Warrantless “Stingray” scan ruled unconstitutional

Via The New York Times:

A federal judge in Manhattan ruled on Tuesday that drugs seized from a man charged in a narcotics case could not be used as evidence, because agents had not obtained a warrant for a covert cellphone tracking device that led them to his Washington Heights apartment, where the drugs were found.

The portable device, known as a cell-site simulator and often referred to as a Stingray, has been used widely by federal and local law enforcement officials around the country, including in New York, to solve crimes and locate missing people.

Last September, just weeks after the search in the Manhattan case, the Justice Department announced a new policy that requires federal law enforcement officials to obtain a search warrant in most cases before using a cell-site simulator.

The simulator essentially mimics a cellphone tower (or cell site), and tricks cellphones into transmitting “pings” to the device, allowing agents who have narrowed down a targeted phone’s location to determine where it is in use.

But the judge, William H. Pauley III of Federal District Court, ruled that the simulator’s use constituted a Fourth Amendment search. “Absent a search warrant,” he wrote, “the government may not turn a citizen’s cellphone into a tracking device.”

Nathan Freed Wessler, a staff lawyer with the Speech, Privacy and Technology Project, which is run by the American Civil Liberties Union, said the ruling was the first by a federal judge to suppress evidence obtained through the warrantless use of a cell-site simulator. In March, a Maryland appellate court affirmed a similar decision by a circuit court judge in Baltimore.

More here.

Microsoft continues to challenge governmental requests for users’ data

Benasque By Microsoft
Benasque By Microsoft (Photo credit: .:fotomaf:.)

I previously noted Microsoft’s successful challenge to a National Security Letter (NSL) focused on one of their customers, winning both the case and publicly disclosing what they did.

Now, the New York Times is reporting that Microsoft is fighting back against a federal prosecutor who ordered Microsoft to reveal a customer’s email stored on a server in Ireland.

The objection is believed to be the first time a corporation has challenged a domestic search warrant seeking digital information overseas. The case has attracted the concern of privacy groups and major United States technology companies, which are already under pressure from foreign governments worried that the personal data of their citizens is not adequately protected in the data centers of American companies.

Verizon filed a brief on Tuesday, echoing Microsoft’s objections, and more corporations are expected to join. The Electronic Frontier Foundation is working on a brief supporting Microsoft. European officials have expressed alarm.

In a court filing made public on Monday, Microsoft said that if the judicial order to surrender the email stored abroad is upheld, it “would violate international law and treaties, and reduce the privacy protection of everyone on the planet.”

You can read the full order requiring disclosure of the emails by a magistrate judge in New York here.  And you can review Microsoft’s filing objecting to the production of the emails here.

This is a real change in behavior. If all the large tech companies aggressively protect the right to privacy of their users it could go a long way to countering at least portions of the modern surveillance state. Kudos to Microsoft, Verizon and the EFF.

Law enforcement GPS tracking: how widespread?

After the recent Supreme Court decision ruling unconstitutional at least certain types of warrantless tracking of automobiles with GPS devices attached to the cars, the FBI has apparently turned off many of its trackers.

After the ruling, the FBI had a problem collecting the devices that it had turned off, Mr. Weissmann said. In some cases, he said, the FBI sought court orders to obtain permission to turn the devices on briefly – only in order to locate and retrieve them.

What I find interesting is that it appears that around 3,000 of the devices were deactivated.  That represents 3,000 people who up to a couple of weeks ago were secretly tracked by their government without the minimum requirement of a simple search warrant. Not a huge number, but it is the number of devices in operation at one point in time. The number of people tracked by the FBI over the past several years is probably at least 180,000, assuming 30 days per person tracked over five years. And this estimate only covers the FBI. Surely other Federal agencies were using the same techniques.

This represents a significant victory over the continuing erosion of privacy rights in the United States.