Jump to content

Stingray phone tracker: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Line 23: Line 23:
Cellular telephones are radio transmitters and receivers much like a [[walkie-talkie]]. However, the cell phone only communicates with a "repeater" inside a nearby cell tower installation. At that installation, the devices take in all cell calls in its geographic area and repeat them out to other cell installations which repeat the signals onward to their destination telephone (either by radio or land-line wires). Radio is used also to transmit a caller's voice/data back to the receiver's cell telephone. The [[full duplex|two-way duplex]] phone conversation then exists via these interconnections.
Cellular telephones are radio transmitters and receivers much like a [[walkie-talkie]]. However, the cell phone only communicates with a "repeater" inside a nearby cell tower installation. At that installation, the devices take in all cell calls in its geographic area and repeat them out to other cell installations which repeat the signals onward to their destination telephone (either by radio or land-line wires). Radio is used also to transmit a caller's voice/data back to the receiver's cell telephone. The [[full duplex|two-way duplex]] phone conversation then exists via these interconnections.


To make all that work correctly, the system allows automatic increases and decreases in transmitter power (for the individual cell phone and for the tower repeater, too) so that only the minimum transmit power is used to complete and hold the call active, "on," and allows the users to hear and be heard continuously during the conversation. The goal is to hold the call active but use the least amount of transmit power, mainly to conserve batteries and be efficient. The tower system will sense when a cell phone is not coming in clearly, and will order the cell phone to boost transmit power. The user has no control over this boosting; it may occur for a split second or for the whole conversation. If the user is in a remote location, the power boost may be continuous. In addition to carrying voice or data, the cell phone also transmits data about itself automatically, and that is boosted or not as the system detects need. The user may notice more rapid depletion of his battery, but there are legitimate and clandestine reasons for that factor; battery usage can not tell any difference.
To make all that work correctly, the system allows automatic increases and decreases in transmitter power (for the individual cell phone and for the tower repeater, too) so that only the minimum transmit power is used to complete and hold the call active, "on," and allows the users to hear and be heard continuously during the conversation. The goal is to hold the call active but use the least amount of transmit power, mainly to conserve batteries and be efficient. The tower system will sense when a cell phone is not coming in clearly, and will order the cell phone to boost transmit power. The user has no control over this boosting; it may occur for a split second or for the whole conversation. If the user is in a remote location, the power boost may be continuous. In addition to carrying voice or data, the cell phone also transmits data about itself automatically, and that is boosted or not as the system detects need.


Coding of all transmissions allows two nearby cell user users no [[crosstalk (electronics)|cross talk]] or interference between the two (this coding is not encryption, which is another, different coding). The boosting of power, however, is limited by the design of the devices to a maximum setting. The standard systems are not "high power" and thus can be overpowered by clandestine systems using much more boosted power that can then take over a user's cell phone. If overpowered that way, a cell phone will not indicate the change due to the clandestine radio being programmed to hide itself from normal detection. The ordinary user can not know if their cell phone is captured via overpower boosts or not. (There are other ways of clandestine capture that need not overpower, too.)
Coding of all transmissions allows two nearby cell user users no [[crosstalk (electronics)|cross talk]] or interference between the two (this coding is not encryption, which is another, different coding). The boosting of power, however, is limited by the design of the devices to a maximum setting. The standard systems are not "high power" and thus can be overpowered by clandestine systems using much more boosted power that can then take over a user's cell phone. If overpowered that way, a cell phone will not indicate the change due to the clandestine radio being programmed to hide itself from normal detection. The ordinary user can not know if their cell phone is captured via overpower boosts or not. (There are other ways of clandestine capture that need not overpower, too.)

Revision as of 17:16, 18 March 2015

The StingRay is an IMSI-catcher (International Mobile Subscriber Identity), a controversial cellular phone surveillance device, manufactured by the Harris Corporation.[1] Initially developed for the military and intelligence community, the StingRay and similar Harris devices are in widespread use by local and state law enforcement agencies across the United States. Stingray has also become a generic name to describe these kinds of devices.[2]

Technology

The StingRay is an IMSI-catcher with both passive (digital analyzer) and active (cell site simulator) capabilities. When operating in active mode, the device mimics a wireless carrier cell tower in order to force all nearby mobile phones and other cellular data devices to connect to it.[3][4][5] In active mode, the StingRay is capable of performing multiple operations upon a cellular device: (1) extracting stored data such as International Mobile Subscriber Identity ("IMSI") numbers and Electronic Serial Number ("ESN"),[6] (2) writing cellular protocol metadata to internal storage, (3) forcing an increase in signal transmission power,[7] (4) forcing an abundance of radio signals to be transmitted, (5) tracking and locating the cellular device user,[3] (6) conducting a denial of service attack, and (7) encryption key extraction and interception of communications content.[8] The StingRay's passive mode operations include (1) conducting base station surveys, which is the process of using over-the-air signals to identify legitimate cell sites and precisely map their coverage areas, and (2) radio jamming for either general denial of service purposes[9] or to aid in active mode protocol rollback attacks. The StingRay family of devices can be mounted in vehicles,[4] on airplanes, helicopters and unmanned aerial vehicles,[10] as well as carried by hand.[11]

The StingRay's active (cell site simulator) capabilities

In active mode, the StingRay will force each compatible cellular device in a given area to disconnect from its service provider cell site (i.e., operated by Verizon, AT&T, etc.) and establish a new connection with the StingRay.[12] In most cases, this is accomplished by having the StingRay broadcast a pilot signal that is either stronger than, or made to appear stronger than, the pilot signals being broadcast by legitimate cell sites operating in the area.[13] A common function of all cellular communications protocols is to have the cellular device connect to the cell site offering the strongest signal. StingRays exploit this function as a means to force temporary connections with cellular devices within a limited area.

Extracting data from internal storage

During the process of forcing connections from all compatible cellular devices in a given area, the StingRay operator needs to determine which device is a desired surveillance target. This is accomplished by downloading the IMSI, ESN, or other identifying data from each of the devices connected to the StingRay.[6] In this context, the IMSI or equivalent identifier is not obtained from the cellular service provider or from any other third-party. The StingRay downloads this data directly from the device using radio waves.

In some cases, the IMSI or equivalent identifier of a target device is known to the StingRay operator beforehand. When this is the case, the operator will download the IMSI or equivalent identifier from each device as it connects to the StingRay.[14] When the downloaded IMSI matches the known IMSI of the desired target, the dragnet will end and the operator will proceed to conduct specific surveillance operations on just the target device.[15]

In other cases, the IMSI or equivalent identifier of a target is not known to the StingRay operator and the goal of the surveillance operation is to identify one or more cellular devices being used in a known area.[16] For example, if visual surveillance is being conducted on a group of protestors,[17] a StingRay can be used to download the IMSI or equivalent identifier from each phone within the protest area. After identifying the phones, locating and tracking operations can be conducted, and service providers can be forced to turn over account information identifying the phone users.

Writing metadata to internal storage

Forcing an increase in signal transmission power

Cellular telephones are radio transmitters and receivers much like a walkie-talkie. However, the cell phone only communicates with a "repeater" inside a nearby cell tower installation. At that installation, the devices take in all cell calls in its geographic area and repeat them out to other cell installations which repeat the signals onward to their destination telephone (either by radio or land-line wires). Radio is used also to transmit a caller's voice/data back to the receiver's cell telephone. The two-way duplex phone conversation then exists via these interconnections.

To make all that work correctly, the system allows automatic increases and decreases in transmitter power (for the individual cell phone and for the tower repeater, too) so that only the minimum transmit power is used to complete and hold the call active, "on," and allows the users to hear and be heard continuously during the conversation. The goal is to hold the call active but use the least amount of transmit power, mainly to conserve batteries and be efficient. The tower system will sense when a cell phone is not coming in clearly, and will order the cell phone to boost transmit power. The user has no control over this boosting; it may occur for a split second or for the whole conversation. If the user is in a remote location, the power boost may be continuous. In addition to carrying voice or data, the cell phone also transmits data about itself automatically, and that is boosted or not as the system detects need.

Coding of all transmissions allows two nearby cell user users no cross talk or interference between the two (this coding is not encryption, which is another, different coding). The boosting of power, however, is limited by the design of the devices to a maximum setting. The standard systems are not "high power" and thus can be overpowered by clandestine systems using much more boosted power that can then take over a user's cell phone. If overpowered that way, a cell phone will not indicate the change due to the clandestine radio being programmed to hide itself from normal detection. The ordinary user can not know if their cell phone is captured via overpower boosts or not. (There are other ways of clandestine capture that need not overpower, too.)

Just as a person shouting drowns out someone whispering, the boost in RF watts of power into the cell telephone system can overtake and control that system—in total or only a few, or even only one, conversation. This strategy only requires more RF watts of power, and thus it is more simple than other types of clandestine controls. Power boosting equipment can be installed anywhere there can be an antenna, including in a vehicle, perhaps even in a vehicle on the move. Once a clandestine boosted system takes control, any manipulation is possible from simple recording of the voice or data to total blocking of all cell phones in the geographic area.

Forcing an abundance of signal transmissions

Tracking and locating

A StingRay can be used to identify and track a phone or other compatible cellular data device even while the device is not engaged in a call or accessing data services.

Denial of service

The FBI has claimed that when used to identify, locate, or track a cellular device, the StingRay does not collect communications content or forward it to the service provider.[18] Instead, the device causes a disruptions in service.[19] Under this scenario, any attempt by the cellular device user to place a call or access data services will fail while the StingRay is conducting its surveillance. 

  47 U.S. Code §253. Removal of barriers to entry

(a) In general No State or local statute or regulation, or other State or local legal requirement, may prohibit or have the effect of prohibiting the ability of any entity to provide any interstate or intrastate telecommunications service. (b) State regulatory authority Nothing in this section shall affect the ability of a State to impose, on a competitively neutral basis and consistent with section 254 of this title, requirements necessary to preserve and advance universal service, protect the public safety and welfare, ensure the continued quality of telecommunications services, and safeguard the rights of consumers. 

[20]

Interception of communications content

By way of software upgrades,[8][21] the StingRay and similar Harris products can be used to intercept GSM communications content transmitted over-the-air between a target cellular device and a legitimate service provider cell site. The StingRay does this by way of the following man-in-the-middle attack: (1) simulate a cell site and force a connection from the target device, (2) download the target device's IMSI and other identifying information, (3) conduct "GSM Active Key Extraction"[8] to obtain the target device's stored encryption key, (4) use the downloaded identifying information to simulate the target device over-the-air, (5) while simulating the target device, establish a connection with a legitimate cell site authorized to provide service to the target device, (6) use the encryption key to authenticate the StingRay to the service provider as being the target device, and (7) forward signals between the target device and the legitimate cell site while decrypting and recording communications content.

The "GSM Active Key Extraction"[8] performed by the StingRay in step three merits additional explanation. A GSM phone encrypts all communications content using an encryption key stored on its SIM card with a copy stored at the service provider.[22] While simulating the target device during the above explained man-in-the-middle attack, the service provider cell site will ask the StingRay (which it believes to be the target device) to initiate encryption using the key stored on the target device.[23] Therefore, the StingRay needs a method to obtain the target device's stored encryption key else the man-in-the-middle attack will fail.

GSM primarily encrypts communications content using the A5/1 call encryption cypher. In 2008 it was reported that a GSM phone's encryption key can be obtained using $1,000 worth of computer hardware and 30 minutes of cryptanalysis performed on signals encrypted using A5/1.[24] However, GSM also supports an export weakened variant of A5/1 called A5/2. This weaker encryption cypher can be cracked in real-time.[22] While A5/1 and A5/2 use different cypher strengths, they each utilize the same underlying encryption key stored on the SIM card.[23] Therefore, the StingRay performs "GSM Active Key Extraction"[8] during step three of the man-in-the-middle attack as follows: (1) instruct target device to use the weaker A5/2 encryption cypher, (2) collect A5/2 encrypted signals from target device, and (3) perform cryptanalysis of the A5/2 signals to quickly recover the underlying stored encryption key.[25] Once the encryption key is obtained, the StingRay uses it to comply with the encryption request made to it by the service provider during the man-in-the-middle attack.[25]

The StingRay's passive capabilities

In passive mode, the StingRay operates as an either a digital analyzer, which receives and analyzes signals being transmitted by cellular devices and/or wireless carrier cell sites, or as a radio jamming device, which transmits signals that block communications between cellular devices and wireless carrier cell sites. By "passive mode," it is meant that the StingRay does not mimic a wireless carrier cell site or communicate directly with cellular devices.

Base station (cell site) surveys

A StingRay and a test phone can be used to conduct base station surveys, which is the process of collecting information on cell sites, including identification numbers, signal strength, and signal coverage areas. When conducting base station surveys, the StingRay mimics a cell phone while passively collecting signals being transmitted by cell sites in the area of the StingRay.

Base station survey data can be used to further narrow the past locations of a cellular device if used in conjunction with historical cell site location information ("HCSLI") obtained from a wireless carrier. HCSLI includes a list of all cell sites and sectors accessed by a cellular device, and the date and time each access was made. Law enforcement will often obtain HCSLI from wireless carriers in order to determine where a particular cell phone was located in the past. Once this information is obtained, law enforcement will use a map of cell site locations to determine the past geographical locations of the cellular device.

However, the signal coverage area of a given cell site may change according to the time of day, weather, and physical obstructions in relation to where a cellular device attempts to access service. The maps of cell site coverage areas used by law enforcement may also lack precision as a general matter. For these reasons, it is beneficial to use a StingRay and a test phone to map out the precise coverage areas of all cell sites appearing in the HCSLI records. This is typically done at the same time of day and under the same weather conditions that were in effect when the HCSLI was logged. Using a StingRay to conduct base station surveys in this manner allows for mapping out cell site coverage areas that more accurately match the coverage areas that were in effect when the cellular device was used.

Usage by law enforcement

The use of the devices has been frequently funded by grants from the Department of Homeland Security.[26] The Los Angeles Police Department used a Department of Homeland Security grant in 2006 to buy a stingray for "regional terrorism investigations". However, according to the Electronic Frontier Foundation, the "LAPD has been using it for just about any investigation imaginable."[27]

In addition to federal law enforcement, military and intelligence agencies, StingRays have in recent years been purchased by local and state law enforcement agencies. According to the American Civil Liberties Union, 42 law enforcement agencies in 17 states own StingRay technology. In some states, the devices are made available to local police departments by state surveillance units. The federal government funds most of the purchases with anti-terror grants.

Privacy International and The Sunday Times reported on the usage of Stingrays and IMSI catchers in Ireland, against the Irish Garda Síochána Ombudsman Commission (GSOC), which is an oversight agency of the Irish police force Garda Síochána.[28][29]

In November of 2014, Slate reported that at least 46 state and local police departments, from Sunrise, Florida, to Hennepin County, Minnesota, use cell-site simulators, with a price-tag of $16,000 to more than $125,000 for each unit.[30]

Secrecy

The increasing use of the devices has largely been kept secret from the court system and the public. In 2014, police in Florida revealed they had used such devices at least 200 additional times since 2010 without disclosing it to the courts or obtaining a warrant.[1] The American Civil Liberties Union has filed multiple requests for the public records of Florida law enforcement agencies about their use of the cell phone tracking devices.[31]

Local law enforcement and the federal government have resisted judicial requests for information about the use of stingrays, refusing to turn over information or heavily censoring it.[32] In June 2014, the American Civil Liberties Union published information from court regarding the extensive use of these devices by local Florida police.[33] After this publication, United States Marshals Service then seized the local police's surveillance records in a bid to keep them from coming out in court.[34]

In some cases, police have refused to disclose information to the courts citing non-disclosure agreements signed with Harris Corporation.[32][35] The FBI defended these agreements, saying that information about the technology could allow adversaries to circumvent it.[35] The ACLU has said "potentially unconstitutional government surveillance on this scale should not remain hidden from the public just because a private corporation desires secrecy. And it certainly should not be concealed from judges."[1]

Criticism

In recent years, legal scholars, public interest advocates, legislators and several members of the judiciary have strongly criticized the use of this technology by law enforcement agencies.

Critics have called the use of the devices by government agencies warrantless cell phone tracking, as they have frequently been used without informing the court system or obtaining a warrant.[1] The Electronic Frontier Foundation has called the devices “an unconstitutional, all-you-can-eat data buffet.”[36]

" United States Supreme Court" Katz v. United States, 389 U.S. 347 (1967) The warrantless wiretapping of a public pay phone violates the unreasonable search and seizure protections of the Fourth Amendment.

" United States Supreme Court" United States v. U.S. District Court, 407 U.S. 297 (1972), also known as the Keith case, was a landmark United States Supreme Court decision that upheld, in a unanimous 8-0 ruling, the requirements of the Fourth Amendment in cases of domestic surveillance targeting a domestic threat.

  • The Court held government Officials were obligated to obtain a warrant before beginning electronic surveillance even if domestic security issues were involved. The "inherent vagueness of the domestic security concept" and the potential for abusing it to quell political dissent made the Fourth Amendment protections especially important when the government engaged in spying on its own citizens.

"June 19, 1972: Supreme Court Holds Warrantless Wiretapping of US Citizens Unconstitutional" The US Supreme Court, in what becomes informally known as the “Keith case,” upholds, 8-0, an appellate court ruling that strikes down warrantless surveillance of domestic groups for national security purposes. The Department of Justice had wiretapped, without court warrants, several defendants charged with destruction of government property; those wiretaps provided key evidence against the defendants. Attorney General John Mitchell refused to disclose the source of the evidence pursuant to the “national security” exception to the Omnibus Crime Control and Safe Streets Act of 1968. The courts disagreed, and the government appealed the decision to the Supreme Court, which upheld the lower courts’ rulings against the government in a unanimous verdict. The Court held that the wiretaps were an unconstitutional violation of the Fourth Amendment, establishing the judicial precedent that warrants must be obtained before the government can wiretap a US citizen. [US SUPREME COURT, 6/19/1972; BERNSTEIN AND WOODWARD, 1974, PP. 258-259]

  • Mitchell v. Forsyth, 472 U.S. 511 (1985), was a United States Supreme Court case deciding on the issue of immunity of cabinet officers from suits from individuals.

The court held: 1. Petitioner is not absolutely immune from suit for damages arising out of his allegedly unconstitutional conduct in performing his national security functions.


The Supreme Court ruled for a second time, on separate issues, in the case of Nardone v. United States. The first case was decided on December 20, 1937, and in both the decisions the Court ruled that wiretapping was a violation of the 1934 Federal Communications Act and that evidence so obtained was not admissible in a criminal trial.

"United States Supreme Court Wong Sun v. United States, 371 U.S. 471, (1963)" The court found that the government had intruded upon “privacy of home and hearth” condemned by the 4th Amendment. The preceding cases mainly focused on warrantless intrusions to private property. In other words, the main emphasis of the courts was whether the means used by law enforcement for search and seizure offended the 4 th Amendment. Yet, the court’s interpretation changed with the expanded view of the traditional tangible and material effects stated in the 4 th Amendment to include intangible conversations (see Wong Sun v. United States, 371 U.S. 471, (1963).


"18 U.S. Code § 2518 - Procedure for interception of wire, oral, or electronic communications"

  • (1) Each application for an order authorizing or approving the interception of a wire, oral, or electronic communication under this chapter shall be made in writing upon oath or affirmation to a judge of competent jurisdiction and shall state the applicant’s authority to make such application. Each application shall include the following information.

(a) the identity of the investigative or law enforcement officer making the application, and the officer authorizing the application; (b) a full and complete statement of the facts and circumstances relied upon by the applicant, to justify his belief that an order should be issued, including (i) details as to the particular offense that has been, is being, or is about to be committed, (ii) except as provided in subsection (11), a particular description of the nature and location of the facilities from which or the place where the communication is to be intercepted, (iii) a particular description of the type of communications sought to be intercepted, (iv) the identity of the person, if known, committing the offense and whose communications are to be intercepted; (c) a full and complete statement as to whether or not other investigative procedures have been tried and failed or why they reasonably appear to be unlikely to succeed if tried or to be too dangerous; (d) a statement of the period of time for which the interception is required to be maintained. If the nature of the investigation is such that the authorization for interception should not automatically terminate when the described type of communication has been first obtained, a particular description of facts establishing probable cause to believe that additional communications of the same type will occur thereafter; (e) a full and complete statement of the facts concerning all previous applications known to the individual authorizing and making the application, made to any judge for authorization to intercept, or for approval of interceptions of, wire, oral, or electronic communications involving any of the same persons, facilities or places specified in the application, and the action taken by the judge on each such application; and (f) where the application is for the extension of an order, a statement setting forth the results thus far obtained from the interception, or a reasonable explanation of the failure to obtain such results. (2) The judge may require the applicant to furnish additional testimony or documentary evidence in support of the application.

See also

References

  1. ^ a b c d Zetter, Kim (2014-03-03). "Florida Cops' Secret Weapon: Warrantless Cellphone Tracking". Wired.com. Retrieved 2014-06-23.
  2. ^ Gallagher, Ryan (September 25, 2013). "Meet the machines that steal your phone's data". Ars Technica. Condé Nast. Retrieved August 22, 2014.
  3. ^ a b Valentino-Devries, Jen (Sep 22, 2011). "‘Stingray’ Phone Tracker Fuels Constitutional Clash". The Wall Street Journal. Retrieved Aug 22, 2014.
  4. ^ a b Harris WPG. (Nov. 29, 2006). StingRay Cell Site Emulator Datasheet, available at https://www.documentcloud.org/documents/1282626-06-11-29-2006-harris-stingray-datasheet-p-1-of-2.html (last accessed: Aug. 29, 2014), archived from original at http://egov.ci.miami.fl.us/Legistarweb/Attachments/34769.pdf (last accessed: Aug. 29, 2014). Cite error: The named reference "stingray-datasheet-1" was defined multiple times with different content (see the help page).
  5. ^ Harris WPG. (Nov. 29, 2006). StingRay Cell Site Emulator Datasheet, available at https://www.documentcloud.org/documents/1282621-02-07-18-2002-harris-stingray-datasheet-ocr.html (last accessed: Aug. 29, 2014), archived from original at http://tsdr.uspto.gov/documentviewer?caseId=sn76303503#docIndex=19&page=26 (last accessed: Aug. 29, 2014).
  6. ^ a b United States v. Rigmaiden, CR08-814-PHX-DGC, Dkt. #0674-1 [Declaration by FBI Supervisory Agent Bradley S. Morrison], ¶ 5, p. 3 (D.Ariz., Oct. 27, 2011), available at https://www.documentcloud.org/documents/1282619-11-10-17-2011-u-s-v-rigmaiden-cr08-814-phx-dgc.html [PDF p. 3] (last accessed: Aug. 30, 2014) ("During a location operation, the electronic serial numbers (ESNs) (or their equivalent) from all wireless devices in the immediate area of the FBI device [(i.e., the StingRay)] that subscribe to a particular provider may be incidentally recorded, including those of innocent, non-target devices.").
  7. ^ Florida v. James L. Thomas, No. 2008-CF-3350A, Suppression Hearing Transcript RE: Harris StingRay & KingFish [testimony of Investigator Christopher Corbitt], p. 17 (2nd Cir. Ct., Leon County, FL, Aug. 23, 2010), available at https://www.documentcloud.org/documents/1282618-10-08-23-2010-fl-v-thomas-2008-cf-3350a.html [PDF. p. 17] (last accessed: Aug. 30, 2014) ("[O]nce the equipment comes into play and we capture that handset, to make locating it easier, the equipment forces that handset to transmit at full power.")
  8. ^ a b c d e Drug Enforcement Administration. (Aug. 29, 2007). FY2011 FEDERAL APPROPRIATIONS REQUESTS [Sole Source Notice of Harris StingRay FishHawk GSM encryption key extraction and intercept upgrade], available at https://www.documentcloud.org/documents/1282642-07-08-29-2007-dea-purchase-of-stingray-fishhawk.html [PDF p. 1] (last accessed: Aug. 30, 2014), archived from original at https://www.fbo.gov/index?s=opportunity&mode=form&id=9aa2169a324ae7a1a747c2ca8f540cb3&tab=core&_cview=0 (last accessed: Aug. 30, 2014). ("The Harris StingRay system w/FishHawk GSM Intercept S/W upgrade is the only portable standard + 12VDC powered over the air GSM Active Key Extraction and Intercept system currently available.")
  9. ^ Hennepin County, MN. (Feb. 2, 2010). FY2011 FEDERAL APPROPRIATIONS REQUESTS [Cellular Exploitation System (Kingfish) - $426,150], available at https://www.documentcloud.org/documents/1282634-10-02-02-2010-kingfish-appropriations-request.html [PDF p. 6] (last accessed: Aug. 30, 2014), archived from original at http://board.co.hennepin.mn.us/sirepub/cache/246/5hnnteqb5wro1fl4oyplzrqo/10628008302014015243634.PDF [PDF p. 6] (last accessed: Aug. 30, 2014) ("The system acts as a mobile wireless phone tower and has the capability to... deny mobile phones service.").
  10. ^ Harris WPG. (Aug. 25, 2008). Harris Wireless Products Group catalog, available at https://www.documentcloud.org/documents/1282631-08-08-25-2008-harris-wireless-products-group.html [PDF p. 4] (last accessed: Aug. 29, 2014), archived from original at http://egov.ci.miami.fl.us/Legistarweb/Attachments/48000.pdf [PDF p. 4] (last accessed: Mar. 8, 2011) (Airborne DF Kit CONUS for StingRay)
  11. ^ Harris WPG. (Nov. 29, 2006). KingFish, KingFish GSM S/W, Pocket PC GSM S/W & Training Sole Source Justification for Florida, available at https://www.documentcloud.org/documents/1282625-06-11-29-2006-harris-kingfish-sole-source.html [PDF p. 1] (last accessed: Aug. 29, 2014), archived from original at http://egov.ci.miami.fl.us/Legistarweb/Attachments/34768.pdf [PDF p. 1] (last accessed: Aug. 29, 2014) ("The KingFish system is the only man-portable battery powered CDMA & GSM Interrogating, Active Location, and Signal Information Collection system currently available.").
  12. ^ Florida v. James L. Thomas, No. 2008-CF-3350A, Suppression Hearing Transcript RE: Harris StingRay & KingFish [testimony of Investigator Christopher Corbitt], p. 12 (2nd Cir. Ct., Leon County, FL, Aug. 23, 2010), available at https://www.documentcloud.org/documents/1282618-10-08-23-2010-fl-v-thomas-2008-cf-3350a.html [PDF. p. 12] (last accessed: Aug. 30, 2014) ("In essence, we emulate a cellphone tower. so just as the phone was registered with the real verizon tower, we emulate a tower; we force that handset to register with us.").
  13. ^ Hardman, Heath (May 22, 2014). "THE BRAVE NEW WORLD OF CELL-SITE SIMULATORS". Albany Law School: 11–12. doi:10.2139/ssrn.2440982. Retrieved Aug 24, 2014. For a cell-site simulator operator to induce a cellphone to camp on his or her cell-site simulator (CSS), all he or she needs to do is become the strongest cell in the target cellphones preferred network. {{cite journal}}: Cite journal requires |journal= (help)
  14. ^ Florida v. James L. Thomas, No. 2008-CF-3350A, Suppression Hearing Transcript RE: Harris StingRay & KingFish [testimony of Investigator Christopher Corbitt], p. 13 (2nd Cir. Ct., Leon County, FL, Aug. 23, 2010), available at https://www.documentcloud.org/documents/1282618-10-08-23-2010-fl-v-thomas-2008-cf-3350a.html [PDF. p. 13] (last accessed: Aug. 30, 2014) ("The equipment will basically decode information from the handset and provide certain unique identifying information about the handset, being a subscriber identity and equipment identity.... We compare that with the information provided from Verizon to insure that we are looking at the correct handset.").
  15. ^ Id., p. 14 ("And as the equipment is evaluating all the handsets in the area, when it comes across that handset -- the one that we're looking for, for the information that we put into the box -- then it will hang onto that one and allow us to direction find at that point.").
  16. ^ In the Matter of The Application of the United States of America for An Order Authorizing the Installation and Use of a Pen Register and Trap and Trace Device, 890 F. Supp. 2d 747, 748 (S.D. Tex. 2012) (Law enforcement sought to use StingRay "to detect radio signals emitted from wireless cellular telephones in the vicinity of the [Subject] that identify the telephones (e.g., by transmitting the telephone's serial number and phone number)..." so the "[Subject's] Telephone can be identified." (quoting order application)).
  17. ^ Eördögh, Fruzsina (Jun 13, 2014). "Are Chicago Police Spying on Activists? One Man Sues to Find Out". Mother Jones. Retrieved Aug 24, 2014. Martinez, who works in the software industry, first wondered about police surveilling his phone in 2012 while he was attending the NATO protests. 'I became suspicious because it was really difficult to use our phones[.]'
  18. ^ United States v. Rigmaiden, CR08-814-PHX-DGC, Dkt. #0674-1 [Declaration by FBI Supervisory Agent Bradley S. Morrison], ¶ 4, p. 2-3 (D.Ariz., Oct. 27, 2011), available at https://www.documentcloud.org/documents/1282619-11-10-17-2011-u-s-v-rigmaiden-cr08-814-phx-dgc.html [PDF pp. 2-3] (last accessed: Aug. 30, 2014) ("[T]he [][StingRay] used to locate the defendant's aircard did not capture, collect, decode, view, or otherwise obtain any content transmitted from the aircard, and therefore was unable to pass any information from the aircard to Verizon Wireless.").
  19. ^ United States v. Rigmaiden, CR08-814-PHX-DGC, Doc. #723, p. 14 (D.Ariz., Jan. 5, 2012) (Noting government concession that the StingRay "caused a brief disruption in service to the aircard.").
  20. ^ 47 U.S.C. United States Code, 2011 Edition Title 47 - TELEGRAPHS, TELEPHONES, AND RADIOTELEGRAPHS CHAPTER 5 - WIRE OR RADIO COMMUNICATION SUBCHAPTER II - COMMON CARRIERS Part II - Development of Competitive Markets Sec. 253 - Removal of barriers to entry
  21. ^ Harris WPG. (Aug. 25, 2008). Harris Wireless Products Group catalog, available at https://www.documentcloud.org/documents/1282631-08-08-25-2008-harris-wireless-products-group.html [PDF p. 4] (last accessed: Aug. 29, 2014), archived from original at http://egov.ci.miami.fl.us/Legistarweb/Attachments/48000.pdf [PDF p. 4] (last accessed: Mar. 8, 2011) (GSM Software Intercept Package for StingRay and StingRay II)
  22. ^ a b Green, Matthew. "On cellular encryption". A Few Thoughts on Cryptographic Engineering. Retrieved Aug 29, 2014.
  23. ^ a b Barkan, Elad; Biham, Eli; Keller, Nathan. "Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communications" (PDF): 12–13. {{cite journal}}: Cite journal requires |journal= (help)
  24. ^ Schneier, Brude. "Cryptanalysis of A5/1". Schneier on Security. Retrieved Aug 29, 2014.
  25. ^ a b Id.
  26. ^ "Police use cellphone spying device". Associated Press. 2014-05-30. Retrieved 2014-06-23.
  27. ^ Campbell, John (2013-01-24). "LAPD Spied on 21 Using StingRay Anti-Terrorism Tool". LA Weekly. Retrieved 2014-06-23.
  28. ^ Mooney, John (9 February 2014). "GSOC under high-tech surveillance". The Sunday Times.
  29. ^ Tynan, Dr. Richard (15 February 2014). "Beirtear na IMSIs: Ireland's GSOC surveillance inquiry reveals use of mobile phone interception systems". Privacy International.
  30. ^ Klonick, Kate (2014-11-10). "Stingrays: Not Just for Feds!". Slate (magazine)/Slate. The Slate Group, a Graham Holdings Company. Retrieved 2014-11-13.
  31. ^ Wessler, Nathan Freed. "U.S. Marshals Seize Local Cops' Cell Phone Tracking Files in Extraordinary Attempt to Keep Information From Public". American Civil Liberties Union. Retrieved 2014-06-23.
  32. ^ a b Gillum, Jack (2014-03-22). "Police keep quiet about cell-tracking technology". News.yahoo.com. Retrieved 2014-06-23.
  33. ^ Wessler, Nathan Freed (2014-06-03). "Transcription of Suppression Hearing (Complete)" (PDF). American Civil Liberties Union. Retrieved 2014-06-23.
  34. ^ Zetter, Kim (2014-06-03). "U.S. Marshals Seize Cops' Spying Records to Keep Them From the ACLU". Wired.com. Retrieved 2014-06-23.
  35. ^ a b "A Police Gadget Tracks Phones? Shhh! It's Secret". The New York Times. March 15, 2015.
  36. ^ Timm, Trevor (2013-02-12). "As Secretive "Stingray" Surveillance Tool Becomes More Pervasive, Questions Over Its Illegality Increase". Electronic Frontier Foundation. Retrieved 2014-06-23.

Further reading

Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Stingray_phone_tracker&oldid=651951217"