U.S. judge denied feds a month-long warrant to snoop on the phones of thousands of Ohio residents
A U.S. magistrate judge last month denied to issue a search warrant allowing federal agents to snoop on the phones of "thousands of uninvolved, unsuspecting individuals" across Ohio in an effort to identify a suspected criminal's device, a rare rebuke by a court blocking the use of a cell-site simulator.
In the ruling, the judge said the federal government wanted to deploy a cell-site simulator that would have allowed "access to the information of thousands of individuals in the Akron, Ohio area," but refused the warrant on grounds that it would have allowed federal agents to "gain unbridled discretion to examine the movements of private citizens at all times for thirty days."
It's unclear which federal agency brought the warrant application, dated June 15, 2026, as much of the docket remains sealed from public view, nor did the magistrate judge disclose the agency.
The court's decision also offers a rare view into how the government seeks to use cell-site simulators during law enforcement investigations, which includes surveilling people who have no connection to crime. It's not known how many similar warrants the government has sought across the U.S. and how many have been granted.
News of the warrant's denial was first covered by Forbes ($), which this week reported that a growing number of U.S. police departments are seeking access to cell-site simulators in roving form, such as packing these surveillance devices into vehicles that allow police to snoop on entire neighborhoods.
Police in New Mexico, New York, and Texas have already bought so-called "spy vans," equipped with cell-site simulators, as have federal immigration authorities, including ICE.
How cell-site simulators work
Cell-site simulators, also known as "stingrays," are controversial in part because they are shrouded in secrecy, and treated as a trade secret. These surveillance devices are sold to law enforcement and federal agencies, which are bound by non-disclosure agreements that prevent officials from publicly discussing how they use these devices.
In some cases, police departments and prosecutors would rather drop criminal charges than have to disclose in court or public hearings about how cell-site simulators work.
Cell-site simulators imitate cell towers so that nearby cellular devices, like phones, tablets, and vehicles, will connect to the simulator instead of a legitimate cell tower. This allows the simulator to collect information about the devices over a large geographic area, including each device's international mobile subscriber identifier, or IMSI, which is unique to the cell subscriber.
Civil liberties and privacy advocates have long criticized the use of cell-site simulators as they invariably collect information about every phone in the nearby area, subjecting large numbers of entirely innocent people to surveillance.
~this week in security~ is my weekly cybersecurity newsletter supported by readers like you. Please consider signing up for a paying subscription starting at $10/month for exclusive articles, analysis, and more.
Or, you can submit a one-time tip to show your support!
Recent stories include: Reframing smart glasses as 'pervert glasses' | Dozens of America's largest companies have no simple way to report security flaws | Will Oura say how many government demands it gets for user data? | A beginner's guide to analyzing the network traffic of apps and websites
Law enforcement use these suitcase-sized devices in two ways.
A cell-site simulator can be used to locate a specific nearby phone when law enforcement already have the unique identifier of the device that they're looking for.
This might allow law enforcement to use the IMSI number of a missing person or criminal suspect, for example, to more accurately pinpoint the location of their device over a large area — if it is in range of the cell-site simulator.
Or, a cell-site simulator can be used to identify an unknown device, such as a burner phone. Authorities may know that a certain device has been used for crime, but still have to link the phone to a specific person to bring criminal charges.
With a "canvassing" warrant, the authorities can use a cell-site simulator to cast a digital net that collects a large number of unique device identifiers, usually across several locations where a suspect is believed to be, and then use a process of elimination to identify the unique identifiers of any devices present at all of the locations. With those identifiers narrowed to a handful or just one or two, the authorities can request the owner's personal information from the cell carriers.
It was a "canvassing" warrant application that the judge in Ohio turned down.
Judge rules warrant application was 'overbroad'
In this recent case, the feds say they established that a criminal suspect allegedly used one or more phones for criminal activity across Akron, but wanted to use a cell-site simulator to determine who owned the phones.
Per the judge's order, the feds said that they believed uncovering the identity of the cellular device (or potentially more) would uncover further evidence of criminal activity.
The federal agents asked the court to issue a canvassing warrant so they could deploy a cell-site simulator at five locations across Akron where the suspect was believed to be located, so that they could collect reams of phone identifiers from the nearby areas to see which of them — presumably belonging to the suspected criminal — appeared in all five places.
These locations included near to the suspect's residence, and the suspect's daytime and overnight location, as well as two other densely populated locations that the suspect frequently visited.
The magistrate judge ruled this surveillance wasn't allowed, in part because the five locations identified by the feds' warrant were also in "close proximity to a university, a hospital, numerous shops, and restaurants." The judge said that the government did not provide the court with details about the coverage areas of the cell-site simulator that they wanted to deploy, or an estimate of how many people the warrant would ensnare as a result.
The judge concluded that the Fourth Amendment bars "overbroad" search warrants and denied the application.
Thank you so much for reading ~this week in security~! I hope you enjoyed and found this article helpful. If you like it, please share a link on your social media! Please email me with any feedback, questions, or comments about this article: this@weekinsecurity.com.