A Quick and Dirty Guide to Cell Phone Surveillance at Protests

As uprisings over police brutality and institutionalized racism have swept over the country, many people are facing the full might of law enforcement weaponry and surveillance for the first time. Whenever protesters, cell phones, and police are in the same place, protesters should worry about cell phone surveillance. Often, security practitioners or other protesters respond to that worry with advice about the use of cell-site simulators (also known as a CSS, IMSI catcher, Stingray, Dirtbox, Hailstorm, fake base station, or Crossbow) by local law enforcement. But often this advice is misguided or rooted in a fundamental lack of understanding of what a cell-site simulator is, what it does, and how often they are used.

While it is possible that cell-site simulators are being or have been used at protests, that shouldn’t stop people from voicing their dissent. With a few easy precautions by protesters, the worst abuses of these tools can be mitigated.

The bottom line is this: there is very little concrete evidence of cell site simulators being used against protesters in the U.S. The threat of cell site simulators should not stop activists from voicing their dissent or using their phones. On the other hand, given that more than 85 local, state, and federal law enforcement agencies around the country have some type of CSS (some of which are used hundreds of times per year), it’s not unreasonable to include cell site simulators in your security plan if you are going to a protest and take some simple steps to protect yourself.

A CSS is a device that mimics a legitimate cellular tower. Police around the world use this technology primarily to locate a phone (and therefore a person) with a high degree of accuracy, or determine who is at a specific location. There have been reports in the past that advanced CSSs can intercept and record contents and metadata of phone calls and text messages using 2G networks, there are no publicly known ways to listen to text messages and calls on 4G networks however. Cell-site simulators can also disrupt cellular service in a specific area. However, it is very hard to confirm conclusively that a government is using a CSS  because many of the observable signs of CSS use—battery drain, service interruption, or network downgrades— can happen for other reasons, such as a malfunctioning cellular network.

For more details on how cell-site simulators work, read our in-depth white paper “Gotta Catch ‘em All.”

Interception of phone calls and text messages is the most scary potential capability of a CSS, but also perhaps the least likely. Content interception is technically unlikely because, as far as we know based on current security research (that is, research around 2G and LTE/4G networks that does not take into account any security flaws or fixes that might occur in the 5G standard), content interception can only be performed when the target is connected over 2G, rendering it somewhat “noisy” and easy for the user to become aware of. Cell-site simulators can’t read the contents of encrypted messages such as Signal, Whatsapp, Wire, Telegram, or Keybase in any scenari0. 

Police using a CSS to intercept content is legally unlikely as well because, in general, state and federal wiretap laws prohibit intercepting communications without a warrant. And if police were to get a wiretap order from the court, they could go directly to the phone companies to monitor phone calls, giving them the advantage of not having to be in the physical proximity of the person and the ability to use the evidence gathered in court.

One advantage law enforcement might get from using a CSS for content interception at a protest is being able to effectively wiretap several people without having to know who they are first. This would be advantageous if police didn’t know who was leading the protest beforehand. This type of mass surveillance without a warrant would be illegal. However, police have been