How a Stingray Collects Your Phone's Data
The Washington Post has published an excellent article on the secrecy surrounding the use - and, in some cases, apparent misuse - of "Stingray" devices. These are devices designed to "trick" cell phones into thinking they are legitimate cell phone communication towers and forcing the phones to attach to them, giving those operating the devices access to your call records, cell phone tower access history, as well as the the content of your stored text messages.
While the article is well worth reading, it also contains an excellent graphic representation - republished below - of precisely how Stingrays work. In shooting terms, these devices eschew the "precision fire" of targeting a single person or phone and relies on an electronic "beaten zone" - anyone in that area is intercepted and redirected. While the original target can have their data isolated later for use in whatever criminal case is being created, anyone in the area is forced to attach to the fake tower and has their data gathered.
Please take the time to read the article but, if you do nothing else, review the diagram below to see how easily this can effect you, even if you've done nothing wrong and aren't the intended target of the surveillance. You simply need to be in the vicinity of the person being targeted. Note that the phone does not have to be in use to be forced onto the tower and accessed.
There has not yet been a Supreme Court case to challenge the constitutionality of the mass-collection of this personal data (unsurprising, since the referenced WaPo article shows local judges have been refused access to details of their use) but supporters of it point to a Supreme Court ruling which declared there can be no presumption of privacy for records freely revealed to a third party (your phone company, for example). It seems laughable to say that having your electronic device automatically perform a task required for its basic functionality constitutes "freely revealing records," but that very argument was used - successfully - for attorneys arguing for warrantless searches of cell phone location data in the U. S. Fifth Circuit Court of Appeals.
Aside from encrypting your texts and not storing any call logs, there is little that can be done to prevent your data from being accessed. Since law enforcement agencies and the manufacturer remain tight-lipped about technical details, it is also unknown if even that is enough to ensure privacy or what other data can be gleaned from citizens' ubiquitous smart phones. We are left only with assurances by those who have withheld information and sometimes outright lied to us that they are "immediately discarding" data collected in such a fashion.
In short, there can be no expectation of privacy. This is the country we live in now, and it will remain so - and likely worsen - until "we, the people" force a meaningful change.