Stingray use by Dallas Police Department

To Whom It May Concern:

Pursuant to the Texas Public Information Act, I hereby request the following records:

All records and reports pertaining to the use of cell-site simulators, also known as “ISMI catchers” or “Stingrays” after one of the most popular models. Please include records pertaining to the use of any device(s) by the Dallas Police Department which enables it to locate or criminal suspects through the triangulation of cellphone signals, or otherwise monitor/surveil criminal suspects. Please include any contracts related to technology I’ve described to which D.P.D. and/or the City of Dallas may be a party. Please include any reports submitted or received by D.P.D. to or from any federal or state agencies (including fusion centers) regarding this technology.

As I am submitting this public records request in my capacity as a professional journalist who has extensively covered the deployment of cell-site simulators by law enforcement at the federal, state, and local levels, I ask that you waive all applicable fees associated with the search, review and duplication of any responsive records. The requested documents will be made available to the general public, and this request is not being made for commercial purposes. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 10 business days, as the statute requires.

Sincerely,

Dell Cameron

Clarifying my request which was just sent a minute because it included by accident overly broad language. Please amend my request to the following:

All records and reports pertaining to the use of cell-site simulators, also known as “ISMI catchers” or “Stingrays” after one of the most popular models. Please include records pertaining to the use of any device(s) by the Dallas Police Department which enables it to locate criminal suspects through the triangulation of cellphone signals. Please include any contracts related to technology I’ve described to which D.P.D. and/or the City of Dallas may be a party. Please include any reports submitted/received by D.P.D. to /from any federal or state agencies (including fusion centers) regarding this technology.

I would like to amend my public records request (2016-18675) to aid your search for responsive records by submitting the following information.

According to this NBC 5 news report, the Fort Worth Police Department purchased the “KingFish System” version of this device. Please expand my search to include references to the KingFish system: http://www.nbcdfw.com/news/local/Fort-Worth-Cellphone-Tracking-Rings-Controversy-140796693.html

This record shows the Houston Police Department considered purchasing the “RayFish” Covert Surveillance Equipment from the “Harris Corporation,” which is based in Florida. Please expand your search to include references to the RayFish system and Harris Corporation: http://www.houstontx.gov/citysec/agendas/2012/20121016.pdf

This article in the Austin Chronicle details an open records request filled by the Austin Police department that produced information about ISMI Catchers and the Harris Corporation (“[R]esponsive documents from a recent Chron­icle open records request to the Austin Police Department reveal the acquisition of phone-tracking devices by theTexas Department of Public Safety that require a nondisclosure agreement with the U.S. Department of Justice and the manufacturer of the devices, Harris Corporation.) Link: http://www.austinchronicle.com/news/2014-10-17/apd-can-we-please-buy-some-top-secret-stingrays/

Further information about ISMI Catchers:

IMSI Catchers are used in mobile networks to identify and eavesdrop on phones. IMSI Catchers are MITM (man in the middle) devices for cellular networks. Originally developed to steal IMSI (International Mobile Subscriber Identity) numbers from nearby phones (hence the name), later versions offered call- and message interception. Today, IMSI Catchers are used to track handsets, deliver geo-target spam, send operator messages that reconfigure the phone (e.g. installing a permanent MITM by setting a new APN, http proxy, or attack the management interface), directly attack SIM cards with encrypted SMS that are filtered by most operators by now, and can potentially intercept mobile two-factor authentication schemes (mTAN).

In brief, these devices exploit the phone’s behavior to prefer the strongest cell phone tower signal in vicinity to maximize the signal quality and minimize its own power consumption. Additionally, on GSM networks (2G), only the phone (via the SIM, Subscriber Identification Module) needs to authenticate to the network but not vice versa and therefore can easily be deluded to disable content data encryption. This enables an attacker to answer a phone’s requests as if the phone was communicating with a legitimate cell phone network.