It may be true that “Nobody is listening to your telephone calls,” as President Obama declared in the wake of revelations of the National Security Agency’s mass surveillance programs, but the fact remains that the devices we use are constantly leaking private information – our location, who we talk to, the duration of our calls, Wi-Fi networks we have connected to in the past, unique identification numbers of our mobile devices, and so on. Criminal hackers, corporate actors and governments around the world are ecstatic about the weak standards, backdoors, and exploits that they can use to vacuum up data about you, while your Fourth Amendment right to be free from warrantless searches and seizures is shoved as far as possible into an unregarded corner.
Last week, the Wall Street Journal revealed the existence of yet another dragnet surveillance program – this time, it’s run by the U.S. Marshals:
The Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations.
The U.S. Marshals Service program, which became fully functional around 2007, operates Cessna aircraft from at least five metropolitan-area airports, with a flying range covering most of the U.S. population, according to people familiar with the program. Planes are equipped with devices—some known as “dirtboxes” to law-enforcement officials because of the initials of the Boeing Co. unit that produces them—which mimic cell towers of large telecommunications firms and trick cellphones into reporting their unique registration information.
This throws light on what two Cessnas were doing circling over Boston after the Marathon bombings.
Had this operation been carried out by a non-government entity, it would be shut down immediately and the people responsible would likely be facing charges under the Computer Fraud and Abuse Act. Many security researchers describe this sort of exploit as a Man-in-the-middle attack that threatens the right to secure and private communication. What makes matters worse is that it appears that, without the public knowing about it, equipment like this has been in use for decades.
These devices, which are also known as “IMSI catchers”, “cell site simulators”, and “Stingrays” (manufactured by the Harris Corporation), have been used by the FBI since at least 1995. More troubling is the fact that the technology – which has never been challenged in a court of law – appears to be increasingly used by state and local police departments. Police typically borrow the device from a government agency such as the U.S. Marshals in order to track down suspects. They then cover up use of this technology in order to avoid a challenge in court, sometimes through nondisclosure agreements with the FCC. The administration has been so eager to prevent the public from learning more about its uses of Stingrays that, in a recent case in Florida, it brought in U.S. marshals to thwart a court order allowing the ACLU access to documents relating to a police department’s use of Stingrays
This surveillance exploits a troubling part of the Supreme Court’s Fourth Amendment jurisprudence. In Florida v. Riley (1989), flying a helicopter at a height of 400 feet over somebody’s property was ruled not a search under the Fourth Amendment. The Court held that the frequency of such flights is an important factor, in that the more regularly it occurs, the less it constitutes a search under the Fourth Amendment. Bizarrely, this legal theory could actually justify the U.S. Marshals’ dragnet surveillance program if the surveillance is a regular occurrence. Sources contacted by the Wall Street Journal did not discuss “the frequency or duration of [the U.S. Marshals’ surveillance] flights, but said they take place on a regular basis.” On the other hand, the helicopter in this case only took photos of what was visible to the naked eye, so it may be distinguished from the U.S. Marshals’ program. Further supporting the legality of this surveillance is that the data collected is “only” metadata, and therefore falls under Smith v. Maryland (1979), the same case underpinning the NSA’s mass interception of phone metadata. Complicating the picture further, the Supreme Court’s ruling in Kyllo v. United States (2001), though dealing with surveillance from the ground, did require a warrant for external surveillance of an individual house with a thermal imager, partly on the ground that the imager was not a device “commonly available to the public.” In that dirtboxes are not commonly available to the public, this might provide support for the notion that the U.S. Marshals should get a warrant for this kind of surveillance.
Our sister organization, the Rhode Island Coalition to Defend Human and Civil Rights, held a protest this morning outside of the U.S. Marshals’ district headquarters in Providence, where they delivered a letter demanding more information about the dragnet surveillance program. I bet the U.S. Marshals weren’t expecting any backlash for spying on us like this; contact us if you’d like to help set up protests more broadly!