'Stringrays' are everywhere, but what agencies are using them to track phones?

'Stringrays' are everywhere, but what agencies are using them to track phones? Flickr image via Marco Enzo Squillacioti

Who Is Spying On US Cellphones? Lawmakers Demand an Answer

A bipartisan group of representatives asked 24 agencies if and how they use a secretive cell-phone tracking technology called ‘Stingrays.'

First, it came out that the Justice De­part­ment was us­ing Stin­grays, a se­cret­ive cell-phone-track­ing device that al­lowed it to scoop up identi­fy­ing in­form­a­tion from thou­sands of mo­bile devices at once in or­der to pin­point the loc­a­tion of a tar­get.

But it wasn’t the only one. The rev­el­a­tions kept com­ing: Last month, doc­u­ments showed that even the In­tern­al Rev­en­ue Ser­vice is us­ing the sur­veil­lance devices—of­ten called “Stin­grays” after a pop­u­lar mod­el—mak­ing it the 13th fed­er­al agency known to op­er­ate them, ac­cord­ing to data from the Amer­ic­an Civil Liber­ties Uni­on.

Now, a bi­par­tis­an group of House law­makers wants to know just how many fed­er­al agen­cies are us­ing Stin­grays.

In a let­ter sent Monday, House Over­sight Com­mit­tee Chair­man Jason Chaf­fetz, rank­ing mem­ber Eli­jah Cum­mings, and the top two mem­bers of the pan­el’s IT sub­com­mit­tee—Reps. Will Hurd and Robin Kelly—asked 24 key agen­cies to share their policies for us­ing the sur­veil­lance tech­no­logy.

Known as cell-site sim­u­lat­ors, Stin­gray devices pose as cell towers to force nearby cel­lu­lar devices to es­tab­lish a con­nec­tion with them. Once a Stin­gray is con­nec­ted to nearby mo­bile devices, it can scan them, usu­ally to find a tar­get or tar­gets. The Stin­gray can use the dir­ec­tion and strength of a con­nec­tion to a tar­get device to fig­ure out where the device is loc­ated.

Since the gov­ern­ment use of Stin­grays was first re­vealed last year, some agen­cies have moved to make pub­lic their policies for us­ing them. Both the Justice De­part­ment and the Home­land Se­cur­ity De­part­ment have pub­lished in­tern­al guid­ance their agents must fol­low when us­ing Stin­grays, which in­clude lim­its on the re­ten­tion of the in­cid­ent­al data they gath­er dur­ing their wide sweeps and which es­tab­lish that agents must ob­tain a war­rant be­fore us­ing them.

But the policies only ap­ply to those agen­cies and not to state and loc­al law en­force­ment agen­cies, which are also known to own and op­er­ate Stin­grays and sim­il­ar devices.

Chaf­fetz has taken aim at Stin­gray tech­no­logy be­fore, with a bill he in­tro­duced earli­er this month. The Stin­gray Pri­vacy Act, co-sponsored by Demo­crats John Con­yers and Peter Welch, would ex­tend the DOJ’s and DHS’s war­rant re­quire­ments to all Stin­gray users, in­clud­ing state and loc­al agen­cies.

The let­ter he and his fel­low com­mit­tee mem­bers sent Monday asks for de­tails about data-re­ten­tion policies, Stin­gray use at the state and loc­al level, nondis­clos­ure agree­ments as­so­ci­ated with Stin­gray use, and de­tails about any al­leged mis­use of the tech­no­logy.

The sign­ers also asked for an in­vent­ory of Stin­gray devices in use by each of the 24 agen­cies and the cost of each device. They cast a wide net, tar­get­ing agen­cies likely to op­er­ate the devices—the De­fense De­part­ment, for ex­ample—as well as agen­cies like the Ag­ri­cul­ture De­part­ment, the In­teri­or De­part­ment, the Vet­er­ans Af­fairs De­part­ment, and the Gen­er­al Ser­vices Ad­min­is­tra­tion.

The let­ter asks for a re­sponse with­in two weeks.