Who Has A Cell-Site Simulator?
As of November 2018, the ACLU mapped 75 agencies in 27 states and the District of Columbia that have acquired CSSs. Vocativ offers comparative graphs of CSS acquisition based on the type of law enforcement agency: city, local, county, state, and federal. But since many agencies continue to hide their purchase and use of CSSs, these maps likely under-represent actual law enforcement use of CSSs nationwide. However,, police departments in Los Angeles, Oakland, Detroit, Miami, Baltimore, San Bernardino, and Annapolis are known to have used CSSs for routine investigations.
Through tenacious reporting by newspapers big and small, and several investigations by civil liberties organizations, the following federal law enforcement agencies have been identified as using CSSs: the U.S. Department of Homeland Security, FBI, Drug Enforcement Administration, Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), NSA, Internal Revenue Service, U.S. Immigration and Customs Enforcement, Secret Service, U.S. Marshals Service, U.S. Special Operations Command, National Guard, Army, Marine Corps, and Navy.
What the Cops Have Done to Hide CSS Use
Cell-site simulators, and their capabilities, are tightly-held secrets among law enforcement agencies in the United States. But as recently as 2016, The Intercept obtained and published several materials from an instruction manual for a Harris Corp. software product known as “Gemini.” This software is the interface for many of Harris Corp.’s CSS models, including the Stingray. The documents also reference the company’s Hailstorm, ArrowHead, AmberJack and KingFish device models.
For years, law enforcement agencies used CSSs with impunity, lacking any meaningful oversight. In 2006, the Los Angeles Police Department obtained a grant from the Department of Homeland Security to purchase a CSS for “regional terrorism investigations." While law enforcement will often claim they need this technology for terrorism investigations and to solve serious crimes, the fact is police often use it to investigate run-of-the-mill offenses. Baltimore police used a CSS to locate a man who took his wife’s phone during an argument. Annapolis police used a CSS to find a suspect who allegedly stole 15 chicken wings and three sub sandwiches.
But in April 2015, The Guardian revealed that the FBI had covered up its use of CSSs using a series of non-disclosure agreements (NDAs), in New York, Maryland, and Florida. The NDAs required law enforcement agencies to notify the FBI about any requests for, or intent to use publicly, information relating to CSSs and recommended that cases be dismissed rather than risking public disclosure of CSS technology. To date, there are few examples of CSS evidence that have been produced to the defense in discovery, but this FBI CSS affidavit is an example of what little information has been disclosed to the courts about how a CSS works.
Congressional Inquiry and Policy Changes
Then in September 2015, just weeks before having to face public outcry and Congressional inquiry into its CSS use, the Department of Justice announced a change in its CSS policy that required a search warrant be obtained for CSS use in domestic criminal investigations. This new policy was also meant to apply by extension whenever the DOJ loaned the technology out to other State or local law enforcement agencies. The Internal Revenue Service announced that it would follow the same policy, and the Department of Homeland Security (including CBP, ICE, and the Secret Service) soon followed suit.
As we wrote in 2015, these new policies make the following changes:
- Federal law enforcement agents are required to obtain a search warrant supported by probable cause prior to using a CSS in a domestic criminal investigation.
- Agents will only be allowed to use CSSs in “pen register” mode, meaning the devices will collect only the basic location of the phone and the numbers of incoming and outgoing calls and texts. Agents are not allowed to collect the content of communications—like your emails or text messages—even if the CSS is capable of such collection.
- Agencies must delete data on users not targeted in either 24 hours or 30 days, depending on the context.
Unfortunately, these policies are self-imposed, subject to change at the whim of the federal administration, and carry no legal penalties for non-compliance. Nor do not they apply to local law enforcement agencies that obtain their own CSSs, or to non-criminal investigations; meaning, if the FBI wishes to use CSSs for civil or “national security” purposes, it need not obtain a probable cause warrant under the new DOJ policy. There is no established process for overseeing whether law enforcement agencies comply with these new federal policies, nor any enforcement mechanisms in place to stop and punish non-compliance. Following the Congressional hearings, the House Oversight Committee released a stern report calling on Congress to pass legislation requiring a warrant for CSS use.
Several states have passed more privacy-protective laws requiring a warrant for CSS use, including: California, Minnesota, Virginia, Utah and Washington. And for a list of states that have considered or adopted some location privacy protections, see the ACLU’s chart on the status of state privacy legislation as of October 2015.
Some states have also passed additional transparency measures. California law requires a law enforcement agency that uses CSS to publicly disclose its privacy and usage policy, which must include the following elements:
- the authorized purposes for using a CSS
- the job title or other designation of the employees who are authorized to use a CSS and the training requirements
- a description of how the agency will monitor its CSS use to ensure the accuracy of the information collected and compliance with the law
- any agreements for sharing of the equipment or information collected by a CSS
- the purpose of, process for, and restrictions on, the sharing of information collected by a CSS
- The retention period for information collected by a CSS and the process for determining when to purge that information