Unbeknownst to them, a secretive technology that might have been in use could spell bad news for pro-Trump extremists who stormed the U.S. Capitol Building.
On Wednesday, January 6th, hordes of pro-Trump extremists stormed the U.S. Capitol, sending elected representatives, staffers, journalists, and even the vice president scrambling for shelter. Broadcast live by multiple news outlets, people worldwide watched in horror as rioters strolled leisurely through America’s Capitol as if on a self-guided tour.
At one point, a man casually walked through Statuary Hall carrying a sizable Confederate battle flag. In another, a shirtless man wearing a horned animal skin hat posed for photos while sitting in Vice President Mike Pence’s chair in the Senate Chamber. In the House Chamber, staffers barricaded themselves in with a large bookcase and table, as executive protection agents tensely stood with guns trained on the door.
It took authorities seven hours to clear the Capitol, but not before five people would ultimately lose their lives, including one Capitol Police officer.
So far, nearly 100 people have been arrested. Currently, hundreds of law enforcement officials are still working to identify, locate, and bring justice to additional perpetrators. The Debrief recently discussed how images and videos, many taken by the rioters themselves, will likely come back to haunt individuals who’ve been labeled by many as insurrectionists.
Now, The Debrief examines a potential piece of controversial and secretive surveillance technology called a “cell-site simulator” that investigators might be using to aid them in their efforts.
A cell-site simulator or “international mobile subscriber identity-catcher” (IMSI-catcher) is a powerful and secretive technology that masquerades as a cell tower. By emitting a stronger signal than surrounding towers, the devices exploit a mobile phone’s continuous signal reception optimization, forcing phones to connect with it instead of a mobile carrier. The devices are commonly termed “Stingrays,” based on the same name for the popular cell-site simulator manufactured by the L3Harris Corporation.
The terms “cell-site simulator” and “IMSI-catcher” are generally used interchangeably to describe any device which covertly forces nearby mobile phones to connect with it, however these are technically two different types of secretive technology. IMSI-catchers are “passive” devices, while cell-site simulators are considered “active” surveillance tools.
In “passive” form, an IMSI-catcher doesn’t transmit a signal to mobile devices. Instead, as the name implies, it merely grabs nearby cellular transmissions, similar to how an FM radio works. The passive device then decodes the intercepted signals to find the individual mobile identity. A passive IMSI-catcher can also be used as a covert tracking device when a user’s unique mobile identity is already known. Additionally, passive IMSI-catchers can be used as “jammers,” capable of conducting denial of service attacks to cellular devices.
Conversely, the “active” cell-site simulator does transmit a signal. This signal forces all cellular devices in a given area to disconnect from their service provider and establish a new connection with the secretive technology. Once connected, a cell-site simulator can begin to intercept data such as call information, unencrypted text messages, emails, and even information such as browsing history on any given mobile device.
Cell-site simulators don’t just pick up data on specific targeted devices. Because they operate by deceiving cell phones into believing they’re connecting with a legitimate cellular network, all mobile devices in the vicinity will automatically connect with a cell-site simulator. Cell-site simulators are portable and can vary in size depending on the model. Some are the size of a small briefcase, while other models can even be as small as a handheld device made to look like a cell phone. One device manufactured by Digital Receiver Technology Inc. (a subsidiary of Boeing), called a “Dirtbox” (or DRT box), is capable of being deployed by airplane or helicopter to simultaneously target up to 10,000 mobile devices.
Because the secretive technology is capable of such a wide net, non-discretionary surveillance of mobile devices, cell-site simulators, and IMSI-catchers are a significant point of contention for privacy advocates.
Currently, the Department of Justice (DOJ) and the Department of Homeland Security (DHS) require their component agencies to obtain a federal search warrant supported by probable cause before using a cell-site simulator. But there are exceptions to this requirement. Both the DOJ and DHS allow devices to be used without a warrant whenever “exigent” or “exceptional” circumstances exist. Additionally, according to the ACLU, at least 75 local or state law enforcement agencies across 27 states have their own cell-site simulators or IMSI-catchers.
The legal privacy implications of cell-site simulators are murky because it is unclear what this secretive technology can actually do.
The Department of Justice has long maintained cell-site simulators cannot function as a GPS locator. They also claim the devices cannot remotely capture emails, texts, contact lists, images, or any other data from cell phones.
Contradicting the DOJ’s claims, in 2015, the ACLU obtained DOJ documents showing that the devices were indeed capable of flashing a phone’s firmware, allowing for remote interception and recording of voice and text communications. Marketing materials provided by Gamma Group, another manufacturer of the devices, claim their “3G-GSM Tactical Interception & Target Location” can be configured to divert calls and texts, edit messages, or even spoof the identity of a caller in texts or calls.
When cell-site simulators are provided to local and state law enforcement agencies, departments often must sign non-disclosure agreements with the federal government or manufacturers. This makes it difficult for the public to learn of their mere existence, much less what the devices are capable of doing. Such was the case with the Baltimore Police Department, who, along with the State’s Attorney’s Office, were required by the Federal Bureau of Investigation (FBI) to sign a non-disclosure agreement before allowing the use of a cell-site simulator.
During some notable legal battles, including Baltimore Police’s use of the device, it’s been discovered that authorities have hidden their use of the secretive technology from judges, defense lawyers, and juries, either behind pen register orders or simply describing information gained as coming from “reliable, confidential sources.”
Though the technology most certainly exists, whether or not there are cell-site simulators or IMSI-catchers inside the U.S. Capitol remains unknown. There are, however, some definite potential reasons why these secretive technologies may well be in use at the Capitol, particularly on January 6th, 2021.
Although the DOJ and DHS require their components to obtain a search warrant before using a cell-site simulator, these same rules don’t apply to all U.S. government agencies — specifically in this case, the agency tasked with protecting the U.S. Congress, the U.S. Capitol Police (USCP).
Functioning as a hybrid security and police force, the Capitol Police are the only full-service law enforcement agency that answers directly to the government’s legislative branch. USCP’s jurisdiction largely centers on the Capitol Building, adjacent congressional staff offices, and Library of Congress buildings.
Contrary to their performance on January 6th — as Tom Rogan of the Washington Examiner aptly labeled it, “a catastrophic security failure,” — relative to the two square miles it guards, the Capitol Police is one of the most well-funded and well-staffed police departments in the world. In the fiscal year 2021 federal budget, the Capitol Police budget constituted almost 10% of legislative branch funding, or nearly $515 million. In 2020, USCP’s total force was made up of 1,923 sworn officers and 419 civilian employees, making it larger than 99.6% of all police agencies in the United States.
In light of its immense size and budget, the Capitol Police force also happens to be one of the most notoriously opaque appendages of the sprawling federal government.
The USCP is under no statutory obligation to disclose any information publicly and is exempt from the Freedom of Information Act. Oversight for the Capitol Police comes from the Capitol Police Board, made up of the Sergeant at Arms for the House and Senate, the Architect of the Capitol, and the USCP Chief of Police. Additional Congressional oversight is provided by eight members from the Appropriations, House Administration, and Senate Rules Committees. USCP has an Inspector General (IG); unlike most other federal IG offices, however, the USCP IG does not have to make their reports publicly available.
Ironically, several significant reforms for the Capitol Police were included in the Omnibus Appropriations and Coronavirus Relief Package signed into law a little over a week before the Capitol riots. These reforms, similar to a “FOIA-like” process and procedure, review Inspector General reports so they can be made publicly available. They addressed concerns over the publication of arrest information and various measures meant to address racism and diversity among the police force.
Given how tight-lipped law enforcement agencies are on their use of cell-site simulators or IMSI-catchers, it’s nearly impossible to know if the secretive technology is part of the reclusive Capitol Police’s security apparatus.
In all likelihood, given notable instances in the past of federal law enforcement resources being misused for political gain, it’s very doubtful the Capitol Police would use any type of active cell-site simulator. As the epicenter of America’s political leadership, however, the Capitol represents a very high-value target for domestic and foreign terrorists. For this reason, USCP could indeed quietly operate a more passive surveillance technology, as knowing who is coming in and out of the Capitol Building would be a paramount security concern.
The Fourth Amendment to the U.S. Constitution is the legal safeguard that protects the public against unlawful surveillance and unreasonable searches and seizures by the government. In past legal rulings, however, the precedent has consistently been upheld that these protections do not extend to instances when a person should have no reasonable expectation of privacy.
Similar to boarding a commercial flight, everyone entering the Capitol Building is screened by a magnetometer. All items being carried in are searched and X-rayed. Unlike airline security, all visitors entering the Capitol Visitor Center are prohibited from bringing in any food or beverages, even if these items are unopened or sealed.
Given the apparent indications of heightened security, just as in all other secured federal properties, anyone choosing to lawfully enter the U.S. Capitol Building does so under what the courts consider “implied consent,” or implied waiving of Fourth Amendment rights. There is no legal precedent involving passive IMSI-catchers specific to these circumstances (that I’m aware of or can find). But operating a secretive technology that only captures the individual mobile identity of cellular devices entering the Capitol would likely be considered reasonable by federal courts.
Since everyone who entered the Capitol on January 6th was committing a federal crime, law enforcement authorities would have more than enough probable cause to secure the necessary search warrants necessary to match any captured mobile data with actual user identification information.
To put it simply, every person with a cell phone on them that broke into the Capitol on January 6th could quickly and rather easily be identified thanks to this very obscure and secretive technology.
When it comes to bringing justice to some of the more egregious crimes committed during the Capitol insurrection, such as the murder of Officer Brian D. Sicknick, there happens to have been another, even more powerful, security agency than the Capitol Police in the building that day: Unlike USCP, an agency that very likely was secretly using a more sophisticated and robust active cell-site simulator.
On January 6th, as Congress held a joint session to ratify the 2020 presidential election, current Vice President Mike Pence was in attendance to perform his ceremonial duty of receiving from the states the tally of Electoral College ballots. As is always the case, with Pence was an extensive and multilayered team of Secret Service agents tasked with protecting the second-highest office in the executive branch.
While it has since become fairly apparent the failure to defend the Capitol fails on the Capitol Police leadership’s shoulders, there’s no reason to think the Secret Service wasn’t well-poised to perform their duties of protecting the vice president. In fact, in their protective mission, the Secret Service prides itself on preventing incidents before they occur.
The Secret Service acknowledges the use of “advanced countermeasures” to “deter, minimize, and decisively respond to identified threats and vulnerabilities.” To maintain operational security, the Service is understandably coy in elaborating on what types of “advanced countermeasures” they employ, but the use of covert listening devices by the Secret Service to keep the president and vice president safe isn’t anything new. In at least one known occasion, the Service’s eavesdropping likely saved a president’s life.
In his 2011 book, The Death of American Virtue: Clinton vs. Starr
While traveling with his motorcade in Manila, according to Gormley, a Secret Service intelligence agent intercepted communications of a caller using the words “bridge” and “marriage” (the latter being a code word for assassination). In an abundance of caution, Clinton’s motorcade rerouted to avoid crossing over a sizable public bridge. The move proved to be incredibly fortunate, as a bomb was discovered to have been planted on the very bridge Clinton’s motorcade would previously have had to cross.
While the Secret Service’s parent agency, DHS, requires its components to obtain a search warrant before using cell-site simulators, Homeland Security Assistant Secretary Seth M. Stodder testified to members of the Subcommittee on Information Technology in 2015 that these rules do not apply to the Secret Service. Stodder told committee members that the Secret Service’s protective mission is considered an “exceptional circumstance,” foregoing the necessity for a court-issued search warrant.
Rather than relying on physically eavesdropping, the Secret Service today can use sophisticated active cell-site simulators, which allow for computer systems to intercept and rapidly scan communications in a given area, alerting agents of any concerning or suspicious “chatter.”
Moments after pro-Trump extremists overwhelmed Capitol police and broke through metal barricades at the Capitol Building’s back, the Secret Service whisked Vice President Pence away to a secure location. Where that location was, for obvious reasons, is top secret. Considering the sprawling underground tunnel system beneath the Capitol, Pence could have safely been miles away as the chaos unfolded.
Since the vice president’s safety was their sole and primary responsibility, all of the Secret Service’s fancy hardware would be focused on wherever Pence was tucked away. Should the Secret Service still have had any sophisticated secretive technology nearby, such as a cell-site simulator, however, there’s more than a few good reasons why they’d want to gobble up as much intelligence as they could on the droves of insurrectionists attacking the Capitol.
Upset with the vice president for not doing more to try and keep President Trump in power, pro-Trump dissidents inside the Capitol began chanting, “Hang Mike Pence!” Demonstrating these weren’t merely idle threats, antagonists went as far as erecting a large gallows across from the Capitol Reflecting Pool and, ironically, roughly 500 feet from the Peace Monument (also known as the Naval Monument).
Reuters Photo News Editor Jim Bourg tweeted, “I heard at least 3 different rioters at the Capitol say that they hoped to find Vice President Mike Pence and execute him by hanging him from a Capitol Hill tree as a traitor. It was a common line being repeated. Many more were just talking about how the VP should be executed.”
Trump supporters chanting 'HANG MIKE PENCE' at the Capitol Building pic.twitter.com/iMSOl4u3tg
— Dallas (@59dallas) January 6, 2021
Threats of violence towards Vice President Pence have continued in the days following the Capitol riots. On Saturday, January 9th, Twitter had to intervene after the hashtag “#HangMikePence” started trending. The following day, lawyer and high-profile Trump supporter Lin Wood posted on the app Parler, “Get the firing squad ready, Pence goes FIRST.” The message was later deleted by Parler, the CEO, John Matze, confirmed.
If violently besieging the Capitol wasn’t already enough, directly threatening the Vice President of the United States put groups of pro-Trump extremists directly in the Secret Service’s purview. Just yesterday, the FBI issued a bulletin saying they had received intelligence regarding threats against President-Elect Joe Biden and Vice President-Elect Kamala Harris. Biden has been under Secret Service protection since he was selected for vice president in 2008. Harris began receiving a protection detail once she was named Biden’s candidate for vice president.
According to DHS policy, agencies must delete all data collected by a cell-site simulator following the completion of a mission. According to DHS, “a typical mission may last anywhere from less than one day and up to several days.” Interestingly enough, in this case, rather than completing a mission at the end of January 6th, Capitol rioters created a mission for the Secret Service.
Also a significant consideration, the 2021 inauguration of Joe Biden has been classified as a National Special Security Event (NSSE). By federal law, when an NSSE is declared, the Secret Service becomes the lead agency responsible for planning, coordinating, and implementing security operations. Some examples of past National Special Security Events include presidential inaugurations, State of the Union addresses, or even the 2002 Winter Olympics and 2019 Super Bowl.
Based on the totality of circumstances, it’s very likely a federal judge would have no problem signing off on a search warrant allowing the Secret Service to intimately sift through the wealth of data picked up by an active cell-site simulator in use at the Capitol.
In essence, rioters may have unwittingly given the Secret Service a treasure trove of insight into some insurrectionist groups who are still threatening violence. The contact list from a single rioter’s cell phone could reveal hundreds of other extremist group members and associates.
What precisely the Secret Service would do with data gathered by this secretive technology is another story. Given controversial attitudes and concerns over invasions of privacy, it’s unlikely the Service would hand over reams of data to aid in the mass arrests and prosecutions of Capitol rioters. It’s more likely agents with the protective intelligence mission and the National Threat Assessment Center would use any collected data for intelligence purposes.
That said, there’s plenty of legal grounds for the Service to share incriminating information, such as text messages or emails from perpetrators’ cell phones, with the FBI — particularly anything incriminating picked up by secretive technologies that would relate to the murder of Officer Sicknick or the identity of the person who placed pipe bombs around the Capitol grounds.
Ultimately, the use of any information gained by cell-site simulators that may have been in place during the Capitol riots would be examined under the precedent if it “shocks the conscience” — a legal standard denoting actions that are perceived as manifestly and grossly unjust.
Given that varying polls suggest 88%–90% of all Americans consider the actions at the Capitol to be appallingly criminal, it’s unlikely many “consciences” would be “shocked” if law enforcement employed any and all tools at their disposal to hold perpetrators accountable. It’s equally unlikely that most would consider the application of covert surveillance in this instance as being an invasion of privacy.
Essentially, if the government is spying on private citizens in their day-to-day lives, this would be a gross violation of civil liberties, and illegal. If private citizens willingly and unlawfully encroach on federal property in a violent uprising against democracy, then as the saying goes, “All’s fair in love and war.”
The Secret Service did not respond to questions when asked about the use of cell-site simulators or how this technology could aid investigations into the Capitol events.
Instead, regarding the upcoming inauguration, the Secret Service said, “The inauguration of the President of the United States is a foundational element of our democracy. The safety and security of all those participating in the 59th Presidential Inauguration is of the utmost importance. For well over a year, the U.S. Secret Service, along with our NSSE partners, has been working tirelessly to anticipate and prepare for all possible contingencies at every level to ensure a safe and secure Inauguration Day.”