The Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations.
The U.S. Marshals Service program, which became fully functional around 2007, operates Cessna aircraft from at least five metropolitan-area airports, with a flying range covering most of the U.S. population, according to people familiar with the program.
Planes are equipped with devices—some known as “dirtboxes” to law-enforcement officials because of the initials of the Boeing Co. unit that produces them—which mimic cell towers of large telecommunications firms and trick cellphones into reporting their unique registration information. The technology in the two-foot-square device enables investigators to scoop data from tens of thousands of cellphones in a single flight, collecting their identifying information and general location, these people said.
People with knowledge of the program wouldn’t discuss the frequency or duration of such flights, but said they take place on a regular basis. A Justice Department official would neither confirm nor deny the existence of such a program. The official said discussion of such matters would allow criminal suspects or foreign powers to determine U.S. surveillance capabilities. Justice Department agencies comply with federal law, including by seeking court approval, the official said.
Christopher Soghoian, chief technologist at the American Civil Liberties Union, called it “a dragnet surveillance program. It’s inexcusable and it’s likely—to the extent judges are authorizing it—[that] they have no idea of the scale of it.” Cellphones are programmed to connect automatically to the strongest cell tower signal. The device being used by the U.S. Marshals Service identifies itself as having the closest, strongest signal, even though it doesn’t, and forces all the phones that can detect its signal to send in their unique registration information. Even having encryption on a phone, such as the kind included on Apple Inc. ’s iPhone 6, doesn’t prevent this process.
The device can briefly interrupt calls on certain phones. Authorities have tried to minimize the potential for harm, including modifying the software to ensure the fake tower doesn’t interrupt anyone calling 911 for emergency help, one person familiar with the matter said.
Also unknown are the steps taken to ensure data collected on innocent people isn’t kept for future examination by investigators. A federal appeals court ruled earlier this year that over-collection of data by investigators, and stockpiling of such data, was a violation of the Constitution.
The program is more sophisticated than anything previously understood about government use of such technology. Until now, the hunting of digital trails created by cellphones had been thought limited to devices carried in cars that scan the immediate area for signals. Civil-liberties groups are suing for information about use of such lower-grade devices, some of them called Stingrays, by the Federal Bureau of Investigation.
Similar devices are used by U.S. military and intelligence officials operating in other countries, including in war zones, where they are sometimes used to locate terrorist suspects, according to people familiar with the work. In the U.S., these people said, the technology has been effective in catching suspected drug dealers and killers. They wouldn’t say which suspects were caught through this method.
Some within the agency also question whether people scanning cellphone signals are doing enough to minimize intrusions into the phones of other citizens, and if there are effective procedures in place to safeguard the handling of that data. It is unclear how closely the Justice Department oversees the program. “What is done on U.S. soil is completely legal,” said one person familiar with the program. “Whether it should be done is a separate question.”
Referring to the more limited range of Stingray devices, Mr. Soghoian of the ACLU said: “Maybe it’s worth violating privacy of hundreds of people to catch a suspect, but is it worth thousands or tens of thousands or hundreds of thousands of peoples’ privacy?” The existence of the cellphone program could escalate tensions between Washington and technology companies, including the telecom firms whose devices are being redirected by the program.
The approach is similar to what computer hackers refer to as a “man in the middle’’ attack, in which a person’s electronic device is tricked into thinking it is relaying data to a legitimate or intended part of the communications system. A Verizon spokesman said the company was unaware of the program. “The security of Verizon’s network and our customers’ privacy are top priorities,’’ the spokesman said. “However, to be clear, the equipment referenced in the article is not Verizon’s and is not part of our network.”
The dirtbox and Stingray are both types of what tech experts call “IMSI catchers,’’ named for the identification system used by networks to identify individual cellphones. The name “dirtbox’’ came from the acronym of the company making the device, DRT, for Digital Receiver Technology Inc., people said. DRT is now a subsidiary of Boeing. A Boeing spokeswoman declined to comment.
“DRT has developed a device that emulates a cellular base station to attract cellphones for a registration process even when they are not in use,’’ according to a 2010 regulatory filing Boeing made with the U.S. Commerce Department, which touted the device’s success in finding contraband cellphones smuggled in to prison inmates.