Public Record Request Reveals Stingray Used 303 Times Without Legal Reason

Digital privacy is a concept that is being contested with government monitoring. With section 215 of the Patriot act set for renewal in America, with reviews and discussions pushing the talks to the last possible minute, the concept of acquiring data illegally is almost considered taboo, or at least admitting to it is.

I’ve previously written an article about Stingrays, no not the creatures that swim around the ocean, but the device used by the Government to mimic a cell tower and intercept mobile communication data. The topic of Stingrays has once again been raised with a Public Record Request in San Bernardino County (East of Los Angeles County) has revealed that since acquiring a stingray in 2012, in the period between January 1st, 2014 and May 7th, 2015, the stingray has been deployed 303 times.

This would not be a problem normally, I mean they are just using a device to help fight crime and do their duty, right? With the public record request, Ars Technica was able to get an example of a template for a “pen register and trap and trace order” used to deploy the stingray.  This piece of paperwork was typically used to collect metadata in almost real-time from a telephone company about the activity on a landline, obviously before the mass adoption of mobile phones by the public. The order itself, however, does not mention in any way the Stingray device.

The public awareness of Stingrays has rocketed in recent years, given that previously a Non-Disclosure Agreement (an agreement between the creators of the Stingray and the companies that use them to prevent the spread of information regarding the devices), has caused cases to be dropped, rather than breach the NDA with both the FBI and the Harris Corporation (the creators of the Stingray Device). In April 2015, a women accused of being a getaway driver changed her guilty plea and refused to testify against her three co-defendants after a police detective was challenged during a deposition and they refused to provide further information. The case was then dropped, this is not the first time that legal action has been muddied by the use of stingrays.

In an email exchange between Sarasota Police Department and North Port Police Department, the departments hid the use of Stingrays from judges and defendants at the request of the US Marshal Service (who the devices were on loan from at the time). The advice given to the departments from the U.S. Marshalls Task Force was to state that they “received information from a confidential source regarding the location of the suspect”. This means they were advised to lie regarding how information was gathered in order to hide the use of Stingrays, possibly in accordance with the NDA surrounding the device.

The non-disclosure agreement was revealed by Erie County, New York, and has been seen as stating that the FBI would rather drop a legal case rather than disclose information regarding the Stingray devices. This is however in contrast to a statement the FBI released stating that the NDA should not stop legal action based on the fact that a Stingray was used in the case.

Stingrays have been controversial devices since their public appearance, and with the court cases dismissed due to their use and most recently the awareness that the devices are being deployed with little to no legal oversight, they will continue to be a highly contested device until either legislation is implemented to protect the public from what is essentially the same meta-data mass collection that the national security agencies are currently being sued and debating.

What are your thoughts? Should devices like these be allowed to help fight crime, do they require more legal oversight or has their development been overshadowed with too many legal gray areas and cloak and dagger deployments?

Thank you Ars Technica for the information.

Image courtesy of Infosec Institue.