Jeremy Greenberg

A Modern Major Statute: Illinois Raises the Bar in Protecting Citizen Privacy from Cell Site Simulators


It was recently discovered that Baltimore, MD—a city known for its aggressive policing of black communities, had used cell site simulators (“CS simulators”)1 to surveil these communities over 4,300 times in the last eight years.2 4,300 already seems like a considerable figure; however, comparing it to the number of simulators deployed in New York and San Diego underscores its true magnitude. Baltimore employed four times more simulators than New York City and eleven times more than San Diego over that same time period, despite the fact that both of those cities are more than twice its size.3 Welcome to Baltimore—where your race may put your civil liberties at risk.

According to the Department of Justice, the practice of deploying CS simulators should require a warrant and only be used when necessary to achieve appropriately severe public safety objectives, such as apprehending a fugitive or locating a kidnapped child.4 However, the DOJ only regulates CS simulators at the federal level, leaving states to regulate their own use.

To protect these heavily surveilled populations from civil liberty violations, state lawmakers should look to the recently enacted Illinois Citizen Privacy Protection Act.5 With this new law, Illinois joins several other states in requiring law enforcement to obtain a warrant prior to deployment.6 Moreover, Illinois’ law sets a new high benchmark for protecting civil liberties by including an exclusionary remedy for unlawful deployment, prohibiting non-disclosure agreements between CS simulator manufacturers and law enforcement, and mandating the deletion of data incidentally collected from non-targeted devices.7 These new regulations are crucial for protecting the civil liberties of all citizens, but are especially vital for historically disadvantaged communities, like African-Americans, who are frequently subject to disproportionally frequent and aggressive policing.8

Illinois Sets the Bar High with an Exclusionary Remedy

The addition of a Fourth Amendment exclusionary rule for all unlawful use of CS simulators will help deter law enforcement from deploying CS simulators for justifications that do not meet the probable cause threshold.9 The purpose of the exclusionary rule is to incentivize police to exercise careful deliberation required by the Constitution when exercising the investigative prerogative that accompanies their role.10 In turn, prohibiting the use of evidence obtained unlawfully provides relief to defendants who were subjective to illegal surveillance.11  Ultimately, this will help deter the widespread surveillance for routine street crimes that are far below the Department of Justice’s “necessary” threshold.12 A more limited scope for the use of CS simulators will protect the rights of those being surveilled, while promoting and limiting service disruption in heavily surveilled communities where the collateral effects of untrammeled use of the technology are the highest.

Impact of CS Simulators

A reduction in CS simulator surveillance will benefit heavily-surveilled communities, as CS simulators negatively impact the safety of users who are not deliberately targeted by the device, but are within its vicinity.13 A CS simulator emits a signal stronger than those emitted by nearby cell towers, forcing mobile devices within a given coverage area to connect to it in lieu of connecting to the cell tower during CS simulator deployment.14 After the CS simulator attracts the mobile devices within its range, the CS simulator operator will target a particular device and release all others. This process, known as “catch-and-release,” will cause delays in service for all of the phones that attempted to connect to the CS simulator.15 These disruptive service delays can have dire public safety consequences by preventing important communications, such as blocking 911 calls.16 911 calls are said to override the catch-and-release process, but a study from Canada shows that the override does not function up to half the time, effectively blocking 911 calls.17 This high margin of error can be devastating on a community that is frequently surveilled. Moreover, the catch-and-release of other emergency calls, such as those to a doctor or loved one, will be delayed because of the catch-and-release, and could result in similarly concerning consequences, in addition to inconvenience.18

In addition to more drastic public safety concerns, the frequent deployment of CS simulators causes service disruption for the use of mobile devices more generally. CS simulators can degrade cellular service within the area to 2G service, which is required for authentication with the targeted mobile device.19 This will result in the service of every mobile device attempting to connect to be knocked down to the now archaic 2G protocol, resulting in slower data transmission, which harms device functionality. In addition, the strong signals sent by CS simulators that force all mobile devices to connect to it drain the phones’ batteries at a faster than rate than they otherwise would.20 Finally, the catch-and-release attacks on mobile phones result in delayed and dropped calls for all targeted and untargeted phones in the area.21 Though these service disruptions are less harmful to public safety than dropping 911 calls, and may be a necessary tradeoff in a narrow category of high-priority targets, such widespread disruption is a detrimental and inconvenient byproduct of what should be considered illegally broad surveillance. 

Transparency Now Required

The Illinois Citizen Privacy Protection Act also encourages increased transparency by banning non-disclosure agreements between CS simulator manufacturers and law enforcement.22 While lawmakers generally understand how CS simulators function, non-disclosure agreements shroud the specific capabilities of the devices.23 Some prosecutors have gone so far as to drop charges to prevent disclosing technical specifications of certain CS simulators to courts.24 In fact, much of the knowledge of the capabilities of CS simulators has come in the form of leaked instruction manuals, such as for the popular “StingRay” model manufactured by Harris Corporation.25

However, the dearth of information is soon to change. The first-of-its-kind transparency requirement will finally give Illinois decision-makers insight into the precise surveillance capabilities of CS simulators, and how law enforcement agents deploy them. This increased knowledge will allow decision-makers to make more informed decisions relating to citizens’ rights, and allow the populations being surveilled to have a greater understanding of how law enforcement interferes with their privacy and use of mobile devices. Further, more information about the technology behind CS simulators will open the door for technicians to develop methods of surveillance that are less invasive for the un-targeted devices in the area.

Prohibition on Collecting Content

The Illinois law also precludes CS simulators from retaining content of communications by requiring data incidentally collected from non-targeted devices to be deleted.26 It specifically requires that all non-targeted data must be deleted as “reasonably practicable,” within 24 hours of collection from known targeted devices, and within 72 hours of identifying an untargeted device.27 The inclusion of the requirement to delete all non-targeted data is crucial, as it has come to light through the leaking of CS simulator user manuals that CS simulators deployed by law enforcement can capture and retain metadata.28 The capturing of the actual content of communications could have a chilling effect on activities protected by the First Amendment in communities that are targeted on a frequent basis.29 This will be especially true in protests critical of aggressive policing, which often occur in communities that are subject to the most surveillance.30 With the knowledge that this technology is being used by law enforcement, it is crucial for regulations to specifically preclude this behavior. 

Other States Should Follow Suit

Though the Illinois Citizen Privacy Protection Act does not solve all the issues surrounding the harmful deployment of CS simulators, it facilitates scrutiny of deployment; reduces a public safety risk; broadly encourages transparency surrounding the device’s capabilities; and diminishes collateral privacy violations. Other states should follow Illinois in an effort to bring state legislation in line with the Department of Justice’s stated goal of increasing public safety, rather than jeopardizing it by allowing law enforcement’s violation of civil liberties to remain unchecked.

GLTR Staff Member; Georgetown Law, J.D. expected 2018; Ithaca College, B.S. 2009. ©2018, Jeremy Greenberg.