By Jason Liu
Despite the Department of Justice (DOJ) dropping its case against Apple, (as covered in this earlier post), the same legal arguments were salient before the House Energy and Commerce Committee (Committee). On April 19th, the Committee heard testimony from the FBI, law enforcement heads, Apple and other technology experts about the use of encryption in technology and law enforcement action.
During the hearing, Rep. Tim Murphy (R-Penn.) asked the central question, “Should the government have the ability to lawfully access encrypted technology and communications?” Law enforcement officials insisted on “backdoor” access, while Apple countered that encryption protects people from cybercrime. Overall, the hearing continued to repeat prior arguments from the FBI that access was necessary to prevent criminal activity and Apple that encryption protects free speech and privacy made during the San Bernardino shooter case.
By Denise Kim
After the Federal Bureau of Investigation (FBI) announced on March 28 that it had successfully accessed the iPhone used by one of the gunmen in the San Bernardino terrorist shooting without Apple’s help, the Department of Justice (DOJ) is now officially dropping its case against Apple. Earlier, the DOJ’s motion for continuance halted the ongoing feud between Apple v. FBI. The DOJ filed the motion on March 21, 2016, one day before the court decided whether Apple would be forced to hack into its own system. In its memorandum of points and authorities, the DOJ claimed that on March 20, 2016, an “outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone.” After successfully unlocking the iPhone, the government asked the federal judge to vacate the disputed order. Continue reading
By Matthew McCoy
Both the State of Washington and the United States Department of Justice (DOJ) have recently issued new policies regarding law enforcement’s use of cell site simulators. Colloquially known as StingRays, cell site simulators spoof cell towers and trick mobile devices in close proximity to the simulator into connecting with it and unveiling their unique location information. While it is possible to initiate more sophisticated attacks, such as deception and logging of message contents, the DOJ asserts in its new policy that its Stingrays are not configured with such capabilities in accordance with the pen register and trap and trace definitions in 18 U.S.C. §3127(3).
Previous use of StingRays, unveiled by research by privacy advocates, show that both federal, state, and local law enforcement entities have been previously approved under traditional pen register/trap and trace orders. While the DOJ argues that obtaining authorization pursuant to the Pen Register Statute is appropriate for these devices, critics say pen registers, which record the numbers dialed to and from a phone, are different than cell site simulator technology, which record a phone’s location and manipulate how a phone connects with its cellular network. Continue reading
Law enforcement use of IMSI catchers and their insidious efforts to hide it.
By Miriam Swedlow
Thanks to NPR’s radio program, Serial, thousands of Americans now know that a person’s movements can be verified by following the interaction between a cell phone and nearby cell phone towers. An International Mobile Subscriber Identity (IMSI) catcher, commonly referred to as a “StingRay,” takes this concept a step further. The device tricks cell phones to connect to it by masquerading as a cell phone tower. Once connected, the StingRay provides “real time” tracking of a phone’s location and is capable of obtaining data from the phone (including emails, photos, and contact files). Although Federal and local law enforcement increasingly use these devices as part of surveillance activities, they have been reluctant to disclose to judges and the public exactly how and when they use them. This is likely because IMSIs cast a broad net, gathering invasive data on scores of innocent people in the process of tracking a single suspect.
Law enforcement agencies have utilized a “smoke and mirrors” approach to keep their use of StingRay equipment a secret. After the 2001 Patriot Act, the Department of Justice declared that law enforcement would need a Pen/Trap order before using direct surveillance technology on communication systems, such as IMSI catchers. Almost fifteen years later, there have been only two published magistrate opinions on the use of IMSI catchers. The lack of judicial opinions is directly related to law enforcement’s pervasive practice of obfuscating the use of IMSI catchers in pen register applications without explicitly disclosing the nature of the technology. For example, officers in Sarasota, Florida referred to the StingRay as a “source” in official documents to obtain warrants. In Tacoma, Washington, judges learned that they had signed off on the use of IMSI catchers through local newspaper reporting. The result is that judges have unwittingly granted hundreds of orders to use IMSI catchers. Continue reading