Last week, the Department of Homeland Security confirmed for the first time that it is aware of unauthorized cell-site simulators, the surveillance tools often called stingrays or IMSI Catchers, in various parts of Washington DC.

While it's not surprising that foreign intelligence groups or criminal actors would be cell-snooping in the nation's capital, the DHS statement is the first US government acknowledgement that sensitive political communications, not to mention those of anyone in DC, are at risk of interception by devices that are currently unaccounted for. In spite of this step, though, observers find it unlikely that any group will move to defuse the threat in the foreseeable future.

The DHS statement came in the form of a response to senator Ron Wyden, who had inquired about rogue cell-site simulators in a November letter. DHS acting undersecretary Christopher Krebs wrote, "Use of IMSI catchers by malicious actors to track and monitor cellular users is unlawful and threatens the security of communications, resulting in safety, economic, and privacy risks. ... Overall, [DHS's National Protection and Programs Directorate] believes the malicious use of IMSI catchers is a real and growing risk." The agency added that NPPD "has observed anomalous activity in the Nation Capital Region that appears to be consistent with IMSI catchers. NPPD has not validated or attributed such activity to specific entities or devices."

After the DHS admission, three ranking House members sent a letter to the Federal Communications Commission on Thursday, demanding that the FCC "take immediate action under federal law to address the prevalence of what could be hostile, foreign cell-site simulators—or stingrays—surveilling Americans in the nation's Capital." But that seems unlikely, to say the least, thanks to how stingray devices are used—and by whom.

Stingray Searches

Cell-site simulators, called IMSI catchers because they capture devices' International Mobile Equipment Identity codes, masquerade as legitimate mobile network cell towers to trick nearby cell phones into connecting. Once linked, they can track a cell phone's location, or even surveil its messages and phone calls.

'We can try to legislate the use of the technology, but criminals have access to it and they are going to use it.' Ang Cui, Red Balloon

They're powerful tools that leverage flaws in wireless network protocols and cell phone software. And while the telecom industry could significantly reduce their efficacy by plugging holes in various wireless standards, incentives to do so are mixed. In the US and around the world, law enforcement and intelligence agencies use stingrays for investigations, often under opaque circumstances. Which may explain DHS reticence to this point: While rogue cell-site simulators like those in Washington are a potential national security threat, the US government uses those very same tools.

"The law enforcement and intelligence communities want to have their cake and eat it too," says Cooper Quintin, a staff technologist at the Electronic Frontier Foundation. "They want a way to stop a so-called 'bad guy' from using IMSI catchers, while still allowing 'good guys' to use them."

Quintin and others argue that if law enforcement and intelligence agencies encouraged the telecom industry to fix the vulnerabilities that facilitate stingray surveillance, they could still use legally obtained warrants and their relationships with telecoms to obtain information about specific devices. Stingrays wouldn't be nearly as effective, but law enforcement could maintain many of the same investigative capabilities—using channels bad actors can't access.

"This was very expensive, controlled technology a decade ago, but today a motivated hobbyist can pull it together using open source software and hardware with a few hundred dollars," says Ang Cui, CEO of the internet of things security firm Red Balloon. "We can try to legislate the use of the technology, but criminals have access to it and they are going to use it. The real solution is to build technology that mitigates against IMSI catchers and stingrays."

In practice, though, it seems that the desire to preserve this shady surveillance capability has outweighed the risks. "Unfortunately, I think there’s going to be an impasse for a long time," says EFF's Quintin. "But we as constituents need to make the case to our representatives that the risk to public safety and national security is far greater than the bit of tracking that police get from using these technologies."

Watching the Detectives

Even if DHS wanted to do something about DC's stingrays, it would have a difficult time. DHS claimed in its recent statements that it doesn't have the technology to consistently detect the devices, or financial means to acquire or develop this capability. And while some researchers have made progress on developing stingray-sniffing techniques, technologists agree that it is still a hurdle.