EPIC v. FBI - Stingray / Cell Site Simulator

Top News

  • EPIC Urges House Oversight Committee to Explore FBI's Use of Biometric Data: EPIC has sent a letter to the House Committee on Oversight concerning "Law Enforcement's Use of Facial Recognition Technology." EPIC urged the Committee to investigate the FBI's Next Generation Identification program. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." The FBI biometric database is one of the largest in the world, but the FBI has opposed privacy safeguards that EPIC supported. The Bureau proposed to exempt the database from Privacy Act protections. EPIC has filed a FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense. (Mar. 21, 2017)
  • Comey Confirms Russian Investigation, FBI Seeks Delay in EPIC FOIA Case: Following Director James Comey's confirmation of the FBI investigation into ties between Russia and Trump's presidential campaign, the FBI asked to delay EPIC's FOIA lawsuit against the agency. In EPIC v. FBI, EPIC seeks public release of records pertaining to the Russian interference with the 2016 Presidential election. Yesterday, in an open hearing before the House Select Intelligence Committee, Comey acknowledged for first time that the FBI is investigating possible coordination between the Trump campaign and Russia's interference in the election. Following the testimony, the FBI immediately asked the court for more time file a schedule for processing the FOIA request in EPIC's case against the FBI. EPIC is simultaneously pursuing a FOIA appeal with the DOJ, pressing the agency to reveal the existence of any applications to wiretap Trump Tower. EPIC has also filed suit against the ODNI for public release of the Complete ODNI Assessment of the Russian interference in the 2016 election, and a new EPIC project, the EPIC Cybersecurity and Democracy Project, will focus on US cyber policies. (Mar. 21, 2017)
  • EPIC FOIA: EPIC Seeks Information about Airport Eye Scans of U.S. Travelers: EPIC has filed an urgent FOIA request with U.S. Customs and Border Protection for details of eye scans conducted on U.S. citizens traveling internationally. The CBP has long been testing biometric identification of travelers, including U.S. citizens, and a recent report indicates U.S. citizens were subject to eye scans before traveling abroad. EPIC seeks public disclosure of the details of CBP policies for scanning U.S. citizen irises and retinas upon entry or exit to the U.S. EPIC makes frequent use of the Freedom of Information Act. As the result of a FOIA lawsuit, EPIC recently obtained several memorandum of understanding regarding the transfer of biometric identifiers between the FBI and DOD. Last month, EPIC also prevailed in EPIC v. FBI, a FOIA lawsuit public release of the FBI's privacy assessments. (Mar. 2, 2017)
  • EPIC, Coalition Back Improved Government Transparency: In comments to Office of Government Information Services, EPIC and a coalition of open government groups urged greater transparency for dispute resolutions. The coalition wrote that a proposed rule "would impose restrictive confidentiality requirements." The coalition proposed revisions that "do not place restrictive confidentiality requirements on requesters" who use dispute resolution services. EPIC routinely advocates on behalf of open government and transparency. Earlier this month, EPIC and a coalition called on the Office of Management and Budget to preserve public access to online government information. EPIC also recently prevailed in EPIC v. FBI, a Freedom of Information Act lawsuit for public release of the FBI's privacy assessments. (Feb. 24, 2017)
  • EPIC Prevails in FOIA Lawsuit for FBI Privacy Assessments: EPIC has prevailed in EPIC v. FBI, a case involving a Freedom of Information Act request for privacy assessments the FBI is required to prepare. EPIC sued the Federal Bureau of Investigation after the agency failed to respond to EPIC's FOIA request for the assessments. EPIC subsequently challenged the adequacy of the agency's search for responsive documents and the FBI's claim that record could be withheld pursuant to "Exemption 7(E)," which concerns law enforcement "techniques and procedures." Today, the federal judge concluded that "the FBI neither adequately described its search nor properly justified its withholdings of information under FOIA exemption 7(E)." The Court ordered the FBI to supplement the record to address the inadequacy of the agency's search and the basis for the Exemption 7(E) claims. (Feb. 21, 2017)
  • EPIC to Testify Before Maryland House of Delegates on Cell Site Simulators: EPIC Senior Counsel Alan Butler will testify today before the Maryland House of Delegates concerning "Cell Site Simulator Technology, Historical Location Information, and Aerial Surveillance by Police." The hearing follows a recent complaint to the FCC regarding the use of "Stingrays," fake cell phone towers, by the Baltimore Police Department to intercept private communication. In a 2013 Freedom of Information Act suit against the FBI, EPIC uncovered plans involving federal and state law enforcement agencies to keep the use of Stingrays secret. EPIC has since argued in amicus briefs that cell phone location data is protected by the Fourth Amendment. Baltimore Police used Stingrays to track more than 1,700 individuals between 2007 and 2014. (Oct. 25, 2016)
  • House Members Seek Answers on FBI Stingray Agreements: Two leading members of the House Judiciary Committee sent a letter to FBI Director James Comey regarding Stingray surveillance devices, which intercept cellphone communications. Representative Jim Sensenbrenner (R-Wisc) and Representative Sheila Jackson Lee (D-Tx) sharply criticized the FBI's use of "non disclosure agreements" that prohibit local law enforcement agencies from discussing the use of Stingrays, even in court proceedings. The representatives noted that such secrecy "shields the technology from debate." They asked the FBI to answer specific questions about the agreements. In 2013, EPIC first uncovered these secret Stingray agreements in a Freedom of Information Act suit against the FBI. (Feb. 25, 2016)
  • Rep. Chaffetz Bill Would End Warrantless Stingray Surveillance: Rep. Jason Chaffetz has introduced a bill in the U.S. Congress that would prohibit government agencies from using cell-site simulators (or stingrays) without a warrant in most circumstances. The Cell-Site Simulator Act of 2015 would also explicitly exclude stingrays from the pen register statute currently used by law enforcement to conduct stingray operations with less than probable cause. The government would still be able to conduct warrantless stingray operations under the Foreign Intelligence Surveillance Act or in emergencies. An EPIC FOIA lawsuit in 2012 revealed that the FBI was using stingrays without a warrant. EPIC has also filed amicus briefs arguing that cell phone location data is protected by the Fourth Amendment. (Nov. 4, 2015)
  • House Committee to Examine Cell Phone Surveillance: The House Subcommittee on Information Technology will examine law enforcement use of "Stingrays," a technique for tracking cell phones users. The Department of Justice adopted guidelines that require a warrant before using Stingray devices to track the location of mobile devices. Senators Grassley and Leahy recently asked DHS Secretary Jeh Johnson to adopt a similar policy for DHS. California passed a law requiring a warrant for a Stingray. Documents obtained by EPIC in a FOIA lawsuit revealed the FBI was using the cell-site simulators without a warrant. EPIC also filed amicus briefs in U.S. v. Jones and State v. Earls, arguing that a warrant is required to obtain location information from cell phone subscribers. (Oct. 21, 2015)
  • California Rejects Warrantless Surveillance, Enacts "CalECPA": California Governor Jerry Brown has signed the California Electronic Communications Privacy Act (CalECPA). CalECPA requires law enforcement to obtain a warrant before accessing digital data including metadata, location data, emails, and text messages. The warrant requirement applies to searches of electronic devices themselves and to content stored by an online service provider. In response to requests from the US Congress, EPIC has made several recommendations regarding updates to the federal ECPA. EPIC has also obtained documents from the FBI concerning Stingray surveillance technology, which is now prohibited under the California bill. (Oct. 9, 2015)

Background

A StingRay is a device that can triangulate the source of a cellular signal by acting "like a fake cell phone tower" and measuring the signal strength of an identified device from several locations. With StingRays and other similar "cell site simulator" technologies, Government investigators and private individuals can locate, interfere with, and even intercept communications from cell phones and other wireless devices. The Federal Bureau of Investigation ("FBI") has used such cell site simulator technology to track and locate phones and users since at least 1995. Recently, federal investigators used a similar device to track down a suspect in an electronic tax fraud ring. This case, United States v. Rigmaiden, No 08-814, 2012 WL 1038817 (D. Ariz. Mar. 28, 2012), has brought the use of this cell phone surveillance technology under public scrutiny, as the Government attempts to shield the methods from discovery. See Order, id. As the Government's own documents make clear, the use of cell site simulator technology implicates not only the privacy of the targets in federal investigations, it also affects other innocent users in the vicinity of the technology.

On July 23, 2008 Daniel David Rigmaiden was indicted on various counts of conspiracy, wire fraud, and identity theft by U.S. Attorneys in Phoenix, Arizona. United States v. Rigmaiden, No. 08-814-PHX-DGC, 2010 WL 3463723 (D. Ariz. Aug. 27, 2010). Since his indictment, Defendant Rigmaiden has submitted various discovery motions seeking information about the investigatory techniques used to locate him. See Rigmaiden, 2010 WL 1039917. The Government opposed Defendant Rigmaiden's request for disclosure of techical specifications and other details about the technology. The Government relied on the testimony of an FBI Supervisor, who described the device as a pen register/trap and trace device. Aff. Supervisory Special Agent Bradley S. Morrison at 1, United States v. Rigmaiden, No. 08-cr-00814 (D. Ariz. Oct. 27, 2011). However, Agenty Morrison also made clear that all data is deleted after an operation because the devices may tend to pick up information “from all wireless devices in the immediate area of the FBI device that subscribe to a particular provider … including those of innocent, non-target devices.” Id. at 3.

In an attempt to avoid disclosure of documents related to this technology, the Government was willing to concede that the "actions it took during the air card locating mission were sufficiently intrusive to constitute a search under the Fourth Amendment if Defendant has a reasonable expectation of privacy." Rigmaiden, 2010 WL 1039917. However, the Government is not willing to concede that Defendant did have a reasonable expectation of privacy in the location of his laptop aircard (in his apartment). Id. As a result of the Government's unwillingness to disclose documents related to this invasive cell site simulator technology that impacts the privacy of innocent communications, EPIC filed a Freedom of Information Act ("FOIA") request in February 2012.

EPIC's Freedom of Information Act Request and Subsequent Lawsuit

In February 2012, EPIC submitted a FOIA request to FBI for:

  • All documents concerning technical specifications of the StingRay device or other cell site simulator technologies;
  • All documents concerning procedural requirements or guidelines for the use of StingRay device or other cell site simulator technologies (e.g. configuration, data retention, data deletion);
  • All contracts and statements of work that relate to StingRay device or other cell site simulator technologies;
  • All memoranda regarding the legal basis for the use of StingRay device or other cell site simulator technologies; and
  • All Privacy Impact Assessments or Reports concerning the use or capabilities of StingRay device or other cell site simulator technologies.

The FBI sent a letter confirming the receipt of EPIC's FOIA request on February 21, 2012. THe FBI Records Management Division assigned a FOIPA Request No: 1182490-000.

Legal Documents

EPIC v. FBI

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.

#Privacy

EPIC Bookstore

Robot Law

Robot Law
by Ryan Calo, A. Michael Froomkin,
Ian Kerr