The Federal Communications Commission has established a task force to study reported misuse of surveillance technology that can intercept cellular signals to locate people, monitor their calls and send malicious software to their phones.
The powerful technology -- called an IMSI catcher, though also referred to by the trade name “Stingray” — is produced by several major surveillance companies and widely used by police and intelligence services around the world.
The FCC, in response to questions from U.S. Rep. Alan M. Grayson (D-Fla.), plans to study the extent to which criminal gangs and foreign intelligence services are using the devices against Americans. FCC Chairman Tom Wheeler, in a letter dated this month, said the commission had authority over the surveillance technology and had established a “task force to combat the illicit and unauthorized use of IMSI catchers."
The task forces's mission, Wheeler wrote, "is to develop concrete solutions to protect the cellular network systemically from similar unlawful intrusions and interceptions.”
The action followed numerous news reports, in Newsweek, the Harvard Journal of Law and Technology and The Washington Post, about the vulnerability of cellular networks to interception. Grayson cited those reports in noting that IMSI catchers could be bought for as little as $1,800, or built by anybody with a moderate degree of technical expertise.
The devices work by mimicking cell towers to trick nearby phones to route their data through the IMSI catcher. Though some cellular traffic is encrypted, IMSI catchers often are marketed with systems for cracking common forms of encryption.
“Americans have a reasonable expectation of privacy in their communications, and in information about where they go and with whom they communicate,” Grayson wrote to Wheeler in July. “It is extremely troubling to learn that cellular communications are so poorly secured, and that it is so easy to intercept calls and track people’s phones.”
The widespread use of IMSI catchers by law enforcement also has prompted significant legal debates, with civil liberties groups arguing that police have too much latitude in collecting data that flows through cellular networks.
Stephanie K. Pell, a cyber-ethics fellow at the Army Cyber Institute at the U.S. Military Academy, said the FCC should investigate not only the illegal uses of IMSI catchers but the network vulnerabilities that allow them to work.
“I think it would be prudent to assume that the Chinese government and criminal gangs don’t care if IMSI catchers are illegal,” said Pell, who has written extensively about the technology. “Ultimately if we are going to get to the root of the problem, we will have to deal with this from a network vulnerability perspective.”
Pell said her views were personal and did not represent those of the Army Cyber Institute.