A non-profit newsroom, powered by WNYC.

The NYPD Is Using Fake Cellphone Towers To Track People's Phones

Nathan Tempey

Published Feb 11, 2016

Modified Feb 12, 2016

We rely on your support to make local news available to all

Make your contribution now and help Gothamist thrive in 2025. Donate today

Gothamist is funded by sponsors and member donations

Update below

The New York Civil Liberties Union has uncovered, for the first time, documentation of the NYPD's use of Stingrays, cellphone-tower-spoofing devices that allow police to pinpoint cellphone users' locations, and can be used to intercept information about their calls and text messages, or even the calls and messages themselves. Civil liberties and electronic privacy groups have been fighting for information about the surveillance devices since the mid-2000s, and the documents obtained by the NYCLU last week come nearly a year after an initial public records request.

"If carrying a cell phone means being exposed to military-grade surveillance equipment, then the privacy of nearly all New Yorkers is at risk," NYCLU head Donna Lieberman said in a statement. "Considering the NYPD’s troubling history of surveilling innocent people, it must at the very least establish strict privacy and training policies and obtain warrants prior to using intrusive equipment like Stingrays that can track people’s cell phones."

The FBI has argued that any disclosure about Stingray use could allow the bad guys to dodge it, and so police departments must sign nondisclosure agreements (the NYPD's is here) in order to buy the devices. Reportedly the size of a suitcase, Stingrays work by temporarily emitting a signal stronger than the nearest cellphone tower, forcing cellphones in range to connect to them instead. Various law enforcement officials nationally have said that Stingrays are typically only used to pinpoint suspects' locations, and that further functionality allowing the retrieval of call and text information, and covert recording, is disabled unless a judge signs off on a warrant. Still, by its nature, the equipment allows the interception of data from anyone's cellphone in a certain geographic area.

The NYCLU's documents reveal that the NYPD used Stingrays 1,025 times between 2008 and May 2015. Also, the group says they show that the NYPD has no written policy governing the cell-site simulators, but that it typically obtains a pen register order, a type of court order that requires less proof and offers fewer protections than a search warrant. The organization notes in its announcement that the federal Department of Justice has backed away from pen register orders and now requires warrants, except in emergencies (pdf). In addition to life-threatening situations, the federal government considers hacks of government and financial institution computers to be emergencies, along with "activity characteristic of organized crime."

Still, local law enforcement agencies have wide leeway in developing their own protocols, or not developing any, and NYCLU senior staff attorney Mariko Hirose said the public lacks the basic information it needs to even begin discussing what is an appropriate use.

"This is the first time the public’s seeing a lot of this information, and it raises more questions about how these devices are being used," she said. "And when powerful surveillance devices like these are being acquired and used by local law enforcement agencies, the communities should be given some basic information about what these devices can do, how they're being used, and what kind of privacy protections are in place."

According to the newly published records, New York police used the technology to investigate such crimes as shootings, rapes, robberies, and threats to police. 697 of the more than 1,000 investigations involving intercepts led to arrests, and 67 of the intercepts were done without a judge's sign-off, in connection with kidnappings, murders, missing persons cases, and threatened suicides, among other "exigent circumstances." Only 70 of the target phones went un-located, whereas 258 cases that did not turn up a suspect had some other result listed, such as a phone, a missing person, or a suicidal person located, or a "perp ID'd."

It's not clear from the documents whether the NYPD counted only arrests that directly resulted from Stingray use, or all arrests that came out of investigations involving Stingrays, however they came about.

Hirose said Stingray use should concern everyone because, by its nature, it vacuums up innocent people's data.

"This device is picking up information from any innocent bystander when it’s being used, even if it’s being used to track a certain person," she said. "That’s just how it works. Everybody should want to know whether that data is being retained or deleted."

Update February 12th:

NYPD spokesman J. Peter Donald emailed this statement:

The NYPD, before using this technology, ensures we have established probable cause, consults with a District Attorney, and applies for a court order, which must be approved by a judge. In rare instances, the NYPD may use this technology in emergency situations while we seek judicial approval. This would be in instances where the life or safety of someone is at risk.
The NYCLU maligned that the privacy of New Yorkers is at risk. It is not. What is at risk is the safety of New Yorkers, without the limited use of this technology to locate dangerous fugitives.
The NYPD does not capture the contents of communications, as the NYCLU stated. Furthermore, the NYPD does not and never has swept up information from cell phones nearby. Perhaps the NYCLU should fact check their press release before issuing it.

We've asked for clarity on issues including how the NYCLU should have gone about fact-checking; how requiring a warrant would jeopardize Stingray use; and whether the NYPD like the feds considers non-life-threatening situations to be emergencies as well. We'll update if we hear back.