StingRay Hits The Big Time

Sure, those of us who focus on cool stuff used by cops have been aware of the existence of the StingRay, the cell site simulator, which spoofs a cell tower to capture all cellular service within its sphere.  We’re also aware that its manufacturer, the Harris Corp., sells them subject to a non-disclosure agreement.

Based upon this, federal law enforcement agencies have lied to courts and the public about its existence, its function and its actual use in particular investigations.  But not because they’re bad people, but because the NDA requires them to, and they really can’t tell or the bad dudes won’t fall into their trap.

But that’s all done now, as StingRay has gone big time, gracing the pages of the New York Times.  Well, “done” may not be an accurate description.

The issue led to a public dispute three weeks ago in Silicon Valley, where a sheriff asked county officials to spend $502,000 on the technology. The Santa Clara County sheriff, Laurie Smith, said the technology allowed for locating cellphones — belonging to, say, terrorists or a missing person. But when asked for details, she offered no technical specifications and acknowledged she had not seen a product demonstration.

Sounds like a great business plan. Buy some really expensive piece of equipment that you know nothing about and no one has seen work.

Buying the technology, she said, required the signing of a nondisclosure agreement.

“So, just to be clear,” Joe Simitian, a county supervisor, said, “we are being asked to spend $500,000 of taxpayers’ money and $42,000 a year thereafter for a product for the name brand which we are not sure of, a product we have not seen, a demonstration we don’t have, and we have a nondisclosure requirement as a precondition. You want us to vote and spend money,” he continued, but “you can’t tell us more about it.”

And so the Santa Clara board, in honor of its duty of due diligence to the taxpayers it represents, did what?

At the meeting in Santa Clara County last month, the county supervisors voted 4 to 1 to authorize the purchase, but they also voted to require the adoption of a privacy policy.

Bazinga. Half a mil, sight unseen, because…

(Sheriff Smith argued to the supervisors that she had adequately explained the technology and said she resented that Mr. Simitian’s questioning seemed to “suggest we are not mindful of people’s rights and the Constitution.”)

Of course, Smith hadn’t seen a demo either, but “adequate explanations” don’t require actual knowledge. It’s all in how you tell the story.  But certainly now, after committing to the half mil expenditure of other people’s money, they would be entitled to see what they’ve paid for?

A few days later, the county asked Harris for a demonstration open to county supervisors. The company refused, Mr. Simitian said, noting that “only people with badges” would be permitted. Further, he said, the company declined to provide a copy of the nondisclosure agreement — at least until after the demonstration.

Too late. You bought it already, you badge-less believers. And after all, who says Santa Clara County supervisors aren’t terrorists or missing persons?  Or anyone else whose calls will be swept up by the StingRay, as it doesn’t distinguish between good guy transmissions and bad guys.

The information is generally out there about what the StingRay purports to do, that it captures “texts, calls, emails and other data” by tricking devices into believing it’s a cell tower. How it works, and what information it collects, isn’t quite as clear.

“It’s scanning the area. What is the government doing with that information?” said Linda Lye, a lawyer for the American Civil Liberties Union of Northern California, which in 2013 sued the Justice Departmentto force it to disclose more about the technology. In November, in a response to the lawsuit, the government said it had asked the courts to allow the technology to capture content, not just identify subscriber location.

Moreover, it’s unclear how wide-spread its use is, and whether law enforcement obtains warrants or conceals its use, lying to courts and defendants about the source of information used via “parallel construction,” making up a false explanation for the source of information to conceal the actual investigative means.  With this, the need for, and absence of, a search warrant can also be concealed from a court and the defendant.

But it has to be, because we can’t let the terrorists (or judges) know the cool tricks available to law enforcement.  And when caught, law enforcement demurs.  After all, there’s the non-disclosure agreement.  “Judge, we can’t violate the NDA. It would be wrong!”

“It might be a totally legitimate business interest, or maybe they’re trying to keep people from realizing there are bigger privacy problems,” said Orin S. Kerr, a privacy law expert at George Washington University. “What’s the secret that they’re trying to hide?”

Aside from the ironic use of a lawprof as knowledgeable as Orin for such an obvious quote (no doubt Orin had far more significant things to say, but this is what the reporter chose to include), therein lies the problem. You don’t know what you can’t know.

Yet, the rationale for keeping the StingRay details from everyone without a shield is that Harris Corp. says so.

Jon Michaels, a law professor at the University of California, Los Angeles, who studies government procurement, said Harris’s role with the nondisclosure agreements gave the company tremendous power over privacy policies in the public arena.

“This is like the privatization of a legal regime,” he said. Referring to Harris, he said: “They get to call the shots.”

So what if there’s a Fourth Amendment?  So what if they build granite courthouses with wood-paneled courtrooms and big benches for federal judges to hide behind. Harris Corp. says no, you’re unworthy of knowing.

And like the supervisors in Santa Clara, and the judges pretty much everywhere, suck it up, accept your unworthiness with equanimity and pay the half million dollars plus.  After all, you don’t want the terrorists to win, right?

27 thoughts on “StingRay Hits The Big Time

  1. Bartleby the Scrivener

    Police agencies need to document their requirements for vehicles, firearms, uniforms, ammunition, training, policies, and so on, but when it comes to this one item, they can’t so much as tell us what it’s doing?

    Yeah, I don’t think so; that fails the stink test. It tells me it not only *can* violate our Fourth Amendment rights, but that it probably *does*. As a matter of fact, I’m thinking this product is designed to do just that!

    It seems to me this NDA would be contrary to public policy in some way, since it is disguising the fact of a violation of the public’s right to privacy. I hope some moral and right thinking AG gets his hands on this and finds a way to tie it to a RICO statute, so the people who are engaged in this garbage go away for a very long time.

    This is an example of why I’m uncomfortable with so many of our rights being vested in ‘reasonable expectations’, since those can be easily changed over time by micro-invasions that end up being massive invasions.

    Why do I feel like the old man waving my cane and screaming, ‘get off my lawn’?

  2. Voltaire

    I’d be curious to know what the cell phone companies think of all this (granted not because I think they are particularly concerned about their customers privacy, but more so that a device might be highjacking some of their spectrum without paying a fee) and if there is any recourse for the companies to take…

    1. SHG Post author

      Then you should put your effort into contacting the cell phone companies rather than commenting here, since this comment is off-topic, illuminates nothing and has no possibility of getting an answer. Plus, what does your curiosity have to do with anything?

          1. Fubar

            [FCC Memorandum opinion and order FCC 14-105 (FOIA Control No. 2013-255) might partially satisfy both your and Voltaire’s curiosity.

            tl;dr: We don’t got to show you no stinking badges!]

  3. Jack

    I’m really interested to see where this goes in the next year or two, because commercial IMSI catchers are starting to pop up on the black market from China and plans for building them (which is apparently cheap and easy – under $1500) are starting to show up online and have been demonstrated.

    I wonder how law enforcement is going to approach criminals using these and if their NDAs will get in the way? The police and military may have had a monopoly on StingRays for more than a decade, but just like with all other tech, it pops up on the open market eventually – and that is finally happening for this.

    1. SHG Post author

      If you have plans for one that can be built for $1500, send it to me. I plan to undercut Harris and sell them for $479,995. I’ll be RICH!!!

      1. Jack

        All you need is a laptop, a couple RF transmitters (like the HackRF one), a simple SDR antenna and knowledge of what dark cracks in the internets to look into for the software to make it work. The POC was demonstrated back in 2010 at Defcon.

        Of course, you can just hop on Alibaba and there are thousands of commercial IMSI catchers for a few grand. [Ed. Note: Link deleted per rules.]

          1. Not Jim Ardis

            You’re a lawyer. We expect only serious and dour statements from you, as befitting your most august calling.

  4. John Barleycorn

    We’ll its good to see even an original AOL subscriber such as yourself is keeping up with the “signal intelligence” news esteemed one even if it is part of your day j_o_b to keep up with the cool stuff the cop-ers have in the tool kit.

    So what gives? You have flirted with this subject before but it hasn’t made it into the regular rotation yet. Have you finally had enough of all those all too shiny warrants floating about?

    It’s always nice to see one of your posts boiling with links. Perhaps you should slip down the rabbit hole on this subject and look for some of the carefully hidden trap doors within along the way and put it on the roster?

    Who knows you might even accidentally slip up or knock your head on an exposed root on the trip down the rabbit hole and share some of the theories you have had brewing on the back burner about what’s cooking in your corner of the legal guild to deal with this nefarious nuisance the boys and girls in blue have adopted from Eisenhower’s nightmares and have been playing with a little recklessly.

    The cloaked trail of a suspiciously shinny warrant is nothing new as you point out.

    Tell us of the reflections you see and hopefully intend to feed back to the new breed of jackals feeding upon the “signals”. The NDA contracts alone must infuse the capillaries of your jaw muscles with an oxygenated determination.

    P.S. …”the existence of StingRay, the cell site simulator, which spoofs a cell tower to capture all cellular service within its sphere.”

    This might be your most understated sentence of the month considering this technology’s has both active and passive capabilities.

    Happy Tripping…somebody’s got to do it.

      1. John Barleycorn

        TY. The cheap seats have been reading the scouting reports. You are making the right move.

        It is looking like that StingRay kid got-s some skilz. Skilz that might go to his head.

        Put that new kid on the roster and cut that little fucker down to size before he signs with another club.

        If that little fucker makes it to free agency before he learns some respect the game will never be the same.

  5. Bartleby the Scrivener

    Do the police try and use that stupid NDA to deny the rights of discovery to the defense? I’m thinking even the most unreasonable judge around would laugh at that and tell the police agency/DA to turn over the information or have the case thrown out.

      1. John Barleycorn

        Pro Tip: Whenever the esteemed one uses a big word in his closing paragraph it is a good idea to read the post’s links. Especially if a big word plays a descriptive role in a sarcastic sentence.

        After browsing through the links proceed to the cheap seats with as many beers as concessions will allow you to purchase at one time while equanimity cursing this sneaky attempt by the “management” to influence your state of mind and behavior as you pass by the ushers.

        After finding your seat take two or three sips of beer and let the magnificence, simple joy, and freedom of spring begin to wash over you as you stare across the field and down the foul line to home plate.

        At any moment the other sights and sounds of the humanity that surrounds you will begin to put you in a trance a few minutes prior to the home plate umpire declaring “lets play ball”.

        It is at this precise moment you should let out a bellowing and thunderous heckle directed at no one and everyone in particular on the field of play belittling their casual acceptance of the managements beer concessions policy while insinuating this disregard of their historical duty to cheap seats life, liberty, and the pursuit of happiness could lead to an insurrection one day.

        In the meantime don’t forget to bring your am radio and tune into the wiffleball pre-game chatter.

      2. Bartleby the Scrivener

        Sorry – I’m usually reading this from work, so on a good day I can read the links, and on a bad day I can only read what you’ve written.

        …and I’m REALLY sorry I missed it. Mygod. Why are we not in the streets screaming about this?! This is worse than horrific! This is happening in the USA?! Is the 4th Amendment gone?!

        I cannot properly describe my reaction to this. My vocabulary is insufficient.

  6. Pingback: Big Fish, Small Fish and Sting Rays | Simple Justice

Comments are closed.