Electronic Frontier Foundation
Cell-Site Simulators/IMSI Catchers
Cell-site simulators, also known as Stingrays or IMSI catchers, are devices that masquerade as legitimate cell-phone towers, tricking phones within a certain radius into connecting to the device rather than a tower.
Cell-site simulators operate by conducting a general search of all cell phones within the device’s radius, in violation of basic constitutional protections. Law enforcement use cell-site simulators to pinpoint the location of phones with greater accuracy than phone companies. Cell-site simulators can also log IMSI numbers (unique identifying numbers) of all of the mobile devices within a given area. Some cell-site simulators may have advanced features allowing law enforcement to intercept communications or even alter the content of communications.
Criminal defense attorney?
Check out our legal resources on cell-site simulators
How Cell-Site Simulators Work
Cellular devices connect to cell sites with the strongest signals. To exploit this, cell-site simulators broadcast signals that are either stronger than the legitimate cell sites around them, or are made to appear stronger. This forces devices to disconnect from their service providers’ cell sites and to instead establish a new connection with the cell-site simulator. Cell-site simulators also have passive capabilities, such as identifying legitimate cell sites and mapping out their coverage areas.
It is difficult for a layperson to know whether or not their phone has been accessed by a cell-site simulator. Apps for identifying the use of cell-site simulators, such as SnoopSnitch, may not be verifiably accurate. Security researchers at the University of Washington have designed a system to measure the use of cell-site simulators across Seattle. There are other researchers, including those at EFF, looking into this further.
What Kinds of Data Cell-Site Simulators Collect
Data collected by cell-site simulators can reveal intensely personal information about anyone who carries a phone, whether or not they have ever been suspected of a crime.
Once cellular devices have connected with a cell-site simulator, it can determine your location and access identifying data such as IMSI or ESN numbers directly from your mobile device. It can also intercept metadata (such as information about calls made and the amount of time on each call), the content of unencrypted phone calls and text messages and data usage (such as websites visited). Additionally, marketing material indicates that they can be configured to divert calls and text messages, edit messages, and even spoof the identity of a caller in text messages and calls.
How Law Enforcement Uses Cell-Site Simulators
Police can use cell-site simulators to try to find a suspect when they already know their phone’s identifying information, or to scoop up data on anyone in a specific area. Some cell-site simulators are small enough to fit in a police cruiser, allowing law enforcement officers to drive to multiple locations, capturing from every mobile device in a given area—in some cases up to 10,000 phones at a time. These indiscriminate, dragnet searches include phones located in traditionally protected private spaces, such as homes and doctors’ offices.
Law enforcement officers have used information from cell-site simulators to investigate major and minor crimes and civil offenses. Baltimore Police, for example, have used their devices for a wide variety of purposes, ranging from tracking a kidnapper to trying to locate a man who took his wife’s phone during an argument (and later returned it to her). In one case, Annapolis Police used a cell-site simulator to investigate a robbery involving $56 worth of submarine sandwiches and chicken wings. In Detroit, U.S. Immigration and Customs Enforcement used a cell-site simulator to locate and arrest an undocumented immigrant.
Police have even deployed cell-site simulators at protests. The Miami-Dade Police Department apparently first purchased a cell-site simulator in 2003 to surveil protestors at a Free Trade of the Americas Agreement conference.
Cell-site simulators are used by the FBI, DEA, NSA, Secret Service, and ICE, as well as the U.S. Army, Navy, Marine Corps, and National Guard. U.S. Marshals and the FBI have attached cell-site simulators to airplanes to track suspects, gathering massive amounts of data about many innocent people in the process. The Texas Observer also uncovered airborne cell-site simulators in use by the Texas National Guard.
A recent Congressional Oversight Committee report called on Congress to pass laws requiring a warrant before using cell-site simulators. Some states, such as California, already require a warrant, except in emergency situations.
Who Sells Cell-site Simulators
Harris Corporation is the most prevalent company providing cell-site simulators to law enforcement. Their Stingray product has become the catchphrase for these devices, but they have subsequently introduced other models, such as Hailstorm, ArrowHead, AmberJack, and KingFish. Digital Receiver Technology, a division of Boeing, is also a common supplier of the technology, often referred to as “dirtboxes.”
Other sellers of cell-site simulators include Atos, Rayzone, Martone Radio Technology, Septier Communication, PKI Electronic Intelligence, Datong (Seven Technologies Group), Ability Computers and Software Industries, Gamma Group, Rohde & Schwarz, Meganet Corporation. Manufacturers Septier and Gamma GSM both provide information on what the devices can capture. The Intercept published a secret, internal U.S. government catalogue of various cellphone surveillance devices, as well as an older cell-site simulator manual made available through a Freedom of Information Act request.
Threats Posed by Cell-Site Simulators
Cell-site simulators invade the privacy of everyone who happens to be in a given area, regardless of the fact that the vast majority have not been accused of committing a crime.
The use of cell-site simulators have been shrouded in government secrecy. Police have used cell-site simulators to track location data without a warrant, by deceptively obtaining “pen register” orders from courts without explaining the true nature of the surveillance. In Baltimore, a judge concluded that law enforcement had intentionally withheld the information from the defense, in violation of their legal disclosure obligations. For a while, police departments tried to keep the use of cell-site simulators secret from not just the public but also the court system, withholding information from defense attorneys and judges—likely due to non-disclosure agreements with Harris Corporation. Prosecutors have accepted plea deals to hide their use of cell-site simulators and have even dropped cases rather than revealing information about their use of the technology. U.S. Marshalls have driven files hundreds of miles to thwart public records requests. Police have tried to keep information secret in Sarasota, Florida, Tacoma, Washington, Baltimore, Maryland, and St. Louis, Missouri.
In light of this secrecy, the FBI told police officers to recreate evidence from the devices, according to a document obtained by the nonprofit investigative journalism outlet Oklahoma Watch.
Cell-site simulators often disrupt cell phone communications within as much as a 500-meter radius of the device, interrupting important communications and even emergency phone calls. Cell-site simulators have been shown to disproportionately affect low-income communities and communities of color. In Baltimore, the use of cell-site simulators disproportionately impacted African-American communities, according to a map included in an FCC complaint that overlaid where Baltimore Police were using stingrays over census data on the city’s black population.
Cell-site simulators rely on a vulnerability in our communications system that the government should help fix rather than exploit.
EFF’s Work on Cell-Site Simulators
For the reasons above, EFF opposes police use of cell site simulators. Insofar as law enforcement agencies are using cell-site simulators in criminal investigations, EFF argues that use should be limited in the following ways:
Law enforcement should obtain individualized warrants based on probable cause;
Cell-site simulators should only be used for serious, violent crimes;
Cell-site simulators should only be used for identifying location;
Law enforcement must minimize the collection of data from people who are not the targets of the investigation.
Litigation
We filed a Freedom of Information Act lawsuit to expose and shine light on the U.S. Marshals Service’s use of cell-site simulators on planes.
Along with the ACLU and ACLU of Maryland, we filed an amicus brief in the first case in the country where a judge threw out evidence obtained as a result of using a cell-site simulator without a warrant.
We filed an amicus brief, along with the ACLU, pointing a court to facts indicating that the Milwaukee Police Department secretly used a cell-site simulator to locate a defendant through his cell phone without a warrant in U.S. vs. Damian Patrick. (The government then admitted to having used it.)
Legislation
We were original co-sponsors of the California Electronic Communications Privacy Act (CalECPA), along with the ACLU and the California Newspaper Publisher Association. This bill requires California police to get a warrant before using a cell-site simulator. Any evidence obtained from a cell-site simulator without a warrant is inadmissible in court.
EFF supported S.B. 741, which requires transparency measures regarding the use of cell-site simulators. We are in the process of collecting these policies.
Further Research
EFF has been investigating the use of cell-site simulators against Water Protectors and their allies at the Dakota Access Pipeline at the Standing Rock Sioux Reservation in North Dakota. We are currently doing further research on the technical aspects of cell-site simulators.
EFF Cases
State of Maryland v. Kerron Andrews
U.S. v. Damian Patrick
EFF v. U.S. Department of Justice
For More Information
Your Secret Stingray's No Secret Anymore: The Vanishing Government Monopoly over Cell Phone Surveillance and Its Impact on National Security and Consumer Privacy (Harvard Journal of Law and Technology)
Examining Law Enforcement Use of Cell Phone Tracking Devices (House Oversight Committee)
The Relentless “Eye” Local Surveillance: Its Impact on Human Rights and Its Relationship to National and International Surveillance (Center for Media Justice and others)
Department of Justice Policy Guidance: Use of Cell-Site Simulator Technology (U.S. Department of Justice)
Long-Secret Stingray Manuals Detail How Police Can Spy on Phones (The Intercept)
A Secret Catalogue of Government Gear for Spying on Your Cellphone (The Intercept)
This Is How Many Stingray Devices Exist in Trump’s America (Vocativ)
Related Updates
Deeplinks Blog by Nathan Sheard | March 15, 2018
Unanimous Support in Berkeley for Community Control of Spy Tech
Berkeley’s City Council voted unanimously this week to pass the Surveillance Technology Use and Community Safety Ordinance into law. Berkeley joins Santa Clara County (which adopted a similar law in June of 2016) in showing the way for the rest of California. In addition to considerable and unopposed...
Deeplinks Blog by Nathan Sheard | January 23, 2018
Support Community Control of Spy Tech in Berkeley
Not long ago we wrote about our support for the City of Berkeley’s proposed Surveillance Technology Use and Community Safety Ordinance. In the time since, conversations like those already underway in the Police Review Commission, Peace and Justice Commission, and Disaster and Fire Safety Commission have continued with...
Deeplinks Blog by Nathan Sheard | December 1, 2017
EFF Supports the Adoption of Berkeley's Surveillance Technology Use and Community Safety Ordinance
With our coalition partners, we submitted a letter in support of Berkeley's proposed Surveillance Technology Use and Community Safety Ordinance. Now more than ever, local leaders have a special responsibility to protect vulnerable residents from suspicionless monitoring and the creation of databases exploitable for discriminatory ends.
Deeplinks Blog by Nathan Sheard | October 26, 2017
Oakland Privacy and the Fight for Community Control
Many groups in the Electronic Frontier Alliance work to ensure that their neighbors have the tools they need to maintain control of their information. Others devote their efforts to community organizing or advocacy, assuring that authorities respect the civil and privacy rights of people in their community. For over...
702 Spying
Press Release | August 10, 2017
EFF Urges Supreme Court to Take On Unconstitutional NSA Surveillance, Reverse Dangerous Ruling That Allows Massive Government Spying Program
WASHINGTON, D.C.—The Electronic Frontier Foundation (EFF) asked the Supreme Court to review and overturn an unprecedented ruling allowing the government to intercept, collect, and store—without a warrant—millions of Americans’ electronic communications, including emails, texts, phone calls, and online chats. This warrantless surveillance is conducted by U.S. intelligence agencies...
SLS Header
Deeplinks Blog by Dave Maass | June 6, 2017
Why California Urgently Needs Surveillance Transparency
A version of this commentary appeared in the San Diego Union-Tribune on May 27, 2017. In the summer of 2015, a local resident joined a nationwide project to uncover how police use face recognition devices. He filed a public records request with the city of...
Deeplinks Blog by Jyoti Panday | June 1, 2017
Aadhaar: Ushering in a Commercialized Era of Surveillance in India
Since last year, Indian citizens have been required to submit their photograph, iris and fingerprint scans in order to access legal entitlements, benefits, compensation, scholarships, and even nutrition programs. Submitting biometric information is needed for the rehabilitation of manual scavengers, the training and aid of disabled people, and anti-retroviral...
NSA HQ photo by Trevor Paglen
Deeplinks Blog by Cindy Cohn | May 23, 2017
Judge Orders Government to Provide Evidence About Internet Surveillance
We're finally going to get some honesty on how the NSA spies on innocent Americans' communications. A federal judge late last week in Jewel v. NSA, EFF’s landmark case against mass surveillance, ordered [PDF] the government to provide to it all relevant evidence necessary to prove or deny...
Deeplinks Blog by Shahid Buttar | May 11, 2017
Oakland City Council Committee Advances Measure to Require Transparency and Public Process for Surveillance Tech
On May 9, the Public Safety Committee of the Oakland City Council voted unanimously to approve a proposed “Surveillance and Community Safety Ordinance.” The measure, passed on to the Council by the city’s Privacy Advisory Commission, is modeled on a law enacted in spring 2016 by Santa...
Deeplinks Blog by Shahid Buttar | May 10, 2017
In Providence, Policymakers Delay Visionary Local Civil Rights and Civil Liberties Reforms
Recent events in Providence, RI demonstrate both how a sustained grassroots campaign can create opportunities for civil rights and civil liberties, and also how quickly those opportunities can be derailed by institutional actors. While the latest City Council decision delayed reform efforts and frustrated community members...
Pages
1 2 3 4 5 6 7 8 9 next › last »
EFF Home
The leading nonprofit defending digital privacy, free speech, and innovation.
Follow EFF:
twitter
facebook
google plus
youtube
flicker
rss
Contact
General
Legal
Security
Membership
Press
About
Calendar
Volunteer
Victories
History
Internships
Jobs
Staff
Issues
Free Speech
Privacy
Creativity & Innovation
Transparency
International
Security
Updates
Blog
Events
Press Releases
Whitepapers
Press
Press Contact
Press Materials
Donate
Join or Renew Membership Online
One-Time Donation Online
Shop
Other Ways to Give
Copyright (CC BY) Trademark Privacy Policy Thanks
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment