Law Enforecement

The StingRay You’ve Never Heard of: How One of the Most Effective Tools in Law Enforcement Operates Behind a Veil of Secrecy

Dan O’Dea, MJLST Staffer

One of the most effective investigatory tools in law enforcement has operated behind a veil of secrecy for over 15 years. “StingRay” cell phone tower simulators are used by law enforcement agencies to locate and apprehend violent offenders, track persons of interest, monitor crowds when intelligence suggests threats, and intercept signals that could activate devices. When passively operating, StingRays mimic cell phone towers, forcing all nearby cell phones to connect to them, while extracting data in the form of metadata calls, text messages, internet traffic, and location information, even when a connected phone is powered off. They can also inject spying software into phones and prevent phones from accessing cellular data. StingRays were initially used overseas by federal law enforcement agencies to combat terrorism, before spreading into the hands of the Department of Justice and Department of Homeland Security, and now are actively used by local law enforcement agencies in 27 states to solve everything from missing persons cases to thefts of chicken wings.

The use of StingRay devices is highly controversial due to their intrusive nature. Not only does the use of StingRays raise privacy concerns, but tricking phones into connecting to StingRays mimicking cell phone towers prevent accessing legitimate cell phone service towers, which can obstruct access to 911 and other emergency hotlines. Perplexingly, the use of StingRay technology by law enforcement is almost entirely unregulated. Local law enforcement agencies frequently cite secrecy agreements with the FBI and the need to protect an investigatory tool as a means of denying the public information about how StingRays operate, and criminal defense attorneys have almost no means of challenging their use without this information. While the Department of Justice now requires federal agents obtain a warrant to use StingRay technology in criminal cases, an exception is made for matters relating to national security, and the technology may have been used to spy on racial-justice protestors during the Summer of 2020 under this exception. Local law enforcement agencies are almost completely unrestricted in their use of StingRays, and may even conceal their use in criminal prosecutions by tagging their findings as those of a “confidential source,” rather than admitting the use of a controversial investigatory tool. Doing so allows prosecutors to avoid  battling 4th amendment arguments characterizing data obtained by StingRays as unlawful search and seizure.

After existing in a “legal no-man’s land” since the technology’s inception, Senator Ron Wyden (D-OR) and Representative Ted Lieu (D-HI) sought to put an end to the secrecy of StingRays through introducing the Cell-Site Simulator Warrant Act of 2021 in June of 2021. The bill would have mandated that law enforcement agencies obtain a warrant to investigate criminal activity before deploying StingRay technology while also requiring law enforcement agencies to delete data of phones other than those of investigative targets. Further, the legislation would have required agencies to demonstrate a need to use StingRay technology that outweighs any potential harm to the community impacted by the technology. Finally, the bill would have limited authorized use of StingRay technology to the minimum amount of time necessary to conduct an investigation. However, the Cell-Site Simulator Warrant Act of 2021 appears to have died in committee after failing to garner significant legislative support.

Ultimately, no device with the intrusive capabilities of StingRays should be allowed to operate free from the constraints of regulation. While StingRays are among the most effective tools utilized by law enforcement, they are also among the most intrusive into the privacy of the general public. It logically follows that agencies seeking to operate StingRays should be required to make a showing of a need to utilize such an intrusive investigatory tool. In certain situations, it may be easy to establish the need to deploy a StingRay, such as doing so to further the investigation of a missing persons case. In others, law enforcement agencies would correctly find their hands tied should they wish to utilize a StingRay to catch a chicken wing thief.


Mind Over Matter: Needed Changes to the Use of Hypnosis in the Criminal Justice System

Jordan Hughes, MJLST Staffer

When most people think of hypnosis today, they imagine stage-show demonstrations and over dramatized mind-tricks. Perhaps they picture people lined up, making ridiculous noises and actions seemingly without control of their own bodies at the behest of an entertainer. Despite such popular images, hypnosis has a wide range of psychological and medical applicability outside of entertainment. Trained professionals have found hypnotherapy useful as a tool to treat pain, depression, phobias, habit disorders, skin conditions, and many other psychological and medical problems. Clinical researchers lament that the public expectations of hypnosis, built up by its use for entertainment and its dramatization in media, make it more difficult to take advantage of a psychological tool that people throughout society could be benefitting from.

One group of people was quick to accept and explore the untapped potential of hypnosis in their work: criminal investigators. In the 1950s, the now partially de-classified MKUltra program began conducting hypnosis experiments on mental health patients, including experiments “hypnotically increasing ability to observe and recall a complex arrangement of physical objects.” This practice was generally considered “experimental” until a highly publicized case in 1976. A bus driver and 26 children were abducted and buried alive; after escaping, a hypnotist helped the bus driver to accurately recall the license-plate numbers on the vans used in the abduction, leading to the apprehension of all three kidnappers. After this case, police departments across the country began using forensic hypnosis as a part of investigations.

Since the 70s and 80s, the scientific validity of forensic hypnosis has been called into question. Studies have revealed that hypnotically recovered memories may be inaccurate, incomplete, or based on a leading suggestion. False memories introduced through hypnosis can be “hardened,” so that subjects cannot distinguish them from genuine memories. Courts have been split on the admissibility of hypnotically enhanced testimony at trial, and are becoming increasingly wary of its use. See Sims v. Hayette, 914 F.3d 1078, 1090 (7th Cir. 2019) (“The concealed hypnosis . . . calls into question everything [the hypnotized witness] said at trial.”).

Despite these hesitations and the scientific backlash, the Department of Justice maintains that there is a use for hypnosis in criminal investigations. According to the DOJ Criminal Resource Manual, while hypnosis should only be used “on rare occasions” and recalled memories should be corroborated, forensic hypnosis is considered an aid that investigators may employ. The DOJ states that hypnosis may be used where there is a “clear need for additional information,” and where hypnosis “can be useful” in aiding a witness’s memory.

Hypnotherapy, as described above, has been found useful in other contexts. And many of those contexts could be of help in the world of criminal justice. The things that make hypnosis dangerous for establishing facts in a court room—a subject’s openness to suggestion and confidence that the hypnosis will work—make the practice valuable in clinical settings.

In the clinical world, the field of hypnotherapy was pioneered by Milton H. Erickson, who founded the American Society for Clinical Hypnosis in 1957. Hypnotherapy has since been found effective as a tool for overcoming narcotic addictions, managing pain, fighting depression, and curing all kinds of anxieties and phobias. Hypnotherapy has also shown promise in helping survivors of domestic and sexual abuse overcome complex PTSD, helping adults to overcome childhood traumas, and providing a means to deal with traumatic grief. Different people are receptive to different types of hypnotic intervention, and trained hypnotherapists are able to tailor their interventions to the individual patient.

Addictions, pain, anxiety and depression, PTSD and other forms of trauma . . . all of these are conditions that are known to influence criminal behavior. A criminal justice system focused on prevention of crime would employ hypnotherapy with a public health approach, exploring the potential of hypnotic interventions to help people mold the physical and psychological conditions that can lead to criminal activity. Instead of featuring it in the DOJ Criminal Resource Manual as an investigation technique, we should be seeing hypnotherapy embraced by the Bureau of Prisons, probation officers, and case managers as a means of creating “correctional facilities” that live up to their name. Unfortunately, the will to explore this tool as a curative measure has not found its way to the prison system.

The problems with where hypnosis is used in the criminal justice system underscores a broader systemic issue. There is an overemphasis in the system on using innovative techniques to catch criminals. Whether a behavioral science that promises to “unlock” memories, or a piece of military tech that allows for dragnet-style spying on unsuspecting civilians, zealous investigators are often keen to employ novel tools to get ahead of the suspects they are after. This is at the expense of innocent civilians, whose constitutional and natural rights are inevitably contravened.

By and large, this desire for innovation has not crept into the world of those focused on helping to rehabilitate past convicts. Over one nine year study, 83% of the state prisoners released were rearrested for committing new crimes. Arrest data tells us that over two-thirds of state drug offenders are rearrested within five years of their release. 24% of sex offenders commit another sex crime with fifteen years of release and a much higher percentage of sex offenders are estimated to recidivate by committing non-sexual crimes that are nonetheless sexually motivated. These high rearrest rates are part of why America has the largest per-capita prison population of any country in the world.

But it does not have to be that way. Hypnotherapy is one of many techniques that, with investment and proper oversight, could prove essential to curing drug addictions and affecting long-term behavioral change. Federal courts in Minnesota have already created a unique one-on-one mentorship program to help rehabilitate offenders as they reenter society. An investment in this and similar programs, and a commitment to developing novel ways of helping people avoid criminal activity, could be the fundamental change that we need in order to see a criminal justice system that does more protecting of our society than punishing it.


Inconceivable! How the Fourth Amendment Failed the Dread Pirate Roberts in United States v. Ulbricht

Emily Moss, MJLST Staffer

It is not an overstatement to claim that electronic devices, such as laptop and smart phones, have “altered the way we live.” As Chief Justice Roberts stated, “modern cell phones . . . are now such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy.” Riley v. California, 573 U.S. 373, 385 (2014). These devices create new digital records of our everyday lives. United States v. Ulbricht, 858 F.3d 71 (2d Cir. 2017) is one of many cases that grapple with when the government should gain access to these records.

In February 2015, a jury found Ross William Ulbricht (aka “Dread Pirate Roberts” or “DPR”) guilty on seven counts related to his creation and operation of Silk Road. United States v. Ulbricht, 858 F.3d 71, 82 (2d Cir. 2017). Silk Road was an online criminal marketplace where, using the anonymous currency Bitcoin, “users principally bought and sold drugs, false identification documents, and computer hacking software.” Id. Government trial evidence showed that, hoping to protect Silk Road anonymity, DPR commissioned the murders of five people. Id. at 88. However, there is no evidence that the murders actually transpired. Id.

On appeal, the Second Circuit upheld both the conviction and Ulbricht’s two-life sentence. Ulbricht, 858 F.3d at 82. Ulbricht argued, inter alia, that “the warrant[] authorizing the government to search his laptop . . . violated the Fourth Amendment’s particularity requirement.” Id. at 95. The warrant authorized “opening or ‘cursorily reading the first few’ pages of files to ‘determine their precise contents,’ searching for deliberately hidden files, using ‘key word searches through all electronic storage areas,’ and reviewing file ‘directories’ to determine what was relevant.” Id. at 101–02. Ulbricht claimed that the warrant violated the Fourth Amendment’s particularity requirement because it “failed to specify the search terms and protocols” that the government was required to employ while searching Ulbricht’s laptop. Id. at 102.

The court acknowledged that particularity is especially important when the warrant authorizes the search of electronic data, as the search of a computer can expose “a vast trove of personal information” including “sensitive records.” Id. at 99. It noted that “a general search of electronic data is an especially potent threat to privacy because hard drives and e-mail accounts may be ‘akin to a residence in terms of the scope and quantity of private information [they] may contain’ . . . Because of the nature of digital storage, it is not always feasible to ‘extract and segregate responsive data from non-responsive data,’. . . creating a ‘serious risk that every warrant for electronic information will become, in effect, a general warrant.’” Id. (internal citations omitted).

Nonetheless, the court rejected Ulbricht’s claim that the laptop warrant failed to meet the Fourth Amendment’s particularity requirement. It reasoned that it would be impossible to identify how relevant files would be named before the laptop search began, which the government reasonably anticipated when requesting the laptop warrant. Id. at 102 (emphasizing examples where relevant files and folders had misleading names such as “aliaces” or “mbsobzvkhwx4hmjt”). Further, the court held that broad search protocols were appropriate given that the alleged crime involved sophisticated technology and masking identity. Id. Ultimately, the court emphasized that the “fundamental flaw” in Ulbricht’s argument was that it equated a broad warrant with a violation of the particularity requirement. Id. Using the analogy of searching an entire home where there is probable cause to believe that there is relevant evidence somewhere in the home, the court illustrated that a warrant can be both broad and still satisfy the particularity requirement. Id. (citing U.S. Postal Serv. v. C.E.C. Servs., 869 F.2d 184, 187 (2d Cir. 1989)). The court therefore upheld the constitutionality of the warrant. The Supreme Court denied Ulbrich’s writ of certiorari.

Orin Kerr’s equilibrium adjudgment theory of the Fourth Amendment argues that as new tools create imbalanced power on either the side of privacy or the side of law enforcement, the Fourth Amendment must adjust to restore its original balance. The introduction of computers and the internet created an immense change in the tools that both criminals and law enforcement use. Without minimizing the significance of Ulbricht’s crimes, United States v. Ulbricht illustrates this dramatic change. While computers and the internet did create new avenues for crime, computer and internet searches—such as the ones employed by the government—do far more to disrupt the Fourth Amendment’s balance.

Contrary to the court’s argument in Ulbricht, searching a computer is entirely unlike searching a home. First, it is easy to remove items from your home, but the same is not true of computers. Even deleted files often linger on computers where the government can access them. Similarly, when law enforcement finds a file in someone’s home, it still does not know how that file was used, how often it has been viewed, or who has viewed it. But computers do store such information. These, and many other differences demonstrate why particularity, in the context of computer searches, is even more important than the court in UIlbricht acknowledged. Given the immense amount of information available on an individual’s electronic devices, Ulbricht glosses over the implications for personal privacy posed by broad search warrants directed at computers. And with the rapidly changing nature of computer technology, the Fourth Amendment balance will likely continue to stray further from equilibrium at a speed with which the courts will struggle to keep up.

Thus, adjusting the Fourth Amendment power balance related to electronic data will continue to be an important and complicated issue. See, e.g., Proposal 2 Mich. 2020) (amending the state’s constitution “to require a search warrant to access a person’s electronic data or electronic communications,” passing with unanimous Michigan Senate and House of Representative approval, then with 88.8% of voters voting yes on the proposal); People v. Coke, 461 P.3d 508, 516 (Colo. 2020) (“‘Given modern cell phones’ immense storage capacities and ability to collect and store many distinct types of data in one place, this court has recognized that cell phones ‘hold for many Americans the privacies of life’ and are, therefore, entitled to special protections from searches.”) (internal citations omitted). The Supreme Court has ruled on a number of Fourth Amendment and electronic data cases. See, e.g., Carpenter v. United States, 138 S.Ct. 2206 (2018) (warrantless attainment of cell-site records violates the Fourth Amendment); Riley v. California, 134 S.Ct. 2473 (2014) (warrantless search and seizure of digital contents of a cell phone during an arrest violates the Fourth Amendment). However, new issues seem to appear faster than they can be resolved. See, e.g., Nathan Freed Wessler, Jennifer Stisa Granick, & Daniela del Rosario Wertheimer, Our Cars Are Now Roving Computers. Is the Fourth Amendment Ready?, ACLU (May 21, 2019, 3:00 PM), https://www.aclu.org/blog/privacy-technology/surveillance-technologies/our-cars-are-now-roving-computers-fourth-amendment. The Fourth Amendment therefore finds itself in eel infested waters. Is rescue inconceivable?

Special thanks to Professor Rozenshtein for introducing me to Ulbricht and inspiring this blog post in his course Cybersecurity Law and Policy!


The “Circuit Split” That Wasn’t

Sam Sylvan, MJLST Staffer

Earlier this year, the Fourth Circuit punted on an opportunity to determine the constitutional “boundaries of the private search doctrine in the context of electronic searches.” United States v. Fall, 955 F.3d 363, 371 (4th Cir. 2020). The private search doctrine, crafted by the Supreme Court in the 80’s, falls under the Fourth Amendment’s umbrella. The doctrine makes it lawful for law enforcement to “search” something that was initially “searched” by a private third party, because the Fourth Amendment is “wholly inapplicable to a search or seizure, even an unreasonable one, effected by a private individual not acting as an agent of the Government or with the participation or knowledge of any government official.” United States v. Jacobsen, 466 U.S. 109, 113 (1984).

An illustration: Jane stumbles upon incriminating evidence on John’s laptop that implicates John in criminal activity (the “initial private search”), Jane shows the police what she found on the laptop (the “after-occurring” search), and the rest is history for John. But for law enforcement’s after-occurring search to avoid violating the Fourth Amendment, its search must not exceed the scope of the initial private search. “The critical measures [to determine] whether a governmental search exceeds the scope of the private search that preceded it,” United States v. Lichtenberger, 786 F.3d 478, 485 (6th Cir. 2015), include whether “there was a virtual certainty that nothing else of significance was in the [property subjected to the search]” and whether the government’s search “would not tell [law enforcement] anything more than [it] already had been told” or shown by the private searcher. Jacobsen, 466 U.S. at 119.

Of course, the Supreme Court’s holdings from the 80’s that speak to the scope of the Fourth Amendment are often difficult to reconcile with modern-day Fourth Amendment fact patterns that revolve around law enforcement searches of modern electronic devices (laptops; smartphones; etc.). In the key Supreme Court private search doctrine case, Jacobsen (1984), the issue was the constitutionality of a DEA agent’s after-occurring search of a package after a FedEx employee partially opened the package (upon noticing that it was damaged) and saw a white powdery substance.

Since the turn of the millennium, courts of appeals have stretched to apply Jacobsen to rule on the private search doctrine’s application to, and scope of, law enforcement searches of electronics. In 2001, the Fifth Circuit addressed the private search doctrine in a case where the defendant’s estranged wife took a bunch of floppy disks, CDs, and zip disks from the defendant’s property. She and her friend then discovered evidence of defendant’s criminal activity on those disks while searching some of them and turned the collection over to the police, which led to the defendant’s conviction. United States v. Runyan, 275 F.3d 449 (5th Cir. 2001).

There are two crucial holdings in Runyan regarding the private search doctrine. First, the court held that “the police exceeded the scope of the private search when they examined the entire collection of ‘containers’ (i.e., the disks) turned over by the private searchers, rather than confining their [warrantless] search to the selected containers [that were actually] examined by the private searchers.” Id. at 462. Second, the court held that the “police search [did not] exceed[] the scope of the private search when the police examine[d] more items within a particular container [i.e., a particular disk] than did the private searchers” who searched some part of the particular disk but not its entire contents. Id. at 461, 464. Notably absent from this case: a laptop or smartphone.

Eleven years after Runyan, the Seventh Circuit held that the police did not exceed the scope of the private searches conducted by a victim and her mother. Rann v. Atchison, 689 F.3d 832 (7th Cir. 2012) (relying heavily on Runyan). In Rann, the police’s after-occurring search included viewing images (on the one memory card brought to them by the victim and the one zip drive brought to them by the victim’s mother) that the private searchers themselves had not viewed. Id. Likening computer storage disks to containers (as the Runyan court did), the Rann court concluded “that a search of any material on a computer disk is valid if the private [searcher] viewed at least one file on the disk.” Id. at 836 (emphasis added). But notably absent from this case like Runyan: a laptop or smartphone.

Two years after Rann, the Supreme Court decided Riley v. California—a landmark case where the Court unanimously held that the warrantless search of a cellphone during an arrest was unconstitutional. Specific reasoning from the Riley Court is noteworthy insofar as assessing the Fourth Amendment’s (and, in turn, the private search doctrine’s) application to smartphones and laptops. The Court stated:

[W]e generally determine whether to exempt a given type of search from the warrant requirement by assessing, on the one hand, the degree to which it intrudes upon an individual’s privacy and, on the other, the degree to which it is needed for the promotion of legitimate governmental interests. . . . [Smartphones] are in fact minicomputers that also happen to have the capacity to be used as a telephone. They could just as easily be called cameras, video players, rolodexes, calendars, tape recorders, libraries, diaries, albums, televisions, maps, or newspapers. One of the most notable distinguishing features of [smartphones] is their immense storage capacity.

573 U.S. 373, 385, 393 (2014). Riley makes crystal clear that when the property at issue is a laptop or smartphone, the balance between a person’s privacy interests and the governmental interests tips heavily in favor of the individual’s privacy interests. In simpler terms, law enforcement needs a warrant to search a laptop or smartphone unless it has an extremely compelling reason for failing to comply with the Fourth Amendment’s warrant requirement.

 

One year after Riley, the Sixth and Eleventh Circuits—armed with Riley’s insights regarding modern electronic devices—decided Lichtenberger and United States v. Sparks, respectively. The two Circuits held that in both cases the police, in conducting their after-occurring warrantless searches of a laptop (Lichtenberger) and a smartphone (Sparks), exceeded the scope of the initial private searches, reaching these conclusions in large part due to Riley. In Lichtenberger, the police exceeded the scope of the initial private search when, without a warrant, they looked at photographs on the laptop that the private searcher had not looked at, despite the private searcher’s initial viewing of other photographs on the laptop. 786 F.3d 478 (6th Cir. 2015). In Sparks, the police exceeded the scope of the initial private search when, without a warrant, they viewed a video within the same album on the smartphone that the private searcher had scrolled through but which the private searcher did not actually view. 806 F.3d 1323 (11th Cir. 2015), overruled on other grounds by United States v. Ross, 963 F.3d 1056 (11th Cir. 2020) (overruling Sparks “to the extent that [Sparks] holds that [property] abandonment implicates Article III standing”).

 

At first glance, Lichtenberger and Sparks seem irreconcilable with Runyan and Rann, leading many commentators to conclude there is a circuit split regarding the private search doctrine: the “container” approach versus the “file”/“narrow” approach. But I disagree. And there is a rather simple explanation for reaching this conclusion—Riley merely heightened Jacobsen’s “virtual certainty” requirement in determining whether law enforcement exceed the scope of initial private searches of laptops and smartphones. In other words, “virtual certainty” is significantly elevated in the context of smartphones and laptops because of the heightened privacy interests at stake stemming from their immense storage capacities and unique qualities—i.e., they contain information and data about all aspects of our lives to a much greater extent than floppy disks, CDs, zip drives, and camera memory cards. Thus, the only apparent sure way for law enforcement to satisfy the private search doctrine’s “virtual certainty” requirement when a laptop or smartphone is involved (and thereby avoid inviting defendants to invoke the exclusionary rule) is to view exactly what the private searcher viewed.

In contrast, the “virtual certainty” requirement in the context of old school floppy disks, CDs, zip drives, and memory cards is quite simply a lower standard of certainty because the balance between privacy interests and legitimate governmental interests is not tipped heavily in favor of privacy interests.

While floppy disks, CDs, and zip drives somewhat resemble “containers,” such as the package in Jacobsen, smartphones and laptops are entirely different Fourth Amendment beasts. Accordingly, the four cases should all be analyzed through the lens that the particular electronic device at issue in each case is most significant because it guides the determination of whether the after-occurring search fell within the scope of the initial private search. Looking at the case law this way makes it so that it is not the container approach versus the file approach. Rather, it is (justifiably) the container approach for certain older electronic storage devices and the file approach for modern electronic devices that implicate weightier privacy concerns.


Hailstorms in Baltimore: The Fourth Circuit’s Opportunity to Create Oversight and Accountability for a Secretive Police Technology

Jordan Hughes, MJLST Staffer

The past several months have once again shone a spotlight on the difficulty of holding police and law enforcement accountable for their actions. The American public has become more aware than ever of the unions and structures in place to shield officers from liability. Despite years of DOJ investigations and investigative reporting into the procedures of departments around the country, many regular police practices remain hidden from the public eye. Including the use of secretive new technologies that allow for unprecedented levels of discretion—and unprecedented potentials for abuse.

The Hailstorm is one such dragnet-style electronic capturing device that over 85 federal and state enforcement agencies have used largely in secret for more than two decades. This past spring, the 4th Circuit joined the fledgling ranks of federal courts asked to grapple with constitutional questions raised by the elusive technology. Baltimore police used a Hailstorm in 2014 to locate Kerron Andrews, who had an outstanding arrest warrant. Andrews v. Balt. City Police Dep’t, No. CCB-16-2010, 2018 U.S. Dist. LEXIS 129523, at *4 (D. Md. Aug. 1, 2018). The device enabled Baltimore police to pinpoint the apartment building where Andrews was sitting, despite having been unable to find him using standard location information released to them by his phone carrier. The police never disclosed the device during their surveillance, citing instead a “pen register order” as authorization for its use. A Maryland state court held that the government violated Andrews’ Fourth Amendment rights through use of the Hailstorm, and a state appellate court upheld that decision. Andrews then sued the police department in a federal district court, but the federal court considered the search constitutional and granted summary judgment against him. Andrews appealed.

The 4th Circuit, in Andrews v. Balt. City Police Dep’t, No. 18-1953, 2020 U.S. App. LEXIS 9641 (4th Cir. Mar. 27, 2020), both acknowledged the serious constitutional questions at stake and declined to make a ruling on them due to a lack of information. The district court was directed on remand to make findings concerning the Baltimore Police Department’s practice regarding Hailstorm technology, as well as the extent of constitutional intrusions involved in the search. Whatever the outcome, the 4th Circuit is likely to hear this case again. When it finally does, the court will have to decide how to apply the Fourth Amendment to a technology that may be fully incompatible with the freedom from broad and general searches that it typically guarantees.

What is a Hailstorm?

The “Hailstorm” is a model of “cell site simulator” technology sold by Harris Corporation. Other commonly used Harris models include the “StingRay,” “TriggerFish,” and “KingFish.” Generically, these devices are known as international mobile subscriber identity (“IMSI”) catchers.

IMSI catchers essentially mimic a wireless carrier’s base station, causing cell phones to communicate their unique identifiers and location data to the device even when they’re not in use. They function as a dragnet, capturing the unique numerical identifiers of all wireless devices within a particular area. The technology provides both identification and location data for devices. It is precise enough for law enforcement to narrow a device’s location to six feet, and to identify the exact unit a device is in from outside a large apartment complex. IMSI catchers are also capable of capturing the contents of communications, although there has not been a disclosed instance yet of law enforcement using an IMSI catcher in this fashion. IMSI catchers are small, and can easily be handheld or mounted on vehicles or drones.

What is the concern?

The Hailstorm raises a number of concerns under the Fourth Amendment—the constitutional provision meant to protect Americans from unreasonable searches and seizures. The ACLU, in a 2014 guide for defense attorneys, outlined the major Fourth Amendment questions that arise with the use of any IMSI catcher. These include:

  1. Level of scrutiny: IMSI catchers are almost certainly intrusive enough to violate both reasonable expectations of privacy and property interests, thus giving rise to Fourth Amendment scrutiny. When used in connection with a residence, the devices provide critical details about the inside of the property that constitutes a search under any framework. While the Supreme Court has held that there is no reasonable expectation of privacy on outgoing phone numbers voluntarily sent to a third party, that analysis likely cannot extend to data that gets redirected and captured by a Hailstorm without the phone-owner’s knowledge or consent.
  2. General search: There is an argument that any search conducted by an IMSI catcher constitutes a general search, and thus should be categorically barred by the Fourth Amendment. An IMSI catcher indiscriminately gathers all signaling information from a captured phone, seemingly incompatible with a constitutional requirement that surveillance minimize the collection of information unsupported by probable cause. Further, the dragnet functionality conducts this information grab on all devices in a vicinity, including innocent third parties whom the government lacks probable cause to search.
  3. Inaccurate warrants: When law enforcement does apply for a warrant to use an IMSI catcher, those warrants are very likely inaccurate. Warrant applications, driven by federal policies of non-disclosure, typically either (a) omit the fact that the government intends to use an IMSI catcher, (b) mislead the court by saying the government intends to use less intrusive devices (like a pen register) instead, or (c) fail to provide any information on what the technology is and how it operates. In either scenario, the warrant is predicated on a material omission that deprives a court of its constitutional obligation to balance government interests against intrusions into private rights.
  4. Invalid warrants: If a warrant accurately states law enforcement’s intended use of an IMSI catcher, it may be facially invalid due to the necessarily general nature of the search. The entire purpose of the warrant requirement is to require law enforcement to state with particularity the area to be searched and the persons or things to be seized. It remains an open question whether warrant particularity requirements can ever be compatible with intrusive dragnet surveillance technologies.

A separate and perhaps more troubling concern is the extreme lengths, only recently uncovered, that the government has gone to in order to keep this technology a secret. The federal government uses extensive non-disclosure agreements to prevent federal, state, and even local law enforcement from disclosing any details on the capabilities and usage of IMSI catchers. There have been a couple instances where judges demanded police to disclose possible use of an IMSI catcher at trial. Prosecutors in these instances have voluntarily dropped the evidence, offered plea bargains without jail time, or voluntarily dismissed the case altogether rather than disclose the device’s usage. Law enforcement agents have also demonstrated a willingness to offer alternative explanations for evidence obtained by an IMSI catcher. In one case where the FBI used a StingRay, for example, a discovered email from a special agent read: “we need to develop independent probable cause for the search warrant . . . FBI does not want to disclose the [redacted] (understandably so).”

IMSI catchers in the courts so far

The first reported decision dealing with an IMSI catcher was in 1995. In re United States, 885 F. Supp. 197 (C.D. Cal. 1995). The court, which had difficulty applying current law to the new surveillance technology, demanded that law enforcement develop stronger safeguards before permitting its use. Since 1995, nation-wide police practices of avoiding disclosure of the devices has largely shielded them from the view of courts. More recent orders from even the most tech-savvy magistrate judges suggest that judicial officers across the country still have little exposure to or understanding of IMSI technology. The lack of exposure and understanding is critical to continuing the law enforcement practice of applying for approval to use a “pen register” device.

Among the courts that have been faced with the question of IMSI catcher use, several—including the 7th Circuit in 2016—have declined to answer questions concerning the devices’ constitutionality. United States v. Patrick, 842 F.3d 540 (7th Cir. 2016). In his dissent, Chief Judge Wood described the avoidance strategies of law enforcement as “bad faith” that could justify suppression, and closed by writing that “it is time for the Sting[R]ay to come out of the shadows, so that it can be subject to the same kind of scrutiny as other mechanisms.”

The 7th Circuit ultimately did revisit the question of Sting[R]ays in Sanchez-Jara in 2018. United States v. Sanchez-Jara, 889 F.3d 418 (7th Cir. 2018). That court rejected the “general search” argument and upheld a warrant that referred generally to “electronic investigative techniques” without specifying the use of IMSI catcher technology. The other federal circuits have yet to reach a decision on the issue.

Andrews v. Balt. City Police Dep’t will almost certainly appear before the 4th Circuit again. While the question in that case deals with whether a pen register application can cover use of a Hailstorm device, deeper questions surrounding the constitutionality of a Hailstorm search underlie every aspect of the litigation. The court will be faced with a police department that has a history of abusing discretion, and that has shielded the courts from its use of IMSI catchers for years, in a moment of increased public scrutiny of police practices and procedures. The 4th Circuit thus has a unique opportunity to create a level of increased accountability for law enforcement, and to change the trajectory of police surveillance strategies for years to come.


Hacking the Circuit Split: Case asks Supreme Court to clarify the CFAA

Kate Averwater, MJLST Staffer

How far would you go to make sure your friend’s love interest isn’t an undercover cop? Would you run an easy search on your work computer? Unfortunately for Nathan Van Buren, his friend was part of an FBI sting operation and his conduct earned him a felony conviction under the Computer Fraud and Abuse Act (CFAA), 18 USC § 1030.

Van Buren, formerly a police sergeant in Georgia, was convicted of violating the CFAA. His acquaintance turned informant for the FBI and recorded their interactions. Van Buren knew Andrew Albo from Albo’s previous brushes with law enforcement. He asked Van Buren to run the license plate number of a dancer. Albo claimed he was interested in her and wanted to make sure she wasn’t an undercover cop. Trying to better his financial situation, Van Buren told Albo he needed money. Albo gave Van Buren a fake license plate number and $6,000. Van Buren then ran the fake number in the Georgia Crime Information Center (GCIC) database. Albo recorded their interactions and the trial court convicted Van Buren of honest-services wire fraud (18 USC §§ 1343, 1346) and felony computer fraud under the CFAA.

Van Buren appealed and the Eleventh Circuit vacated and remanded the honest-services wire fraud conviction but upheld the felony computer fraud conviction. His case is currently on petition for review before the Supreme Court.

The relevant portion of the CFAA criminalizes obtaining “information from any protected computer” by “intentionally access[ing] a computer without authorization or exceed[ing] authorized access.” Van Buren’s defense was that he had authorized access to the information. However, he admitted that he used it for an improper purpose. This disagreement over access restrictions versus use restrictions is the crux of the circuit split.  Van Buren’s petition emphasizes the need for the Supreme Court to resolve these discrepancies.

Most favorable to Van Buren is the Ninth Circuit’s reading of the CFAA. The court previously held that the CFAA did not criminalize abusing authorized access for impermissible purposes. Recently, the Ninth Circuit reaffirmed this interpretation. The Second and Fourth Circuits align with the Ninth in interpreting the CFAA narrowly, declining to criminalize conduct similar to Van Buren’s.

In affirming his conviction, the Eleventh Circuit rested on their previous decision in Rodriguez, a much broader reading of the CFAA. The First, Fifth, and Seventh Circuits join the Eleventh in interpreting the CFAA to include inappropriate use.

Van Buren’s case has sparked a bit of controversy and prompted multiple organizations to file amicus briefs. They are pushing the Supreme Court to interpret the CFAA in a narrow way that does not criminalize common activities. Broad readings of the CFAA lead to criticism of the law as “a tool ripe for abuse.”

Whether or not the Supreme Court agrees to hear the case, next time someone offers you $6,000 to do a quick search on your work computer, say no.


United States v. Microsoft Corp.: A Chance for SCOTUS to Address the Scope of the Stored Communications Act

Maya Digre, MJLST Staffer

 

On October 16th, 2017 the United States Supreme Court granted the Federal Government’s petition for certiorari in United States v. Microsoft Corp. The case is about a warrant issued to Microsoft that ordered it to seize and produce the contents of a customer’s e-mail account that the government believed was being used in furtherance of narcotics trafficking. Microsoft produced the non-content information that was stored in the U.S., but moved to quash the warrant with respect to the information that was stored abroad in Ireland. Microsoft claimed that the only way to access the information was through the Dublin data center, even though this data center could also be accessed by their database management program located at some of their U.S. locations.

 

The district court of New York determined that Microsoft was in civil contempt for not complying with the warrant. The 2nd Circuit reversed, stating that “Neither explicitly or implicitly does the statute envision the application of its warrant provision overseas” and “the application of the Act that the government proposes – interpreting ‘warrant’ to require a service provider to retrieve material from beyond the borders of the United States – would require us to disregard the presumption against extraterritoriality.” The court used traditional tools of statutory interpretation in the opinion including plain meaning, presumption against extraterritoriality, and legislative history.

 

The issue in the case, according to ScotusBlog is “whether a United States provider of email services must comply with a probable-cause-based warrant issued under 18 U.S.C. § 2703 by making disclosure in the United States of electronic communications within that provider’s control, even if the provider has decided to store that material abroad.” Essentially, the dispute centers on the scope of the Stored Communications Act (“SCA”) with respect to information that is stored abroad. The larger issue is the tension between international privacy laws, and the absolute nature of warrants issued in the United States. According to the New York Times, “the case is part of a broader clash between the technology industry and the federal government in the digital age.”

 

I think that the broader issue is something that the Supreme Court should address. However, I am not certain that this is the best case for the court. The fact that Microsoft can access the information from data centers in the United States with their database management program seems to weaken their claim. The case may be stronger for companies who cannot access information that they store abroad from within the United States. Regardless of this weakness, the Supreme Court should rule in favor of the State to preserve the force of warrants of this nature. It was Microsoft’s choice to store the information abroad, and I don’t think the choices of companies should impede legitimate crime-fighting goals of the government. Additionally, if the Court ruled that the warrant does not reach information that is stored abroad, this may incentivize companies to keep their information out of the reach of a U.S. warrant by storing it abroad. This is not a favorable policy choice for the Supreme Court to make; the justices should rule in favor of the government.

 

Unfortunately, the Court will not get to make a ruling on this case after Microsoft decided to drop it following the DOJ’s agreement to change its policy.


Microsoft Triumphs in Fight to Notify Users of Government Data Requests

Brandy Hough, MJLST Staffer

 

This week, Microsoft announced it will drop its secrecy order lawsuit against the U.S. government after the Deputy U.S. Attorney General issued a binding policy limiting the use and term of protective orders issued pursuant to 18 U.S.C. §2705(b) of the Electronic Communications Privacy Act of 1986 (“ECPA”), also referred to as the Stored Communications Act (“SCA”).

 

The ECPA governs requests to obtain user records and information from electronic service providers. “Under the SCA, the government may compel the disclosure of . . . information via subpoena, a court order under 18 U.S.C. § 2703(d), or a search warrant.” Pursuant to 18 U.S.C. § 2705(b), a government entity may apply for an order preventing a provider from notifying its user of the existence of the warrant, subpoena, or court order. Such an order is to be granted only if “there is reason to believe” that such notification will result in (1) endangering an individual’s life or physical safety; (2) flight from prosecution; (3) destruction of or tampering with evidence; (4) intimidation of witnesses; or (5) seriously jeopardizing an investigation or delaying a trial.

 

Microsoft’s April 2016 lawsuit stemmed from what it viewed as routine overuse of protective orders accompanying government requests for user data under the ECPA, often without fixed end dates. Microsoft alleged both First and Fourth Amendment violations, arguing that “its customers have a right to know when the government obtains a warrant to read their emails, and . . . Microsoft has a right to tell them.” Many technology leaders, including Apple, Amazon, and Twitter, signed amicus briefs in support of Microsoft’s efforts.

 

The Deputy Attorney General’s October 19th memo states that “[e]ach §2705(b) order should have an appropriate factual basis and each order should extend only as long as necessary to satisfy the government’s interest.” It further outlines steps that prosecutors applying for §2705(b) orders must follow, including one that states “[b]arring exceptional circumstances, prosecutors filing § 2705(b) applications may only seek to delay notice for one year or less.” The guidelines apply prospectively to applications seeking protective orders filed on or after November 18, 2017.

 

Microsoft isn’t sitting back to celebrate its success; instead, it is continuing its efforts outside the courtroom, pushing for Congress to amend the ECPA to address secrecy orders.

 

Had the case progressed without these changes, the court should have ruled in favor of Microsoft. Because the way § 2705(b) of the SCA was written, it allowed the government to exploit the “vague legal standards . . . to get indefinite secrecy orders routinely, regardless of whether they were even based on the specifics of the investigation at hand.”This behavior violated both the First Amendment – by restraining Microsoft’s speech based on “purely subjective criteria” rather than requiring the government to “establish that the continuing restraint on speech is narrowly tailored to promote a compelling interest”  – and the Fourth Amendment – by not allowing users to know if the government searches and seizes their cloud-based property, in contrast to the way Fourth Amendment rights  are afforded to information stored in a person’s home or business. The court therefore should have declared, as Microsoft urged, that § 2705(b) was “unconstitutional on its face.”

 


A View to the Development of the FAA’s Ban on the Use of Galaxy 7 Phones on Airplanes.

Joshua Wold, MJLST Staffer

Samsung’s Galaxy Note 7 has problems. Under normal charging and use conditions, the battery in some devices can start on fire. As of September 1, Samsung reported that 35 of these problems had come to its attention, and more have been reported since that time. Samsung has already begun a recall—officially a “replacement program”—offering to replace the potentially dangerous devices with new ones. At the same time, US government agencies are also moving to prevent the harm that a malfunction from these devices could cause.

The Federal Aviation Administration (FAA) has not banned the device from airplanes. According to Matt Novak at Gizmodo, the FAA stated on September 6th that it was “working on guidance related to this issue,” and said, “If the device is recalled by the manufacturer, airline crew and passengers will not be able to bring recalled batteries or electronics that contain recalled batteries in the cabin of an aircraft, or in carry-on and checked baggage.” On September 8th, the FAA issued a statement “strongly” advising airline passengers to keep the devices off, not charge them while aboard, and to keep them out of checked baggage.

Then, on September 9th the Consumer Product Safety Commission (CPSC) put out a press release urging Galaxy Note 7 owners to power off the device, and not to charge or use it. The press release indicated that it was cooperating with Samsung “to formally announce an official recall of the devices, as soon as possible.”

Based on the comments made to Gizmodo, the FAA appeared unwilling to ban the device until the official recall was put into effect. This is understandable. Cell phones are a significant part of modern life. Nearly every person getting onto a plane is carrying at least one. TSA would thus be forced to distinguish between types of cell phones. Its task would be complicated by cases and other types of personalization which obscure the appearance of a cell phone.

Even more challenging, however, is the fact that some versions of the Note 7 have a battery which is not prone to overheating, and poses no threat. Unless these safe phones were to also be banned, security personnel would need to determine which battery was in a phone in order to know if it were permissible. People want to have their phones when they get wherever they are flying to, and banning a safe phone because it looks like an unsafe phone seems like a sure recipe for passenger dissatisfaction.

It may seem that a ban is be appropriate despite the difficulties. Certainly, the potential for harm is significant. A widely circulated photo of a Jeep engulfed in flames is evocative of the threat, and airline passengers have gotten used to restrictions on items which seem to pose even less risk than an exploding phone. FAA’s suggestion that those with Note 7 phones simply turn them off and not charge them may have had the potential to eliminate the threat. On the one hand, it was only a strong recommendation, and not a rule. On the other hand, with airlines repeating the FAA’s warning, it seems unlikely that many people would have failed to take it seriously.

On the 15th of September, the situation changed further, as the CPSC announced an official recall. With that decision, the ground mentioned to Gizmodo for not instituting a ban disappeared. Considering  some data (which can be found here), suggesting that people aren’t really taking Samsung’s warnings seriously, it seemed very likely that the FAA would decide to strengthen their recommendation against use to a prohibition on use, or even a prohibition on flying with the phones at all.

On the next day, September 16th, the FAA banned use of the phone on airplanes, but not the phones themselves. This new policy fits with the reality of modern cellphone use, that people rely on their phones, even if they are fire hazards. While this move takes the pressure off the TSA (which is probably a good move in terms of the overall happiness of air travelers), the regulation (which can be found here) doesn’t specifically mention the Galaxy Note 7, but refers instead to “defective or recalled” lithium batteries.

Of course, this creates the same sort of enforcement problems as appeared with earlier recommendations: can airline staff identify a Galaxy Note 7 with such “defective or recalled” lithium batteries? The FAA itself notes that it is difficult to distinguish between phones which have had the battery replaced and those which are still risked. The FAA’s recommendation on how to manage this problem is pretty general, and it essentially boils down to training of airline staff, and provision of information to airline passengers. One hopes that this is sufficient.


The Federal Government Wants Your iPhone Passcode: What Does the Law Say?

Tim Joyce, MJLST Staffer

Three months ago, when MJLST Editor Steven Groschen laid out the arguments for and against a proposed New York State law that would require “manufacturers and operating system designers to create backdoors into encrypted cellphones,” the government hadn’t even filed its motion to compel against Apple. Now, just a few weeks after the government quietly stopped pressing the issue, it almost seems as if nothing at all has changed. But, while the dispute at bar may have been rendered moot, it’s obvious that the fight over the proper extent of data privacy rights continues to simmer just below the surface.

For those unfamiliar with the controversy, what follows are the high-level bullet points. Armed attackers opened fire on a group of government employees in San Bernardino, CA on the morning of December 2, 2015. The attackers fled the scene, but were killed in a shootout with police later that afternoon. Investigators opened a terrorism investigation, which eventually led to a locked iPhone 5c. When investigators failed to unlock the phone, they sought Apple’s help, first politely, and then more forcefully via California and Federal courts.

The request was for Apple to create an authenticated version of its iOS operating system which would enable the FBI to access the stored data on the phone. In essence, the government asked Apple to create a universal hack for any iPhone operating that particular version of iOS. As might be predicted, Apple was less than inclined to help crack its own encryption software. CEO Tim Cook ran up the banner of digital privacy rights, and re-ignited a heated debate over the proper scope of government’s ability to regulate encryption practices.

Legal chest-pounding ensued.

That was the situation until March 28, when the government quietly stopped pursuing this part of the investigation. In its own words, the government informed the court that it “…ha[d] now successfully accessed the data stored on [the gunman]’s iPhone and therefore no longer require[d] the assistance from Apple Inc…”. Apparently, some independent governmental contractor (read: legalized hacker) had done in just a few days what the government had been claiming from the start was impossible without Apple’s help. Mission accomplished – so, the end?

Hardly.

While this one incident, for this one iPhone (the iOS version is only applicable to iPhone 5c’s, not any other model like the iPhone 6), may be history, many more of the same or substantially similar disputes are still trickling through the courts nationwide. In fact, more than ten other federal iPhone cases have been filed since September 2015, and all this based on a 227 year old act of last resort. States like New York are also getting into the mix, even absent fully ratified legislation. Furthermore, it’s obvious that legislatures are taking this issue seriously (see NYS’s proposed bill, recently returned to committee).

Although he is only ⅔ a lawyer at this point, it seems to this author that there are at least three ways a court could handle a demand like this, if the case were allowed to go to the merits.

  1. Never OK to demand a hack – In this situation, the courts could find that our collective societal interests in privacy would always preclude enforcement of an order like this. Seems unlikely, especially given the demonstrated willingness in this case of a court to make the order in the first place.
  2. Always OK to demand a hack – Similar to option 1, this option seems unlikely as well, especially given the First and Fourth Amendments. Here, the courts would have to find some rationale to justify hacking in every circumstance. Clearly, the United States has not yet transitioned to Orwellian dystopia yet.
  3. Sometimes OK to demand a hack, but scrutiny – Here, in the middle, is where it seems likely we’ll find courts in the coming years. Obviously, convincing arguments exist on each side, and it seems possible reconcile infringing personal privacy and upholding national security with burdening a tech company’s policy of privacy protection, given the right set of facts. The San Bernardino shooting is not that case, though. The alleged terrorist threat has not been characterized as sufficiently imminent, and the FBI even admitted that cracking the cell phone was not integral to the case and they didn’t find anything anyway. It will take a (probably) much more scary scenario for this option to snap into focus as a workable compromise.

We’re left then with a nagging feeling that this isn’t the last public skirmish we’ll see between Apple and the “man.” As digital technology becomes ever more integrated into daily life, our legal landscape will have to evolve as well.
Interested in continuing the conversation? Leave a comment below. Just remember – if you do so on an iPhone 5c, draft at your own risk.