Security
Headlines
HeadlinesLatestCVEs

Headline

Docs Show FBI Pressures Cops to Keep Phone Surveillance Secrets

Newly released documents highlight the bureau’s continued secrecy around cell-site simulators—spying tech that everyone already assumes exists.

Wired
#mac#intel#auth#sap#ssl

United States government records recently obtained by the American Civil Liberties Union show that state and local police authorities are continuing to trade silence for access to sophisticated phone-tracking technologies loaned out by the Federal Bureau of Investigation. To protect the secrets of the technology, documents show, police departments will routinely agree, if necessary, to drop charges against suspects who’ve been accused of violent crimes.

The documents, handed over by the FBI under the Freedom of Information Act, include copies of nondisclosure agreements signed by police departments requesting access to portable devices known as cell-site simulators, otherwise known by the generic trademark “Stingray” after an early model developed by the Harris Corporation. The FBI requires the NDAs to be signed before agreeing to aid police in tracking suspects using the devices. Stipulations in the contracts include withholding information about the devices, they’re functionality, and deployment from defendants and their lawyers in the event the cases prove justiciable.

Legal experts at the ACLU, Laura Moraff and Nathan Wessler, say the secrecy requirements interfere with the ability of defendants to challenge the legality of surveillance and keep judges in the dark as to how the cases before their court unfold. “We deserve to know when the government is using invasive surveillance technologies that sweep up information about suspects and bystanders alike," Moraff says. “The FBI needs to stop forcing law enforcement agencies to hide these practices.”

A key function of cell-site simulators is to masquerade as a cell tower in order to identify nearby networked devices. This hack works by weaponizing a common power-saving feature of most phones: connecting by default to the closest cell tower emitting the strongest signal. Once the “handshake” between the device and a phone begins, there are a variety of authentication protocols the device must overcome. Tricking modern phones into connecting with the simulator has grown increasingly complicated since the earliest versions of the device were strapped to planes and used to intercept communications on US battlefields.

Cell-site simulators used by police today come with additional modes and equipment to target individual phones in an area and can be used narrow their locations to a single home or apartment.

Multiple variants of the device are known to exist and some are capable of launching attacks more sophisticated and invasive than others. Some allow operators to eavesdrop on calls, or will force devices to execute unauthenticated commands that disable encryption or downgrade the connection to a lower and less secure network. One command sent by a phone, for example, can cause nearby cell towers to reject the device, rendering it incapable of network use.

Whether US government entities have ever employed some of these advanced features domestically is unknown. Certain models used by the federal government are known to come with software capable of intercepting communications; a mode in which the device executes a man-in-the-middle attack on an individual phone rather than be used to identify crowds of them. Manufacturers internationally have marketed newer simulators capable of being concealed on the body and have advertised its use for public events and demonstrations. It is widely assumed the most invasive features remains off-limits to local police departments. Hackers, meanwhile, have proven its possible to assemble devices capable of these feats for under $1,000.

Contractual language obtained by the ACLU shows police are required to use any “reasonably available” means to restrict the device from doing anything more than “recording or decoding electronic or other impulse to the dialing, routing, addressing and signaling information utilized in the processing and transmitting of wire or electronic communications.”

Other records show cell-site simulators are listed as defense articles on the United States Munitions List, meaning trade in the technology is ultimately regulated by the State Department. This designation is used by the FBI, however, in order to compel secrecy from state and local agencies requesting its aid, as unauthorized disclosures about defense technology is considered an arms control violation punishable by up to 20 years in prison and $1 million in fines.

Due to their interference with domestic cellular networks, use of the device for law enforcement purposes is authorized by the Federal Communications Commission.

Since the US v. Carpenter decision, in which the Supreme Court held that cellular data containing location data is shielded by the Fourth Amendment, the Department of Justice (DOJ) has required federal agencies to obtain warrants before activating cell-site simulators. This extends to police departments borrowing the technology from the FBI. The DOJ crafts the language used by police in these interactions with courts to control the amount of legal scrutiny that falls on the device. It does this by conflating cell-site simulators with decades-old police technologies like the “trap and trace” and “pen registers,” names for devices and programs capable of identifying incoming and outgoing calls, respectively, but which do not gather location data.

When police use the devices to locate a suspect on the loose or gather evidence of a crime, they are generally required by the FBI not to disclose it in court. In some cases, this leads police to launder evidence using a technique known as parallel construction, whereby the method used to collect evidence is concealed by using a different method to collect the same information again after the fact. The practice is legally controversial, particularly when undisclosed in court, as it prevents evidentiary hearings from weighing the legality of actual police conduct.

Documents show police are advised to pursue “additional and independent investigative means and methods” to obtain evidence collected through use of a cell-site simulator, though suggestions provided by the FBI on how this could be accomplished were redacted by the bureau.

The power of judges to toss evidence seized in contravention of a defendant’s rights is, the Supreme Court wrote in 1968, the only true defense Americans have against police misconduct. Without it, then-chief justice Earl Warren wrote, “the constitutional guarantee against unreasonable searches and seizures would be a mere ‘form of words.’”

Under the US system, Warren wrote, “evidentiary rulings provide the context in which the judicial process of inclusion and exclusion approves some conduct as comporting with constitutional guarantees and disapproves other actions by state agents.” Allowing police and prosecutors to authenticate their own evidence, he added, would make the courts essentially party to “lawless invasions” of American’s privacy. Withholding information from judges about the ways in which evidence is collected, therefore, may easily interfere with one of the court’s most sacred duties; forestalling at the same time any scrutiny as to the constitutionality of the state’s conduct.

The FBI, meanwhile, argues that secrecy is necessary, as revealing information about such devices would enable criminals to “diminish or thwart law enforcement efforts.” Information about them is therefore designated “law enforcement sensitive” or “protected homeland security information,” terms that describe unclassified information the government deems “for official use only.” These designations generally prevent documents from being disclosed to the public and may exempt from use in legal proceedings.

The FBI employs a “jigsaw” or patchwork theory of disclosure, documents show, to keep even minor details about cell-site simulators hidden from the public. It argues that details, no matter how small, may “like a jigsaw puzzle,” eventually combine to reveal critical information about the technology. Because the devices are used in counterterrorism cases and in a counterintelligence capacity, the FBI further argues that revealing information about cell-site simulators would have a “significant detrimental impact on the national security of the United States.”

The idea of prosecutors dropping cases merely to protect word from spreading about the use of an already well-known device is particularly concerning due to the gravity of crimes typically involved in cases where police bother to deploy them. Documents obtained by the ACLU show, for example, that police requested technical assistance from the FBI in May 2020 during a manhunt for a gang-affiliated suspect wanted of multiple murders. “This is a serious crime and a good use of our assistance abilities,” an FBI official wrote in response to the request. Though redacted to protect the privacy of the individuals involved, the document indicates the suspect had recently attacked a female victim leaving her greatly injured.

The arguments compelling all this secrecy is difficult to square with the reality that, in the year 2023, both innocent people and criminals alike are far from naïve about how much like a tracking device cell phones actually are. The controversy around “stingrays” is so old that the tactical advantage they once offered exclusively to military spies works far more efficiently today as a commercial capability. To wit, finding a phone is now a standard feature on nearly all phones.

Whether everyday people comprehend that their phones are constantly broadcasting their locations is a question best answered by the man who was caught stowing his phone in a potato chip bag so he could play golf instead of work—a trick so effective (or possibly unnecessary) that, in the end, it took an office snitch to bring him down. It’s hard to imagine the crime spree the man might’ve pulled off had he only applied this advanced telecommunications mastery toward some more felonious endeavor.

While the golfer was hailed widely as a “MacGyver” in the press, the trick he used to deceive his employer was first popularized in the 1998 thriller Enemy of the State. Early in the film, Gene Hackman’s character grabs and stuffs Will Smith’s phone into a potato chip bag (screaming at him, meanwhile, that the NSA can “read the time off your fucking watch.”) The film is worth mentioning because cell phones were essentially new at the time—which is to say, the knowledge, or belief, that law enforcement can track people’s movements based on their cellphones entered the mainstream back when fewer than 25 percent of Americans owned one.

A man buying his counter surveillance from a snack machine to avoid work doesn’t care how the trick works, though anybody who has ever lost a radio signal in parking garage is equipped to solve that mystery. The FBI can track cell phones. Unscrupulous golfers know it. Bank robbers and terrorists are presumably also clued in on this now. And no amount of silence that police or prosecutors ever agree to is going to diminish that.

Wired: Latest News

More Spyware, Fewer Rules: What Trump’s Return Means for US Cybersecurity