Spyware

Last Thursday, the Department of Justice announced the immediate implementation of what it called an “enhanced policy” regarding the use of “cell-site simulators,” also known as “Stingrays.”

The enhanced policy essentially confirms that federal agents under DoJ jurisdiction – including those from the FBI, Drug Enforcement Administration, U.S. Marshals Service, Bureau of Alcohol, Tobacco and Firearms, and others, must get warrants before using Stingray technology to collect information about people.

However, this policy only covers organizations under direct DoJ jurisdiction, which does not include agents of the Department of Homeland Security, nor state- or local-level police.

The Fourth Amendment to the Constitution, which was ratified in December 1791 along with the rest of the Bill of Rights, sets limits on the government's behavior by guaranteeing “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures,” unless the government obtains a warrant based on probable cause to suspect that the person being searched is actually guilty of a crime.

New technology argument

And ever since 1791, whenever new technology has been introduced, various members of the government have tried arguing that the constitutional restrictions on their behavior shouldn't apply to this new technology, too. Such debates have become especially contentious ever since cell phones, the Internet, computers and related items made it technologically possible for governments to spy on their populations more thoroughly than ever before.

What exactly is a cell-site simulator, and why is its use so controversial? As the name suggests, cell-site simulators are devices that simulate cell phone towers in a way that forces cell phones in the area to broadcast information which can be used to locate and identify them. And of course, if you know the location and movement of a given cell phone, you probably know the same information about the cell phone's owner.

In February, the American Civil Liberties Union released records it had obtained via Freedom of Information requests from police agencies across the state of Florida, detailing widespread law enforcement use of Stingray surveillance. This surveillance was kept secret not only from ordinary American citizens, but from judges and the court system, too.

That secrecy was allegedly justified in the name of “national security” even though, as the ACLU noted at the time, a detailed list of over 250 investigations from just one city's police department showed that not a single case was actually related to national security. Since 2008, Florida alone spent more than $3 million on Stingrays and related equipment, according to the ACLU.

Not the locals

But the Department of Justice's new policy doesn't apply to local police departments. Indeed, right now it's impossible to say for certain how many Stingray towers there are, or how many government departments (at all levels) use them. The ACLU has produced a map illustrating “Stingray tracking devices: who's got them?” However, as the ACLU said in an explanation of the maps' limitations:

The ACLU has identified 54 agencies in 21 states and the District of Columbia that own stingrays, but because many agencies continue to shroud their purchase and use of stingrays in secrecy, this map dramatically underrepresents the actual use of stingrays by law enforcement agencies nationwide.

Stingrays, also known as "cell site simulators" or "IMSI catchers," are invasive cell phone surveillance devices that mimic cell phone towers and send out signals to trick cell phones in the area into transmitting their locations and identifying information. When used to track a suspect's cell phone, they also gather information about the phones of countless bystanders who happen to be nearby.

Which is why Linda Lye, an attorney with the ACLU of Northern California, told Ars Technica that the DoJ policy mandating federal agents get warrants before using Stingray is “a welcome and overdue first step, but it is just a first step. It doesn’t cover non-DOJ entities and it doesn’t cover the locals.”