How the Government intercepts your text messages, and what you can do to protect yourself
Government agencies all around the country are purchasing devices that allow them to intercept your calls, text messages, and other cell phone data– all without you knowing. The device is called a Stingray. It acts as a cell phone case station (the equipment that is at the bottom of a cell phone tower). It pretends to be part of the cell phone network so that your cell phone will connect to it instead of a tower owned by your cell provider (such as AT&T, Verizon, Sprint, etc.). Once your phone connects to the Stingray device, the device will intercept all traffic you send or receive from your phone. This can include phone calls, text messages, emails, web browsing, and more. Additionally, as you must be close to a Stingray device to connect to it, the device will know your location.
The term Stingray is actually the brand name of one of these interception devices, but has become the common way to refer to the entire category of devices, much like Kleenex has become a way to refer to all facial tissue. Agencies that use these devices are very secretive about their operation. For example, here in Tucson, Arizona, there is an ongoing court battle regarding the release of documents dealing with the Tucson Police Department’s use of the device: http://tucson.com/news/blogs/police-beat/tucson-fights-release-of-cellphone-tracking-efforts/article_455fba00-cea9-5faa-9887-570f61546ff5.html
This kind of fight is going on all over the country. While the device has been in existence for years, we are just starting to see mainstream coverage of its use. Slowly, the public is learning more about how these devices work and how law enforcement agencies are using them.
How does the Stingray work?
The Stingray uses the 2G phone network. 2G is the older, slower, network used in earlier days of cell phones before 3G and 4G service. Some parts of the country still only have 2G network available to users. The 2G network does not require any authentication. That means your phone does not require that the Stingray device authenticate itself as being part of your cell provider’s network.
A Stingray device can block the 3G and 4G signals in an area, forcing your phone down to a 2G connection and causing it to connect to the device. Alternatively, even if the device doesn’t block the 3G and 4G signals, the strength of the signal from the Stingray device (due to it being in close proximity to the phone), will be much higher than the closest 3G or 4G tower, so your phone will connect to the stronger signal from the Stingray. Once connected, the Stingray can record the phone’s International Mobile Subscriber Identity (IMSI), which is like the phone’s serial number. The device can also record all of the data transmitted by that phone over the network while it remains connected to the Stingray device.
How do the police use Stingray devices?
There are two primary reasons for using a Stingray device. The first is to try to track down the location of a specific cell phone. The second is to collect the data and phone calls that the cell phone is sending over the network.
To track a phone, the police need the phone’s IMSI. They can then put their Stingray device in a van and drive around until that IMSI number tries to connect to the Stingray device. The Stringray will then measure the signal strength and give an estimate as to the location of the phone. The police can then move their van around that location to try to pinpoint a specific location of the phone. This method does not require intercepting any network traffic from the suspect device.
In the second use, the police can put their stingray device outside a home, office, or event, to capture traffic sent from the phones nearby. Once your phone connects to a Stingray device, nearly all traffic you send or receive on your phone will be intercepted. The police will be able to listen to your calls, see your text messages, and observe your web traffic. All of this will occur without you knowing it.
What can you do?
Unfortunately, there is little you can do to stop your traffic from being intercepted by a Stingray device. If you normally have a 3G or 4G connection and notice that your connection has dropped to 2G, you may be connected to such a device, or you may just have a poor connection. There is no way for you, as the user, to know for sure. Even if your phone is showing a 3G or 4G connection, you could still be connected to a Stingray device, as some of the devices will trick your phone into reporting a 3G or 4G connection.
There is one phone designed to attempt to detect Stingray devices, but it costs more than $3,000: http://www.wired.com/2014/09/cryptophone-firewall-identifies-rogue-cell-towers/
There is hope, however: AT&T announced that they will be discontinuing their 2G network in 2017. Other providers may follow suit. As 3G and 4G networks require authentication, a Stingray device cannot fake a 3G or 4G connection to intercept phone calls and text messages (they can, however, still track location). As the 2G networks disappear, carriers can shut down the 2G connection on their phones so their phones will only connect to 3G and 4G networks.
Is it legal?
For now, we still live in a world where the police are highly secretive about their use of this spy equipment. The good news is that police are required to obtain Title 3 wiretap warrants to use Stringray devices on US Citizens in the United States. If police fail to obtain a warrant, the data they collect may not be admissible in court. That may not be of much comfort to the average American who may be surveilled by a Stingray, but never charged with a criminal offense. Additionally, even if there is a warrant to collect data on one person in the room, the device will be collecting data on all of the other phones in the area that connect.
There are reported cases where police are disclosing data that appears to come from a Stingray device, without saying that is the method they used to obtain the data. As police are extremely secretive about the use of this device, you may have Stingray collected data in your case without knowing that is how the police obtained it. It is crucial for lawyers defending cases with mobile data to thoroughly question law enforcement about the methods used to obtain your client’s private data.
As more and more law enforcement agencies purchase these devices, these cases will become more common. Be on the lookout for Stingray collected data in your cases.