If you thought the ocean was the only place you should be wary of stingrays, then think again. Stingray is the term first coined by Harris Corporation for a surveillance device it developed to intercept mobile phone signals. It was first used by intelligence agencies and militaries to combat terrorism, but in the U.S. the technology is increasingly being used by the FBI and law enforcement agencies to track any person of interest. Understandably, it has civil libertarians and privacy advocates angry.
Unlike a wiretap targeting a specific phone number, Stingrays and similar devices are being used in dragnet style operations, pulling information from any nearby phone – regardless of whether it belongs to an intended surveillance target – out of the airwaves. Stingrays do this by simulating a cell site, forcing a phone to connect to it instead of a legitimate operator’s network. From there it extracts each phone’s unique International Mobile Subscriber Identity (IMSI) numbers, which can be used to track a specific device no matter where it roams.
It’s hard to know exactly what additional information Stingrays collect. The manufacturers of these IMSI catchers are not only super-secretive about their exact capabilities, but they have also forced agencies using them to sign non-disclosure agreements preventing them from revealing any details about how they operate. In fact, an investigation by The Guardian and the American Civil Liberties Union found that prosecutors have dropped criminal charges in many cases in order to avoid spilling the beans about Stingrays in court.
It’s possible, though, that Stingrays can collect far more than unique phone identifiers. There are reports of Stingrays being used to turn off the phone’s normal call encryption or gathering data stored inside the phone. In addition, a Stingray feasibly could be used to relay a call or data stream between a legitimate phone and a legitimate cell tower. In such a case it would be acting as a “man in the middle” hack, monitoring every conversation or bit transmitted to the network.
Just how widespread Stingrays are used is also not certain because of the secrecy surrounding them. So far most cases have been reported in the U.S. – the ACLU has identified 52 agencies in 22 states – but that doesn’t mean they’re not being used by other governments for surveillance. After all, these devices are most useful when the public isn’t aware of their existence.
So if you don’t want to be the unwitting target of mass mobile phone surveillance what can you do? To be honest, not much. So long as you have a phone that connects to the cellular network, it appears a Stingray can intercept your connection and identify your device. Let’s face it: our phones have always been big beacons advertising our locations to anyone with the proper equipment. It’s why in action thriller movies you always see everyone taking out their phone batteries and removing SIM cards. Only when a phone’s dead is it not revealing any information on its location.
But there may be some measures you can take against some of the other purported surveillance capabilities of Stingrays. Instead of relying on your carrier’s standard voice and messaging services, you can download apps that use alternate encryption to make calls and send texts. Open Whisper Systems, a non-profit group developing secure communications software, has several apps in that vein, including RedPhone, Signal and TextSecure.
If you’re willing to go even further, you can invest in one of the new ultra-secure smartphones in the market, like Silent Circle’s Blackphone or GSMK’s CryptoPhone. Even these highly secure gadgets won’t let you avoid Stingrays entirely, but GSMK has developed firewall software that detects if its phone is connecting to a fake cell site.
Probably the best thing you can do to stop Stingrays’ growing use, though, is tell your Congressman or MP, your police representatives or elected county sheriff that the public won’t tolerate a mass surveillance state.
Editor’s note: This is a guest post by Kevin Fitchard who is a journalist covering the mobile industry and wireless technology. He most recently wrote for Gigaom.