On February 22, 2015, the Washington Post ran an article about the arrest of Florida man Tadrae McKenzie. The facts of the case were relatively unremarkable: Mr. McKenzie was arrested on March 6, 2013 by the Tallahassee Police Department. Mr. McKenzie was charged with robbery with a deadly weapon, a first degree felony. If convicted, Mr. McKenzie would have faced a prison sentence of up to 30 years. However, luckily for Mr. McKenzie, this was not to be. Before his trial began, the state of Florida offered him a plea bargain under which he agreed to plead guilty to a lesser charge (second-degree misdemeanor) and serve six months probation.
On its face, this seems like a routine story of a small-time criminal who got a lucky break from the criminal justice system. So why did it attract the attention of a national newspaper like the Washington Post? The answer lies in the reason behind Florida’s the plea agreement offer to Mr. McKenzie. If this case had gone to trial, the state of Florida would have been forced to disclose to Mr. McKenzie and the public information about a surveillance device known as a “Stingray” (sometimes called an “IMSI-catcher”). 
So what is a StingRay? To explain this, the Post’s article included a helpful infographic. Essentially, StingRays take advantage of a security flaw in older 2G cell signals to gain access to data stored in nearby cell phones. Unlike the newer 3G and 4G cell signals, 2G cell signals do not authenticate the cell phone towers with which they communicate. To gain access to nearby cell phones, a StingRay blocks 3G and 4G cell signals, which forces cell phones in the area to switch to 2G. They then send out a cell signal that imitates a genuine cell phone tower, which causes cell phones within range to connect with the StingRay instead of an actual tower. Once the phone is connected, the stingray can pull metadata such as call history and location data, all without the owner’s knowledge.
It is this last part–lack of notice to the cell phone owners–that most worries civil rights advocates due to privacy concerns. Moreover, according to documents obtained by the Electronic Privacy Information Center (EPIC) through FOIA, this is often done without first obtaining a warrant. The FBI does not have a uniform national policy that identifies the legal authority under which it collects information using StingRay devices because Federal District Courts are split on the question of whether information collected using a StingRays falls under the third-party doctrine. According to the FBI, some federal courts have determined that government agencies must show probable cause and obtain a warrant before conducting surveillance, while others merely require that government agencies meet the more lenient requirements contained in the Stored Communications Act, 18 U.S.C. § 2703. At the state level, governments have been generally skeptical of the use of devices like StingRays without warrants. So far, eight legislatures–Illinois, Indiana, Maryland, Minnesota, Tennessee, Utah, Virginia and Wisconsin–have passed laws requiring warrants for tracking devices like Stingrays. The supreme courts of Florida and Massachusetts have handed down decisions to that effect as well.
While I share the concerns of organizations like EPIC, I find that a more troubling aspect of this story is the extent to which Florida used its prosecutorial discretion as a tool to protect the StingRay’s secrecy. One of the fundamental tenets of the criminal justice system is that punishment should be dealt in a way that gives fair and equal treatment under the law. If the likelihood of a plea offer in a case is determined primarily on the basis of whether the police apprehended the defendant with the assistance of a StingRay, it would undermine the legitimacy of the criminal justice system as a whole. This problem will likely grow more pronounced as StingRays become more common and the frequency of plea agreements like Mr. McKenzie’s increases.
Of course, it is possible that a court case will come up where a plea agreement is not possible or the defendant refuses to settle. Perhaps, if this happens, it will finally force information regarding StingRays into the open, where the public can finally have an informed debate about their use.
 Currently, the FBI requires that law enforcement agencies sign a Non-Disclosure Agreement before obtaining a StingRay from its manufacturer, Florida-based Harris Corporation. According to the FBI, the NDA is necessary to maintain the StingRay’s effectiveness as a crime-fighting tool.
 StingRay devices are outside the scope of the Riley decision since that case concerned cell phones that are actually seized by police in a search. The Supreme Court has not yet ruled on the subject of cell phone tracking using StingRay devices.
 The Florida case had not yet been decided at the time of Mr. McKenzie’s arrest.