Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unredacted User Manuals Of Stingray Device Show How Accessible Surveillance Is (theintercept.com)

Posted by msmash on from the truth-is-out-there dept.

The Intercept has today published 200-page documents revealing details about Harris Corp's Stingray surveillance device, which has been one of the closely guarded secrets in law enforcement for more than 15 years. The firm, in collaboration with police clients across the U.S. have "fought" to keep information about the mobile phone-monitoring boxes from the public against which they are used. The publication reports that the surveillance equipment carries a price tag in the "low six figures." From the report:The San Bernardino Sheriff's Department alone has snooped via Stingray, sans warrant, over 300 times. Richard Tynan, a technologist with Privacy International, told The Intercept that the "manuals released today offer the most up-to-date view on the operation of" Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the "Stingray II" device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously.

17 of 95 comments (clear)

  1. Everyone should be forced to obey the law. by Anonymous Coward · · Score: 5, Insightful

    It is the beginning of the end for society as a whole if no one cares if the police obey the law. The Sheriff of San Bernadino should face charges for unlawful surveillance.

    1. Re:Everyone should be forced to obey the law. by msauve · · Score: 3, Interesting

      I've said this before, but here it is again: Stingrays are transmitters. It is illegal to transmit on cellular frequencies without a license (cellular users transmit under authority of their provider). So, lacking a warrant, police use of Stingrays is illegal. Why are the cops not being prosecuted for violation of federal law, and why isn't any evidence obtained through the use of Stingrays thrown out by the courts?

      (I think the answer the the last one is parallel construction, which itself is legally bankrupt)

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    2. Re: Everyone should be forced to obey the law. by skywire · · Score: 2

      A search warrant would not empower a cop to violate federal comms law.

      --
      Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.
  2. I would love to meet the product developers... by Anonymous Coward · · Score: 4, Interesting

    ...and ask them whether they regard themselves as activists against the principles of their country's Constitution, or whether they believe they're only following orders, i.e. that the known way in which their product will be put to use is "not my dept.".

    1. Re:I would love to meet the product developers... by DickBreath · · Score: 2

      Like the CIA torturers. "just doing my job"

      --

      I'll see your senator, and I'll raise you two judges.
    2. Re:I would love to meet the product developers... by ShaunC · · Score: 2

      I must ask, is the problem with the devices or how they are used? If used only after a warrant has been obtained would people still be outraged over these devices?

      To me, the root of the problem is the devices. The way the Stingray works is by tricking all cell phones within range to connect to the Stingray instead of the legitimate cell tower. The very nature of this design means innocent peoples' phones, people who are not the subject of any warrant, are going to have their communications illegally intercepted. You might have a warrant to tap Bob's phone, but when you park your nondescript van in Bob's neighborhood and turn on your Stingray, his neighbors' phones are going to connect to it too. Anyone who happens to be driving down the street or walking their dog around the block, their phones will also connect to your Stingray. You don't have a warrant for any of those peoples' communications.

      The only justification for a Stingray type device is to go on fishing expeditions. If you have a warrant you don't need the Stingray, you just call the telco and have them tap Bob's line(s).

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  3. Surprised face on by bferrell · · Score: 3, Informative

    It's a software defined radio. See Range Networks for similar, MUCH cheaper equipment (also not a dumbed down). Also GNU radio.

    1. Re:Surprised face on by bferrell · · Score: 2

      Also OpenBTS

    2. Re:Surprised face on by NatasRevol · · Score: 2

      These manuals should give very good guidance on how to build an anti-Stingray device. Or pro-privacy device. Call it what you want.

      --
      There are two types of people in the world: Those who crave closure
    3. Re:Surprised face on by tlhIngan · · Score: 3, Insightful

      These manuals should give very good guidance on how to build an anti-Stingray device. Or pro-privacy device. Call it what you want.

      Or how about our OWN stingray type devices?

      Imagine the chaos if you're tracking an IMSI and it's passing through several stingray devices - yours, and half a dozen others. Since each is pretending to the uplink of the next, the actual location of the phone in question can be quite a distance away. And if you're monitoring the location of the signal, you're just getting the next stingray in line.

  4. iManual by BringsApples · · Score: 2

    Harris declined to comment. In a 2014 letter to the Federal Communications Commission, the company argued that if the owner’s manuals were released under the Freedom of Information Act, this would “harm Harris’s competitive interests” and “criminals and terrorist[s] would have access to information that would allow them to build countermeasures.”

    Well then just print a manual and give it to us, then burn your copy. We'll keep our copy safe, so no terrorists will ever be able to read the manual. At least that's what Apple was asked to do.

    --
    Politics; n. : A religion whereby man is god.
  5. Handy guide for law enforcement. by jcr · · Score: 5, Insightful

    Do you have a warrant, issued by a neutral magistrate, specifically identifying the party that you wish to spy upon, which you obtained by swearing out a truthful affidavit that you have reason to believe a crime has been committed?

    If yes: you're good to go. If no: fuck you, you're committing wire fraud, you son of a bitch.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
    1. Re:Handy guide for law enforcement. by NatasRevol · · Score: 3, Insightful

      And it's almost always wire fraud. Committed by the police.

      --
      There are two types of people in the world: Those who crave closure
  6. And it's fine because they're cops by Anonymous Coward · · Score: 5, Interesting

    For anyone else using this sort of device it would be an illegal wiretap, an FCC violation for unauthorized use of spectrum, interfering with a public utility, copyright violation, DMCA violation, vandalism, reckless endangerment (hey, 911 doesn't work when this is on y'know), interfering with emergency services, intent to commit identity fraud, computer misuse and a unauthorized use of computer equipment violation. Possibly even terrorism...sure, let's throw terrorism in there for good measure. Total sentence: 5x Infinity years, served consecutively. No chance of parole. Leave your human rights at the door.

    For the cops?...they switch this on before breakfast each morning. Assuming they didn't forget to switch it off the night before.

  7. Technical Controls by watermark · · Score: 4, Insightful

    If police can do it, so can "the bad guys". Why aren't there better technical barriers in place to prevent this sort of thing? If this snooping is illegal, that's a great first step, but why are these devices even able to work? Are the mobile carriers working with law enforcement to enable these devices, or just indifferent to it?

    When it came to light that law enforcement was abusing their power by indiscriminately snooping on internet traffic, we started to see more websites use encryption (birth of Let's Encrypt). When it came to light that law enforcement was abusing their power regarding accessing information stored on a phone, we started to see widespread use of device encryption (Android and iOS now encrypt by default). Is StringRay abuse the precursor to the next iteration of mobile security?

  8. Re:Slippery Slope by saloomy · · Score: 5, Insightful

    No. We are way past calling this a slippery slope. Look up, theres the cliff we fell off.

    How about unreasonable search and seizure? How about due process? How about manufactured evidence? Is using the spectrum like this even legal? Aren't they violating the licensing laws of the spectrum?

    If they went to get a warrant, and asked the cell companies to give them the data, that would be legal. We can't allow them to trample on our freedoms and liberties because its inconvenient for them to go through the process the american people have approved. There is no consent of the governed here.

  9. Re:Slippery Slope by saloomy · · Score: 3

    First and foremost: I completely agree. Now devils advocate:

    How about unreasonable search and seizure?

    Your choice to broadcast your signal gives implicit rights for them to read the signal, much like your choice to place your garbage into the county provided can on the curb.

    No. There is a reasonable expectation of privacy. What about the privacy of the company who has licensed or purchased the spectrum? The signal is in their possession, and the government just trampled it like a heard of bison running over a bunny. Fuck no. Thats what warrants are for.

    How about due process?

    See above, there is not a due process violation if all they are doing is processing through the signal you sent.

    Again, no. In court, if I can't inspect the device that grabbed what they *THOUGHT* was my signal, how could I defend myself? These law enforcement toys are secret, beyond discovery from defense attorneys. So how can you question the charges, or face your accuser, which you are allowed to do. Imagine for a moment that there is a bug in the logging software, and it reports your phone as the one trying to hook up with the 13 year old middle schooler. Just, fuck no. Again. Due Process.

    How about manufactured evidence?

    There is a chain of custody to be followed, manufactured evidence would require breaking a seal on the device, much like a radar gun.

    Not what I was saying. What about "we can't let them know about how we learned about this, so lets say he logged into a bogus website, and generate some logs.

    Is using the spectrum like this even legal? Aren't they violating the licensing laws of the spectrum?

    One would hope they got a licence from the FCC. *snort* (sorry, couldn't keep a straight face on that one)

    Seriously though, the same argument that has been set forth about using open WiFi APs and even breaking WEP/WPA to use APs that are broadcasting past a property line apply here with your phone and any cleartext that is sent / cyphertext that is broken.

    I'm happily in a state where a warrant is required to use one of these... not that I think they are used anyway, but at least if there is no warrant the evidence is inadmissible and via poisoned fruit any evidence looked for because of one of these also becomes inadmissible (i think).

    -nb

    This is not that. In those scenarios, your listening. These devices talk and impersonate cell towers. They are broadcasting in that spectrum which a company has purchased outright. They do so against those licenses. Now wipe that smirk off your face, and get off my lawn!