NYPD Says Talking About Its IMSI Catchers Would Make Them Vulnerable to Hacking

Written by Joseph Cox

September 16, 2016 // 10:25 AM EST


Typically, cops don't like talking about IMSI catchers, the powerful 
surveillance technology used to monitor mobile phones en masse. In a recent 
case, the New York Police Department (NYPD) introduced a novel argument for 
keeping mum on the subject: Asked about the tools it uses, it argued that 
revealing the different models of IMSI catchers the force owned would make the 
devices more vulnerable to hacking.

Civil liberties activists are not convinced. Christopher Soghoian from the 
American Civil Liberties Union (ACLU) wrote in an affidavit as part of a 
petition against the NYPD’s decision not to share this information, “It would 
be a serious problem if the costly surveillance devices purchased by the NYPD 
without public competitive bidding are so woefully insecure that the only thing 
protecting them from hackers is the secrecy surrounding their model names.”

The New York Civil Liberties Union (NYCLU), an affiliate of the ACLU, has been 
trying to get access to information about the NYPD’s IMSI catchers under the 
Freedom of Information Law. These devices are also commonly referred to as 
“stingrays”, after a particularly popular model from Harris Corporation. 
Indeed, the NYCLU wants to know which models of IMSI catchers made by Harris 
the police department has.

“Public disclosure of this information, and the amount of taxpayer funds spent 
to buy the devices, directly advances the Freedom of Information Law’s purpose 
of informing a robust public debate about government actions,” the NYCLU writes 
in a court filing. The group has requested documents that show how much money 
has been spent on the technology.

Read More: Privacy Activists Launch Database to Track Global Sales of 
Surveillance Tech

After the NYPD withheld the records, the FOI request was escalated to a 
lawsuit, which is where the NYPD’s strange argument comes in (among others).

“Public disclosure of the specifications of the CSS [cell site simulator] 
technologies in NYPD's possession from the Withheld Records would make the 
software vulnerable to hacking and would jeopardize NYPD's ability to keep the 
technologies secure,” an affidavit from NYPD Inspector Gregory Antonsen, dated 
August 17, reads.

Antonsen then imagines a scenario where a “highly sophisticated hacker” could 
use their knowledge of the NYPD's Stingrays to lure officers into a trap and 
ambush them.

But Soghoian responded in his affidavit, “There is no legitimate cybersecurity 
justification to keeping secret the names of the particular Harris products 
used by the NYPD.”

The financial documents requested by the NYCLU won't include the sort of detail 
needed by a hacker to break into or otherwise tamper with these devices, and 
the group has said the NYPD can redact extra information, such as which network 
the devices target.

According to Soghoian, none of the purchase or invoice records for Stingrays he 
has seen have revealed which specific software updates an agency has used—“just 
as records revealing that an agency had purchased iPhones for officers would 
not reveal which particular iOS security updates the agency had or hadn't 
installed on those devices,” he adds.

It's better to burn out than fade away.

Infowarrior mailing list

Reply via email to