EPIC v. FBI - Stingray / Cell Site Simulator
- EPIC Urges Senate to Ask Comey About FBI Response to Russia Attack: In advance of the hearing with former FBI Director James Comey, EPIC has sent a statement to the Senate Intelligence Committee. EPIC urged the Committee to ask Comey whether FBI Victim Notification procedures were followed in notifying the DNC and the RNC once the FBI became aware of the Russian cyberattack on US political organizations. In Freedom of Information Act lawsuit EPIC v. FBI, EPIC has obtained the FBI notification procedures that would have applied to the Russian cyberattacks during the 2016 Presidential election. The documents obtained by EPIC establish that the FBI Cyber Division is to "notify and disseminate meaningful information to victims and the CND [Computer Network Defense] community.” The obvious question at this point is whether the FBI followed the required procedures for Victim Notification once the Bureau became aware of this attack. (Jun. 7, 2017)
- Leaked Document Details Russian Interference Efforts in 2016 Election: A National Security Agency document leaked to The Intercept details Russian attempts to interfere in the 2016 Presidential Election via cyber attacks. The document concludes that the attacks were carried out by Russian military intelligence and involved spear-phishing emails and a cyber attack on a private manufacturer of devices that maintain and verify the voter rolls. EPIC Is currently litigating EPIC v. ODNI, EPIC v. FBI, and EPIC v. IRS, three of the leading open government cases concerning Russian interference with the 2016 Presidential election. (Jun. 6, 2017)
- The FOIA Project Provides 2017 FOIA Report: A new report from The FOIA Project tracks many of the Freedom of Information Act lawsuits filed by media organizations and journalists in 2017. According to TRAC, forty-five new FOIA lawsuits were filed by thirty-nine news organizations and reporters. The New York Times, with six FOIA suits, filed suit most frequently. In second place is EPIC, which has already filed four FOIA lawsuits in 2017, including a suite of lawsuits under the new EPIC Democracy and Cybersecurity Project focused on preserving democratic institutions. In EPIC v. ODNI EPIC seeks public release of the January 2017 report of the intelligence community on Russian hacking, and in EPIC v. IRS EPIC seeks release of President Trump's Tax records. In EPIC v. FBI, EPIC has already obtained the Bureau's procedures for notifying organizations that are the target of a cyber attack. EPIC has asked Congress to determine whether the FBI did enough to notify US political organizations about Russian cyber attacks during he 2016 Presidential election. (May. 31, 2017)
- EPIC to House Committee: IRS Must Release Trump Tax Records: In advance of an IRS Oversight hearing, EPIC has sent a statement to the House Appropriations Committee regarding EPIC v. IRS, the case in which EPIC is seeking release of President Trump's tax records. According to EPIC, "There has never been a more compelling FOIA request presented to the IRS." In the request to the IRS, EPIC explained that the IRS Commissioner may release tax returns to "correct misstatements of fact" and to ensure the "integrity and fairness" of the tax system. EPIC is currently pursuing several high level FOIA cases, including EPIC v. FBI and EPIC v. ODNI, to determine the scope of Russian interference with the 2016 Presidential election. (May. 22, 2017)
- FBI Opposes EPIC Preservation Order in FBI Russian Interference FOIA Case: The FBI is opposing EPIC's emergency motion to preserve records in a Freedom of Information Act case for records of the Russian Interference with the 2016 Presidential Election. Following Donald Trump's abrupt firing of FBI Director James Comey, EPIC asked a federal court to issue a preservation order for records at issue in EPIC v. FBI and to impose sanctions if the order is violated. EPIC cited irregular circumstances surrounding the firing of the FBI Director, as well as concerns expressed by members of Congress and Senators regarding the possible destruction of FBI records. In the filing today, the FBI suggested that EPIC would have to provide actual evidence of destruction of records before a court could issue a preservation order to prevent destruction of records. (May. 19, 2017)
- EPIC FOIA: EPIC Seeks Memos of Trump Conversations with FBI Director: EPIC has filed an urgent Freedom of Information Act request with the Federal Bureau of Investigation for former Director James Comey's memos concerning his communications with President Trump. On May 16th, 2017, the New York Times reported Mr. Comey documented "every phone call and meeting he had with the president." The memos tracked "what he perceived as the president's improper efforts to influence a continuing investigation," the Times said. EPIC has filed a formal FOIA request for the public release of all of Director Comey's memos, including a memo describing his meeting with President Trump concerning National Security Advisor Flynn's resignation. Leaders of the Senate Intelligence Committee and House Oversight Committee both requested the FBI to turn over the memos to Congress. EPIC also recently filed an emergency motion to preserve records in EPIC v. FBI, a FOIA lawsuit for records concerning the Russian Interference with the 2016 Presidential Election. (May. 17, 2017)
- EPIC v. FBI: Agency Cyber Hack Notification Procedures Fall Short: In Freedom of Information Act lawsuit EPIC v. FBI, EPIC has obtained the FBI notification procedures that would have applied to the Russian cyberattacks during the 2016 Presidential election. The documents obtained by EPIC establish that the FBI Cyber Division is to "notify and disseminate meaningful information to victims and the CND [Computer Network Defense] community." The Cyber Division specifically notifies the "individual, organization, or corporation that is the owner or operator of the computer at the point of compromise or intrusion." The analysis to determine whether or not to notify the victim, as well as FBI procedures for approval or deferral of notification, the timing of notification, the method of notification, and more were all redacted by the agency. EPIC intends to challenge theses withholdings. The FBI's response raises questions about whether the agency fulfilled the obligation to properly notify the victims of the Russian cyberattacks.The Intelligence Community assessed that both major US political parties were attacked. The FBI also produced notification procedures for threats to life or serious bodily injury, and certain procedures under the Foreign Intelligence Surveillance Act. Next in the case, EPIC anticipates the release, on May 26, of FBI communications with political organizations and federal agencies concerning the Russian interference. (May. 15, 2017)
- EPIC Files Emergency Motion to Preserve Records in FBI Russian Interference FOIA Case: EPIC has filed an emergency motion today in EPIC v. FBI, a Freedom of Information Act case for records concerning the Russian Interference with the 2016 Presidential Election. In papers filed with a federal district court in Washington, DC, EPIC cited Donald Trump's abrupt firing of the FBI Director, and concerns expressed by Members of the House and Senate regarding the possible destruction of FBI records related to the investigation. EPIC asked the Court to issue a preservation order and to impose sanctions if the order is violated. Today, the FBI also released records to EPIC, including the agency's procedures for notifying the victims of cyberattacks. The case is EPIC v. FBI, No. 17-121, before Judge Royce C. Lamberth. [Press Release] (May. 12, 2017)
- D.C. Circuit: California Water Well Information Exempt from Public Disclosure: The D.C. Circuit Court of Appeals has ruled that information about a government project to manage water in the California is exempt from disclosure under the Freedom of Information Act. The Court found that Exemption 9, which covers "geological and geophysical information…concerning wells," permitted the Bureau of Reclamation to withhold information about well location and depth information. "Congress enacted FOIA to 'permit access to official information long shielded unnecessarily from public view,'" the Court said. However, the D.C. Circuit rejected the arguments of environmental group AquAlliance that the legislative history indicated the exemption only applied to oil and gas wells; the Court said it should "assume that Congress meant what it said, and said what it meant." EPIC frequently fights overbroad agency withholding of public records. In EPIC v. FBI, a FOIA lawsuit seeking release of FBI privacy assessments, a court sided with EPIC and agreed that the agency did not justify withholding records under a FOIA exemption for law enforcement procedures and techniques. (May. 11, 2017)
- EPIC v. ODNI: EPIC Anticipates Release of Report on Russian Hacking: In a Freedom of Information Act lawsuit EPIC v. ODNI, EPIC anticipates the May 3 release of the Complete Assessment of the Russian interference in the 2016 presidential election. In January 2017, the Director of National Intelligence released a limited, declassified version report about the "multi-pronged attack" on democratic institutions. EPIC filed a FOIA suit for public release of the Complete Assessment of Russian interference. As EPIC explained in an op-ed in The Hill and statements to Congress, the "public has a right to know the details when a foreign government attempts to influence the outcome of a U.S. presidential election." In accordance with the briefing schedule in the case, the ODNI must release all non-exempt portions of the Complete Assessment on May 3, 2017 to EPIC. EPIC is also pursuing two related FOIA cases as part of the Democracy and Cybersecurity Project. In EPIC v. FBI, EPIC is seeking records concerning the FBI's investigation of Russian interference. In EPIC v. IRS, EPIC is seeking release of President Trump’s Tax records. (May. 2, 2017)
A StingRay is a device that can triangulate the source of a cellular signal by acting "like a fake cell phone tower" and measuring the signal strength of an identified device from several locations. With StingRays and other similar "cell site simulator" technologies, Government investigators and private individuals can locate, interfere with, and even intercept communications from cell phones and other wireless devices. The Federal Bureau of Investigation ("FBI") has used such cell site simulator technology to track and locate phones and users since at least 1995. Recently, federal investigators used a similar device to track down a suspect in an electronic tax fraud ring. This case, United States v. Rigmaiden, No 08-814, 2012 WL 1038817 (D. Ariz. Mar. 28, 2012), has brought the use of this cell phone surveillance technology under public scrutiny, as the Government attempts to shield the methods from discovery. See Order, id. As the Government's own documents make clear, the use of cell site simulator technology implicates not only the privacy of the targets in federal investigations, it also affects other innocent users in the vicinity of the technology.
On July 23, 2008 Daniel David Rigmaiden was indicted on various counts of conspiracy, wire fraud, and identity theft by U.S. Attorneys in Phoenix, Arizona. United States v. Rigmaiden, No. 08-814-PHX-DGC, 2010 WL 3463723 (D. Ariz. Aug. 27, 2010). Since his indictment, Defendant Rigmaiden has submitted various discovery motions seeking information about the investigatory techniques used to locate him. See Rigmaiden, 2010 WL 1039917. The Government opposed Defendant Rigmaiden's request for disclosure of techical specifications and other details about the technology. The Government relied on the testimony of an FBI Supervisor, who described the device as a pen register/trap and trace device. Aff. Supervisory Special Agent Bradley S. Morrison at 1, United States v. Rigmaiden, No. 08-cr-00814 (D. Ariz. Oct. 27, 2011). However, Agenty Morrison also made clear that all data is deleted after an operation because the devices may tend to pick up information “from all wireless devices in the immediate area of the FBI device that subscribe to a particular provider … including those of innocent, non-target devices.” Id. at 3.
In an attempt to avoid disclosure of documents related to this technology, the Government was willing to concede that the "actions it took during the air card locating mission were sufficiently intrusive to constitute a search under the Fourth Amendment if Defendant has a reasonable expectation of privacy." Rigmaiden, 2010 WL 1039917. However, the Government is not willing to concede that Defendant did have a reasonable expectation of privacy in the location of his laptop aircard (in his apartment). Id. As a result of the Government's unwillingness to disclose documents related to this invasive cell site simulator technology that impacts the privacy of innocent communications, EPIC filed a Freedom of Information Act ("FOIA") request in February 2012.
EPIC's Freedom of Information Act Request and Subsequent Lawsuit
In February 2012, EPIC submitted a FOIA request to FBI for:
- All documents concerning technical specifications of the StingRay device or other cell site simulator technologies;
- All documents concerning procedural requirements or guidelines for the use of StingRay device or other cell site simulator technologies (e.g. configuration, data retention, data deletion);
- All contracts and statements of work that relate to StingRay device or other cell site simulator technologies;
- All memoranda regarding the legal basis for the use of StingRay device or other cell site simulator technologies; and
- All Privacy Impact Assessments or Reports concerning the use or capabilities of StingRay device or other cell site simulator technologies.
The FBI sent a letter confirming the receipt of EPIC's FOIA request on February 21, 2012. THe FBI Records Management Division assigned a FOIPA Request No: 1182490-000.
EPIC v. FBI
- Complaint, EPIC v. FBI, No. 12-667 (D.D.C. Apr. 27, 2012).
- Answer, EPIC v. FBI, No. 12-667 (D.D.C. Jun. 13, 2012).
- Joint Status Report, EPIC v. FBI, No. 12-667 (D.D.C. Jun. 27, 2012).
- FBI Motion for an Open America Stay, EPIC v. FBI, No. 12-667 (D.D.C. Jul. 30, 2012).
- FBI Notice Regarding Number of Classified Pages, EPIC v. FBI, No. 12-667 (D.D.C. May 30, 2013).
- EPIC Memorandum in Opposition to FBI's Motion for an Open America Stay, EPIC v. FBI, No. 12-667 (D.D.C. Aug. 20, 2012).
- FBI Reply to EPIC's Memorandum in Opposition, EPIC v. FBI, No. 12-667 (D.D.C. Aug. 31, 2012).
- October 2013 Sample Vaughn Index and Document Production
- Fourth Declaration of David Hardy
- Exhibits A-M - Document Trail
- Exhibit N - Documents
- Exhibit O - Rigmaiden v. FBI Filing
- Court Denial of FBI's Motion for Open America Stay
- EPIC's Motion for Attorney's Fees and Costs
- FBI's Memorandum in Opposition to EPIC's Motion for Attorney's Fees and Costs
- Exhibit 1
- Exhibit 2
- Exhibit 3
- Exhibit 4
- Exhibit 5
- Exhibit 6
- Exhibit 7
- Exhibit 8
- Exhibit 9
- Exhibit 10
- Exhibit 11
- Exhibit 12
- Exhibit 13
- Exhibit 14
- Exhibit 15
- Exhibit 16
- Exhibit 17
- Exhibit 18
- Exhibit 19
- Exhibit 20
- Magistrate Judge's Report & Recommendation on EPIC's Motion for Attorney's Fees and Costs
- EPIC's Objections to the Magistrate's Proposed Findings and Recommendations
- FBI's Objections to the Magistrate's Proposed Findings and Recommendations
- EPIC Memorandum in Opposition to FBI's Objections to the Magistrate Judge's Proposed Findings and Recommendations
- FBI's Memorandum in Opposition to EPIC's Objections to the Magistrate Judge's Proposed Findings and Recommendations
- Memorandum Opinion Granting in Part EPIC's Motion for Attorney's Fees and Costs
- EPIC's FOIA Request (Feb. 10, 2012)
- FBI Acknowledgement (Feb. 16, 2012)
- EPIC's Administrative Appeal (Mar. 19, 2012)
- FBI FOIA Releases, EPIC v. FBI, No. 12-0667 (D.D.C.)
- First Release - October 3, 2012.
- Second Release - November 15, 2012.
- Third Release - December 7, 2012.
- Fourth Release - December 31, 2012.
- Fifth Release - February 7, 2013.
- Sixth Release - February 22, 2013.
- Seventh Release - February 28, 2013.
- Eighth Release - March 29, 2013.
- Ninth Release - April 30, 2013.
- Tenth Release - May 31, 2013.
- Eleventh Release - June 28, 2013.
- Part 1
- Part 2
- Part 3
- Part 4
- Part 5
- Part 6
- Part 7
- Part 8
- Part 9
- Part 10
- Part 11
- Part 12
- Part 13
- Part 14
- Part 15
- Part 16
- Part 17
- Part 18
- Part 19
- Part 20
- Part 21
- Twelfth Release - July 12, 2013.
- Part 1
- Part 2
- Part 3
- Part 4
- Part 5
- Part 6
- Part 7
- Part 8
- Part 9
- Part 10
- Part 11
- Part 12
- Part 13
- Part 14
- Part 15
- Part 16
- Part 17
- Part 18
- Part 19
- Part 20
- Part 21
- Part 22
- Part 23
- Part 24
- Part 25
- Part 26
- Part 27
- Part 28
- Part 29
- Part 30
- Part 31
- Part 32
- Thirteenth Release - July 30, 2013.
- In re U.S., ___ F. Supp. 2d ___, 2012 WL 2120492 (S.D. Tex. 2012)
- United States v. Rigmaiden, 844 F. Supp. 2d 982 (D. Ariz. 2012)
- In re U.S., 727 F. Supp. 2d 571 (W.D. Tex. 2010)
- In re U.S., 622 F. Supp. 2d 411 (S.D. Tex. 2007)
- In re Pen Register, 396 F. Supp. 2d 747 (S.D. Tex. 2005)
- United States v. Garey, No. 03-cr-83, 2004 WL 2663023 (M.D. Ga. Nov. 15, 2004)
- In re U.S., 885 F. Supp. 197 (C.D. Cal. 1995)
- Government Opposition to Discovery Motion, United States v. Rigmaiden, No. 08-0814, 2012 WL 27600 (D. Ariz. Jan 5, 2012).
- Secrecy, Surveillance and the Baltimore Police, Baltimore Sun (Apr. 9, 2015)
- Cyrus Farivar, FBI Really Doesn't Want Anyone to Know About Stingray Use by Local Cops, ArsTechnica (Feb. 10, 2015)
- Ashkan Soltani & Craig Timberg, Tech Firm Tries to Pull Back Curtain on Surveillance Efforts in Washington, Wash. Post (Sept. 17, 2014)
- Craig Timberg, Feds to Study Illegal Use of Spy Gear, Wash. Post (Aug. 11, 2014)
- FBI Files Reveal New Info on Clandestine Phone Surveillance Unit, Slate (Oct. 8, 2013)
- Meet the Machines That Steal Your Phone's Data, ArsTechnica (Sept. 25, 2013).
- Ryan Gallagher, Stingray FOIA: DOJ Accused of Illegally Withholding Info on Clandestine Cellphone Surveillance Tool, Slate (July 24, 2013).
- Jennifer Valentino-DeVries, 'Stingray' Phone Tracker Fuels Constitutional Clash, Wall St. Journal - What They Know (Sept. 21, 2011, 10:30 PM EST)
- Kim Zetter, Feds’ Use of Fake Cell Tower: Did it Constitute a Search?, Wired - Threat Level (Nov. 3, 2011, 5:46 PM)
- Ryan Gallagher, FBI Accused of Dragging Feet on Release of Info About "Stingray" Surveillance Technology, Slate (Oct. 19, 2012, 4:00 PM)
- Ryan Gallagher, FBI Documents Shine Light on Clandestine Cellphone Tracking Tool, Slate (Jan. 10, 2013, 2:14 PM)
Other Related Documents
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
by Ryan Calo, A. Michael Froomkin,