
Federal judge puts limits on FBI use of “stingray” cell site simulators - declan
https://plus.google.com/+DeclanMcCullagh/posts/3gc6o6B3Pex
======
Sniffnoy
The actual requirements start on page 8. Here's my summary:

> First, law enforcement officers must make reasonable efforts to minimize the
> capture of signals emitted from cell phones used by people other than the
> target of the investigation. [...] Moreover, law enforcement officers must
> not use a cell-site simulator when, because of the location and time, an
> inordinate number of innocent third parties’ information will be collected.

> Second, law enforcement officers must immediately destroy all data other
> than the data identifying the cell phone used by the target. The destruction
> must occur within forty-eight hours after the data is captured. [...]
> Additionally, the destruction must be evidenced by a verification provided
> to the Court with the return of the warrant.

> Third, law enforcement officers are prohibited from using any data acquired
> beyond that necessary to determine the cell phone information of the target.

------
scintill76
"Cell site simulators" Somehow I don't think they'd call it that if I
"simulated a law enforcement officer", presented a "simulated identification
document", or enticed someone to pay me for a "simulated service", opening
mail addressed to my "simulated persona" but not to me, etc. These devices are
fraudulently impersonating users' cell service carriers. They are fake cell
towers.

~~~
thaumasiotes
They likely operate with permission from the cell service carriers, which
would make a big difference legally.

~~~
TazeTSchnitzel
Do they? Why would the Govt. tell the carriers about it?

~~~
toomuchtodo
Because without carrier permission, they're violating Federal laws
administered by the FCC.

~~~
scintill76
Without carrier permission, they might be violating some type of interference
regulations, but I would also think the fake cell device itself and maybe its
operator would need FCC licenses regardless of carrier permission. As an Ars
Technica post I linked in another comment shows, the cell sites are probably
being used outside of the constraints of their FCC licenses.

------
dogma1138
This is the actual link [http://law.justia.com/cases/federal/district-
courts/illinois...](http://law.justia.com/cases/federal/district-
courts/illinois/ilndce/3:2015mc00021/317964/1/)

~~~
declan
Well, yes, but HN often links to blog posts and news articles about a court
opinion rather than the opinion itself.

A summary (that links to the opinion) tends to be more useful to non-
specialists than a document beginning with: "United States of America v. In
the Matter of the Application of the United States, No. 3:2015mc00021 -
Document 1 (N.D. Ill. 2015)"

~~~
privacy101
the blog post does not even mention warrants but the justia link does... I
would be curious to know if a warrant is required for all people located in
the area where such a device is used (which of course should be impossible).

------
omginternets
Silly thought experiment:

Police dogs are known for being trained to deliver false positives, i.e.
saying "drugs" when the are no drugs. Couldn't STINGRAY et al be used to the
same effect? I.e.: "the suspect showed a pattern predictive of child
pornography" being used as a pretext for executing a warrant?

Where is this wrong? Is there any evidence in favor of this interpretation?

------
leeoniya
It says the destruction of collected info not pertaining to the target must
occur within 48 hours but prior to this it says they frequently need to diff
multiple sessions possibly at different locations to pinpoint the target and
eliminate others.

Does this mean they cannot run sessions separated by > 48 hours, since no diff
would be possible afterwards?

~~~
jacquesm
No, it means they're going to do the sessions anyway, keep the data, do the
diff whenever they feel like it and then phone in an anonymous call with the
evidence, _then_ destroy the collected information.

~~~
leeoniya
[https://en.wikipedia.org/wiki/Parallel_construction](https://en.wikipedia.org/wiki/Parallel_construction)
FTW

i guess with the W = warrant

------
distantsounds
I wish I were surprised these provisions weren't originally penned when
drafting laws related to cell site simulators, but my faith in the US
government actually looking out for the privacy of its citizens has been less
than stellar.

~~~
exelius
Law in the US tends to come only after abuses have happened, especially with
regards to government powers. It was a brilliant marketing strategy on the
part of the companies providing the cell tower simulators to claim they were
covered under "national security rules" to avoid giving secrets to terrorists
-- even though use of such cell site simulators by police/military has been
commonplace across the world since the 90s. Especially in the types of
totalitarian regimes that often push people into extreme ideologies. It
prevented this from being much of a story for a long time, and by shielding
the source of information in court, it allowed them to sell a lot of these
devices before the legal system caught up.

~~~
oxide
this is a great point.

I often think of the current research chemical market in regards to this: a
poorly understood drug like MDPV makes the rounds on the internet, someone
decides to take the risks for the rewards in the gray-area and makes it widely
available, someone buys it at a gas station and ends up in the hospital after
doing something dumb, a panic ends up getting it banned, and a short while
later the cycle restarts with a new drug that is still in the gray-area of the
law.

------
nickysielicki
Fuck the FCC. We need open source radios.

~~~
arca_vorago
I hate that you were downvoted for the unfortunately negative truth. Open
source firmware, with radios seperate from cpus (and seperate DMA), is exactly
what we need for security. All these proprietary peices, half from foreign
countries, are more a threat to "national security" and "cybersecurity" than
just about anything else. They want to pass CISA etc because of cybersecurity
but their actions show levels of incompetence with few bounds.

When is the government going to embrace open source as a basis for security of
users?

