Under the radar: The StingRay cases are still open, so why are the plaintiffs claiming victory?
Amid concerns about secret surveillance, Sacramento County sheriff adopts new biometric, facial recognition technology
Given a political climate that George Orwell seems to have predicted, the revelation that the Sacramento County Sheriff’s Department used StingRay technology to gather cellphone and email metadata without a warrant for nearly a decade wasn’t terribly surprising.
But more than a year after a local lawsuit sought to get to the bottom of the secret surveillance program, the case has stalled and the ACLU and Sacramento County Public Defender’s Office are claiming vindication.
StingRay works by mimicking a cellphone tower and causing nearby cellphones to identify themselves. Using this information, law enforcement can identify who is in a particular area, collect metadata including emails and text messages, and keep track of a target’s movements.
The technology casts a wide net, often gathering data from those who aren’t under investigation, said Matt Cagle, technology and civil-liberties policy attorney for the American Civil Liberties Union of Northern California.
In September 2015, Sacramento County Public Defender Paulino Duran and his deputy, attorney Steven Garrett, brought a writ of mandate and 19 discovery motions on behalf of six defendants against the sheriff’s department, requesting information related to the use of StingRay pertaining to their cases.
Eighteen months later, the case—listed in court documents as Thang Van Bui v. Sacramento County Sheriff’s Department—is still open, but the plaintiffs are claiming victory anyway.
StingRay drew the ire of civil rights advocates not only at the local level, but also on a statewide scale and at the national level, after a federal appeals court ruled in June 2016 that such data collection does not require a warrant.
The ACLU launched a separate suit over the warrantless use of StingRay and related technologies against the sheriffs’ departments of Sacramento and Anaheim counties in March 2016. That followed the agencies’ refusal to disclose information following a 2014 request for documents related to StingRay use, according to a news release from the ACLU.
This is concerning to Cagle and the ACLU.
“StingRays are really part of a bigger trend of secretive surveillance,” Cagle said. “In the years after the 9/11 attacks, we’ve seen local law enforcement rushing ahead to secretly buy invasive surveillance technology using federal grant dollars. … Often these tools are not debated publicly before they’re deployed, and they’re used without any sort of policy to prevent misuse and violation of civil rights.”
Cagle said many at-risk and marginalized community members are afraid of bulk data collection under a Trump administration that has been outspoken against, and actively working to limit, the rights of Muslims, the media and other groups. Especially concerning is President Donald Trump’s campaign promise to restore “law and order,” echoing the dark sentiments of the Nixon era but with additional technical resources on hand.
“This new federal administration has inherited the keys to a massive surveillance state,” Cagle said. “Communities … are ready for local leaders to take a stand and adopt protections that would require these tools be debated publicly and subject to real oversight.”
According to the ACLU, though five redacted documents were provided after a second request, the Anaheim County Sheriff’s Department has repeatedly said it simply does not have comprehensive documentation to provide relating to StingRay use.
That’s problematic, said ACLU senior staff attorney Linda Lye, noting that the department previously had admitted use of a StingRay device.
“That was clear from grant applications to state agencies it had filed—but it didn’t have any policies or procedures governing the use of this highly intrusive technology,” Lye said. “It was not until well after we filed suit and asked in the discovery … how they use this intrusive device, that they publicly announced going forward they would have a policy.”
Lye added that law enforcement has often argued that sharing information about their data collection techniques will help criminals circumvent their efforts. This, Lye said, is a red herring.
“When law enforcement deploys intrusive technology, it needs to be transparent with the public,” Lye said. “It also needs to have clear policies and procedures so that the technology is not abused.”
Sacramento County Sheriff Scott Jones acknowledged the use of StingRay technology only after a series of reports from news outlet KXTV Channel 10 brought the practice to light. Originally, Jones claimed a federal contract required his agency to keep the technology secret.
In 2016, the California Electronic Communications Privacy Act became law after Gov. Jerry Brown signed it in October 2015. The law stipulates that government agencies must obtain a warrant before deploying StingRay or similar technology.
Lye said the lawsuits are wrapping up and that she expects the Sacramento and Anaheim suits to be concluded this year.
Sacramento County sheriff’s spokesman Sgt. Tony Turnbull cited his department’s policy in declining to comment on the lawsuit, but did confirm that the case is still open.
As for the local case, it’s essentially in a holding pattern while the plaintiffs wait to see what happens to the ACLU suit, said public defender Garrett. Besides, the case may be moot, inasmuch as the Sacramento County Sheriff’s Department has agreed to obtain warrants for the future use of StingRay, and most of what the ACLU was hoping to accomplish apparently has been achieved.
It should be noted, however, that StingRay’s technology is several years old, and it isn’t hard to imagine that other devices could be used in the future that may not currently require warrants. In fact, the original request for enhancement of StingRay technology, submitted by the Sacramento County Sheriff’s Department to the U.S. Department of Homeland Security, went so far as to call it “soon to be antiquated equipment.”
The sheriff’s department has made other, more transparent inroads into adopting next-gen technology, both through its license-plate-reader systems and separate investments in biometric technology for patrol officers and at its jails.
In June of last year, county supervisors approved roughly $1.1 million in spending so the sheriff’s department and other law enforcement agencies could renew their subscription to an information-sharing data system called COPLINK. Along with allowing otherwise disconnected criminal justice databases to talk to each other, the agreement allows for “the potential purchase of new functionalities,” an agenda report said, including facial recognition software on mobile devices. The new contract is good through June 30 of this year but can be extended through 2019.
Aside from the data-sharing contract, the sheriff’s department also received political approval in October 2015 to spend up to $1.8 million in Cal-ID state funds on a new biometric identification system at its two jails. Biometric systems work by recording and identifying people through “facial features, fingerprints, iris patterns, and vocal characteristics,” an agenda report explained.
Civil rights attorneys have expressed concern about the collection of biometric data inside jails. Angela F. Chan is a policy director and senior staff attorney who manages the Criminal Justice Reform Program at Asian Americans Advancing Justice–Asian Law Caucus in San Francisco. Chan said law enforcement agencies could use these next-gen technologies to build databases containing the fingerprint and DNA information of every person who comes into custody.
She added that local law enforcement could also share this information with the federal government, which has already built a national biometric database known as the Next Generation Identification program.
“They want to collect all the fingerprints,” Chan told SN&R.
That seems less far-fetched after WikiLeaks unloaded more than 8,700 confidential documents this month purportedly showing the CIA developed malware that could turn mobile devices and smart TVs into secret recording devices, among other secret surveillance abilities.
As with the StingRay technology, some cybersecurity analysts deemed the CIA’s hacking tools archaic by the time they were revealed, with the intelligence agency likely having moved onto newer innovations.
For those worried about the encroachment of such technologies, the StingRay suit represents a minor victory in a rapidly escalating surveillance arms race of unseen privacy clashes.
Yet, as litigation wraps up at the state level, the public defender’s office seems satisfied with the result.
“We uncovered a great deal about how the process worked that’s now a matter of public record,” Garrett said. “We’re gratified that that happened, and we’re gratified that the sheriff’s [department] has agreed that they will seek warrants on the use of StingRay devices. We consider that a benefit we all agree on.”