From our "Your Tax Dollars At Work" department: You, my friend, are being spied on ... but you probably already knew that. But what you might not know is that besides the usual suspects, the NSA (thanks to Edward Snowden) and probably every other TLA (Three Letter Agency) with any kind of signals intelligence mission, it turns out that the Department of Justice (DoJ) has also been secretly snagging your cell phone data by overflying urban areas with light aircraft equipped with a device called a “Dirtbox,” a successor or maybe more accurately, a sibling, to an earlier device called the StingRay.
Those of you who have been keeping an eye on what’s going in with government surveillance may well have heard of the StingRay which has been used, covertly, by state and local law enforcement in the US since at least 2006 and quite probably a lot earlier. Manufactured by Harris Corporation, the StingRay, a software defined radio system, is:
… an [International Mobile Subscriber Identity]-catcher with both passive (digital analyzer) and active (cell site simulator) capabilities. When operating in active mode, the device mimics a wireless carrier cell tower in order to force all nearby mobile phones and other cellular data devices to connect to it.
The StingRay has been described by the Electronic Frontier Foundation (EFF) as “an unconstitutional, all-you-can-eat data buffet” because it’s unstoppable, to all intents and purposes undetectable, and can identify and track cellular devices even when the device isn’t making a call or using data services. It can also be used for denial-of-service and man-in-the-middle attacks, the latter delivering all details of the targeted cell phone including the recording voice data.
For a long time the existence of the StingRay was a seriously guarded secret to the extent that law enforcement agencies could only acquire a unit through the DoJ and had to sign a confidentiality agreement that required them to drop any case that might result in the existence of the StingRay being revealed in a court of law.
The story of how the StingRay was exposed to the public is, to say the least, epic and one of the best accounts can be found in an episode of the most excellent Note to Self podcast, When Your Conspiracy Theory is True.
According to Wikipedia:
The use of the devices has been frequently funded by grants from the Department of Homeland Security. The Los Angeles Police Department used a Department of Homeland Security grant in 2006 to buy a StingRay for "regional terrorism investigations". However, according to the Electronic Frontier Foundation, the "LAPD has been using it for just about any investigation imaginable."
In addition to federal law enforcement, military and intelligence agencies, StingRays have in recent years been purchased by local and state law enforcement agencies. According to the American Civil Liberties Union, 42 law enforcement agencies in 17 states own StingRay technology. In November 2014, Slate reported that at least 46 state and local police departments, from Sunrise, Florida, to Hennepin County, Minnesota, use cell-site simulators, with a price-tag of US$16,000 to more than US$125,000 for each unit. In 2015, it was reported that the Baltimore Police Department's frequency in using the device was "inexplicably high". In some states, the devices are made available to local police departments by state surveillance units. The federal government funds most of the purchases with anti-terror grants.
In 2006, Harris employees directly conducted wireless surveillance using StingRay units on behalf the Palm Bay Police Department — where Harris has a campus — in response to a bomb threat against a middle school. The search was conducted without a warrant or Judicial oversight.
All of which leads us to the big brother of StingRay, the Dirtbox. Manufactured by Digital Receiver Technologies (DRT), the DRT 1101B (the Dirtbox) is another software defined radio system but on a much larger scale (the price tag of $78,850 per unit underlines this).
The Electronic Frontier Foundation’s Senior Staff Attorney, Jennifer Lynch, described the Dirtbox:
… these devices can locate up to 10,000 targets and can process multiple analog and digital wireless devices all at the same time. They’re even capable of intercepting and recording digital voice data. The best thing about the devices is the fact that no one may ever know you’ve used one. Just be careful — if your targets do figure out you’ve used a DRT box, and you haven’t gotten a warrant, they may be able to convince a judge to throw out all the evidence you’ve collected on them after you used the device. You can mount DRT models like this one in an aircraft to fly over the crowd.
And the DRT 1101B is just one member of DRT’s product line up; the Surveillance Catalog lists a whole family of related products. But the crucial thing is that last sentence in the above description which implied that this kind of surveillance could be done. The EFF have recently uncovered proof that, in reality, using this technology isn’t just possible, it’s been a common practice for a long time:
EFF recently received records in response to our Freedom of Information Act lawsuit against the Department of Justice for information on how the US Marshals—and perhaps other agencies—have been flying small, fixed-wing Cessna planes equipped with "dirtboxes”: IMSI catchers that imitate cell towers and are able to capture the locational data of tens of thousands of cell phones during a single flight. The records we received confirm the agencies were using these invasive surveillance tools with little oversight or legal guidance.
The Wall Street Journal revealed that the Marshals have been flying planes using DRT’s Stingray-like technology since 2007. The planes reportedly were based out of five metropolitan airports and shared by multiple agencies within the DOJ, even as sources within the agency questioned the legality of the program. A follow-up article reported that the CIA provided cell phone tracking equipment to the Marshals and then spent years helping them develop and test this capability for use in a law enforcement capacity within the United States.
So, the assault on our privacy continues apace with the “authorities” way in the lead in ability and secrecy while we, the public, slowly and uncertainly try to catch up with what’s really going on.
But there’s a problem: While it’s easy to rail against the entire idea that megascale signals intelligence gathering on, and surveillance of, the American public in general is a bad idea, the reality is that we need to use these types of surveillance technologies to make law enforcement effective. The problems start when law enforcement in concert with other government agencies decides that surveillance should be done to their own arbitrary and over-reaching standards without public oversight or accountability.
It’s all about balancing national interests against individual freedom and privacy and when those in the government make unilateral, secret decisions the government ultimately short-circuits their own goals. If these agencies laid out their case and defined their limits of operation and their accountability mechanisms it wouldn't be a hard for the public to buy into and support rational, reasonable, and legal surveillance programs designed to maintain law and order. Unfortunately, there’s little chance of anything like that becoming the norm given today's political climate.
Once again, your tax dollars at work.