A copy of the contract was obtained from a police department in Tucson, Arizona, which signed the agreement in 2010 with the Harris Corporation, a Florida-based maker of the equipment used by the department. The police department cited the agreement as one of the reasons it withheld information from a journalist who filed a public records request seeking information about the department’s use of the equipment.
“[The Tucson Police Department] and the City of Tucson have allowed Harris Corporation to dictate the City of Tucson’s and TPD’s compliance with Arizona public records law in regards to products and services purchased from Harris Corporation,” notes the ACLU of Arizona in a lawsuit demanding that the police department comply (.pdf) with the journalist’s records request.
The non-disclosure agreement signed by the Tucson Police Department, which went into effect June 7, 2010, not only bars the police department from discussing their use of the surveillance tool with any government entity, it requires the law enforcement agency to notify Harris any time journalists or anyone else files a public records request to obtain information about their use of the tools and also states that the police department will “assist” Harris in deciding what information to release.
The non-disclosure agreement in Arizona states specifically:
The City of Tucson shall not discuss, publish, release or disclose any information pertaining to the Products covered under this NDA to any third party individual, corporation, or other entity, including any affiliated or unaffiliated State, County, City, Town or Village, or other governmental entity without the prior written consent of Harris …The agreement is believed to be the same one that led police in Tallahassee, Florida, to withhold from judges and defendants information about their own use of the spy tool in a 2008 case and at least 200 other times in investigations conducted since 2010. In the 2008 case in Tallahassee, authorities cited the non-disclosure agreement with the maker of their equipment as the reason they did not seek a warrant from a judge to use the equipment.
The City of Tucson is subject to the Arizona Public Records Law. A.R.S. sec 39-121, et seq. While the City will not voluntarily disclose any Protected Product, in the event that the city receives a Public Records request from a third party relating to any Protected Product, or other information Harris deems confidential, the City will notify Harris of such a request and allow Harris to challenge any such request in court. The City will not take a position with respect to the release of such material, beyond its contractual duties, but will assist Harris in any such challenge.
They later refused to tell the suspect’s attorney how they had tracked his client to the apartment where he was arrested. A judge finally forced the government to disclose the surveillance technique they had used, but only after the government insisted the court be closed and assurances that the proceedings would be sealed to prevent the information from leaking to the public. The truth came out only after the defendant appealed his conviction.
The Harris Corporation, a Florida-based company, is the leading maker of stingrays in the U.S. The secretive technology is generically known as a stingray or IMSI catcher, but Harris sells models of stingrays it specifically calls the Stingray and Stingray II. Stingrays are designed to emit a signal that is stronger than nearby cell phone towers in order to force phones in the vicinity to connect to them.
When mobile phones — and other wireless communication devices like air cards — connect to the stingray, it can see and record their unique ID numbers and traffic data, as well as information that points to the device’s location. By moving the stingray around, authorities can then triangulate the device’s location with much more precision than they can get through data obtained from a mobile network provider’s fixed tower location.
Some stingrays have the ability to collect content as well. But U.S. authorities have asserted in the past that they don’t need to obtain a probable-cause warrant to use the devices because the ones they use don’t collect the content of phone calls and text messages but rather operate like pen-registers and trap-and-traces, collecting the equivalent of header information.
The ACLU has long suspected that Harris has been loaning stingrays and other surveillance equipment to police departments for product testing and promotional purposes on the ground that they not disclose their use to courts and the public. The Tucson Police Department purchased its equipment — according to the court record, the department bought at least $400,000 worth of equipment from Harris.
The disclosure agreement signed by the Tucson police came to light after Mohamad Ali Hodai filed a public records request seeking information about the department’s use of the equipment. Hodai, who works as a freelance researcher for the Center for Media and Democracy, filed his records request last October, seeking all records related to the department’s use of the equipment, including emails.
The department withheld many documents from its response, but among the few documents Hodai did receive was a copy of the non-disclosure agreement the department signed with Harris, a redacted purchasing order, and an email dated October 24, 2013 between Dawn Wheeler, contracts manager for Harris, and Sargent Kevin Hall with the Tucson Police Department discussing Hodai’s records request.
In the email, Wheeler advised the officer on what records the police department should redact or withhold from Hodai’s request, in some cases feeding the department the proper laws to cite in its response to the journalist. Accompanying the email, Wheeler helpfully appended the non-disclosure agreement the police department had signed with the company.
The NDA states not only that the department will not disclose certain information about equipment the company makes, but also will not release any information “about the operations, missions … or investigation results, methods or any other information related to or arising out of the use, deployment or application of the Products … that would be deemed a release of technical data….”
It also requires police to tell Harris if a court orders them to disclose information and then to “provide maximum protection of the information” when they do disclose information to the court.
In their response to Hodai, the Arizona police department told him that some of the information he requested was redacted or withheld at the behest and direction of Harris Corporation, while other information was withheld under Federal FOIA exemption laws. An attorney for the police department told Hodai that the police department was obligated to redact any information Harris deemed confidential.
In its lawsuit against the police department on Hodai’s behalf, the ACLU of Arizona accused the department of violating its legal requirement to respond to public records requests.
“The records provided in reply to Mr. Hodai’s initial public records request, and the many that were not provided, demonstrate that the response by Defendants the City of Tucson and the Tucson Police Department were inadequate and failed to satisfy the duties of a public body under Arizona Public Records Law.”