recommended reading

Lawmakers Want to Know Which Federal Agencies use Cellphone-Tracking Stingray Technology

House Oversight and Government Reform Committee Chairman Rep. Jason Chaffetz, R-Utah

House Oversight and Government Reform Committee Chairman Rep. Jason Chaffetz, R-Utah // Cliff Owen/AP File Photo

First, it came out that the Justice De­part­ment was us­ing Stin­grays, a se­cret­ive cell-phone-track­ing device that al­lowed it to scoop up identi­fy­ing in­form­a­tion from thou­sands of mo­bile devices at once in or­der to pin­point the loc­a­tion of a tar­get.

But it wasn’t the only one. The rev­el­a­tions kept com­ing: Last month, doc­u­ments showed that even the In­tern­al Rev­en­ue Ser­vice is us­ing the sur­veil­lance devices—of­ten called “Stin­grays” after a pop­u­lar mod­el—mak­ing it the 13th fed­er­al agency known to op­er­ate them, ac­cord­ing to data from the Amer­ic­an Civil Liber­ties Uni­on.

Now, a bi­par­tis­an group of House law­makers wants to know just how many fed­er­al agen­cies are us­ing Stin­grays.

In a let­ter sent Monday, House Over­sight Com­mit­tee Chair­man Jason Chaf­fetz, rank­ing mem­ber Eli­jah Cum­mings, and the top two mem­bers of the pan­el’s IT sub­com­mit­tee—Reps. Will Hurd and Robin Kelly—asked 24 key agen­cies to share their policies for us­ing the sur­veil­lance tech­no­logy.

Known as cell-site sim­u­lat­ors, Stin­gray devices pose as cell towers to force nearby cel­lu­lar devices to es­tab­lish a con­nec­tion with them. Once a Stin­gray is con­nec­ted to nearby mo­bile devices, it can scan them, usu­ally to find a tar­get or tar­gets. The Stin­gray can use the dir­ec­tion and strength of a con­nec­tion to a tar­get device to fig­ure out where the device is loc­ated.

Since the gov­ern­ment use of Stin­grays was first re­vealed last year, some agen­cies have moved to make pub­lic their policies for us­ing them. Both the Justice De­part­ment and the Home­land Se­cur­ity De­part­ment have pub­lished in­tern­al guid­ance their agents must fol­low when us­ing Stin­grays, which in­clude lim­its on the re­ten­tion of the in­cid­ent­al data they gath­er dur­ing their wide sweeps and which es­tab­lish that agents must ob­tain a war­rant be­fore us­ing them.

But the policies only ap­ply to those agen­cies and not to state and loc­al law en­force­ment agen­cies, which are also known to own and op­er­ate Stin­grays and sim­il­ar devices.

Chaf­fetz has taken aim at Stin­gray tech­no­logy be­fore, with a bill he in­tro­duced earli­er this month. The Stin­gray Pri­vacy Act, co-sponsored by Demo­crats John Con­yers and Peter Welch, would ex­tend the DOJ’s and DHS’s war­rant re­quire­ments to all Stin­gray users, in­clud­ing state and loc­al agen­cies.

The let­ter he and his fel­low com­mit­tee mem­bers sent Monday asks for de­tails about data-re­ten­tion policies, Stin­gray use at the state and loc­al level, nondis­clos­ure agree­ments as­so­ci­ated with Stin­gray use, and de­tails about any al­leged mis­use of the tech­no­logy.

The sign­ers also asked for an in­vent­ory of Stin­gray devices in use by each of the 24 agen­cies and the cost of each device. They cast a wide net, tar­get­ing agen­cies likely to op­er­ate the devices—the De­fense De­part­ment, for ex­ample—as well as agen­cies like the Ag­ri­cul­ture De­part­ment, the In­teri­or De­part­ment, the Vet­er­ans Af­fairs De­part­ment, and the Gen­er­al Ser­vices Ad­min­is­tra­tion.

The let­ter asks for a re­sponse with­in two weeks.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov