Baltimore Police Used Stingrays For Phone Tracking Over 25,000 Times

← Back to Stories (view on slashdot.org)

Baltimore Police Used Stingrays For Phone Tracking Over 25,000 Times

Posted by Soulskill on Monday April 20, 2015 @04:11PM from the i-don't-remember-that-episode-of-The-Wire dept.

An anonymous reader writes The Baltimore Police Department is starting to come clean about its use of cell-phone signal interceptors — commonly known as Stingrays — and the numbers are alarming. According to recent court testimony reported by The Baltimore Sun, the city's police have used Stingray devices with a court order more than 25,000 times. It's a massive number, representing an average of nearly nine uses a day for eight years (the BPD acquired the technology in 2007), and it doesn't include any emergency uses of the device, which would have proceeded without a court order.

16 of 83 comments (clear)

Min score:

Reason:

Sort:

Loose procedures by wvmarle · 2015-04-20 16:17 · Score: 4, Insightful

It sounds to me like not only the police is wrong by applying for too many uses of the device (of course they do - it's their job to gather as much information about potential criminals as possible), also the courts appear to be wrong by not doing much evaluation of the requests. Now having to handle nine requests a day is a huge number as well (that's before accounting for holidays and weekends), yet no excuse for not following proper procedures.
From the face of it, the courts should be more strict. Take more time to properly evaluate each one, possibly causing a backlog, but that in turn should force the police to lower their number of requests to only the ones they believe are valid - and arguably the courts should be hiring more people to get the work done in a timely manner.
1. Re:Loose procedures by TWX · 2015-04-20 17:12 · Score: 4, Insightful
  
  I don't think that regular rank-and-file police should be in the business of intercepting cell phone traffic in the first place. They should have to submit warrants to the carriers and those carriers should present them with only the data that the warrant calls for.
  
  A pipe dream, I know, but what the hey.
  
  --
  Do not look into laser with remaining eye.
2. Re:Loose procedures by wvmarle · 2015-04-20 17:22 · Score: 2
  
  To me it is (or at least, should be) the modern equivalent of a wire tap where police investigators are listening in to someone's phone line.
  For that reason it should come with the same set of checks and balances: a court warrant required (with maybe an exception for "emergency cases" which will have to be defined really well), and the requirement that only the phone for which the warrant is given can be listened in to, so no "collateral damage".
3. Re:Loose procedures by TWX · 2015-04-20 18:43 · Score: 3, Insightful
  
  The thing is, in a real wiretap, they're only tapping the one call. In this thing's case they're intercepting all calls for everyone in the area whose phones end up using it, not just the one call. That's why I think they need to go through the carrier, so the carrier can tape the one line or the series of lines that they have a legitimate claim through the courts to gain access to.
  
  --
  Do not look into laser with remaining eye.
4. Re:Loose procedures by DerekLyons · 2015-04-21 00:55 · Score: 3, Insightful
  
  It sounds to me like not only the police is wrong by applying for too many uses of the device (of course they do - it's their job to gather as much information about potential criminals as possible), also the courts appear to be wrong by not doing much evaluation of the requests. Now having to handle nine requests a day is a huge number as well (that's before accounting for holidays and weekends), yet no excuse for not following proper procedures.
  What's interesting is that you make an assertion... and then act as though that assertion was a fact.
  
  From the face of it, the courts should be more strict. Take more time to properly evaluate each one
  One of the things you've failed to account for, there are probably hundreds of judges in a city of a half million - thus it's quite possible to be strict and evaluate each one and still come up with this number. It's a distributed parallel system - what sound like scary huge numbers arise quite easily from a relatively modest number of actors, especially considering the length of time involved.
  But the ill-educated (or deeply biased, or prejudiced towards panic*) won't stop and think about these things. Thinking Is Hard.
  And, to those moderating, yes - I know the actual number is 4,300. I'm just so damn tired of the level of ignorance so prevalent on Slashdot.
  * Actually there's considerable overlap in these categories.
Correction: 4,300 times by Anonymous Coward · 2015-04-20 16:20 · Score: 5, Informative

The article states that the earlier figure was incorrect; the Baltimore police actually used it 4,300 times, not 25,000 times.
1. Re:Correction: 4,300 times by TechyImmigrant · 2015-04-20 17:40 · Score: 3, Funny
  
  The article states that the earlier figure was incorrect; the Baltimore police actually used it 4,300 times, not 25,000 times.
  Is this one of these things where they try to make 4300 sound small by first quoting a bigger number?
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
2. Re:Correction: 4,300 times by Enry · 2015-04-21 00:46 · Score: 2
  
  How is it illegal if there's a court order?
*gasp* by jargonburn · 2015-04-20 17:06 · Score: 3, Interesting

What the actual fuck?! What did they do before Stingrays? Not catch anybody? Good fucking grief!
The above was my initial reaction, anyway. I checked the article; seems to have been updated to say 4300 times, which is not such a jaw-dropper. Also, I'd be interested to know whether that covers every time the device was used to intercept or track a mobile device (4300 is a number I could believe, if not like) or if that was the number of court-orders/warrants obtained (4300 still seems ridiculously over-used).
Re:Found in small town, CA? by dougmc · 2015-04-20 18:04 · Score: 3, Informative

1x is digital too.
It does have longer range than 3G and 4G, and so it could very well be that you were simply getting a marginal signal and there was no Stingray involved at all -- your phone just used the best that was available, and that was 1x.
And once you left, the 4G signal got strong enough again to use, and your phone switched back.
Update by jklovanc · 2015-04-20 20:05 · Score: 3, Interesting

Police outlined for the first time this month their usage of the stingray, pegging it at more than 4,300 times — a figure experts called a "huge number" compared to a trickle of disclosures in other cities.
Lets do the math over. 4300/8/365= 1.5 times a day. Then there is the issue of duration and range. Is every day a different court order? Is every Stingray a different court order? One ongoing investigation that covers a home, a workplace and a meeting place would more than cause that many "uses".
Big numbers look big until you break them down.
1. Re:Update by chasm22 · 2015-04-20 21:35 · Score: 3, Interesting
  
  Let's do some more math. All cell calls within a mile are intercepted and rerouted. I really don't give a hoot about this particular case, but how about giving us an educated guess as to how many 'innocent' cell phone calls are intercepted each and every day in each and every major city(and undoubtedly many mid and small sized cities as well) by not only the local PD but also any number of state and federal agencies.
  Sorry, you can make this seem small with your math, but in reality this is probably a bigger threat to your privacy than anything the NSA does. Why? Because these individual machines(stingrays) are each given personal service. This isn't a vacumn cleaner approach, but something far more intrusive.
  I've seen too many instances where local judges make decisions that run contrary(IMHO) to our Constitution. I remember a local case where the police stopped a vehicle, found 25lbs of pot and had the brilliant idea of using the vehicles GPS to try and figure out where the purchase was made. Hmm. It turns out that they raided the last stop made by the car with a search warrant issued by a local judge. That wasn't the problem. The problem was the location wasn't where the bad guys had made their purchase. Big problem? Not really. You see the judge had decided to issue a blanket search warrant for all the locations on the GPS. And that is the problem with the stingray. A search warrant for one cell phone is really a warrant for thousands of cell phones.
Re:capabilities? by jeti · 2015-04-20 21:11 · Score: 2

AFAIK, Stingray is based on an IMSI catcher. It simulates a cell tower and gets cell phones in the area to connect to it by providing the strongest signal. It then records the data of all connected cell phones and forwards it to the network.

Since IMSI catchers are well understood, all this secrecy is a bit surprising. It makes speculation about additional capabilities plausible. It could use exploits in the modem software to install malware. Such malware could do all sorts of things like reading local files, including contacts, messages, browsing history and possibly passwords. It could also store files on the device. It could provide side channels for encrypted communication from https to WhatsApp calls. It could also turn on the microphone and camera. All this is pure speculation, but it seems plausible.
Re:Found in small town, CA? by bill_mcgonigle · 2015-04-20 21:59 · Score: 3, Interesting

There aren't even any 3G towers that I know of.
Seriously? A good chunk of the existing phone base can't even do 4G - prepaid is still largely 3G-only phones, which are still sold new today. It would be very rare to have 4G-only coverage areas in a town.
However, if you never go anywhere and have really good 4G coverage, setting your phone to 4G-only may well be a good workaround to reduce your chance of an intercept.

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
A Bit Odd by JimSadler · 2015-04-20 22:07 · Score: 2

Around 1969 the military operated what were called fixed syphoning stations. The idea was to secretly listen in on communications and to insert false commands at critical moments. Turn left in a foreign language could be changed to turn right for example. And it had to duplicate all of the intonations and accents of the sender's voice. And that was 1969 technology. One can only wonder just how signals can be altered these days and worse yet the altered conversations could be saved as evidence of wrong doing. It is sort of like being able to produce the smoking gun in a murder case even though the gun never existed.
Re:From courts to no telco needed by AHuxley · 2015-04-20 22:09 · Score: 2

Re Finding?
"This machine catches stingrays: Pwnie Express demos cellular threat detector" (Apr 21, 2015)
http://arstechnica.com/informa...
Looks for Unauthorized or unknown cell providers, Anomalous or suspicious base stations, IMSI catcher/interceptor identification, Rogue or malicious cellular base stations.

--
Domestic spying is now "Benign Information Gathering"