back to article ACLU: Here's a secret – cops are using the FBI's fake cell-tower tech to track crims' phones

Documents obtained by the American Civil Liberties Union have shown that US cops are using the FBI's Stingray mobile phone tracking tech much more often than first thought. And the Feds are going to great lengths to hide the full extent of its use. "The documents paint a detailed picture of police using an invasive technology …

  1. Anonymous Coward
    Anonymous Coward

    And here we run into the main problem ..

    The last paragraph summarised the exact issue that this sort of abuse generates.

    The more law enforcement deems itself above laws and regulations, the more opportunity it generates for the bad guys to walk if an intelligent lawyer starts using the fact that the information was not legally obtained. I'm surprised they don't see that one coming.

    1. DNTP

      Re: And here we run into the main problem ..

      What's more likely, that the police will stop covertly abusing tools that violate existing laws, or that when the appeals go up, their handlers will advocate for new laws and interpretations that let them keep right at it?

      1. Anonymous Coward
        Thumb Down

        Re: And here we run into the main problem ..

        They want to establish a body of law where this technology is inadvertently allowed, and then hope that the practice becomes part of accepted investigational procedure.

  2. Anonymous Coward
    Anonymous Coward

    I don't like to see the bad guys get away (lightly) because the the "good" guys did something bad but I bet this bit of kit is as bad as advertised on more than one level. I would love to know what that police specialist in court could say that would put anyone at ease though.

    1. Number6

      US Constitution

      The US Constitution was written with the understanding that the state had immensely more power than the individual and that's why criminals can get off scot free if the agents of the state don't stick to the rules - it provides an incentive for the agents to do so, and so attempts to prevent abuse of power.

  3. Doctor Syntax Silver badge

    "the technology was covered under a non-disclosure agreement"

    I'd have thought a court summons would have trumped an NDA.

    1. dan1980

      @Doctor Syntax

      I believe that's the point - that they were ordered to bring the device in, which would of course identify it and thus be trumping the NDA, as you say.

      The point is that instead of doing that, they offered a deal, which the defence accepted.

      In other words, the police let a criminal (not a major one, it must be said) go because they deemed it more important to protect their own misconduct (and possible breach of constitutional rights) than to prosecute him.

      Personally, I think that when there is a plausible suggestion that the police have breached the constitution, there should be a mandatory investigation by the courts.

    2. John Brown (no body) Silver badge

      Yes, the truth, the whole truth and nothing but the truth. Or you go down for contempt of court until you decide to tell the truth, the whole truth and nothing but the truth.

      1. dan1980

        I mean, either the constitution is the highest and most important law of the land or it is not. Nothing else should trump it and any suggestion that it has been breached should be investigated.

        If you can avoid scrutiny by mumbling something about national security and something, something, secrecy, well, then the constitution is clearly not all that important.

        It's a decision that has to be made - is it worth potentially sacrificing a little security to protect the constitution with the zeal the document deserves, or not? If it is then bloody well do it. If not then why even have one?

  4. Mark 85

    Hmm.... Interesting Case...

    So a dealer of drugs was robbed... and he filed a complaint with the police. I would imagine that would put him on a watch list? However, I digress....

    So what's wrong with the FBI saying, "Yes, we have this gear and this is what it does and how it does it."? It's like saying "we put cameras out there to catch you speeding". On the surface, this seems to be a very targeted tool and not mass surveillance. Or is it? If it's targeting, what's the problem? If it's not targeting but instead grabbing everything from everyone, there is a problem. It's the difference between having a cop sitting in a car watching a certain house for specific activity and having the cop check every house.

    1. Old Handle

      Re: Hmm.... Interesting Case...

      From what little we know about it, it's already clear that it has some mass surveillance aspects. It acts as a fake cell tower after all, so presumably any phone in the area would try to connect to it. It's possible (but in my view unlikely) that it's configured to record absolutely nothing besides connections from devices with specific IMEI numbers, but until they're willing to clarify these details I think it's quite right to treat it with suspicion.

    2. Peter 26
      Holmes

      Re: Hmm.... Interesting Case...

      If you read this wikipedia article about it below you can see it has the ability to listen into the device by forcing the phone to use crappy encryption A5/2 which can be cracked real time allowing them to perform a MITM attack with the real cell tower.

      http://en.wikipedia.org/wiki/Stingray_phone_tracker

      I suspect this and its other capabilities is what they are trying to hide, rather than the ability to see what phones are in the general vicinity.

      Also they seem to say it isn't being used to track people, but in this case that seems iffy.

      How did they come to suspect who was the robber? Was it a case of seeing what mobile phones were next to his phone at that specific time he was robbed using stingray? This would normally require a court order to get info from the mobile phone companies. (hardly worth it for a mugging)

      Or did they have a suspect in mind and just used the stingray to find his SIM and then find him? But then that opens the question, how did they know his SIMs IMSI without obtaining a court order from the mobile phone company?

      The stingray has the capabilities to track a SIMs unique IMSI number and location. The question is, is this being deployed city wide to track all mobiles and location? So when a crime is committed they can back track and see what mobiles were in that vicinity, then track where they are now. They don't even need to know who the people are to send someone to the phones current location. The massive benefit to them is that they don't have to get a court order to request data from the mobile phone companies.

      The very fact that they are not being open about it shows they have something to hide.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hmm.... Interesting Case...

        "How did they come to suspect who was the robber? Was it a case of seeing what mobile phones were next to his phone at that specific time he was robbed using stingray? This would normally require a court order to get info from the mobile phone companies. (hardly worth it for a mugging)"

        According to the article, the robbers stole a phone. The guy who got robbed reported his iPhone stolen. The article implies that it was the stolen iPhone that was tracked, not an arbitrary dragnet of nearby phones.

  5. Phil Endecott

    Can someone explain why they don't want to get a warrant from a judge?

    1. Anonymous Coward
      Anonymous Coward

      Probably because some US DoJ lawyer told them that they didn't have to. I'd love to see that individual fired, disbarred, and prosecuted..along with everyone in the review process.

    2. PacketPusher
      Big Brother

      It's all about power. They don't want to have to ask a judge and possibly be denied.

    3. Oninoshiko

      Honestly, because it tracks everyone in an area, there shouldn't be a way to get a warrant for this thing. It's usage is ALWAYS too broad because of how it works.

      What happened to the good ol' fashion stakeout?

  6. x 7

    the RAF is believed to use the same equipment in their UK-based Islander / Defender aircraft (in support of the Police / Security Services)

  7. Sokolik
    Stop

    "Florida". Why am I not surprised?

    "In one, defense lawyers were able to use the FBI's reluctance to reveal details about the technology to get a sweetheart deal of a sentence for their clients."

    "Blowback" is, I believe, the correct term for this in the business. And the perils of "blowback" from scales local to global are a lesson we cousins have-- despite countless opportunities-- yet to learn.

    Yours truly, the resident Left-Coast-Leftie

  8. x 7

    It may well be that the reason for the sentence bargain was not to hide the (assumed) illegality of the evidence gathering, but rather to disguise the technical details behind it.

    I believe I am correct in saying that in the UK no-one has ever been prosecuted for failure to purchase a TV licence based on the evidence of detector vans.....because the authorities are not prepared to reveal in court how the detectors work. They prefer to keep the technology secret

    Once an address with a working unlicensed TV has been identified by a detector set, then evidence is gathered manually (i.e. a witness seeing / hearing a broadcast) or else via self-incrimination following a bullying interview under caution.

    Similarly the FBI won't be keen for the public to know just how their mobile phone spoofing works.

    This could be for matters of national security.......or it could be because it doesn't actually work very well and is invalid if presented on its own

    1. Peter 26

      I'm pretty sure the detector vans are just to cause FUD in the population. Apparently they did have one detector van for the whole UK which they got out for TV appearances, but there is no evidence of it actually being used outside of news segments. I don't believe this is because of them hiding it, if anything they are avoiding the fact that they are not using them. It's much easier to just have someone look through your window or put an ear to the door.

    2. Florida1920
      Childcatcher

      Isn't watching TV punishment enough?

      I've always found it hard to believe the UK government has trucks driving around looking for unlicensed TV sets. The idea of even licensing a TV set is pretty hard to grasp, too. Bloke from the UK I used to know told me he gutted the horizontal oscillators out of salvaged sets and got them running on the bench, just to drive the trackers nuts. This would have been in the 60s. Dunno how true that was. Now we need to devise electronic countermeasures to spoof phony cell towers. Reward the hounds with a few more foxes to chase.

    3. Crazy Operations Guy

      How do they detect unlicensed TVs anyway?

      The TVs aren't transmitting anything, just absorbing RF waves and turning them into a video/audio stream. Not really something you can detect. You might be able to to track by way of detecting energy levels surrounding the antenna, but that could only really be done in a tightly-controlled lab setting. I suppose you could also detect the reception of these signals by tapping the house's Earth Ground wire and filtering out all the noise. But the existence of a TV signal could be explained away saying that its a mere piece of wire attached to ground and happens to be a harmonic of a TV channel's wavelength...

  9. JustWondering
    Facepalm

    " I don't know the magic behind it"

    "Magic"

    1. Mark 85

      Re: " I don't know the magic behind it"

      Ah... the FM* Theory of Operation..... Which translates from my engineering days when talking to marketing: We think you're too stupid to understand it.

      * FM = Frikkin Magic.

  10. P. Lee

    How long can it work?

    How soon will the bad guys get some triangulation equipment, map out the neighbourhood and get a heads-up when a mobile base-station enters the area?

    Phone-security-as-a-service anyone, with SMS updates?

    1. Anonymous Coward
      Anonymous Coward

      Re: How long can it work?

      No need. Either someone buys some properly secure phones (the government type version, with 2 SIM cards and no need for a data connection), or you switch to encrypted VoIP (plenty of providers, but not all very safe or free of backdoors).

      You can, for instance, buy a Seecrypt license online and thus secure the conversation irrespective of carrier encryption being breached or not.

      1. Tom 38

        Re: How long can it work?

        How would that stop your phone connecting to a base station and sending its IMEI (and location) to that base station?

  11. TheFinn

    "... but not without sending the ACLU a bill for $20,000 in "discovery fees" for copies of a series of pages from its website."

    Chilling effect?

  12. Anonymous Coward
    Anonymous Coward

    Here's a secret...

    You neighbor can listen in on all of your communication for as little as $100 in hardware and a little technical assistance.

  13. x 7

    "The TVs aren't transmitting anything"

    yes they are.....theres a heterodyne tuner in there pumping out RF frequencies which can leak through the antenna and be used to indicate which channel is being used

    of course on a CRT based TV you can pick up leakage from the tube, which will give away whats being viewed, while there are rumours around that a similar trick can be played on SOME flat screens

    and of course a laser played onto a window can be used to capture audio and so prove use that way

  14. Chrissy

    Air-mounted Stingray

    Hmm...I was on FlightRadar24 a while back and tracked a lone Cessna Titan making an eventual 20+ East/West passes with around a 500m separation between each pass, traversing a wide swathe of Surrey between East/West Farnborough to Leatherhead and North/South Woking to Guildford, at a consistent 7000ft and 145kt

    I would have though thought it was an update to terrain or residential photography ... except it was a Saturday night between 0000 and 0045 hrs: the photos wouldn't have been too good in the dark.

    I wonder if that Cessna had a Stingray on board to compile a database of IMEIs-to-Addresses, as I'm not sure what other surveying could be going on, considering

    a: it was night-time

    b: Ordnance Survey had the physical geography of the British Isles pretty well nailed down about, oh, a century ago.

    c: Any weekend night is a night when people are likely to be at their usual home

    d: thermal scanning for Marijuana farms could be done during the day

    I haven't seen it since, but TBH had forgotten about it until now.

    In case anyone else sees a similar flight profile or wants to dig deeper, its reg was G-BWLF out of East Midlands Airport.

    I need thicker tin-foil.

    1. x 7

      Re: Air-mounted Stingray

      G-BWLF belongs to RVL Group

      See http://www.rvl-group.com/about-us/

      "Our range of services includes aerial survey and surveillance, ad hoc and scheduled passenger and cargo flights, specialist aircraft modifications for survey work, full aircraft maintenance and the ability, unique among UK airlines, to offer an aerial dispersant spraying solution for the tackling of pollution at sea. "

      and from http://www.bloomberg.com/research/stocks/private/snapshot.asp?privcapId=117016865

      "Reconnaissance Ventures Limited Group owns and operates a fleet of 20 aircrafts and offers crewed aircraft services to government agencies and commercial companies. The company offers modification, maintenance, flight operation, flight crew training, advanced aerial survey techniques, scheduled services, and ad hoc charter services. It clientele includes maritime and coastguard agency, environment agency, ordnance survey, blom aerofilms, oil spill response, various high technology military defense, and research companies."

      keep wearing the tinfoil, what you saw may well have been a government surveillance

      1. Chrissy

        Re: Air-mounted Stingray

        Yeah, I poked around on G-INFO and saw that Company... that's what seemed so unusual.

        LHR sometimes has a Cessna out and about after last plane out doing ILS calibration, but that's always straight up and down the ILS beam, not a 10km wide swathe, so it can't have been doing ILS cailbration for Farnborough (espcially as F'boro has NO runway precisely East/West as this one was flying).

        2 pilots..... Saturday night/Sun morning.....+5hrs if you include mission prep, transit both ways and on-station..... double, triple or even quadruple bubble............Whoever the client was, they must have deep pockets.

        I can't see a commercial organisation justifying paying for such a weird time to be doing this. It all screams governmental.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like