Cops Use This to Snoop on Your Phone

Daniel Rigmaiden was arrested in August 2008 for using the identities of deceased individuals and automated software to commit tax fraud. But it was in jail working on his legal defense where he found a document containing a word that would change his life: StingRay.

Rigmaiden knew the reason he was caught by federal agents was a Verizon air card he was using to connect to the Internet while disguising his identity, but until that moment he didn’t know how the card had given him away. His discovery was the first time the StingRay—a device used by law enforcement to simulate a cell phone tower and, by extension, trick your phone or wireless card into turning over much of its data—would reach the attention of the wider public.

Much has been said in the last few years about the “militarization of Main Street,” or how military gear developed for warfare has fallen into the hands of local law enforcement. But most of that attention has been focused on the big military weapons, bearcats and assault rifles, and not on surveillance devices that operate in secret. These surveillance devices are often used without real oversight or training and, in the end, they can be more powerful over society as a whole than a big gun.

For a StingRay to work, it must collect information from many surrounding cell phones in order to find its target. To use it, law enforcement must first get a warrant from a judge, but because of the secrecy surrounding the devices, most judges have no clue what they are allowing police to do. Police have signed non-disclosure agreements from the StingRay’s creators, the Harris Corporation, preventing them from discussing how the device works with judges. Often the device is called a “confidential source,” a common term for a human informant, misleading both judges and the public. Many judges don’t understand that hundreds or even thousands of innocent people are also being surveilled in order to find a needle in a haystack. Ordinary citizens not suspected of a crime are protected from warrantless searches by the U.S. Constitution’s fourth amendment. But judges are granting warrants anyway, based on incomplete information.

These digital surveillance tools get even weirder when you consider the use of malware customized for law enforcement. Amid the massive data breaches of the last year—buried a few months after the OPM hack and about a week before the headline-grabbing Ashley Madison hack—spyware contractor Hacking Team’s internal data was released. Hacking Team creates a form of malware that can control your computer, turn on its camera or microphone, log your keystrokes, and even send or receive files. It is a massively powerful spy tool that can arrive with almost any Internet traffic. Security researcher Morgan Marquis-Boire even proved in 2014 that malware from companies like Hacking Team can infect your computer via a YouTube video of cats (YouTube addressed this problem by switching to an encrypted HTTPS connection for their users).

Hacking Team has sold this software to some of the worst regimes in the world. Their customers have used it to spy on activists, dissidents and even journalists. Reporters Without Borders called the company “an enemy of the Internet” and in 2011, then-Secretary of State Hillary Clinton warned private surveillance companies against doing business with repressive regimes. Here is the rub though: among Hacking Team’s internal data, released in that 400 GB hack last year, were internal communications and invoices showing that one of their biggest customers was law enforcement inside the United States.

Democratic society requires trustworthy law enforcement. Judges and law makers need to understand the weapons being used and make fair determinations on how to protect average citizens and civil liberties. They can’t do it if they don’t understand how these technologies work or how they are being used.

We need transparency in the tools of modern law enforcement.

Daniel Rigmaiden left prison and now helps write laws that protect Americans from warrantless searches from devices like the StingRay. He has contributed to surveillance laws in many states. Meanwhile, law enforcement marches on collecting data and using new invasive tools, all too often in the shadows. It is time to bring those tools into the light of day so we can collectively decide if this is the future we want.