Sensitive employer information may be the subject of secret Government prying. With the pervasive use of smart phones in business today, and with those phones containing confidential personal and business information, law enforcement has the ability to take information from those smart phones without an employer’s knowledge.
Most law-enforcement agencies have the ability to deploy cell-site simulators, known as “stingrays,” “kingfish” or cell site simulator, in public places which imitate cell phone towers and capture the locations, identities, calls, texts, and emails of mobile phone users. This device is a small rectangular device that is small enough to fit into a suitcase. In the last two years, both federal and local law enforcement have deployed these devices, often without obtaining a warrant and also without informing the public that they even have this ability.
On September 3, 2015, however, the Department of Justice issued a new policy that generally requires federal agencies to obtain a search warrant to deploy these devices. For employers, this would seem to be welcome news. Federal law enforcement agents now should have a harder time using these simulators without a warrant.
Nevertheless, while this new policy appears to be a positive step in protecting employers’ confidential data, the exceptions to this policy are broad and have the potential for abuse. For example, federal law enforcement does not need to obtain a warrant if there is a need to prevent the imminent destruction of evidence or in “other exceptional circumstances.” Even more troubling, in the policy document, the Department of Justice says that law enforcement agencies already were satisfying the requirements of the policy. This seems to condone and ratify the previous warrantless use of these simulators. It raises the concern that the Department of Justice may find a way to exploit loopholes in the policy.
There are some protections against abuse, however. The Department of Justice must keep track of the number of times it uses these exceptions for future audits. In addition, the new policy prohibits federal agents from collecting actual data from these phones. In other words, federal law enforcement should not be able to read email or text messages. Also, federal law enforcement must erase any information it obtains once per day or as soon as it is done with it, whichever comes first.
This policy does not apply to other federal agencies or to the many state and local police departments that have recently purchased these devices. Moreover, this policy does not apply to other digital tools used by law-enforcement like video cameras, license-plate readers, drones, programs that scan billions of phone records and gunshot sensors. While some of these tools have invited resistance from municipalities and legislators on privacy grounds, the vast majority of states and municipalities allow unrestricted use of these devices.