California Just Got a Privacy Upgrade – Alameda County, It's Your Move
Update: Following our blog post, Alameda County District Attorney (DA) Nancy E. O’Malley released a draft copy of a usage policy for the proposed Stingray upgrade before the Board of Supervisors. On Nov. 6, we provided the DA with our feedback on that draft (available here). Subsequently, on Nov. 12, the DA responded to our letter (available here). A copy of the draft usage policy for the Nov. 17, 2015 meeting which is available here.
A few weeks ago, Alameda County Sheriff Ahern requested authorization from the Board of Supervisors to upgrade the county’s StingRay surveillance equipment. StingRays are capable of secretly collecting information about the cellular phones of innocent people. In light of the serious civil liberties concerns raised by this technology and the lack of community input or a use policy, we encouraged a no vote and the Board postponed the decision. Today, the Board again postponed the decision, this time to develop a use-policy. Yet it is not clear that they will provide the public adequate opportunities to meaningfully weigh in.
Last week, California’s privacy laws were updated for the digital age so that Californians are protected against warrantless surveillance of their digital information. Gov. Brown signed the California Electronic Communications Privacy Act (CalECPA) and SB 741. Together, these new laws require that the Board create a public usage policy for this device and that a probable cause warrant is obtained before it is used. The sheriff’s original proposal fails to meet the requirements of either law. That is especially troubling considering how StingRays work.
What's a StingRay?
StingRays are a highly intrusive cell phone surveillance technology used by law enforcement to intercept information from a target cell phone, sometimes without even obtaining a warrant. By mimicking a cell tower, the device tricks cell phones into communicating with it. StingRays can even track a target’s location inside their own home. Because the device also captures information from cell phones in the surrounding area that have nothing to do with any investigation, there are a number of constitutional concerns at play.
This proposal not only fails the legal test, it fails the democratic one too. A public legislative body should never approve surveillance equipment without adequate public input, a thorough cost-benefit analysis, and a completed and publicly available policy that, at a minimum, requires a warrant before this intrusive device is used and imposes binding consequences for misuse. No such steps have been taken here. At present, there is no information about whether law enforcement will seek a warrant to use the device, the circumstances in which the device will be used, and the protocols for handling third-party data. Instead, the device and its use is shrouded in secrecy.
This is all the more troubling in light of the fact that the Sheriff Ahern has a history of pursuing surveillance technology without taking the time to invite public input. Last year he bought two drones despite strong public dissent. But times have changed.
The sheriff’s proposal is stuck in the digital dark ages, but California’s privacy laws no longer are. We encourage the Board to recognize this by voting NO on the sheriff’s request until an adequate use-policy is developed that allows the public to meaningfully weigh in.
Matt Cagle is a technology and civil liberties attorney with the ACLU of Northern California.