According to new Justice Department e-mails obtained by the American Civil Liberties Union (ACLU) of Northern California, and published on Wednesday, federal investigators have been routinely using “stingrays" to catch bad guys. A stingray is a device that can create a false cellphone tower, and allows authorities to determine a particular mobile phone’s precise location. Stingrays aren't new—law enforcement agencies nationwide are believed to have been using them for years.

But one e-mail in the new trove reveals something brand-new: that the Feds were not fully clear about the fact that they were specifically using stingrays (also known as “IMSI catchers”) when asking for permission to conduct electronic surveillance from federal magistrate judges.

A press representative from the United States Department of Justice did not respond to Ars’ request for comment.

Groups like the ACLU are concerned that unsupervised use of such technology can inadvertently collect information of people who are not suspected of any crime, nor under investigation.

Stingray-based surveillance

The ACLU intervened as an amicus in the case of a federal defendant, Daniel David Rigmaiden, who is facing dozens of federal charges of identify theft, mail fraud, and other charges stemming from an alleged massive fraudulent tax refund ring. Rigmaiden and another as-yet unnamed co-conspirator are in federal custody. A third man, Ransom Marion Carter, III, remains a federal fugitive.

Rigmaiden maintains his innocence, and argues that using a stingray without a warrant is unconstitutional.

“Before this e-mail, we did not know whether Rigmaiden was an outlier,” Linda Lye told Ars, explaining that little is known about the scope of stingrays’ use. Now it's clear they have been using stingrays as a matter of course.

As a result of this new disclosure, Lye has filed a motion to leave the new file with the court. Consequently, Rigmaiden filed a motion that the evidence resulting from the stingray—which allowed authorities to arrest Rigmaiden and search his apartment—be suppressed.

“There's definitely a lot riding on [his] motion,” Lye added. “The government would have to establish that there was independent probable cause without using this device to know that this was the right apartment to search.” If they can't prove that, substantial evidence is likely to be suppressed, and that would throw a wrench into the prosecution.

Between 2005 and 2008, federal investigators allege that the trio (Rigmaiden, Carter and the unnamed person) filed over 1,900 fake tax returns online, yielding $4 million sent to over 170 bank accounts.

The ACLU received the group of e-mails last week as the result of a Freedom of Information Act request jointly filed with the San Francisco Bay Guardian, a local alt-weekly newspaper.

On Wednesday, Lye published (PDF) the e-mails, and will formally present them Thursday to a federal court in Arizona, where Rigmaiden’s case is ongoing.

Lye wrote that these e-mails confirm “the need for suppressing the evidence in the Rigmaiden case because it shows that the government was engaged in a widespread practice of withholding important information for judges, and that it did so for years.”

“We hope that the court sends the clear message to the government that it cannot keep judges in the dark. Judges are not rubber stamps—they are constitutional safeguards of our privacy.”

A May 23, 2011 e-mail from Miranda Kane, chief of the criminal division at the United States Attorney’s Office, to her colleagues, states:

As some of you may be aware, our office has been working closely with the magistrate judges in an effort to address their collective concerns regarding whether a pen register is sufficient to authorize the use of law enforcement's [stingray] WIT technology (a box that simulates a cell tower and can be placed inside a van to help pinpoint an individual's location with some specificity) to locate an individual. It has recently come to my attention that many agents are still using WIT technology in the field although the pen register application does not make that explicit.

Or, as Lye concludes: “Notably, this email chain is dated May 2011, some three years after the Stingray's use in Rigmaiden's case—meaning the government was not ‘forthright’ in its applications to federal magistrate judges for at least three years.”

In December 2011, noted German security expert Karsten Nohl released "Catcher Catcher"—a piece of software that monitors network traffic and looks at the likelihood that a stingray is in use.

"The Hacker"

Rigmaiden’s case dates back several years. In 2007 and early 2008, the Internal Revenue Service identified a bank account at Compass Bank in Phoenix that seemed to be receiving fraudulent tax refunds under the name “Carter Tax & Accounting, LLC.” Authorities identified Carter as being involved in the possible scheme.

By early 2008, undercover operatives identified another man who was dubbed “the Hacker,” as well as another as-yet unnamed co-conspirator who served higher up than Carter. They then opened a bank account for the Hacker, who unknowingly deposited some fraudulently obtained tax refunds electronically into that account.

In April 2008, the second co-conspirator was arrested in Utah, and that case remains under seal. This suspect and the Hacker were deemed to be above Carter in the tax fraud ring.

From April to August 2008, federal investigators tracked the Hacker via his Arizona bank account, and via packages sent to a Northern California apartment. According to the FBI, on July 23, 2008, the Hacker was served with a 50-count indictment under seal. Within two weeks, the man was arrested in Santa Clara, California, “after a foot and car chase,” following the pinpointing of his location because of the stingray.

An FBI press release detailed the rest of the story: after searching the Hacker's person, authorities found a key to his apartment, and with a search warrant, searched his Santa Clara apartment and storage unit in San Jose, seizing “a laptop and multiple hard drives, $116,340 in cash, over $208,000 in gold coins, approximately $10,000 in silver coins, false identification documents, false identification manufacturing equipment, and surveillance equipment.”

Investigators identified the Hacker, via his fingerprints, as prior felon Daniel David Rigmaiden.

According to an IRS special agent’s search warrant (PDF), Rigmaiden’s computer also included “Email regarding leaving the United States for the country of Dominica…[and] documents regarding obtaining citizenship in other countries; emails regarding paying off Dominican officials to get Dominican birth certificates and passports; and a Belize residency guide.”

Rigmaiden’s indictment was initially sealed, pending cooperation with a federal investigation. But by January 2010, Rigmaiden declined to cooperate, and moved to represent himself (after firing three attorneys) and the case was subsequently unsealed.

The defendant's trial in Phoenix is slated to begin on May 15, 2013.