New documents obtained by the ACLU of Northern California appear to show the Florida-based Harris Corporation misleading the Federal Communications Commission while seeking authorization to sell its line of Stingray cell phone surveillance gear to state and local police. The documents raise the possibility that federal regulatory approval of the technology was based on bad information. The ACLU today wrote a letter to the FCC asking for an investigation.
Harris's Stingray devices have come under sustained scrutiny in recent months because of their capacity to violate the constitutional privacy rights of large numbers of people, both suspects and innocent bystanders alike. Because Stingrays interfere with cell phone networks by mimicking cell towers and tricking phones into reporting back their identifying information, location, and other data, the FCC must sign off on the technology before it is sold to state and local police.
Through a Freedom of Information Act request to the FCC, the ACLU obtained a chain of emails between Harris employees and the FCC regulators responsible for reviewing Harris's equipment authorization application. In an email dated June 24, 2010, a Harris representative wrote:
Just want to make you aware of the question below we received regarding the application for the Sting Fish. I know many of these questions are generated automatically but it sounds as if there is some confusion about the purpose of the equipment authorization application. As you may recall, the purpose is only to provide state/local law enforcement officials with authority to utilize this equipment in emergency situations. [Emphasis added].
The problem? By 2010, when this email was written, it should have been patently obvious to the Harris representative that the use of StingRay technology for emergency situations was quickly becoming the exception, not the rule. As we describe in our letter to the FCC today, "records released by the explain that in nearly 200 cases since 2007 where the department used a StingRay, only 29 percent involved emergencies; most of the rest involved criminal investigations in which there was ample time to seek some sort of authorization from a judge."
As early as 2004, while seeking retroactive approval for purchase of a Harris StingRay/Amberjack system, the wrote that "wireless phone tracking systems utilized by law enforcement have proven to be an invaluable tool in both the prevention of these [criminal] offenses and the apprehension of individuals attempting to carry out criminal acts."
Likewise, in 2012 the sought city council approval to purchase a StingRay to "assist in searches related to criminal and/or homeland security investigations." A spokesperson for the has stated publicly that his agency uses its StingRay device "in criminal investigations with no restrictions on the type of crime." A member of the described using a Harris Hailstorm device to track and locate fugitives and criminal suspects.
A private corporation obviously shouldn't be allowed to mislead federal regulators when applying for a license to sell invasive surveillance gear. Harris's misstatement is particularly galling because asserting that Stingrays are only used in emergency situations profoundly understates the amount of surveillance that state and local police will carry out, and therefore the magnitude of Fourth Amendment violations that may result.
We still don't know what Harris wrote in its underlying application to the FCC—the agency has so far refused to release these documents to the ACLU. But in light of what we do know from the emails, we have asked the agency to investigate. The FCC Inspector General and a new that will soon begin scrutinizing unauthorized Stingray use should take a close look at whether the agency's decision to authorize sale of Stingrays was influenced by false information. If the FCC is going to approve government use of invasive surveillance devices, at the very least it needs to have all the facts.