The Department of Homeland Security has observed or is aware of “anomalous activity” in the Washington area and outside the region “that appears to be consistent with” the use of cell-site simulators, otherwise known as international mobile subscriber identity (IMSI) catchers. Christopher Krebs, the senior official performing the duties of the DHS under secretary-National Protection and Programs Directorate, sent Sen. Ron Wyden (D., Ore.) a March 26 letter responding to questions that the lawmaker posed to DHS in a November 2017 letter.
In an attachment that responded to specific questions from Mr. Wyden, NPPD said that it “has not validated or attributed” the apparent cell-site simulator activity “to specific entities or devices.” But it said the findings were shared with DHS’ federal partners.
The answers responded to questions from Mr. Wyden about whether DHS has “seen any evidence of foreign IMSI catchers” operating in the Washington area or other major U.S. cities.
In its response, NPPD said that it “agrees that the use of IMSI catchers by foreign governments may threaten U.S. national security and economic security.”
It also said that “NPPD is not aware of any current DHS technical capability to detect IMSI catchers. To support such a capability, DHS would require funding to procure, deploy, operate and maintain the capability, which includes the costs of hardware, software, and labor.” The lack of such capability also applies to fourth-generation 4G/LTE IMSI catchers, NPPD said.
“Use of IMSI catchers by malicious actors to track and monitor cellular users is unlawful and threatens the security of communications, resulting in safety, economic, and privacy risks,” Mr. Krebs said in his one-page letter. “Overall, NPPD believes the malicious use of IMSI catchers is a real and growing risk.”
Civil liberties groups and lawmakers have complained about state and local use of cell-site simulators by law enforcement agencies.
“Leaving security to the phone companies has proven to be disastrous and shows yet again why it is critically important to protect strong encryption to safeguard Americans’ private information,” Sen. Wyden said in a statement. “Despite repeated warnings and clear evidence that our phone networks are being exploited by foreign governments and hackers, FCC Chairman [Ajit] Pai has refused to hold the industry accountable and instead is prioritizing the interests of his wireless carrier friends over the security of Americans’ communications.”
In 2014, then-FCC Chairman Tom Wheeler established a task force to target the illegal use of cell-site simulators (TRDaily, Aug. 12, 2014).
An FCC spokesman said today that Commission staffers continue “to monitor any developments for IMSI devices. The task force no longer meets regularly.”
He added that “the FCC’s only role is certifying whether these devices meet our requirements for controlling radio interference and emissions in the same way that the FCC certifies all other devices that use airwaves, like cell phones and Wi-Fi. The FCC does not have jurisdiction relative to the legal authorization for use of the devices.” —Paul Kirby, firstname.lastname@example.org