A stingray is no longer just a flat-bodied fish feared for the
poisonous barb in its tail; it is also the name of a technology used by the
FBI and other law enforcement agencies to track the location of cell phone
users. A cousin to the Triggerfish tracking technology seen on the HBO
television program “The Wire,” the Stingray puts out mobile phone signals to
nearby cell phones and tricks those phones into thinking it is a cell tower. Based
on a summary
of the technology from the Wall Street Journal, this technology is useful
to law enforcement in two separate ways: a user could have a specific location
in mind and use the Stingray to capture data on all the devices being used in
that setting, or have a specific device in mind and use the system’s antenna
power readings to triangulate that device’s location. According
to private vendors of these products, they are also able to obtain not only
limited “metadata,” but also content sent to and from the phones, like text
messages and call audio.
The Fourth Amendment constitutionality of the Stingray has
come into focus in US v. Rigmaiden, a case in Arizona federal District Court
featuring a defendant accused of being the ringleader of a $4 million tax fraud
operation who was caught,
in part, due to law enforcement use of a Stingray. The government had
Verizon modify the defendant’s phone (by changing the settings on his “air
card”), and then used the Stingray, acting as a fake cell tower, to track the
location of the phone. The government has relied on a court order directed to
Verizon as fulfilling the requirements of the Fourth Amendment and ECPA in this
case. Because the government has conceded that this was an intrusion requiring
a warrant, the case now revolves around whether this court order was sufficient
to enable use of the Stingray.
The Stingray technology raises some interesting Fourth
Amendment questions. If the “content-catching” capability of the device is
disabled, is it like a “trap and trace” device used only to capture pen
register-type non-content information? While the government conceded the issue
in Rigmaiden, it may argue this point
in future uses of the Stingray. Based on Jones,
I think the government will be hard-pressed to claim that a device that can
track a suspect to within two meters and sends signals through protected areas
is not an intrusion for Fourth Amendment purposes.
Another issue with
the Stingray is that it captures data pertaining not just to the target, but
also to any mobile phone within range that connects to the fake cell tower. The
government claims that it deletes third party data not pertinent to the case,
but the fact of that data’s collection and possible interference with innocent
users’ cell phone service is problematic.