"StingRay" FOIA Release Shows Continuing FCC FOIA Problems
“Stingrays, also known as ‘cell site simulators’ or ‘IMSI catchers,’ are invasive cell phone surveillance devices that mimic cell phone towers and send out signals to trick cell phones in the area into transmitting their locations and identifying information. When used to track a suspect's cell phone, they also gather information about the phones of countless bystanders who happen to be nearby.”
The magazine reports that “ A heavily redacted copy of a 2010 user manual covering both StingRay and KingFish devices was delivered by the FCC last week”. When they say “ heavily redacted copy” they weren’t kidding! Here is a sample of what was released:
But lest we be seen as too critical of FCC here, let’s first report 2 positive aspects of what has happened:
- The magazine actually got the release directly from FCC. This is a real improvement. We previously described a FOIA request to FCC for documents Motorola had submitted to FCC explaining why multiple units of hardware they made had caused interference to NOAA weather radars. In that case, FCC apparently allowed (requested?) Motorola to redact the documents any way they wanted and just send us whatever they thought was appropriate. We received the redacted copy directly from Motorola! In the present case, Harris Corp may have controlled all the redactions, but at least FCC wrote a cover letter and sent it to the magazine.
FCC Discovers and Starts Complying with 2007 FOIA Amendment
- FCC now finally recognizes the requirement of Section 12 of the OPEN Government Act of 2007 that “the exemption under which the deletion is made, shall be indicated at the place in the record where such deletion is made.” As can be seen in examples of previous FCC FOIA releases below, including even one by the FCC Inspector General, this statutory provision has been consistently ignored by FCC previously. (Perhaps Harris Corp.’s lawyers read the FOIA legislation better than FCC staff or Motorola staff in previous cases?)
Ignoring Obama/DOJ FOIA Guidance - See, FCC Really is Independent!
In the recent Net Neutrality issue there has been consistent recurring accusations that FCC takes secret orders from the Obama White House. Such accusations have even been echoed by the 2 Republican commissioners. Well, this excessive fealty to the Obama White House may be disproven by FCC consistent and ongoing dismissal of the concepts in President Obama’s publicly stated FOIA policy: On his first full day in office, President Obama signed the Memorandum on Transparency and Open Government calling for unprecedented openness and transparency in government and declaring information maintained by the Federal Government is a national asset. Here is an excerpt:
The Freedom of Information Act should be administered with a clear presumption: In the face of doubt, openness prevails. The Government should not keep information confidential merely because public officials might be embarrassed by disclosure, because errors and failures might be revealed, or because of speculative or abstract fears. Nondisclosure should never be based on an effort to protect the personal interests of Government officials at the expense of those they are supposed to serve. In responding to requests under the FOIA, executive branch agencies (agencies) should act promptly and in a spirit of cooperation, recognizing that such agencies are servants of the public.
All agencies should adopt a presumption in favor of disclosure, in order to renew their commitment to the principles embodied in FOIA, and to usher in a new era of open Government. The presumption of disclosure should be applied to all decisions involving FOIA.
This memorandum is not binding on FCC as an independent agency, and it is pretty clear that it has been almost completely ignored. So much for FCC’s alleged total fealty to the Obama White House!
Consistent Excessive Redactions
There have been a few recent cases where documents requested under FOIA were released by FCC and then released with fewer redactions. This allows a direct view of when FCC was redacting and whether it was justified. (By contrast, the document released by the FCC IG shown above has never been released in a less redacted form so one can only guess at whether the redactions were actually legitimate. However, we have previously speculated that this document was over redacted in some places and under redacted in others.)
Below is a Motorola submission to FCC in conjunction with the enforcement action concerning interference from Motorola equipment to NOAA weather radars. This was released, actually mailed by Motorola to your blogger after a FOIA request to FCC. Following it is a less redacted version after your blogger appealed to the full Commission and waited a year:
(Click on above images to expand the document)
Another pair of releases comes in the enforcement action concerning Google’s Spy-Fi operation and its legality. The top document is the document with redactions by Google that FCC nodded at when it released the document. After a public outcry, Google released the lower document with minimal redactions. Now that we can see what redactions FCC authorized/condoned in the upper document, were those redactions consistent with the law? Was it consistent with President Obama’s nonbinding guidance to FCC (but binding on Executive Branch agencies)?
A suggestion to readers: Compare the first redaction in the above 2 cases with the 2nd version. You can see the exact words that FCC redacted (or condoned the submitting party’s redaction) and see if you can find any plausible justification in the FOIA legislation for such redaction? If you happen to agree with your blogger that these redactions have no plausible justification, please communicate such to FCC leadership.
If CIA Has an Online Reading Room of Prior FOIA Releases, Why Not FCC?
While FCC claims to have a “Freedom of Information Act Electronic Reading Room” that allegedly includes “Records disclosed in response to a FOIA request that ‘the agency determines have become or are likely to become the subject of subsequent requests for substantially the same records”, past FOIA releases are not readily available. FCC does not post previous FOIA requests and resulting releases except in very rare cases. Try to find the StingRay release on the FCC website, for example! (Although we must admit that in one case FCC released to us a document someone else had FOIA’s in only 3 days after we requested it! By contrast, CIA, NSA, FBI, and NRC do post previously released documents regardless of whether they are embarrassing to the agencies.
Remaining StingRay Issue: Who Authorized Its Use per § 301 or § 305?
While it appears that FCC made a minimal/slight attempt to comply with the FOIA request that asked for the StingRay information, there is another key spectrum policy issue here that has been unanswered dealing with StingRay: Who authorized its use under § 301 of the Communications Act? Use by a state or local law enforcement agency requires some sort of § 301 authorization. There are 2 obvious possibilities:
- FCC has been giving licenses to state/local law enforcement organizations under waivers
- State/local law enforcement agencies have been leasing spectrum from cellular carriers
What about StingRay use by federal agencies, e.g. FBI or DEA? Such use could have been authorized by NTIA pursuant to § 305 and § 902 of the Communications Act. NTIA is not known for transparency. But since StingRay almost certainly transmits in cellular bands (note that even this was redacted in the manual provided in response to the FOIA request), NTIA authorization would have required coordination with FCC pursuant to an interagency agreement. (The basic terms of this agreement have been in place since 1940 and have been strictly adhered to by both agencies.) So if anyone wants an exercise in frustration, feel free to FOIA FCC on correspondence with NTIA on permitting its use by federal agencies.
Maybe it is also time for an independent review of FCC FOIA practices?
UPDATE - Wild Inconsistency of FCC Redactions
After thinking about this for a while, your blogger wondered about the complete redaction of any quantitative data such as frequency and power in the redacted material that FCC finally released. How could this data be exempt from FOIA? So we took the FCC ID of the FOIA request, NK73092523, and went to the FCC “Authorization Search” page.
It was amusing to note that all the routine application documents were listed but virtually all were granted confidentiality and none had links available. Even 6 documents that were not granted confidentiality were missing:
- “Revised ID Label”
- “Final Request for Confidentiality of Harris Corporation”
- “Revised RF Exposure 850MHz”
- “Revised RF Exposure 1900MHz”
- “Revised Test Report 1 of 2”
- “Revised Test Report 2 of 2”
But even more surprising was the official FCC equipment authorization grant which at the time of this writing can be access with this link. (Don’t be surprised if it disappears quickly.) The grant is shown above right and clicking on it will yield a larger image. It clearly shows the bands in which StingRay operates and the powers and modulations - all information redacted from the document FCC delivered for the FOIA request!
Why the wild inconsistency? There are hints throughout this issue that FBI is involved. Matthew Keys, the journalist behind the FOIA request, provided us with this statement:
“During the FOIA process, I was told that an outside agency was assisting the FCC in its fulfillment of the requested documents. Specifically, the outside agency was helping the FCC determine what information should be made public and what information should be redacted. To date, the FCC has refused to tell me the name of the outside agency.”
Note the grant contains a cryptic condition: “State and local law enforcement agencies must advance coordinate with the FBI the acquisition and use of the equipment authorized under this authorization.” In posted e-mail correspondence with FCC on the FOIA request, a delay due to an “outside agency” is mentioned. Also mentioned is an NDA between FBI and a local police department -- although it is hard to see how that was germane to the FOIA issue.
-So perhaps FBI, not Harris, actually redacted the document.
-Perhaps this explains the long processing of the FOIA request?
-This might explain why the redacted paragraphs are marked properly even though FCC had perviously ignored that requirement in FOIA releases. FBI may comply more with the letter of the FOIA legislation than FCC does.
-Perhaps FBI was more stubborn than FCC and demanded near total redaction even though the basic technical data was already public and the law and Obama Administration policy (binding on FBI but not FCC) did not allow such extreme redaction?
-Perhaps FBI did not know the information was already public in the grant?
-Perhaps FBI was so pig headed and arrogant in demanding total redaction that FCC didn’t bother to tell them about this contradiction? The world wonders.
Oh what a tangled web we weave,
When first we practise to deceive!
- Sir Walter Scott, Marmion, Canto vi. Stanza 17.
But this inconsistency is not unlike the FOIA release of the IG “porno” report: In that report parts were over redacted and parts were under redacted allowing identification of groups that were under suspicion for porno access from FCC computers. Further indication of long term basic FOIA problems at FCC.
UPDATE - 4/11/15
UK’s The Guardian has now also written about StingRay. They go into detail about the NDA’s between FBI and local police, presumably of no concern to FCC although FCC conditioned equipment authorization on user agreement with FBI in each case.
They also found a total of 5 different StingRay models with FCC equipment authorization and show the FCC grants with the frequencies and powers listed. The same information that was redacted in the StingRay manual FOIA!