STINGRAY STUNG? ANALYZING CELLPHONES AS EFFECTS PROVIDES FOURTH AMENDMENT TREATMENT.

AuthorButler, Roya

TABLE OF CONTENTS I. INTRODUCTION 733 II. STINGRAY OPERATION AND TECHNOLOGY 739 III. BACKGROUND FOURTH AMENDMENT LAW 742 A. Property-based Approach 743 B. Privacy-based Approach 745 C. Third-Party Doctrine 747 IV. STINGRAY INTERFERENCE WITH CELLPHONES 750 V. WARRANT REQUIREMENT FOR CELLPHONES AS EFFECTS 752 A. Cellphones as Effects 752 B. Warrant Requirement 756 VI. CONCLUSION 758 I. INTRODUCTION

The Fourth Amendment protects the rights of the "people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures." (1) It further provides that "no Warrants shall issue, but upon probable cause... and particularly describing the place to be searched, and the persons or things to be seized." (2) This judicial safeguard was designed to protect against the government's use of general warrants to conduct broad and indiscriminate searches with impunity. (3) In this way, the Framers "sought to protect Americans in their beliefs, their thoughts, their emotions, and their sensations." (4) The Framers restricted the government's power to search and seize to prevent the government from accessing information in a person's home, papers, and effects that provide undue insight into a citizen's beliefs. (5) A magistrate may issue a warrant if the government can show probable cause for its allegations. (6) The warrant must "particularly describe the things to be seized" so that "nothing is left to the discretion of the officer executing the warrant." (7) This particularity requirement ensures that the search will be narrowly tailored and "will not take on the character of the wide-ranging exploratory searches the Framers intended to prohibit." (8) The Supreme Court has held that reasonableness is the touchstone of any Fourth Amendment analysis. (9) A search's reasonableness "is judged by balancing its intrusion on the individual's Fourth Amendment interests against its promotion of legitimate governmental interests." (10)

Stingrays, manufactured by Harris Corporation, have become the generic name for cell-site simulators ("CSS"), and are also referred to as international mobile subscriber identity-catchers ("IMSI-catchers"). (11) These devices can passively collect cellular transmissions and decode the signal to locate and track the IMSI, or actively exploit cellphones to connect and transmit GPS and other sensitive data. (12) Stingrays can be handheld by an officer or mounted in vehicles, airplanes, helicopters, or drones. (13) Law enforcement officers use Stingrays to locate the mobile devices of target suspects. (14) They can then gather the global positioning system ("GPS") information to identify suspects, or locate them through triangulation. (15) Stingrays masquerade as genuine cell towers, (16) tricking mobile devices in their vicinity into transmitting information including location data, text, and voice communications to them. (17) Stingrays collect this data indiscriminately, not only from the suspect but from all cellphones in the area. (18)

Stingrays were originally designed for military warfare, to infiltrate enemies' communications systems, (19) and are currently owned by seventy-five agencies in twenty-seven states and the District of Columbia. (20) Stingray's can employ Man-in-the-Middle ("MITM") attacks to listen to or record calls, send messages as if they are coming from the target phone, download contacts and photos, or inject malware into targeted phones. (21) Since 2006, the government has employed Stingrays in the course of many criminal investigations. (22) Federal agencies, including the Federal Bureau of Investigation ("FBI"), the Drug Enforcement Administration ("DEA"), the National Security Administration ("NSA"), the Department of Homeland Security ("DHS"), and the U.S. Immigration and Customs Enforcement ("ICE") are known to be using these devices. (23)

In one case, a woman alerted law enforcement that she was assaulted and that her purse and phone had been stolen. (24) Less than twenty-four hours later, without a warrant, the Tallahassee, Florida police obtained real-time cellphone location information ("CSLI") (25) from her service provider. (26) The CSLI provided the officers with a radius in which to search for the perpetrator and the cellphone's IMSI, which allowed the police to accurately track the phone. (27) Law enforcement used the hand-held Stingray to locate the suspect within an apartment complex, and "determine[d], with relative certainty... the particular area of the apartment that the [cellphone] was emanating from." (28) The Stingray seized data not only from the targeted IMSI, however, but also from every cellphone in the radius, including specific location coordinates from inside people's homes. (29)

Is the search reasonable under the Fourth Amendment if the Stingray indiscriminately sweeps all cellphone data in its radius? The Founders rejected general warrants, which allowed the government to search without limitation or specific description of the object of the search. (30) To protect against authorizations of such far reaching searches, warrants required particularity to be valid under the Fourth Amendment. (31) Stingrays conduct broad and indiscriminate searches with free reign, rather than specific searches of a targeted device, and in this way function more like a general warrant. (32) Although a phone thief may have no reasonable expectation of privacy in the stolen phone, (33) this same surveillance intrudes upon even lawfully owned phones in the area with impunity. Establishing probable cause to allow a Stingray to interfere with surrounding phones in the area would be a difficult proposition. The warrant could not presumably describe with particularity the phones in the targeted area because Stingray operations are conducted in real-time.

Although some agencies claim to use Stingrays only for IMSI acquisition, there is evidence that they can intercept data, "divert calls and text messages, edit messages, and even spoof the identity of a caller in text messages and calls." (34) For example, the Department of Justice's Electronic Surveillance Manual leaves open the possibility of mass data collection so that law enforcement agents using Stingrays could collect "the cellular telephone number (MIN), the call's incoming or outgoing status, the telephone number dialed, the cellular telephone's [electronic serial number], the date, time, and duration of the call, and the cell-site number/sector (location of the cellular telephone when the call was connected)," and the contents of the communication. (35) Some courts, noting the element of involuntariness, have ruled that the use of CSS requires a warrant. (36) Although the Department of Justice's internal policy prohibits the use of CSS to collect information other than GPS data, this policy does not bind state and local governments. (37) Nevertheless, states are trending towards legislation banning the use of CSS without a warrant. (38) For example, New York has proposed legislation to ban warrantless electronic data collection; California, Utah, Virginia, and Washington have passed similar legislation. (39)

This Note discusses the use of Stingrays and examines the original meaning of effects under the Fourth Amendment and its application to their use. Part II provides a brief description and explanation of Stingray CSS technology and operation. Part III analyzes the development of Fourth Amendment jurisprudence, including the Supreme Court's recent decision in Carpenter. In Part IV, this Note examines the Fourth Amendment analysis for Stingray interference with cellphone signals and how that compares to precedent involving modern technology. Finally, Part V demonstrates that the original meaning of Fourth Amendment effects protects cellphones.

  1. STINGRAY OPERATION AND TECHNOLOGY

    By default, phones connect to the strongest signal tower. (40) A Stingray exploits this function with a MITM attack using its strong signal transmission as a means to surreptitiously force temporary connections with in-range cellular devices, exchanging data as the phone would with a cellphone tower. (41) Once the phone connects to the Stingray, the operator can locate the phone's physical location. (42) The international mobile subscriber identity ("IMSI") reveals the user's country code, user account, network code, and telephone number, and allows the phone to communicate with the cellular network. (43) Once the Stingray obtains the IMSI of the cellphone, "it releases the cellphone so that it can connect to a legitimate cell tower, allowing data and voice calls to go through." (44) This "catch-and-release" downgrade attack employed by Stingrays causes interference with the cellphone's signal, which disrupts the phone's calling and texting functions. (45)

    Downgrade attacks use network vulnerabilities to force a security downgrade. (46) More specifically, a downgrade attack uses a vulnerability that causes phones to switch from a high-quality mode of operation (e.g., 5G) to a lower quality and less secure mode of operation (e.g., 2G), typically provided by the cellular providers for older phone models. (47) By jamming more secure 5G, 4G LTE, or 3G network channels, Stingrays force cellphones to switch to a less secure, unencrypted 2G channel. (48) In other words, these attacks lower security measures to an older and less secure communications protocol. (49) To be sure, 5G was developed with more comprehensive encryption to protect against these fake base station attacks, but, inevitably, the security protections fell short because cellphones register unencrypted identifying information when connecting to cell towers. (50) Attackers can use this information to identify and locate the targeted device. To protect against this attack, carriers must build their systems to launch security protections and encryption upon connection. (51) Only nine out of thirty carriers in Europe, Asia, and North...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT