EPIC v. FBI - Stingray / Cell Site Simulator

Top News

  • EPIC Prevails in "Stingray" Case Against FBI: EPIC has obtained nearly $30,000 in litigation fees as a result of a Freedom of Information Act case against the FBI concerning a new surveillance technology. EPIC's lawsuit produced the release of more than 4,000 pages of documents about a phony cell tower technique called "Stingray." The documents obtained by EPIC revealed that the FBI used the devices to monitor cell phones without a warrant, and provided Stingrays to other law enforcement agencies. Following objections by Senator Grassley, the FBI restricted Stingray use. In EPIC v. FBI, No. 12-667, the Federal District Court awarded EPIC nearly all of the attorneys' fees requested. (Feb. 20, 2015)
  • EPIC Urges Congress to Hold Hearing on FBI Database: In a letter to Senators Grassley and Leahy, EPIC has urged the Senate Judiciary Committee to investigate the FBI's "Next Generation Identification" program. NGI is the most extensive biometric database in the world and raises many privacy risks. In a recent FOIA case, EPIC v. FBI, EPIC obtained documents which show that the FBI accepted a 20% error rate for facial recognition matches. EPIC and over 30 organizations have urged Attorney General Holder to conduct a privacy assessment of NGI, but the program has since gone fully operational without the required evaluation. (Jan. 9, 2015)
  • Senators Seek Answers on Use of Cell Phone Surveillance Devices: Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Ranking Member Chuck Grassley (R-Iowa) have asked Attorney General Eric Holder and Secretary of Homeland Security Jeh Johnson several questions about the government’s use of cell site simulators or “Stingray” devices to track cell phones. According to the letter, the Senators previously asked FBI Director James Comey about the FBI’s use of cell site simulators and, after two briefings with the Senators, the FBI announced a new policy that it would obtain search warrants before using the devices, subject to certain exceptions. The new letter raises questions about the broader use of cell site simulators by other law enforcement agencies and their impact on the privacy of innocent individuals. EPIC filled a lawsuit under the Freedom of Information Act in 2012, seeking information about the FBI’s use of cell site simulators and, in particular, what legal process the agency required before deploying the technology. As a result of EPIC’s lawsuit, more than 4,000 pages of partially-redacted FBI records were released to the public. For more information, see EPIC v. FBI - Stingray / Cell Site Simulator. (Jan. 2, 2015)
  • Senator Markey Asks Justice Department About Cell Phone Tracking Program: Senator Edward J. Markey (D-MA) has sent detailed questions to Attorney General Holder about recent reports that law enforcement agencies have deployed aircraft equipped with cell tower simulators to capture mobile phone communication. The devices, known as "IMSI catchers" or "Stingray," identify and track cell phone users. Senator Markey wrote "the sweeping nature of this program and likely collection of sensitive records...raise important questions about how the Department protects the privacy of Americans" with no connection to unlawful activities. EPIC successfully sued the FBI to obtain documents about the agency's use of Stingray devices. EPIC has also filed amicus curiae briefs in the U.S. Supreme Court and the Supreme Court of New Jersey arguing that location tracking is a search under the Fourth Amendment and should only be conducted with a judicial warrant. For more information, see EPIC: Locational Privacy and EPIC v. FBI (Stingray). (Nov. 17, 2014)
  • EPIC Prevails in Case Against FBI About Next Generation Identification: A Federal Court has ruled that EPIC "substantially prevailed" in its open government lawsuit against the FBI for information about the agency's massive biometric database. The Court has also awarded attorneys fees to EPIC. EPIC's lawsuit led to the disclosure of hundreds of pages about "Next Generation Identification", a vast FBI database program with fingerprints, DNA profiles, iris scans, palm prints, voice identification profiles, and photographs, on millions of Americans suspected of no crime. The Court found that "There can be little dispute that the general public has a genuine, tangible interest in a system designed to store and manipulate significant quantities of its own biometric data, particularly given the great numbers of people from whom such data will be gathered." EPIC has recommended new privacy safeguards and greater Congressional oversight of the NGI program and other identification techniques. For more information, see EPIC: EPIC v. FBI - Next Generation ID and EPIC: Spotlight on Surveillance on FBI's Next Generation Identification Program. (Nov. 6, 2014)
  • FBI Says Biometric Database has Reached "Full Operational Capability": The FBI announced that the Next Generation Identification system, one of the largest biometric databases in the world, has reached "full operational capability." In 2013, EPIC filed a Freedom of Information Act lawsuit about the NGI program. EPIC obtained documents that revealed an acceptance of a 20% error rate in facial recognition searches. Earlier this year, EPIC joined a coalition of civil liberties groups to urge the Attorney General Eric Holder to release an updated Privacy Impact Assessment for the NGI. The NGI is tied to "Rap Back," the FBI's ongoing investigation of civilians in trusted positions. EPIC also obtained FOIA documents revealing FBI agreements with state DMVs to run facial recognition searches, linked to NGI, on DMV databases. EPIC's recent Spotlight on Surveillance concluded that NGI has "far-reaching implications for personal privacy and the risks of mass surveillance." For more information, see EPIC: EPIC v. FBI - Next Generation identification. (Sep. 15, 2014)
  • EPIC Sues FBI for Missing Privacy Reports: EPIC has filed a Freedom of Information Act lawsuit to obtain details about the Federal Bureau of Investigation's surveillance programs. The agency is required to conduct privacy impact assessments when it collects and uses personal data. However, the Bureau has failed to publicly release privacy impact assessments for many of its programs, including facial recognition, drones, and license plate readers. According to the E-Government Act and Justice Department guidelines, all privacy assessments should be made public if practicable. EPIC, joined by a coalition of organizations, recently urged the Attorney General to immediately conduct a privacy assessment of the FBI's Next Generation Identification (NGI) program. The NGI program collects massive amounts of biometric data on U.S. citizens. For more information, see EPIC: EPIC v. FBI - Privacy Assessments. (Aug. 1, 2014)
  • EPIC FOIA - FBI Says 20% Error Rate Okay for Facial Recognition: EPIC's Freedom of Information Act lawsuit has produced new documents about "Next Generation Identification" and the FBI's plans for facial recognition. According to the document obtained by EPIC, "NGI shall return an incorrect candidate a maximum of 20% of the time." That number is much greater than expected. Earlier this year, EPIC received documents from the FBI regarding the use of facial recognition and state DMV photos. The FBI has still not updated a 2008 Privacy Impact Assessment on facial recognition technology despite telling Congress last year that a new assessment was planned. For more information, see EPIC: EPIC v. FBI - Next Generation Identification and EPIC: Face Recognition. (Oct. 4, 2013)
  • EPIC FOIA Documents Shed Light on Secret Cell Phone Tracking Team at FBI: In response to EPIC's Freedom of Information Act Lawsuit, the Federal Bureau of Investigation has released more than 400 pages of documents related to cell site simulator technology (commonly referred to as "Stingray"). This most recent release to EPIC includes training and promotional materials from a specialized unit within the FBI, the "Wireless Intercept & Tracking Team" that had previously been hidden from public view. According to the documents, the FBI's Tracking Team provides technical and financial support to a quickly expanding group of federal and local law enforcement agents trained to use the controversial surveillance tools. The documents reveal that the FBI believes it can use cell site simulators without a warrant, but so far only one federal court has considered the Fourth Amendment implications of these devices, including their interception of innocent users' data. For more information, see EPIC v. FBI (Stingray). (Oct. 4, 2013)
  • Court Permits Police Use of Phony Cell Phone Tower: A federal court in Arizona has denied a motion to suppress evidence gathered by "StingRay" surveillance technology. The court in United States v. Rigmaiden held that investigators did not violate the Fourth Amendment. The court also held that the government's use of a cell site simulator or StingRay device was supported by a "mobile tracking device" warrant. EPIC recently argued that users have a reasonable expectation of privacy in the location of their mobile devices, and has also received hundreds of pages of documents related to the FBI's use of StingRay technology. For more information, see EPIC v. FBI: StingRay and EPIC: State v. Earls. (May. 10, 2013)

Background

A StingRay is a device that can triangulate the source of a cellular signal by acting "like a fake cell phone tower" and measuring the signal strength of an identified device from several locations. With StingRays and other similar "cell site simulator" technologies, Government investigators and private individuals can locate, interfere with, and even intercept communications from cell phones and other wireless devices. The Federal Bureau of Investigation ("FBI") has used such cell site simulator technology to track and locate phones and users since at least 1995. Recently, federal investigators used a similar device to track down a suspect in an electronic tax fraud ring. This case, United States v. Rigmaiden, No 08-814, 2012 WL 1038817 (D. Ariz. Mar. 28, 2012), has brought the use of this cell phone surveillance technology under public scrutiny, as the Government attempts to shield the methods from discovery. See Order, id. As the Government's own documents make clear, the use of cell site simulator technology implicates not only the privacy of the targets in federal investigations, it also affects other innocent users in the vicinity of the technology.

On July 23, 2008 Daniel David Rigmaiden was indicted on various counts of conspiracy, wire fraud, and identity theft by U.S. Attorneys in Phoenix, Arizona. United States v. Rigmaiden, No. 08-814-PHX-DGC, 2010 WL 3463723 (D. Ariz. Aug. 27, 2010). Since his indictment, Defendant Rigmaiden has submitted various discovery motions seeking information about the investigatory techniques used to locate him. See Rigmaiden, 2010 WL 1039917. The Government opposed Defendant Rigmaiden's request for disclosure of techical specifications and other details about the technology. The Government relied on the testimony of an FBI Supervisor, who described the device as a pen register/trap and trace device. Aff. Supervisory Special Agent Bradley S. Morrison at 1, United States v. Rigmaiden, No. 08-cr-00814 (D. Ariz. Oct. 27, 2011). However, Agenty Morrison also made clear that all data is deleted after an operation because the devices may tend to pick up information “from all wireless devices in the immediate area of the FBI device that subscribe to a particular provider … including those of innocent, non-target devices.” Id. at 3.

In an attempt to avoid disclosure of documents related to this technology, the Government was willing to concede that the "actions it took during the air card locating mission were sufficiently intrusive to constitute a search under the Fourth Amendment if Defendant has a reasonable expectation of privacy." Rigmaiden, 2010 WL 1039917. However, the Government is not willing to concede that Defendant did have a reasonable expectation of privacy in the location of his laptop aircard (in his apartment). Id. As a result of the Government's unwillingness to disclose documents related to this invasive cell site simulator technology that impacts the privacy of innocent communications, EPIC filed a Freedom of Information Act ("FOIA") request in February 2012.

EPIC's Freedom of Information Act Request and Subsequent Lawsuit

In February 2012, EPIC submitted a FOIA request to FBI for:

  • All documents concerning technical specifications of the StingRay device or other cell site simulator technologies;
  • All documents concerning procedural requirements or guidelines for the use of StingRay device or other cell site simulator technologies (e.g. configuration, data retention, data deletion);
  • All contracts and statements of work that relate to StingRay device or other cell site simulator technologies;
  • All memoranda regarding the legal basis for the use of StingRay device or other cell site simulator technologies; and
  • All Privacy Impact Assessments or Reports concerning the use or capabilities of StingRay device or other cell site simulator technologies.

The FBI sent a letter confirming the receipt of EPIC's FOIA request on February 21, 2012. THe FBI Records Management Division assigned a FOIPA Request No: 1182490-000.

Legal Documents

EPIC v. FBI

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.

#Privacy

EPIC Bookstore

Machines of Loving Grace

Machines of Loving Grace by John Markoff