Stingrays and IMSI-Catchers
35+ YEARS OF FREEDOM OF INFORMATION ACTION
Over the past few years surveillance using IMSI-catchers has become a significant issue for law enforcement and counter-intelligence. The International Mobile Subscriber Identity (IMSI) serves as the identity that a mobile carrier uses to identify a subscriber, essentially acting as a virtual thumbprint linking an individual to their mobile telephone.
Here’s how it works: The physical location of an individual can be monitored through the use of IMSI-catchers, which execute a man-in-the-middle attack wherein the IMSI-catcher impersonates a cell tower and queries the targeted person’s cell phone IMSI, informing the IMSI-catcher of the target’s location. The attack lasts only a few moments before the IMSI-catcher hands the cell phone off to a legitimate tower, preventing the target from becoming aware of the surveillance. Using this technique, the movement of individuals can be surveilled throughout an area where there is a network of IMSI-catchers, such as the network that was uncovered in the Washington, D.C. area as early as 2014. The discovery of a network of IMSI-catcher devices in 2014, and rediscovery in 2017, prompted anxious communications between Congressional Leaders, the Department of Homeland Security, and the Federal Communications Commission (FCC); as well as hearings before the House Committee on Science, Space, and Technology from subject-matter experts, and increased study of the threat by the FCC.
While IMSI-catchers (sometimes known as Stingrays) are considered legitimate tools of law enforcement in some countries, civil libertarians have voiced serious concerns about the risks they pose to privacy and have called for more information and safeguards regarding their use. Additionally, state actors allegedly including Russia and China have also been reported to use the technique for their own purposes, raising concerns around the use of these devices on US soil. In September of this year three US officials confirmed to Politico’s Daniel Lipman that the IMSI-catcher devices discovered in the Washington, D.C. area in 2017 were thought to be connected to an Israeli intelligence operation, specifically to track the movements of individuals within the Trump administration.
The documents below indicate that the presence of IMSI catchers and the threat they pose has been known to the Congressional Leadership since at least 2014 and trace the evolution of thought around the presence of foreign IMSI devices on American soil. These communications are presented with reports from the FCC to provide immediate context and the state-of-knowledge on the issue.
The documents
Document 11
Document 12
Document 13
