House Lawmakers Lament DHS Absence at StingRay Hearing
Lawmakers would have been better served if the Department of Homeland Security sent an official to testify at a hearing on cellsite simulators, said House Oversight Subcommittee Chairman Ralph Abraham, R-La. DHS, which took the lead on StingRay monitoring (see 1806040046, 1806010056 and 1804180051), declined to testify but provided a written briefing to the subcommittee.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
House Science, Space and Technology Committee ranking member Eddie Bernice Johnson, D-Texas, also expressed disappointment at the lack of representation from DHS and the FBI, which she said could have helped lawmakers better understand how government is addressing the issue. DHS and FBI didn't comment Wednesday. She warned against a lack of security precautions by President Donald Trump and the White House.
StingRays are valuable tools for law enforcement and intelligence, Johnson said, but are used by foreign intelligence in the U.S., citing recent evidence of activity near the White House. Abraham called the technology a “double-edged sword,” saying tracking suspect activity enables law enforcement to put more criminals behind bars. But the technology is ripe for exploitation and likely being used to monitor U.S. government officials, she said.
Subcommittee ranking member Donald Beyer, D-Va., also criticized Trump for not taking proper phone security measures and using his personal cellphone, against recommendations. Beyer claimed Trump gave his personal number to North Korean leader Kim Jong Un and said he hopes to hear from DHS and telecom representatives in the future.
National Institute of Standards and Technology Information Technology Laboratory Director Charles Romine testified NIST’s role is to protect networks by providing useful input for operators and others looking to strengthen telecom activities. Security standards for 5G technology offer network functionalities that could eliminate illegal use of StingRays, he said.
Princeton University assistant professor Jonathan Mayer testified there haven't been instances of law enforcement tracking down any of these devices or attempting to attribute any of them to any specific actors, though the latter might be possible. Virginia Tech Hume Center for National Security and Technology Director Charles Clancy said authorities should be able to distinguish between the two classes of StingRay: expensive devices for law enforcement and intelligence that have specific hardware, and lower-end gadgets built on open-source software. Mayer said commercial tools are available to identify the devices, but the approach should be defense, not to identify the products, which could be a game of whack-a-mole. Clancy agreed the “whack-a-mole” approach isn't best because even if gear signatures are identified, those can be changed.
Clancy claimed criminal organizations haven't taken advantage of StingRay technology. Law enforcement and intelligence have because they are more data-driven than criminal organizations, which take a brute-force approach, like jamming signals, he said.