/ Curtis Waltman / 12 pm Fri, Jan 27 2017
  • Submit
  • About Us
  • Contact Us
  • Advertise here
  • Forums
  • Were police snooping on Women’s March protesters’ cellphones? Too many departments won’t say

    Were police snooping on Women’s March protesters’ cellphones? Too many departments won’t say

    The Women’s Marches last weekend were collectively some of the largest protests ever conducted in the United States. While we would love to have some hard data to be able to inform the public about what type of surveillance being used on the demonstrations, unfortunately many of the police department’s we have requested in our Cell Site Simulator Census have either not given us any documents yet, or used sweeping law enforcement exemptions in order to not disclose some of the more sensitive, and important, information about their use.

    In fact, out of almost 200 requests filed, only 35 departments have given us documents about their cell site simulators so far. Out of those 35, only one, the Virginia State Police, has furnished us with an actual utilization log.

    For instance:

    Cell site simulators, also known as IMSI catchers or StingRays, are devices that allow police to access your phone’s metadata, which lets them know who was at a given location for how long, who you are calling, the duration of calls, and even websites viewed or text messages sent. Recently a lawyer in Chicago filed a lawsuit, alleging that Chicago Police intercepted data from his phone while he attended a protest in 2015. Demonstrations have long been a worry for privacy activists concerning cell site simulators. Protesters have long suspected the police use the devices to identify demonstrators and map out communications networks within activist groups like Black Lives Matter.

    Let alone utilization logs, just policies on cell site simulators are hard to come by. As of now, only 13 states have passed legislation curtailing the use of cell site simulators. While some are more stringent and comprehensive like the Illinois', or California’s where each PD that purchases a StingRay must create its own internal policy and must delete irrelevant captured data after each day or investigation, others like Indiana’s law are easier on law enforcement, creating loopholes for exigent circumstances.

    While we would prefer to have a larger data set than ten out of thirty-five possible policies, at least so far in the project that is, the San Jose Police Department’s policy is worth highlighting.

    Within this policy we can see a framework that other police forces could use to learn valuable lessons about the ethical handling of such potentially invasive equipment. For one anything not immediately relevant to an investigation is not to be recorded on the device. It includes rigorous deletion policies, including one stipulating that the entire machine shall be wiped every ten days, at most. Furthermore, any data collected, including relevant information, is considered Sensitive Controlled Information and may not be seen by anyone else in the department that does not have a valid need to know. And most perhaps most impressively, they have instituted an audit program, wherein the usage of the cell site sim is checked every six months for signs of misuse. What may be lacking even here however, is a rule governing what circumstances the device may be used for, which would work to prevent the undermining of constitutionally protected rights like protest.

    We will continue to update you as responses roll in.

    Image by Mark Dixon via Wikimedia Commons and is licensed under CC BY 2.0