California police criticized for 'stingray' cellphone trackers

Handsets nearby feed location data to the devices as if they were cell towers

Law enforcement agencies in California are using devices that mimic cellular base stations to track mobile users, public records have revealed, triggering charges that the practice may be unconstitutional.

Agencies in Los Angeles, San Diego, San Jose, San Francisco, Sacramento and other areas own or have funding to buy the so-called "stingray" devices, according to documents uncovered in an investigation by TV station Sacramento News 10. The American Civil Liberties Union of Northern California highlighted the findings in a blog post on Thursday, saying the use of stingrays may violate constitutional restraints on searches.

Stingrays, which have been reported in use in Florida, Colorado and other states, are small portable devices that appear to nearby phones as if they are real cellular base stations. When a stingray is nearby, phones will automatically connect to it as if it were the nearest cell tower. Law enforcement most commonly uses the devices to track the location of phones, though there are stingrays that can monitor calls, Staff Attorney Linda Lye wrote in the blog post.

The government's use of digital technology for widespread data-gathering on citizens has focused mostly on federal entities such as the National Security Agency. But local law enforcement has also come under attack for the use of technologies such as stingrays and small, unmanned "drone" aircraft.

Stingrays can track users as they move around with their phones, with a level of accuracy that allows for tracking even inside buildings, according to the ACLU. Because they take in data from every phone in the area, instead of limiting the surveillance to actual suspects, the devices are constitutionally suspect, Lye wrote.

"There is a real question as to whether stingrays can ever be used in a constitutional fashion. They are the electronic equivalent of dragnet 'general searches' prohibited by the Fourth Amendment," Lye wrote.

However, as with other types of surveillance, regulations and case law haven't kept up with technology, according to the ACLU. There are no laws governing law enforcement's use of stingrays, Lye wrote.

Most of the biggest local law-enforcement agencies in California are named in the report, including the Los Angeles Police Department and L.A. County Sheriff's Department, the San Diego Police Department, the San Francisco Police Department and the San Jose Police Department.

The federal government has funded stingrays for anti-terrorism efforts on the local level. For example, in 2013, San Jose received about US$250,000 for one or more stingrays from the Department of Homeland Security's Urban Areas Security Initiative. That program is designed to head off terrorism and other hazards. But in some cases the local agencies have brought the devices into ordinary law enforcement, such as the Oakland Police Department's use of stingrays in its Criminal Investigative Division, the ACLU said.

Because stingrays are typically funded through federal grants, they also bypass the local scrutiny of an agency's regular budget, according to the ACLU. If local citizens knew about such devices, they might block their use, Lye wrote.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Department of Homeland SecurityGovernment use of ITsecurityAmerican Civil Liberties Union of Northern CalifornialegalmobilegovernmentprivacyCriminal

More about IDGLawsonNational Security Agency

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stephen Lawson

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts