Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Federal judge to weigh in on FBI’s “stingray” cell phone surveillance

The Federal Bureau of Investigation is being scrutinized by an Arizona federal court for its use of a controversial cell phone tracking device.

An ongoing case against Daniel Rigmaiden, a California man accused of identity theft and tax fraud, led advocacy groups to question how the government obtained information that led to the hacker's 2008 arrest.

When advocacy groups found out the FBI used a stingray device - technology that simulates a cell phone tower to siphon the data of any mobile user within a certain vicinity – a battle ensued on whether its use violates Fourth Amendment protections against “unreasonable” search and seizure.

On Thursday, the American Civil Liberties Union (ACLU) argued before the court that it does.

Chris Soghoian, principal technologist for ACLU's speech, privacy and technology project, said that while stingray surveillance has been public knowledge since the mid-1990s, the courts have yet to take an adequate stand on whether its use is legal.

“This technology is used by federal, state and local law enforcement agencies,” Soghoian told Friday, later adding that “there really hasn't been a lot of analysis on the legalities on the use of the technology.”

In addition to ACLU's concerns about innocent bystanders' mobile data being collected by stingrays, it challenges whether Rigmaiden's whereabouts were ill-gotten by the FBI, which obtained a court order, as opposed to a search warrant, to use the snooping device.

Rigmaiden and a group of conspirators were accused of filing approximately 1,900 fraudulent tax returns to garner more than $4 million in refunds, according to court documents. The alleged crime ring used approximately 175 different IP addresses to file the returns, and an investigation led law enforcement to believe an automated filing system was used by the group, as multiple fraudulent returns were quickly filed from a single IP address.

According to an amicus brief filed last October by the ACLU and the Electronic Frontier Foundation (EFF), the stingray devices have been called “IMSI catchers” by technologists, because they capture International Mobile Subscriber Identity numbers -  unique identifiers that can help authorities determine the location of mobile phones or air cards.

The FBI maintained that it deleted third-party mobile data collected in the Rigmaiden investigation, but ACLU and EFF stand by their grievances with stingray surveillance.

“It's basically like a game of Marco Polo," Soghoian said. “The [device] says Marco, and every phone in the area says, Polo. In terms of the use of this device with the FBI, there are a lot of concerns.”

The ruling on whether the government violated Rigmaiden's rights, and if it will, subsequently, be forced to throw out information obtained by way of the stingray device, is expected in the next few weeks, Soghoian said.

In a Thursday blog post, Hanni Fakhoury, a staff attorney at EFF, wrote about Fourth Amendment concerns and the government's cloaked use of stingray technology.

“To get a warrant, the government must show there is probable cause to believe the place they want to search will have evidence of a crime,” Fakhoury wrote. “And it means the judge must ensure the warrant is ‘particular,' or limited to only allow searches into areas where the evidence is most likely to be found. The only way a judge can make these tough decisions is with the government being forthright about what it's doing."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.