Stingray Bites Man. Will the Fourth Amendment Bite Back? (Location Tracking)

Published On October 20, 2011 | By Jennifer Granick | Electronic Communications Privacy Act (ECPA), Fourth Amendment, Privacy

On October 28, the Department of Justice will argue to a District Court Judge in Arizona that neither the public nor criminal defendants should learn about a special investigative tool it uses to track individuals’ location via their cellphones. According to the Wall Street Journal, law enforcement and the military are regularly using such devices, called “Stingrays”. In the Arizona case, United States v. Rigmaiden, investigators used the technology to assist them in locating the suspect. That defendant is now asking the court to order the government to turn over information about how Stingray functions and how it was used in his arrest so that he can litigate whether use of the device violated his Fourth Amendment rights.

The case could have serious implications, especially as the Supreme Court is set to hear argument next month in U.S. v. Jones, a Fourth Amendment challenge to warrantless GPS location tracking. Most courts to consider the issue have held that the government needs a probable cause warrant to perform real time tracking via cell site location data from a service provider. See In the Matter of the Application of the United States, 534 F. Supp. 2d 585, n. 40 (W.D. Pa. 2008), vacated on other grounds, 620 F.3d 304 (3d Cir. 2010).

However, the government says it need only meet the lower pen register/trap and trace statute standard of “specific and articulable facts” to use Stingray. Further, in Jones, the Government asserts that it needs nothing whatsoever to put a GPS device on your car. The fact that Stingray technology exists and is widely (but secretly) in use is likely to be of great interest to the Supreme Court when it considers the invasiveness of location tracking capabilities.

The Stingray device tracks an individual’s location by tricking his or her handset into connecting to Stingray as if it were a cellphone tower. It then sends signals to that handset and measures strength and delay time of responses, thereby enabling investigators to locate the handset so long as its turned on. While initially available only to law enforcement at great expense, stingray-type devices, known in the hacker world as IMSI catchers, are becoming increasingly affordable. At the 2010 Black Hat conference in Las Vegas, researcher Chris Paget demonstrated a fake GSM base station she created for less than two thousand dollars. Like Stingray, the device tricks handsets into connecting to it. Paget’s device could also make the phone drop voice encryption enabling a man-in-the-middle eavesdropping attack. Which calls into question – what can the oh-so-much-more-expensive Stingray do?

In investigations where such devices were used, the government is taking affirmative steps to avoid revealing that information to both judges and defendants. The FBI told the Wall Street Journal that it regularly deletes all information obtained from using Stingray gear after the location mission is complete. In the Rigmaiden case, the government objected to discovery about the device and its use, and is now asking for a closed door session with the judge to keep the capabilities of the device secret. If there’s no expectation of privacy against the government for this use, will it also be lawful for private parties, including stalkers, to use something like this to figure out when you are home?

Stay tuned for the latest saga in location tracking and cell phone privacy, or for more information now, check out another one of my recent posts on location tracking here.

p5rn7vb

Comments