Lawmakers probe for Stingray info in funding bill
- By Derek B. Johnson
- Feb 21, 2019
Congress wants to know more about how the Department of Homeland Security and state and local partners use cell-site simulators -- sometimes referred to as Stingray devices -- and whether they are complying with existing departmental regulations.
Cell site simulators mimic the signal sent by legitimate cell towers and essentially trick nearby phones into sending certain data, such as a unique identifiers and the user's location.
In the joint explanatory report included with the recently passed funding bill, House and Senate appropriators directed DHS to update lawmakers on their efforts to implement a 2015 policy requiring oversight and documentation on the use of cell-site simulators by DHS and state and local partners.
DHS policy personnel are required to follow laws governing pen registers -- devices or processes that collect data from a specific phones or computers to its destination -- when applying for a warrant to use a simulator, get approval from a supervisor, designate a point of contact responsible for implementing policy and ensure proper training for employees.
Agency personnel also must "disclose appropriately and accurately the underlying purpose and activities" to courts when seeking a warrant for a simulator, as well as when "other cellular devices in the area of influence … might experience a temporary disruption of service from the service provider."
That passage became a point of contention for Sen. Ron Wyden (D-Ore.), who wrote a letter last year to then-Attorney General Jeff Sessions saying the government "significantly underplays both the likelihood and impact of the jamming caused by cell-site simulators."
Wyden wrote that Harris Corporation -- one of the largest manufacturers of Stingray devices -- told his office that its devices "completely disrupt" the communications of targeted phones, inhibiting their ability to make calls and send or receive texts or data over the internet. The company claims it has a feature that allows emergency 911 calls to go through, but it hasn't been certified by the Federal Communications Commission.
Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.
Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.
Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at email@example.com, or follow him on Twitter @derekdoestech.
Click here for previous articles by Johnson.