Jun 29

Stingrays that attack our civil liberties!

news-police-stingrayWhat if I told you there is technology out there that could intercept cell phone data by acting as a cell phone tower? What if this technology had no way to isolate the calls, so that anyone that uses this device in a given area is forced to obtain sensitive information from your phone as well as the target’s device?

These “cell site simulators” aka “International Mobile Subscriber Identity (IMSI) catchers” are used in many areas of the government including the FBI. The bad part is the Harris Corporation StingRay’s are indiscriminate in the way they collect data meaning they intercept everyone’s cell phone data (using the 25 watt StingRay device) within several kilometers of the device when it is turned on.

surveillance-stingray-cell-phoneHow it works: Your cell phone device seeks out a connection to the nearest cell phone tower, even when it’s not being used. The StingRay device, when turned on, simulates a cell phone tower. The StingRay gathers information via cell phones by sending out a signal that tricks the cell phones into connecting to the StringRay device. It is a box shaped portable device that collects hundreds of unique phone identifying codes, such as the IMSI, and Electronic Serial Number (ESM). The authorities can then hone in on specific phones of interest to monitor the location of the user in real time or use a spy tool to log a record of all phones in a targeted area at a certain time (arstechnica.com, 2015).

When the suspect’s cell phone is found, the StingRay measures the strength of the suspect’s cell phone to get a general location on a map. Using the signal information from various locations help the device to triangulate the location of the suspect’s phone more efficiently.

StingRays can be used with with other software such as “Fishhawk” used to eavesdrop on conversations.  StingRay family devices can be used in vehicles such as airplanes, helicopters, vans, cars, and unmanned helicopters.  They also are not just limited in capabilities to eavesdropping, they can be used for encryption key extraction, and conducting denial of service attacks for example.

The thing is there isn’t just one type of device, but many other versions of devices like the StingRays out there used to track cell phone calls. In fact there are different model types of StingRays such as the KingFish, TriggerFish, and HailStorm.

Hailstorm is the type of StingRay device Michigan’s Oakland County law enforcement agency purchased in 2014.  The difference is the HailStorm can track 4G phones where older StingRay devices can only track 2G devices.

To me this is nothing new, and growing up in an age of computers, doesn’t surprise me as I see cameras in every public arena possible.  Of course I made it a point to read George Orwell’s 1984 as a kid, and pretty much saw what his fears were in this book, quickly coming real as a kid.  That doesn’t mean we should lay down and stand for it either, thus why I’m writing this to hopefully increase awareness.

The problem I have with StingRay tracking devices is that these devices violate the Forth Amendment’s warrant requirement before obtaining phone data from service providers or tracking phones directly. The StingRay tracking device can instantly gather information from all devices in the area around an investigation.  This includes gathering information from people that may be part of the investigation as well as gathering information from those in the area that are not part of the investigation.  The majority of the device information collected is from those that are not part of the investigation.

hydraThe government can use these tracking mechanisms much like Hydra did in the scene from Captain America when Hydra started tracking individuals by their actions or reactions in the real world and killing them. Given this is an extreme example, but art imitates reality here in the way that the government agencies using this technology can reasonably stereotype and individual based on their locations and interactions on their cell phone device. Hydra’s examples also have historical references in the way that Hitler eliminated his opposing politicians in order to take over the German government.

Who has a StingRay in the USA (map)?The American Civil Liberties Union (ACLU) currently maintains a list of 53 federal law enforcement agencies known to use the technology throughout 21 of the United States.

To quote the ACLU, “In order to protect both privacy and First Amendment rights, the law needs to keep up with technology. The government must be open about the use of these powerful tools and put rules on their usage in place to protect people’s Fourth Amendment rights and prevent abuse (www.ACLU.org, 2015).”

What can we do about it?  Well, according to the Detroit News article, we obviously need to be active enough to increase public awareness prior to our commissioners making a decision to approve technology like this.  The article cited that none of the Oakland County commissioners in March of 2014 asked questions about the HailStorm purchase prior to it actually being approved.  Thus exposing the voters of their county to privacy issues.

ignoranceThese 21 elected commissioners should be held responsible as they are elected to ask questions and make decisions without just simply glazing over and approving everything that comes across the table.

Everyone, not just the commissioners, needs to understand issues like this and be able to research or table decisions if they don’t know enough about technology purchases prior to approving them.

The government often speaks of transparency, but seldom gives it… just another case and point with the HailStorm purchase.

To learn more about some of the issues in regard to StingRays, feel free to visit the Electronic Frontier Foundation’s website on Stingrays.  In particular, make sure you read about “The Rigmaiden Case.”  It seems like the government and policing agencies like to continue to mislead those in power by not giving them enough information, and it’s not just limited to Michigan!!!

Indeed the biggest problem with the StingRay device may not be the device itself, but how the use and capabilities of the StingRay devices are kept secret from the court, politicians, as well as the public by the United States law enforcement community.

This entry was posted in Information Assurance and tagged , , , , , , , , , , . Bookmark the permalink.