NYPD Says Talking About Its IMSI Catchers Would Make Them Vulnerable to Hacking
Written by Joseph Cox
September 16, 2016 // 10:25 AM EST
Typically, cops don't like talking about IMSI catchers, the powerful
surveillance technology used to monitor mobile phones en masse. In a recent
case, the New York Police Department (NYPD) introduced a novel argument for
keeping mum on the subject: Asked about the tools it uses, it argued that
revealing the different models of IMSI catchers the force owned would make the
devices more vulnerable to hacking.
Civil liberties activists are not convinced. Christopher Soghoian from the
American Civil Liberties Union (ACLU) wrote in an affidavit as part of a
petition against the NYPD’s decision not to share this information, “It would
be a serious problem if the costly surveillance devices purchased by the NYPD
without public competitive bidding are so woefully insecure that the only thing
protecting them from hackers is the secrecy surrounding their model names.”
The New York Civil Liberties Union (NYCLU), an affiliate of the ACLU, has been
trying to get access to information about the NYPD’s IMSI catchers under the
Freedom of Information Law. These devices are also commonly referred to as
“stingrays”, after a particularly popular model from Harris Corporation.
Indeed, the NYCLU wants to know which models of IMSI catchers made by Harris
the police department has.
“Public disclosure of this information, and the amount of taxpayer funds spent
to buy the devices, directly advances the Freedom of Information Law’s purpose
of informing a robust public debate about government actions,” the NYCLU writes
in a court filing. The group has requested documents that show how much money
has been spent on the technology.
Read More: Privacy Activists Launch Database to Track Global Sales of
After the NYPD withheld the records, the FOI request was escalated to a
lawsuit, which is where the NYPD’s strange argument comes in (among others).
“Public disclosure of the specifications of the CSS [cell site simulator]
technologies in NYPD's possession from the Withheld Records would make the
software vulnerable to hacking and would jeopardize NYPD's ability to keep the
technologies secure,” an affidavit from NYPD Inspector Gregory Antonsen, dated
August 17, reads.
Antonsen then imagines a scenario where a “highly sophisticated hacker” could
use their knowledge of the NYPD's Stingrays to lure officers into a trap and
But Soghoian responded in his affidavit, “There is no legitimate cybersecurity
justification to keeping secret the names of the particular Harris products
used by the NYPD.”
The financial documents requested by the NYCLU won't include the sort of detail
needed by a hacker to break into or otherwise tamper with these devices, and
the group has said the NYPD can redact extra information, such as which network
the devices target.
According to Soghoian, none of the purchase or invoice records for Stingrays he
has seen have revealed which specific software updates an agency has used—“just
as records revealing that an agency had purchased iPhones for officers would
not reveal which particular iOS security updates the agency had or hadn't
installed on those devices,” he adds.
It's better to burn out than fade away.
Infowarrior mailing list