Police must sign an NDA to keep Stingray cellphone spying secret

NYPD

David Shankbone/Flickr (CC BY SA 2.0)

More surveillance, more secrecy, more problems.

Before a local police department can purchase a Stingray, a surveillance device that tracks cellphones, they’re required to sign a nondisclosure agreement overseen by the FBI, the New York Times reports, which prevents them from revealing anything about the device to the taxpayers footing the bill.

Stingrays, which have been in use in the U.S. for years, have a particularly troubling feature: The device can scan and collect information on not just its target—say, the cellphone of a terrorist or a missing person—but all cellphones in the surrounding area.

The device is essentially a mobile wiretapping device, known generically as a cell site simulator or IMSI catcher. It collects information on targets and innocent bystanders by masquerading as a cellphone tower. When users in the area attempt to place a phone call, they may be tricked into connecting to the police device instead of an actual cell site. Different versions of the device can be used to capture metadata, record the content of phone conversations, and even capture SMS text messages.

Part of the controversy lies in how the device is classified by FBI. As a “pen register device,” the Stingray may not require officials to obtain a warrant. A warrant would be required, however, if the content of communications was also collected.

But there’s good reason to be suspicious. There’s evidence to suggest that, instead of simply declining to reveal details about the Stingray, police officials have been encouraged in the past to conceal its use by playing fast loose with the truth.

An email written by a senior Florida police officer, and later obtained and published by the American Civil Liberties Union (ACLU), contains an order to hide the origin of Stingray evidence by claiming it was received instead from a “confidential source.” Use of the device was ordered hidden, according to the officer’s email, at the request of a federal law enforcement agency.

Nondisclosure agreements aren’t necessarily unusual for technical products licensed to military or law enforcement forces, but the atmosphere of distrust regarding the use of surveillance technology domestically, and the constitutional issues raised accordingly, has caused unique alarm over the use of the Stingray.

Hanni Fakhoury, a senior staff attorney at the Electronic Frontier Foundation, characterized the agreement as a “serious breakdown in transparency and accountability.”

“It’s crazy that a nondisclosure agreement could be interpreted to trump criminal discovery rules or FOIA [Freedom of Information Act] and public records laws, which allows private companies to determine the scope of disclosure to criminal defendants and the public,” Fakhoury told the Daily Dot in an email. “There’s wide knowledge about ‘Stingrays’ and IMSI catchers; and yet, as the New York Times noted, there have been cases where prosecutors dropped serious criminal charges rather than disclose details about the technology.”

On one such occasion, prosecutors did abandoned charges against an armed robbery suspect in Florida in order to prevent details about Stingrays from being revealed.  The man, Tadrae McKenzie, was offered a plea bargain for petty theft after the officials refused a judge’s request to produce the surveillance device in court.

According to the FBI, revealing details about the Stingray, which the law enforcement agency puts under the umbrella of homeland security, may provide criminals and terrorists with information necessary to thwart the surveillance.

According to the New York Times, an FBI agent admitted in a 2011 affidavit that data “from all wireless devices in the immediate area of the [Stingray] device that subscribe to a particular provider may be incidentally recorded, including those of innocent, nontarget devices.”

In order to protect privacy rights, the agent said that information not pertaining to an investigation is subsequently purged. 

Photo via David Shankbone/Flickr (CC BY SA 2.0)

Dell Cameron

Dell Cameron

Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.