Judge Requires Warrant for Use of StingRay Surveillance Device

By Jerri-Lynn Scofield, who has worked as a securities lawyer and a derivatives trader. She now spends much of her time in Asia and is currently working on a book about textile artisans.

A New York state judge last week ruled that use of a  “StingRay”, a surveillance device that mimics legitimate cellular phone towers, constitutes a search and therefore under most circumstances requires a warrant, based on probable cause.

New York joins other states in concluding that a warrant is necessary for police to use such a device. As Ars Technica reports in If NYPD cops want to snoop on your phone, they need a warrant, judge rules, in September, the influential District of Columbia Circuit Court of Appeals also decided that use of a StingRaysusually requires a warrant (read the decision here).  Earlier a federal district judge in California in August of this year also decided use of a StingRay required a warrant, but determined that due to exigent circumstances, a warrant wasn’t necessary in that case (read the decision here).

In his recent opinion, New York State Supreme judge Martin Murphy ruled:

By its very nature, then, the use of a cell site simulator intrudes upon an individual’s reasonable expectation of privacy, acting as an instrument of eavesdropping and requires a separate warrant supported by probable cause rather than a mere pen register/trap and trace order such as the one obtained in this case by the [New York Police Department] (original emphasis; citations omitted).

Therefore, the failure to obtain a proper eavesdropping warrant here prejudiced the defendant since the most useful-and needed information-ie. his location-was procured from the unlimited use of the cell site simulator. As conceded by the People, the police here were only able to gather the needed location information when they began to track the defendant’s phone on or about April12, 2016 with that enhanced technology and only then. The apprehension of the defendant was therefore accomplished only through the use of the improperly obtained information (original emphasis).

The  New York Times reports in Brooklyn Judge’s Ruling Raises Bar for Covert Cellphone Tracking

New York Police Department’s use of cell-site simulators was almost entirely shrouded in secrecy until last year, when documents obtained by the New York Civil Liberties Union showed that the department used the devices on 1,016 occasions from 2008 to 2015. They were generally used for the most serious offenses, like murders, rapes, shootings and robberies, and sometimes for lesser crimes.

Judge Murphy’s decision reins in the use of such technology by the country’s largest police force for now. It comes at a time when law enforcement entities increasingly seek to use technology for surveillance and push the limits of what’s tolerated– despite US Constitutional requirements.

As Gizmodo reported last week ,in Texas   Paid Hundreds of Thousands to Spy on Cellphones With Surveillance Planes:

Last year, military surveillance aircraft in Texas were outfitted with devices designed to spy on cellphones, including their location, numbers dialed, text messages and photos and even the content of their calls, The Texas Observer reports. The newspaper obtained documents between the Texas National Guard, the DEA and a Maryland-based company called Digital Receiver Technology (DRT) outlining a $373,000 contract to install cellphone surveillance software on the planes as part of anti-drug trafficking operations. The money reportedly came from Texas drug asset forfeiture funds.

Similar to controversial stingray devices, DRT’s systems—nicknamed “dirt boxes”—mimic cellphone towers, connecting to every smartphone within a specific area. Because they connect with all smartphones, it’s nearly impossible to avoid collecting private data from people who aren’t suspects, but just happen to be in the target area.

Those that use these devices have steadfastly sought to keep their use secret, as well as other details about the device’s capabilities. The New York Civil Liberties Union is not alone in raising concerns about secrecy:

Privacy advocates have long derided cell-site simulators because they operate in secrecy. Authorities have fought hard to withhold information on how much data stingrays collect, even dropping charges rather than revealing information about the technology. The Justice Department, however, has policies for the use of such devices by federal agencies and police departments that partner with them: officials must secure a warrant before using them in criminal investigations and must delete all data on users not targeted within 30 days. The rules do not apply to “national security” operations.

The Department of Justice was a fairly late convert to the position that use of StingRays should require a warrant, as the Electronic Frontier Foundation reported in Finally! DOJ Reverses Course and Requires Warrants for Stingrays! in September 2015:

At long last, the U.S. Department of Justice (DOJ) has announced a slew of much-needed policy changes regarding the use of cell-site simulators. Most importantly, starting today all federal law enforcement agencies—and all state and local agencies working with the federal government—will be required to obtain a search warrant supported by probable cause before they are allowed to use cell-site simulators. EFF welcomes these policy changes as long overdue.

Colloquially known as “Stingrays” after Harris Corporation’s brand name for a common model, cell-site simulators masquerade as legitimate cell phone towers, tricking phones nearby into connecting to them. This allows agents to learn the unique identifying number for each phone in the area of the device and to track a phone’s location in real time. But Stingrays can get a lot more than just identifying numbers and location data—by virtue of the way they work, all mobile traffic (voice, data, and text) from every phone in the area could be routed through the Stingray, giving the operator the option to do anything from recording entire calls and texts, to selectively denying service to particular phones.

Until recently, law enforcement’s use of Stingrays has been shrouded in an inexplicable and indefensible level of secrecy. At the behest of the FBI, state law enforcement agencies have been bound by non-disclosure agreements intended to shield from public scrutiny all details about the technical capabilities and even model numbers of the devices. Law enforcement has gone to extreme lengths to protect even the most basic information about them, even dropping charges rather than answering judges’ questions about them. Although today’s policy changes don’t directly affect the non-disclosure agreements already in place, the tone of the announcement, along with a clarification from May, gives us hope that more transparency is on the way.

Unfortunately, I am much less optimistic than the EFF– writing in September 2015– was about the prospects for further transparency under a Department of Justice overseen by Attorney General Jeff Sessions is Attorney General (or, for that matter, under any successor that Trump might appoint to that position).

Will These Decisions Stand?

But these recent judicial decisions provide some cause for optimism. The key question of course is will they will be upheld on further review by higher level courts. In this respect the decision by the United State Court of Appeals for the District of Columbia Circuit is more significant than that rendered last week by  Judge Murphy– a state court judge.

 

Print Friendly, PDF & Email

9 comments

  1. flora

    This is good news. The original passage and overly broad interpretation of laws pertaining to electronic data gathering were, imo, due to Congress and many jurists not understanding that new technology doesn’t change the law.

    For example:
    Assuming that data gathered from a cell phone does not require a warrant, whereas data gathered from a landline does require a warrant. It is the act of eavedropping, not the device being eavesdropped on, that is the issue.

    I’m glad to see the bench is realizing, after having had time to reconsider, that the technology used is not, or should not be, an end run around the law. (No matter what Uber says.)

    I expect there will be appeals of these decisions. Still, good news. The bench is not uniformly asleep.

    Thanks for this post.

    1. flora

      adding: Some plucky prosecutor could try introducing as evidence in court illegally obtained, type-written papers. Said prosecutor could argue that only quill-pen written, ink-on-paper documents are protected by the Constitution. Yes, his argument would fail. But, he could give it a try. ;)

    2. Anon

      The Judicial branch is slowly recognizing that THEIR conversations could readily appear on some transcript and that gaining access to ones life patterns (meta data) is just as revealing.

  2. Westcoaster

    My recurring question on the “Stinkray” device is, where are the licenses to use the RF spectrum? These devices are transmitters using greater than 100 mw of power and THAT requires a license from the FCC.
    Under their rules, the penalty is $10K per occurrence, so where can I turn them in and get my whistleblower money?
    BTW Jerri-Lynn, you sure seen to be able to crank out great articles while you’re working on the book. You’re what we used to call an “over-achiever”!

  3. False Solace

    > Stingrays can get a lot more than just identifying numbers and location data—by virtue of the way they work, all mobile traffic (voice, data, and text) from every phone in the area could be routed through the Stingray, giving the operator the option to do anything from recording entire calls and texts, to selectively denying service to particular phones.

    So mobile phones just stupidly connect to every available tower and transmit everything in plaintext without any encryption or security handshake whatsoever? How could that possibly go wrong? /s

    This looks like yet another example of willful, convenient stupidity where tech companies evade the most basic responsibility for keeping customer data secure, and the security state happily hoovers everything up and stores it forever. There is no conceivable universe where this set of circumstances ends well.

    1. Johnny Pistola

      “There is no conceivable universe where this set of circumstances ends well.”

      Well, I can imagine another, where shared info benefits all, but not this one right now.

  4. Tyronius

    Why does this make me feel like we’re being given a false sense of security? In our current security state, the authorities- any of them- seem to be granted authority without regard to the constitutional rights of citizens and that only gets walked back (if at all) after a long, hard fought battle to protect the rights we are supposed to have all the time. There is fundamentally everything wrong with this approach and leads obviously to an environment of mutual mistrust between citizens and our government, which is itself corrosive to democracy.

Comments are closed.