Group items tagged

In a Chicago court, several Facebook users filed a class-action lawsuit against the social media giant for allegedly violating its users’ privacy rights to acquire the largest privately held stash of biometric face-recognition data in the world. The court documents reveal claims that “Facebook began violating the Illinois Biometric Information Privacy Act (IBIPA) of 2008 in 2010, in a purported attempt to make the process of tagging friends easier.”

This would be a violation of the IBIPA which states it is “unlawful to collect biometric data without written notice to the subject stating the purpose and length of the data collection, and without obtaining the subject’s written release.” Because all users are automatically part of the “faceprint’ facial recognition program, this is an illegal act in the state of Illinois, according to the complaint. Jay Edelson, attorney for the plaintiffs, asserts the opt-out ability to prevent other Facebook users from tagging them in photos is “insufficient”.

This was accomplished through the “tag suggestions” feature provided by Facebook which “scans all pictures uploaded by users and identifies any Facebook friends they may want to tag.” The Facebook users maintain that this feature is a “form of data mining [that] violates user’s privacy”. One plaintiff said this is a “brazen disregard for its users’ privacy rights,” through which Facebook has “secretly amassed the world’s largest privately held database of consumer biometrics data.” Because “Facebook actively conceals” their protocol using “faceprint databases” to identify Facebook users in photos, and “doesn’t disclose its wholesale biometrics data collection practices in its privacy policies, nor does it even ask users to acknowledge them.”

The Federal Bureau of Investigation (FBI) is developing a biometric identification database program called "Next Generation Identification" (NGI). When completed, the NGI system will be the largest biometric database in the world. The program is of particular interest to EPIC because of the far-reaching implications for personal privacy and the risks of mass surveillance.[1] The vast majority of records contained in the NGI database will be of US citizens. The NGI biometric identifiers will include fingerprints, iris scans, DNA profiles, voice identification profiles, palm prints, and photographs. The system will include facial recognition capabilities to analyze collected images. Millions of individuals who are neither criminals nor suspects will be included in the database.

Many of these individuals will be unaware that their images and other biometric identifiers are being captured. Biometric records collected by various civil service agencies could be added to the system. The NGI system could be integrated with other surveillance technology, such as Trapwire, that would enable real-time image-matching of live feeds from CCTV surveillance cameras. [2] The Department of Homeland Security has expended hundreds of millions of dollars to establish state and local surveillance systems, including CCTV cameras that record the routine activities of millions of individuals. [3] There are an estimated 30 million surveillance cameras in the United States. If NGI system was integrated with CCTV cameras operated by public agencies and private entities, NGI could use facial recognition on images of crowds to identify individuals in public settings, whether or not the police have made the necessary legal showing to compel the disclosure of identification documents. The NGI database will be used for both law enforcement and non-law enforcement purposes. It will be available to law enforcement agencies at the local, state, and federal level. But it will also be available to private entities, unrelated to a law enforcement agency. EPIC’s “Spotlight on Surveillance” project takes a deeper look at this massive surveillance initiative.

“On 57 monitors that cover the walls of the center, operators zoomed and panned an array of roughly 200 police cameras perched across the city. They could dial up 800 more feeds from the city’s schools and traffic cameras, and they soon hope to add 400 more streams from cameras worn on officers’ bodies and from thousands from local businesses that have surveillance systems.” Though the intricate surveillance apparatus described above seems straight from a dystopic novel, it is actually the Washington Post’s recent description of the the visual data collection system employed by a local California police department. The police department in Fresno, California, has taken extreme measures to combat high rates of crime in the city. As the Post reports, Fresno’s Real Time Crime Center, buried deep in the police station’s headquarters, has developed as a response to what many police call increasing threats. The system, according to police officials, can “provide critical information that can help uncover terrorists or thwart mass shootings, ensure the safety of officers and the public, find suspects, and crack open cases” — a feature they say is increasingly important in the wake of events like the November terror attack in Paris and the San Bernardino shooting last month.

“Our officers are expected to know the unknown and see the unseen,” Fresno Chief of Police Jerry Dyer said. “They are making split-second decisions based on limited facts. The more you can provide in terms of intelligence and video, the more safely you can respond to calls.” Programs similar to the Real Time Crime Center have launched in New York, Houston, and Seattle over the course of the last decade. Nationwide, the use of Stingrays, data fusion centers, and aerial drone surveillance have broadened the access local police have to private information. In another example, the FBI is continually developing a comprehensive biometric database that local police access every day. “This is something that’s been building since September 11,” says Jennifer Lynch, a senior attorney at the Electronic Frontier Foundation. Like the problem of police militarization, Lynch traces the trend back to the Pentagon: “First funding went to the military to develop this technology, and now it has come back to domestic law enforcement. It’s the perfect storm of cheaper and easier-to-use technologies and money from state and federal governments to purchase it.”

While many of these programs may fail to shock Americans, one new software program takes police scrutiny of private citizens to a new level. Beware, a software tool produced by tech firm Intrado, not only surveils the data of the citizens of Fresno, the first city to test it — it calculates threat levels based on what it discovers. The software scours arrest records, property records, Deep Web searches, commercial databases, and social media postings. By this method, it was able to designate a man with a firearm and gang convictions involved in a real-time domestic violence dispute as the highest of three threat levels: a bright red ranking. Fresno police say the intelligence from Beware aided them, as the man eventually surrendered and officers found he was armed with a gun. Beware scours billions of data points to develop rankings for citizens, and though few recoil at the thought of catching criminals and miscreants, the program provides particular cause for concern because of both its invasiveness and its fallibility.

The FBI’s use of facial recognition technology is exploding, according to a new report from the Government Accountability Office — and its growth is largely unchecked, unaudited, and possibly flawed. “FBI should better ensure privacy and accuracy” of its facial recognition technology and the databases that photographs are stored in, urged the GAO. According to the report, the FBI has never reviewed its facial recognition searches for misuse — on either state databases or its own massive biometric database, known as the Next Generation Identification system. The FBI has access to 16 different state databases of driver’s license photos – almost 173 million people — not just criminal mug shots.

The FBI also hasn’t run any tests on how accurate the facial recognition technology is when searching state databases, and whether those searches come back with false positives, which could lead to misidentifying an innocent person as a criminal suspect. According to a National Institute of Standards and Technology report on facial recognition, error rates of technology surveyed can range between a few percent to more than 50. And the bureau has repeatedly dragged its feet when assessing the privacy impact of its facial recognition technology — information that would “improve the public’s understanding” of the FBI’s efforts to protect privacy, according to the GAO. “When people go to the DMV to take their driver’s license photos, they don’t expect that their faces will be scanned and searched tens of thousands of times by the FBI. They don’t expect that their faces will become part of a permanent, digital line-up. What the FBI is doing may be legal, but it isn’t right,” Alvaro Bedoya, the executive director of Georgetown Law School’s Center on Privacy and Technology, wrote in a statement.

In the meantime, the FBI has requested that its own biometric database be exempt from legal provisions in the Privacy Act that would require the agency to tell people their fingerprints, faces, and more have been collected so they can challenge the accuracy of the information.

The ability to travel in the United States is about to become more restrictive as the TSA announces it will soon be enforcing new identification standards in American airports. Beginning in 2016, passengers attempting to pass through a federal TSA checkpoint will be subject to the requirements of the REAL ID Act. To that end, the TSA will put higher scrutiny on travelers’ identities, and will only accept a federal passport or a “REAL-ID” card, which is issued by the states to meet federal requirements. Passengers will not be allowed to fly through an American airport without submitting to the advanced federal specifications. Both federal passports and REAL-ID cards require a number of unique personal identifiers to be stored together in government databases, including his or her full name, date of birth, Social Security Number, scanned signature, and other identifiers. Both cards require biometric data: a front-facing digital photograph of the passenger’s face, which is ultimately used with a facial recognition database.

The enhanced security measures stem from the passage of the REAL ID Act of 2005, a U.S. law enacted by President Bush that states that a Federal agency may not accept state-issued identification cards without complying with a number of enhanced standards of the REAL ID Act. The states were given a number of years to comply, and many moved to pass their own laws to meet the benchmarks of the REAL ID Act. Due to some sluggish response, DHS extended the compliance deadline several times. Unfortunately, most states were all too willing to bend to the requirements of the federal government in order to obtain “state certifications” of compliance. To signify their compliance with the federal standards, many states are now issuing identity cards emblazoned with gold stars in the corner.

According to the Department of Homeland Security, only Arizona, Idaho, Louisiana, Maine, Minnesota, New Hampshire, New York, and American Samoa have not met REAL ID standards as of January 2015. By DHS estimates, 70%-80% of all U.S. drivers are already carrying around REAL ID cards or live in states that have received extensions for compliance. Some states have even gone as far as to require the applicant to present birth certificates, W-2 tax forms, bank statements, and/or pay stubs to verify one’s identity before handing out the new REAL-ID cards. Some cards have RFID chips embedded in them. Among the 39 benchmarks of the REAL ID Act, state ID cards have to be scannable with a bar code reader, and the states are required to share access to an electronic database with all other states.

According to a Government Accountability Office (GOA) report from May of this year, the Federal Bureau of Investigations (FBI) facial recognition programs are violating public privacy and raises civil liberties concerns.

Despite many studies showing that facial recognition software is incorrect more often than not when identifying minorities, women and under 20-somethings, The sixty-eight page report details how the FBI could not confirm the accuracy of the program which gives law enforcement the ability to search databases of photographs from passports, driver’s licenses, and mugshots taken by various governmental agencies. Using the brought online the Next Generation Identification System (NGIS), the FBI has access to a gigantic biometric database that uses images and facial recognition software (FRS) to identify criminals. The GAO report revealed that the Facial Analysis, Comparison and Evaluation (FACE) Services has allowed certain FBI agents to access the State Department and the Pentagon and check on individuals who have never been suspected of any criminal or terroristic activities. So far an estimated 411 million facial images have been compromised by the FBI; and yet nearly a half-billion in total could have been violated.

Bedoya continued: “We found out that [the FBI] have no idea if they’re misusing it or not. They’ve literally never done an audit.” Concerning privacy expectations, Bedoya said: “When you turn 16 or 17, you don’t go down to the police station and give them your fingerprints; you go get your driver’s license. Turns out, it’s the same thing as far as the FBI is concerned. They might not be storing these photos at Quantico but it has built, in effect, a nationwide biometric database using driver’s license photos. It’s breathtaking.” The FBI has been using the faulty facial recognition software and databases much more “than had previously been understood” which is worrisome because “the FBI hasn’t done enough to audit its own use of facial recognition technology or that of other law enforcement agencies that partner with the FBI, nor has it taken adequate steps to ensure the technology’s accuracy.”

Today the federal Government Accountability Office (GAO) finally published its exhaustive report on the FBI’s face recognition capabilities. The takeaway: FBI has access to hundreds of millions more photos than we ever thought. And the Bureau has been hiding this fact from the public—in flagrant violation of federal law and agency policy—for years. According to the GAO Report, FBI’s Facial Analysis, Comparison, and Evaluation (FACE) Services unit not only has access to FBI’s Next Generation Identification (NGI) face recognition database of nearly 30 million civil and criminal mug shot photos, it also has access to the State Department’s Visa and Passport databases, the Defense Department’s biometric database, and the drivers license databases of at least 16 states. Totaling 411.9 million images, this is an unprecedented number of photographs, most of which are of Americans and foreigners who have committed no crimes. The FBI has done little to make sure that its search results (which the Bureau calls “investigative leads”) do not include photos of innocent people, according to the report. The FBI has conducted only very limited testing to ensure the accuracy of NGI's face recognition capabilities. And it has not taken any steps to determine whether the face recognition systems of its external partners—states and other federal agencies—are sufficiently accurate to prevent innocent people from being identified as criminal suspects. As we know from previous research, face recognition is notoriously inaccurate across the board and may also misidentify African Americans and ethnic minorities, young people, and women at higher rates than whites, older people, and men, respectively.

The GAO’s findings are especially shocking, given the timing. Just over a month ago the FBI demanded its face recognition capabilities be exempt from several key provisions of the federal Privacy Act—and provided the public with only 30 days to respond.

The ability to travel in the United States is about to become more restrictive as the TSA announces it will soon be enforcing new identification standards in American airports. Beginning in 2016, passengers attempting to pass through a federal TSA checkpoint will be subject to the requirements of the REAL ID Act. To that end, the TSA will put higher scrutiny on travelers’ identities, and will only accept a federal passport or a “REAL-ID” card, which is issued by the states to meet federal requirements. Passengers will not be allowed to fly through an American airport without submitting to the advanced federal specifications. Both federal passports and REAL-ID cards require a number of unique personal identifiers to be stored together in government databases, including his or her full name, date of birth, Social Security Number, scanned signature, and other identifiers. Both cards require biometric data: a front-facing digital photograph of the passenger’s face, which is ultimately used with a facial recognition database.

The Information Awareness Office (IAO) was established by the Defense Advanced Research Projects Agency (DARPA) in January 2002 to bring together several DARPA projects focused on applying surveillance and information technology to track and monitor terrorists and other asymmetric threats to U.S. national security, by achieving Total Information Awareness (TIA). This would be achieved by creating enormous computer databases to gather and store the personal information of everyone in the United States, including personal e-mails, social networks, credit card records, phone calls, medical records, and numerous other sources, without any requirement for a search warrant.[1] This information would then be analyzed to look for suspicious activities, connections between individuals, and "threats".[2] Additionally, the program included funding for biometric surveillance technologies that could identify and track individuals using surveillance cameras, and other methods.[2] Following public criticism that the development and deployment of this technology could potentially lead to a mass surveillance system, the IAO was defunded by Congress in 2003. However, several IAO projects continued to be funded, and merely run under different names.[3][4][5][6]

Among the other IAO programs that were intended to provide TIA with component data aggregation and automated analysis technologies were the Genisys, Genisys Privacy Protection, Evidence Extraction and Link Discovery, and Scalable Social Network Analysis programs. On August 2, 2002, Dr. Poindexter gave a speech at DARPAtech 2002 entitled "Overview of the Information Awareness Office"[7] in which he described the TIA program. In addition to the program itself, the involvement of Poindexter as director of the IAO also raised concerns among some, since he had been earlier convicted of lying to Congress and altering and destroying documents pertaining to the Iran-Contra Affair, although those convictions were later overturned on the grounds that the testimony used against him was protected.

The IAO was established after Admiral John Poindexter, former United States National Security Advisor to President Ronald Reagan, and SAIC executive Brian Hicks approached the US Department of Defense with the idea for an information awareness program after the attacks of September 11, 2001.[5] Poindexter and Hicks had previously worked together on intelligence-technology programs for the Defense Advanced Research Projects Agency. DARPA agreed to host the program and appointed Poindexter to run it in 2002. The IAO began funding research and development of the Total Information Awareness (TIA) Program in February 2003 but renamed the program the Terrorism Information Awareness Program in May that year after an adverse media reaction to the program's implications for public surveillance. Although TIA was only one of several IAO projects, many critics and news reports conflated TIA with other related research projects of the IAO, with the result that TIA came in popular usage to stand for an entire subset of IAO programs. The TIA program itself was the "systems-level" program of the IAO that intended to integrate information technologies into a prototype system to provide tools to better detect, classify, and identify potential foreign terrorists with the goal to increase the probability that authorized agencies of the United States could preempt adverse actions. As a systems-level program of programs, TIA's goal was the creation of a "counterterrorism information architecture" that integrated technologies from other IAO programs (and elsewhere, as appropriate). The TIA program was researching, developing, and integrating technologies to virtually aggregate data, to follow subject-oriented link analysis, to develop descriptive and predictive models through data mining or human hypothesis, and to apply such models to additional datasets to identify terrorists and terrorist groups.

The FBI doesn’t know exactly how accurate its facial recognition technology is, new watchdog report finds. The bureau's Next Generation Identification-Interstate Photo System, a database including more than 30 million photos of criminals, lets law enforcement match a surveillance camera photo to that of a known criminal by narrowing their identity to between two and 50 possible candidates. But the FBI hasn't ensured its facial recognition technology doesn’t “unnecessarily include photos of innocent people as investigative leads,” according to a new report from the Government Accountability Office. The NGI-IPS and the FBI’s "Facial Analysis, Comparison and Evaluation Services," or FACE, which accesses databases from other federal, state and local groups, were the subject of a recent audit.  Most photos in NGI-IPS are submitted from 18,000 external groups among federal, state and local law enforcement -- about 70 percent are criminal mugshots. It’s the same technology that helped the FBI and a state track down a sex offender who had been on the run for 20 years. The FBI has spent about $55 million on facial recognition over the last six years.

FBI officials haven’t tested the detection rate -- how often a match is generated against a submitted photo -- for lists less than 50 candidates, according to GAO. Law enforcement may request a specific number of candidates for any search, though the default is 20. Verifying that NGI-IPS is accurate for all candidate list sizes would provide more assurance that the system helps to “enhance, rather than hinder, criminal investigations,” the GAO report said. <a href="http://pubads.g.doubleclick.net/gampad/jump?sz=300x300&c=801138892&iu=%2F617%2Fnextgov.com%2Fsection_emergingtech%2Fcontent%2Fpid_129155&t=noscript%3Dtrue%26referring_domain%3DTyped%252FBookmarked%26pos%3Dinjector%26level%3D0"> <img src="http://pubads.g.doubleclick.net/gampad/ad?sz=300x300&c=801138892&iu=%2F617%2Fnextgov.com%2Fsection_emergingtech%2Fcontent%2Fpid_129155&t=noscript%3Dtrue%26referring_domain%3DTyped%252FBookmarked%26pos%3Dinjector%26level%3D0"/> </a> The FBI also hasn’t assessed how often errors occur in facial matching. These can be caused both by lower-quality technology, but also by low-quality photos, the report said. The detection- and the false-positive rate are key data points that will help the bureau and the public understand these risks before the technology is deployed, the report said. GAO also found FBI hadn’t determined whether the facial recognition technology its federal, state and local partners use is accurate enough to support its own investigations. These oversights could impinge on citizen's privacy and civil liberties, the report noted. In 2012, the advocacy group the Electronic Frontier Foundation suggested facial recognition systems could allow “covert, remote, and mass capture and identification of images.”

In criminal cases, a false positive might force a defendant to prove he or she isn’t who the facial recognition system thought he was -- such a scenario might “alter the traditional presumption of innocence,” an EFF statement said. The FBI has also been slow in publishing its privacy protocol, the report found. The Justice Department hadn’t updated a key “Privacy Impact Assessment” between 2008 and 2015; and though NGI-IPS has existed since 2011, the FBI also didn’t publish the requisite System of Records Notice, explaining how the technology is used, until May 2016. Publishing these notices more promptly would reassure the public “the FBI is evaluating risks to privacy,” the report said.  The GAO review comes shortly after DOJ published a notice arguing its massive biometric database should be excluded from the Privacy Act, which requires the federal government to disclose, upon inquiry from the subject, the information it collects on the public. The system includes finger and palm prints, iris and facial scans, images of tattoos, from criminals, suspects, detainees and anyone undergoing background checks, security clearances and other government assessments.

New documents released by the FBI show that the Bureau is well on its way toward its goal of a fully operational face recognition database by this summer. The EFF received these records in response to our Freedom of Information Act lawsuit for information on Next Generation Identification (NGI)—the FBI’s massive biometric database that may hold records on as much as one-third of the US population. The facial recognition component of this database poses real threats to privacy for all Americans.

“Emerging Intelligence Technologies” is the theme of the latest issue of the U.S. Army’s Military Intelligence Professional Bulletin (MIPB), January-March 2014. “Rapid technology developments in response to urgent wartime requirements have brought the intelligence community (IC) some tremendous new capabilities. Advancement in the areas of biometrics, battlefield forensics, miniaturization, SIGINT terminal guidance, DCGS-A, and distributed processing have been vital to the success of Military Intelligence (MI) and the Army,” wrote Maj. Gen. Robert P. Ashley. “This issue of MIPB looks at several of these capabilities and their integration into our formations.” The new Bulletin was obtained under the Freedom of Information Act.

Today, 21 December 2014, WikiLeaks releases two classified documents by a previously undisclosed CIA office detailing how to maintain cover while travelling through airports using false ID – including during operations to infiltrate the European Union and the Schengen passport control system. This is the second release within WikiLeaks' CIA Series, which will continue in the new year. The two classified documents aim to assist CIA undercover officials to circumvent these systems around the world. They detail border-crossing and visa regulations, the scope and content of electronic systems, border guard protocols and procedures for secondary screenings. The documents show that the CIA has developed an extreme concern over how biometric databases will put CIA clandestine operations at risk – databases other parts of the US government made prevalent post-9/11.

The CIA manual "Surviving Secondary", dated 21 September 2011, details what happens in an airport secondary screening in different airports around the world and how to pass as a CIA undercover operative while preserving one's cover. Among the reasons for why secondary screening would occur are: if the traveller is on a watchlist (noting that watchlists can often contain details of intelligence officials); or is found with contraband; or "because the inspector suspects that something about the traveler is not right".

The second document in this release, "Schengen Overview", is dated January 2012 and details guidelines for border officials in the EU's Schengen zone and the threats their procedures might pose in exposing the "alias identities of tradecraft-conscious operational travelers", the CIA terminology for US spies travelling with false ID during a clandestine operation. It outlines how various electronic systems within Schengen work and the risks they pose to clandestine US operatives, including the Schengen Information System (SIS), the European fingerprint database EURODAC (European Dactyloscopie) and FRONTEX (Frontières extérieures) – the EU agency responsible for easing travel between member states while maintaining security.

A secret US cybersecurity report warned that government and private computers were being left vulnerable to online attacks from Russia, China and criminal gangs because encryption technologies were not being implemented fast enough. The advice, in a newly uncovered five-year forecast written in 2009, contrasts with the pledge made by David Cameron this week to crack down on encryption use by technology companies.

In the wake of the Paris terror attacks, the prime minister said there should be no “safe spaces for terrorists to communicate” or that British authorites could not access. Cameron, who landed in the US on Thursday night, is expected to urge Barack Obama to apply more pressure to tech giants, such as Apple, Google and Facebook, which have been expanding encrypted messaging for their millions of users since the revelations of mass NSA surveillance by the whistleblower Edward Snowden.

Cameron said the companies “need to work with us. They need also to demonstrate, which they do, that they have a social responsibility to fight the battle against terrorism. We shouldn’t allow safe spaces for terrorists to communicate. That’s a huge challenge but that’s certainly the right principle”. But the document from the US National Intelligence Council, which reports directly to the US director of national intelligence, made clear that encryption was the “best defence” for computer users to protect private data. Part of the cache given to the Guardian by Snowden was published in 2009 and gives a five-year forecast on the “global cyber threat to the US information infrastructure”. It covers communications, commercial and financial networks, and government and critical infrastructure systems. It was shared with GCHQ and made available to the agency’s staff through its intranet.

The U.S. military will subject Syrian rebels taking part in a new training program to psychological evaluations, biometrics checks and stress tests under a screening plan that goes well beyond the steps the United States normally takes to vet foreign soldiers, a sign of the risks the Obama administration faces as it expands support for armed groups in Syria.

HE INTERCEPT HAS OBTAINED a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States. The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before.

The Intercept obtained the catalogue from a source within the intelligence community concerned about the militarization of domestic law enforcement. (The original is here.) A few of the devices can house a “target list” of as many as 10,000 unique phone identifiers. Most can be used to geolocate people, but the documents indicate that some have more advanced capabilities, like eavesdropping on calls and spying on SMS messages. Two systems, apparently designed for use on captured phones, are touted as having the ability to extract media files, address books, and notes, and one can retrieve deleted text messages. Above all, the catalogue represents a trove of details on surveillance devices developed for military and intelligence purposes but increasingly used by law enforcement agencies to spy on people and convict them of crimes. The mass shooting earlier this month in San Bernardino, California, which President Barack Obama has called “an act of terrorism,” prompted calls for state and local police forces to beef up their counterterrorism capabilities, a process that has historically involved adapting military technologies to civilian use. Meanwhile, civil liberties advocates and others are increasingly alarmed about how cellphone surveillance devices are used domestically and have called for a more open and informed debate about the trade-off between security and privacy — despite a virtual blackout by the federal government on any information about the specific capabilities of the gear.

ANY OF THE DEVICES in the catalogue, including the Stingrays and dirt boxes, are cell-site simulators, which operate by mimicking the towers of major telecom companies like Verizon, AT&T, and T-Mobile. When someone’s phone connects to the spoofed network, it transmits a unique identification code and, through the characteristics of its radio signals when they reach the receiver, information about the phone’s location. There are also indications that cell-site simulators may be able to monitor calls and text messages. In the catalogue, each device is listed with guidelines about how its use must be approved; the answer is usually via the “Ground Force Commander” or under one of two titles in the U.S. code governing military and intelligence operations, including covert action.