals. CS simulator technology is capable of intercepting and recording the content of calls or texts as well as the metadata. This would raise a number of additional legal and constitutional issues, but Federal authorities have insisted that this capacity has not been used. However, it is impossible to verify if that is in fact the case.
CS simulators, which are reported to cost between $40,000 and $500,000 each, are generally brief-case size. They are usually deployed in a surveillance car or van, where an operator uses a laptop computer to access, record, and analyze the data they generate. CS simulators can also be deployed in helicopters or small, circling, low-altitude planes; the latter are preferred because they attract less attention. (There is as yet no verified report of drone-mounted CS simulators, but there would seem to be no reason that this cannot be done.)
If law enforcement officers are targeting a particular person, they must obtain the relevant phone number, either through other surveillance techniques or from cell phone companies. (This information is generally available by means of a subpoena, without the need for a warrant. In practice, there are often informal agreements under which this information is voluntarily provided.) CS simulators can also be used to identify every phone operating within their range so that investigators can determine who was present at or near a crime scene or, more ominously, a parade or demonstration.
As noted above, CS simulators are designed to sweep up information about every phone in the vicinity and then pass on the signal to the network. However, the devices vary in technical quality and many or most of them fail to do that successfully all the time. Frequently dropped calls can alert users to the possibility of surveillance, which is a problem for law enforcement. They also harm the general public; there are many reports that users in the vicinity of CS simulators experience a high rate of dropped calls. This phenomenon not only raises additional legal issues, but this shortcoming also interferes with the ability of innocent users to make emergency calls to 911 or health care professionals.
While it appears that more recent CS simulator devices can operate on 4G networks, which are the current state of the art, earlier models still in use operate by jamming 3G and 4G signals, so cell phones will automatically revert to the 20-year-old 2G technology. This outmoded standard is unencrypted and easier to exploit. Because reversion to 2G would tip off a cell phone user that a CS simulator might be in use, at least some devices send a false signal to the cell phone to indicate that the 3G or 4G mode is employed.
Stingrays And The Communications Act
Even though state and local authorities frequently use federal grants to purchase and deploy CS simulators, it would seem that these officials may not lawfully use them.
Section 301 of the Communications Act prohibits the unauthorized use of any radio transmission device, including CS simulators. Section 301 does not apply to federal officials but since no FCC regulation allows operation of a CS simulator, its operation by state and local authorities (and, most certainly, any non-governmental user) are unlawful.
In addition, and importantly, Section 333 of the Communications Act prohibits use of transmitters, authorized or not, to intercept or jam signals of licensed operators. It has been difficult to verify this, but it does appear that at least some CS simulators jam the signals of licensed cell phone operators. It is clear that in some cases, CS simulators block or interfere with signals. There is no exception to this requirement for state and local government. Indeed, in December 2014, the FCC issued an Enforcement Advisory stating that
We again warn the public that it is illegal to use a cell phone jammer or any other type of device that blocks, jams or interferes with authorized communications. This prohibition extends to every entity that does not hold a federal authorization, including state and local law enforcement agencies.
Complaint To The FCC About Baltimore City Police Department’s Use Of Stingrays
Because state and local authorities do not have licenses and are not otherwise authorized to transmit on licensed frequencies and because they sometimes or always interfere with and jam signals and sometimes block calls, their uses of CS simulators appear to violate the Communications Act and FCC rules.
So far as can be determined, the Baltimore City Police Department (BCPD) has been among the most prolific users of CS simulators. Although the BCPD has attempted to conceal information about its use of CS simulators, journalists, legislators, and defense attorneys have unveiled details of its practices to obtain evidence that it has used its CS simulators not only to investigate violent crime, but also to deal with everyday non-violent street crimes, to locate witnesses, and other unspecified purposes. These practices have resulted in surveillance of hundreds of thousands of innocent Baltimore residents while often doing little to address serious criminal misconduct. Even worse, these harms fall disproportionately on Baltimore’s Black residents. Available data shows that BCPD’s CS use targets Black communities.
Based on these facts, a coalition of civil rights and civil liberties groups, represented by the author’s colleagues at Georgetown University Law Center’s Institute for Public Representation, has filed a complaint with the FCC calling upon the Commission to declare that BCPD’s use of CS simulators is unlawful and to issue an advisory to all non-federal law enforcement authorities prohibiting the use of CS simulators without proper authorization. The FCC’s Enforcement Bureau has solicited a response from BCPD and is currently considering the complaint.
Carefully supervised and limited use of CS simulators conducted pursuant to appropriate judicially-approved warrants, and under a scheme authorized by the FCC, could well be beneficial. Such a regime should include detailed reporting requirements to assure full disclosure of these activities to ensure that legal and constitutional safeguards are in effect. Until such time as these protections are established, CS simulators represent a serious risk to privacy and civil rights.
Andrew Jay Schwartzman is the Benton Senior Counselor at the Public Interest Communications Law Project at Georgetown University Law Center's Institute for Public Representation (IPR). Schwartzman writes monthly for Benton's Digital Beat blog.