Fresh concerns about digital privacy and security are budding in Washington amid revelations of potential surveillance activity in the D.C. region, causing some lawmakers to demand action from the Trump administration.
Officials with the Department of Homeland Security (DHS) recently disclosed signs of sophisticated technology, known colloquially as “Stingrays,” near sensitive facilities including the White House.
The devices, International Mobile Subscriber Identity (IMSI) catchers, exploit cell towers to potentially intercept cellphone communications. The technology has historically been used by law enforcement officials to track suspects, but the new revelations have bolstered fears that foreign intelligence agencies could be using them to spy on U.S. officials.
Sen. Ron Wyden (D-Ore.) is demanding action from the Federal Communications Commission (FCC) and private phone companies to better protect Americans from being spied on or tracked.
In an interview with The Hill Tuesday, Wyden accused FCC Chairman Ajit Pai of “stonewalling” his pleas for action.
“Mr. Pai and the FCC are dragging their feet here,” Wyden said. “They are stonewalling. They are ducking. They are trying to conjure up any possible reason to sit it out.”
Pai so far has declined to investigate Stingrays further, but says his agency is open to digging into the matter down the road.
The controversial technology works by masquerading as legitimate cellphone towers, tricking mobile devices to locking onto them, enabling would-be spies to track individuals’ locations or to intercept communications.
Often, the devices work in tandem with a vulnerability in Signaling System Seven (SS7), the global telecommunications standard that connects phone networks, allowing them to swap information necessary to complete calls and send text messages.
“We have a system that was designed in 1975 to work, and security was an afterthought,” said Christopher Meserole, a technology expert at the Brookings Institution.
“The security flaws have been known for a long time,” he said. “They’ve never really been addressed because the underlying technology is so useful.”
Privacy and civil liberties advocates have long argued that law enforcement faces few checks in using the devices, raising broader concerns about privacy intrusions.
“This is not a new problem,” said Drew Mitnick, policy counsel at Access Now. “We see catchers used pretty broadly by state, local and federal law enforcement. There hasn’t yet been the success in establishing the appropriate limits on the use of these devices.”
Suspicions that foreign intelligence agencies use the device to spy in Washington have circulated for some time.
But it wasn’t until April, in a letter to Wyden, that Homeland Security acknowledged “anomalous activity” likely related to IMSI catchers in the Washington region, a revelation that quickly triggered concerns on Capitol Hill.
“I would think if in fact there are foreign intelligence agencies using this technology, that should be a high priority for us in terms of determining that,” Rep. Adam Kinzinger (R-Ill.) said at a House Energy and Commerce Committee hearing last month, calling the activity a “big concern.” He suggested Homeland Security should share more information with industry in order for companies to help the government locate the devices.
Last week, Wyden released a subsequent letter from Christopher Krebs, a top official at Homeland Security’s National Protection and Programs Directorate, revealing that the department detected the suspected surveillance activity “in proximity to potentially sensitive facilities like the White House” last year.
Krebs said the department had not attributed the activity to “specific entities,” and he added that a subsequent investigation by law enforcement and counterintelligence agencies revealed that some of the signals were emanating from “legitimate cell towers.”
The FBI declined to comment on Tuesday.
In the same letter, Krebs also acknowledged reports of “nefarious actors” potentially exploiting vulnerabilities in SS7 to “target the communications of American citizens.”
Lawmakers are clamoring for more from the Trump administration.
After Homeland Security first revealed the activity in April, Sens. Cory Gardner (R-Colo.), Rand Paul (R-Ky.) and Ed Markey (D-Mass.) joined Wyden in pressing the department to make public a detailed PowerPoint presentation outlining the threat in the D.C. region.
The department has since declined to do so, saying it was for official use only and therefore not appropriate for public release. Gardner reiterated his call for the document’s release on Tuesday.
“I continue to believe the Department of Homeland Security should release the information I have requested regarding the attempted intercept of cell phone communications in our nation’s capital,” Gardner told The Hill in a statement. “This issue is important to the public and we need greater transparency from the Department.”
Some Democrats have gone further, demanding that the FCC take immediate action to crack down on “what could be hostile, foreign cell-site simulators … surveilling Americans in the nation’s Capital.”
In a letter Friday, Pai declined to investigate the matter — citing a lack of “particularized evidence” of unlawful IMSI catcher use within the United States, the same day the letter from Homeland Security was released by Wyden.
“The Commission stands ready to aid our federal partners at the Department of Homeland Security, the Department of Justice, and the Federal Bureau of Investigation in addressing this issues,” Pai wrote.
Wyden has said the telecommunications industry also bears some of the blame and has pressed it to take steps to guard Americans from potential spying. Industry representatives didn’t specify what actions they’re taking but said they are active on the matter.
“The wireless industry is committed to safeguarding consumer security and privacy and collaborates closely with DHS, the FCC and other stakeholders to combat evolving threats that could impact communications networks,” said a spokesperson for CTIA, a telecommunications trade association that represents wireless companies like AT&T, Verizon and Sprint.
At the federal level, a Homeland Security official said the department has “no plans” to continue monitoring the activity detected last year but remains “active” on the issue.
“We recognize the need to keep our partners and the American public informed of threats to our nation’s communications networks by sharing vetted, validated information about these threats,” the official said.