New Bill Would Ban Warrantless Cellphone Tracking

A bill in­tro­duced Monday would make it il­leg­al for law en­force­ment agen­cies to use a con­tro­ver­sial cell-phone sur­veil­lance tech­no­logy without a war­rant.

In­tro­duced by Rep. Jason Chaf­fetz, a Utah Re­pub­lic­an, the bill takes dir­ect aim at “cell-site sim­u­lat­ors,” which are of­ten known by the name of a com­mon mod­el, the Stin­gray.

Cell-site-sim­u­lat­or tech­no­logy op­er­ates by im­it­at­ing a cell tower and for­cing nearby devices to es­tab­lish a con­nec­tion with it. It can then scan all the con­nec­ted devices to find a tar­get, and use the sig­nal from the tar­get device to find its loc­a­tion.

Since law en­force­ment use of Stin­grays and oth­er cell-site sim­u­lat­ors first came in­to the spot­light late last year, law­makers and civil rights act­iv­ists have pushed for more trans­par­ency and re­straint in their use. Crit­ics have panned the sur­veil­lance tech­no­logy for its drag­net ap­proach to sur­veil­lance: To find a tar­get, it must first scoop up identi­fy­ing in­form­a­tion from all devices with­in range, of­ten tem­por­ar­ily cut­ting off cell ser­vice to bystand­ers.

Chaf­fetz’s Stin­gray Pri­vacy Act, which was co­sponsored by Demo­crat­ic Reps. John Con­yers and Peter Welch, would ex­tend Stin­gray policies re­cently re­leased by the Justice De­part­ment and the De­part­ment of Home­land Se­cur­ity.

Those policies re­quire most fed­er­al law en­force­ment agents un­der those de­part­ments to ob­tain war­rants be­fore us­ing cell-site sim­u­lat­ors. Un­der cer­tain “ex­cep­tion­al cir­cum­stances,” however, the Justice De­part­ment policy would al­low the devices to be used for war­rant­less sur­veil­lance, and the DHS policy carved out an al­low­ance for Secret Ser­vice to use them without war­rants.

These ex­cep­tions are in­cluded in the bill in­tro­duced Monday; it al­lows for war­rant­less Stin­gray use when re­quired by na­tion­al se­cur­ity or situ­ations gov­erned by the For­eign In­tel­li­gence Sur­veil­lance Act, which al­lows wiretap­ping of cer­tain for­eign­ers without war­rants.

Where the Chaf­fetz bill builds on the ex­ist­ing policies is in breadth. The policies from the DOJ and DHS leave out all state and loc­al law en­force­ment—which is where the vast ma­jor­ity of poli­cing takes place—and do not ap­ply to fed­er­al law en­force­ment that op­er­ates out­side those de­part­ments. The new bill would ex­tend war­rant re­stric­tions to all agen­cies.

“The fact that law en­force­ment agen­cies, and non-law en­force­ment agen­cies such as the IRS, have in­ves­ted in these devices raises ser­i­ous ques­tions about who is us­ing this tech­no­logy and why,” Chaf­fetz said in a Monday state­ment. “These ques­tions demon­strate the need for strict guidelines that carry the weight of the law.”

The in­tro­duc­tion of the new Stin­gray bill comes a week after doc­u­ments ob­tained by The Guard­i­an re­vealed that the In­tern­al Rev­en­ue Ser­vice pur­chased cell-site sim­u­lat­ors in 2009 and 2012 from the com­pany that pro­duces Stin­grays. The IRS is the 13th fed­er­al agency known to op­er­ate the devices, join­ing 57 state and loc­al agen­cies that own and op­er­ate their own, ac­cord­ing to re­search from the Amer­ic­an Civil Liber­ties Uni­on.

The day after the tax agency’s Stin­grays were ex­posed, IRS Com­mis­sion­er John Koskin­en told the Sen­ate Fin­ance Com­mit­tee that his agents ob­tain court or­ders be­fore us­ing the sur­veil­lance tech­no­logy, and use them only in crim­in­al in­vest­ig­a­tions. He said the devices the IRS used could pick up only tex­ting, not voice com­mu­nic­a­tions.

(Chaf­fetz has re­peatedly called for Koskin­en to resign, over a sep­ar­ate in­vest­ig­a­tion of his agency’s treat­ment of con­ser­vat­ive groups.)

Des­pite Koskin­en’s as­sur­ances, an ACLU in­vest­ig­a­tion found that Stin­grays are cap­able of more than that. Doc­u­ments ob­tained in a law­suit showed that the devices could in­ter­cept voice com­mu­nic­a­tions and even turn a tar­get’s cell phone in­to a “bug” to listen in on private con­ver­sa­tions.

Neema Singh Guliani, a le­gis­lat­ive coun­sel at the ACLU, said Monday that any le­gis­la­tion should fo­cus on all sur­veil­lance tech­no­logy that re­veals tar­gets’ loc­a­tions, not just cell-site-sim­u­lat­or tech­no­logy. “Con­gress needs to pass com­pre­hens­ive le­gis­la­tion that pro­hib­its the col­lec­tion of sens­it­ive loc­a­tion without a war­rant, wheth­er it’s by a Stin­gray or some fu­ture tech­no­logy,” said Guliani. “Such le­gis­la­tion needs to ex­clude the types of loop­holes in the Justice De­part­ment guid­ance, which leave Amer­ic­ans’ in­form­a­tion vul­ner­able.”

The new bill is the second move against war­rant­less Stin­gray use from Chaf­fetz, the chair­man of the House Over­sight Com­mit­tee. Chaf­fetz pre­vi­ously teamed up with Sen. Ron Wyden, a Demo­crat from Ore­gon and long­time pri­vacy ad­voc­ate, on the GPS Act, which would re­strict the use of  tech­no­lo­gies that can cap­ture in­di­vidu­als’ geo-loc­a­tion in­form­a­tion.

Chaf­fetz and Wyden first in­tro­duced the GPS Act in 2011. It has nev­er moved out of  com­mit­tee, but in­terest in Stin­gray tech­no­logy, and ways to keep it in check, have in­creased lately. Last week, the top sen­at­ors on the Ju­di­ciary Com­mit­tee, Sens. Chuck Grass­ley and Patrick Leahy, probed the IRS for in­form­a­tion about its cell-phone sur­veil­lance—in­dic­at­ing that Chaf­fetz may find more mo­mentum this time around.