The secrecy and unconstitutionality of these Man In The Middle devices, e.g. "stingrays", has caught some attention. The EFF and ACLU have submitted an amicus brief in the Rigmaiden case; and EPIC, who after filing a FOIA in February and receiving a grossly redacted 67 out of 25,000 (6,000 classified) pages on the "stingray" devices, is now requesting a district judge expedite disclosure of all documents. Some Judges also seem wary of the "stingray", having expressed concerns that their use violates the Fourth Amendment; and additionally, that information explaining how the technology is used remains too obscure.
Perhaps the most controversial aspect of ISMI-catchers is their several-kilometer range. When a "stingray" is used to spoof a cellphone tower, thousands of innocent users may be collaterally involved. And while the government claims to delete all gathered data unrelated to the target, it also means no one else can know what that data really was. The government claims that because only attributes of calls — but not their content — are captured in the attack, search warrants aren't necessary. The use of a pen-register (outgoing) and trap & trace (incoming) device, requires little more than a mewl of penal curiosity before a court, and no warrant or follow-up on the case is needed. The pen/trap seems unwieldy enough, as the EFF explains:
Most worrisome, we've heard some reports of the government using pen/trap taps to intercept content that should require a wiretap order: specifically, the content of SMS text messages, as well as "post-cut-through dialed digits" (digits you dial after your call is connected, like your banking PIN number, your prescription refill numbers, or your vote for American Idol). intercept information about your Internet communications as well.
Precisely what data these "stingrays" collect will hopefully be soon revealed through such efforts as those of EPIC.
It should be noted that the Stingray is one of multiple devices with the same application. The Stingray and several others are trademarks of the Harrison Corporation. Some are quite pricey ($75,000), and others are, as mentioned last year by a Slashdot reader, peculiarly affordable — and available.
For a more comprehensive overview of the subject, see the WJS article in the primary URL.