Plaintiff sued because the Baltimore Police Department used a cell site simulator to locate him, and that violated the Fourth Amendment. The district court’s findings are based on an inadequate record and the case is remanded for more factfinding. Andrews v. Baltimore City Police Dep’t, 2020 U.S. App. LEXIS 9641 (4th Cir. Mar. 27, 2020):
More recently, the Supreme Court has directed us to take special care in evaluating the reach of new technologies into protected areas. See Carpenter, 138 S. Ct. at 2223 (“[T]he Court is obligated—as ‘subtler and more far-reaching means of invading privacy have become available to the Government’—to ensure that the ‘progress of science’ does not erode Fourth Amendment protections.” (alterations omitted) (quoting Olmstead v. United States, 277 U.S. 438, 473-74, 48 S. Ct. 564, 72 L. Ed. 944 (1928) (Brandeis, J., dissenting))); see also Riley v. California, 573 U.S. 373, 386, 393, 395, 134 S. Ct. 2473, 189 L. Ed. 2d 430 (2014) (noting that searches of cell phones “bear[] little resemblance” to traditional searches because “[c]ell phones differ in both a quantitative and a qualitative sense” due to their ability to store “a digital record of nearly every aspect of [a person’s] li[fe]—from the mundane to the intimate”); United States v. Jones, 565 U.S. 400, 415-16, 132 S. Ct. 945, 181 L. Ed. 2d 911 (2012) (Sotomayor, J., concurring) (urging judicial caution where a new method of monitoring “is cheap in comparison to conventional surveillance techniques and, by design, proceeds surreptitiously” because such a method “evades the ordinary checks that constrain abusive law enforcement practices: ‘limited police resources and community hostility.'” (quoting Illinois v. Lidster, 540 U.S. 419, 426, 124 S. Ct. 885, 157 L. Ed. 2d 843 (2004))).
Absent a more detailed understanding of the Hailstorm simulator’s configuration and surveillance capabilities, we cannot address the issues necessary for resolution of this case. Despite the government’s use of a sophisticated, wide-reaching, and hard-to-detect new surveillance tool—one with potentially significant implications for constitutional privacy—we know very little about how many searches it conducted, of whom, and what data it collected and stored. We thus cannot strike the appropriate “balance between the public interest and the individual’s right to personal security free from arbitrary interference by law officers” that is central to the Fourth Amendment analysis. Pennsylvania v. Mimms, 434 U.S. 106, 109, 98 S. Ct. 330, 54 L. Ed. 2d 331 (1977) (internal quotations omitted). We therefore remand this matter so that the district court may resolve certain factual issues and, if necessary, provide updated conclusions of law as to whether the Hailstorm simulator’s use was a constitutional violation. Specifically, on remand, the district court is directed to conduct factfinding into the following characteristics of the Hailstorm cell site simulator:
(1) The maximum range at which the Hailstorm simulator can force nearby cellular devices to connect to it.
(2) The maximum number of cellular devices from which the Hailstorm simulator can force a connection.
(3) All categories of data the Hailstorm simulator may collect from a cellular device, regardless of whether such data is displayed to the Hailstorm simulator’s operator in the course of locating a target phone, including by way of example and without limitation: cellular device identifiers (such as international mobile equipment identity (“IMEI”) numbers, international mobile subscriber identity (“IMSI”) numbers, and electronic serial numbers (“ESN”)); metadata about cellular device operations (such as numbers dialed or texted, or webpages visited); and, most especially, the content of voice or video calls, text messages, emails, and application data.
(4) What data in (3) may be stored by the Hailstorm simulator.
(5) What data in (4) are accessible by law enforcement officers.
(6) All means by which the Hailstorm simulator was configured to minimize data collection from third party cellular devices not belonging to Andrews.
Furthermore, on remand, the district court should make findings as to whether—aside from the non-disclosure agreement between BPD and the FBI—BPD had, at the time of its application for the Pen Register Order, any formal or informal policies, practices, or procedures that prevented BPD officers seeking a warrant or pen register/trap and trace order from stating to the reviewing magistrate that a cell site simulator would be used.
techdirt: Appeals Court Tells Baltimore PD To Start Coughing Up Information About Its Cell Site Simulators Privacy by Tim Cushing:
The Baltimore Police Department was an enthusiastic early adopter of cell site simulator technology. In 2015, a Baltimore detective admitted the department had deployed its collection of cell tower spoofers 4,300 times since 2007.
The best estimate on how many of those 4,300 deployments ever showed up in court documents remains near zero. The Baltimore PD hid its deployments behind pen register orders, ensuring judges and defendants never knew the departments was using cell site simulators to track down suspects.
A little bit of information has reached the public domain in recent years, showing the Baltimore PD was more willing to toss cases than expose its use of Stingray devices. Judges were willing to toss cases too, once it was determined these secret deployments violated the Fourth Amendment.
