Lawmakers probe for Stingray info in funding bill
Congress wants to know more about how the Department of Homeland Security and state and local partners use cell-site simulators and whether they are complying with existing departmental regulations.
Congress wants to know more about how the Department of Homeland Security and state and local partners use cell-site simulators -- sometimes referred to as Stingray devices -- and whether they are complying with existing departmental regulations.
Cell site simulators mimic the signal sent by legitimate cell towers and essentially trick nearby phones into sending certain data, such as a unique identifiers and the user's location.
In the joint explanatory report included with the recently passed funding bill, House and Senate appropriators directed DHS to update lawmakers on their efforts to implement a 2015 policy requiring oversight and documentation on the use of cell-site simulators by DHS and state and local partners.
DHS policy personnel are required to follow laws governing pen registers -- devices or processes that collect data from a specific phones or computers to its destination -- when applying for a warrant to use a simulator, get approval from a supervisor, designate a point of contact responsible for implementing policy and ensure proper training for employees.
Agency personnel also must "disclose appropriately and accurately the underlying purpose and activities" to courts when seeking a warrant for a simulator, as well as when "other cellular devices in the area of influence … might experience a temporary disruption of service from the service provider."
That passage became a point of contention for Sen. Ron Wyden (D-Ore.), who wrote a letter last year to then-Attorney General Jeff Sessions saying the government "significantly underplays both the likelihood and impact of the jamming caused by cell-site simulators."
Wyden wrote that Harris Corporation -- one of the largest manufacturers of Stingray devices -- told his office that its devices "completely disrupt" the communications of targeted phones, inhibiting their ability to make calls and send or receive texts or data over the internet. The company claims it has a feature that allows emergency 911 calls to go through, but it hasn't been certified by the Federal Communications Commission.