While the press is abuzz with stories of Chinese technology theft and Russian hacking, there is a hole that has gotten too little attention. “When Trump phones friends, the Chinese and the Russians listen and learn,” the New York Times reported, exposing a huge lapse of national security. In fact, those nations are listening in on cell phone calls across the country through cell site simulators, often known as stingrays, dirtboxes, and international mobile subscriber identity catchers that mimic towers to trick cell phones into transmitting information. They are commonly used to identify the location of a cell phone in order to track the owner. They can also be used to eavesdrop on conversations and intercept texts.
The Homeland Security Department last year found “anomalous activity” consistent with use of cell site simulators near the White House and other sensitive buildings. Driving tests suggest that cell site simulators are positioned near the buildings of federal agencies and high technology defense contractors. Foreign intelligence services are presumed to be responsible. Yet the Homeland Security Department said it does not have the technical expertise or resources to find these cell site simulators.
Cell site simulators also raise Fourth Amendment concerns because law enforcement agencies use them domestically. Historically, these agencies have concealed their use of cell site simulators, claiming they did not require a warrant. In 2015, the Justice Department and Homeland Security Department changed their policies to require that a search warrant be obtained first, making it consistent with recent Supreme Court rulings establishing Fourth Amendment rights for certain cell phone data. Many state and local law enforcement agencies unfortunately continue to rely on a relevance standard that is considerably lower than the probable cause needed for a search warrant and falls short of the Supreme Court precedent, according to a House committee report.
Cell site simulators are also a threat in the hands of criminals who use them to commit fraud and other crimes. International mobile subscriber identity catchers are available for sale online or they can be constructed at home by any criminal with a few thousand dollars to purchase off the shelf components and the patience to assemble these devices. The open source software and “do it yourself” instructions necessary to do so are available on the internet. No programming skills are needed for this.
4G LTE was supposed to protect us from such snooping by fixing the security problems with 2G and 3G. But researchers demonstrated that 4G is also vulnerable to cell site simulator attacks using the same techniques that made 3G devices vulnerable by jamming preferred frequencies to force the target cell phone to use a lower frequencies. Law enforcement agencies, foreign spies, and criminals all exploit such weakness in our wireless service. There are several common sense measures that should be taken, including vigorous enforcement of laws on the books, the enactment of new laws, and better detection of cell site simulators.
The Communications Act prohibits interference with all licensed radio communications, while the Electronic Communications Privacy Act prohibits interception of electronic communications. Though the Federal Communications Commission fines those who intentionally interfere with radio communications in other contexts, as well as offshore companies that sell jamming equipment into the United States, there has been no publicly announced Federal Communications Commission enforcement action against users or sellers of illicit cell site equipment, making this criminal activity relatively risk free despite violations of one or both laws.
Cell site simulators that have not undergone Federal Communications Commission equipment certification also violate the law without any consequences. According to one government contractor, the technology is available to systematically search for cell site simulators and other cell network intrusions. The Federal Communications Commission, Homeland Security Department, and other appropriate government agencies should be given both the mandate and resources to find and seize rogue cell site simulators, and the perpetrators should be prosecuted for this activity.
Another common sense measure would be to strengthen laws to protect our civil liberties. The Electronic Communications Privacy Act should be amended to prohibit the use of cell site simulators, except by our law enforcement agencies after receiving a probable cause based search warrant. Agencies should be required to fully disclose simulator use to courts and criminal defendants. These amendments to the law should not be controversial as they would largely mirror the new federal policies.
The bottom line is that cell site simulators pose a major growing threat to national security, personal privacy, and crime prevention. It must be taken at least as seriously as Chinese technology theft and Russian hacking.
Julian Gehman is a telecommunications fellow at the Committee for Justice and a Washington lawyer who has been practicing for more than 25 years.