The bill adds a new §3119 to Title 18 that makes it unlawful to knowingly use a cell‑site simulator in the United States, with a statutory fine for violations and an exclusionary rule barring evidence obtained in violation of the prohibition. It preserves a pathway for law enforcement and intelligence use under tightly circumscribed warrants or orders, and lists multiple narrow exceptions (emergency use, testing/training, correctional contraband interdiction, FCC testing, and certain foreign‑intelligence authorities).
For professionals: the measure transforms how agencies must authorize, document, and mitigate the collateral effects of IMSI‑catcher operations. It imposes specific warrant application disclosures (FCC compliance, third‑party lab inspections, expected area/time, disruption risks), a 30‑day default authorization with limited extensions, destroy/mitigation requirements, a private civil cause of action, and mandated inspector‑general reporting—plus a 2‑year phased effective date (3 years for existing models if AG certifies testing needs).
At a Glance
What It Does
The bill makes unauthorised use of cell‑site simulators illegal, conditions lawful use on court warrants or specified statutory exceptions, requires written certifications and technical disclosures in warrant applications, limits initial authorizations to 30 days, and bars evidence from unlawful uses. It tasks the Attorney General and FCC with operational rules and requires annual IG reporting.
Who It Affects
Federal, state, and local law enforcement that operate or receive access to cell‑site simulators; members of the intelligence community where U.S. persons may be surveilled; correctional facilities using contraband‑interdiction systems; manufacturers and accredited testing labs that certify device behavior; and judges who will evaluate specialized warrant applications.
Why It Matters
This bill substitutes a statutory framework for largely ad hoc policy: expect operational, legal, and procurement changes across agencies, technical certification demands on vendors, and new litigation risk for agencies and private parties when devices are misused or disclosures are delayed.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The Cell‑Site Simulator Warrant Act makes the use of devices that mimic cellular base stations (often called IMSI‑catchers or cell‑site simulators) unlawful in the United States unless a narrow statutory pathway is followed. For standard law‑enforcement uses, the bill requires a court‑issued warrant; for intelligence uses that target U.S. persons, parallel FISA orders or compliance with FISA requirements apply.
The statute attaches a civil fine for violations and an exclusionary rule that generally precludes the admission of information obtained through unlawful uses—though evidence may be admitted in a proceeding about the unlawful use itself.
Warrants must be specific and technical. An applicant must show other investigative techniques have failed or are impracticable or dangerous, define the likely area of effect and operation time, certify the request is the narrowest reasonably possible, and demonstrate FCC compliance.
Warrant authorizations are limited to periods necessary to accomplish the objective and, in no case, more than 30 days; courts may grant extensions in additional 30‑day increments after a fresh showing. The application must disclose anticipated disruptions to mobile services, whether the device will be used where protected speech is expected, and a third‑party accredited lab inspection certifying that the simulator model behaves as described.The bill permits limited exceptions: narrowly drawn emergency uses (with a 48‑hour backstop to seek a warrant and strict termination/destruction rules if a warrant is denied), controlled testing and training under Attorney‑General procedures, correctional‑facility contraband interdiction (subject to FCC compliance, signage, testing, and reporting), FCC and accredited‑lab testing, and certain FISA‑authorized foreign‑intelligence activities.
It requires the Attorney General to promulgate minimization procedures to limit acquisition, retention, and dissemination of non‑target data and to publish those procedures publicly. If non‑target information is collected, agencies must minimize and destroy it as soon as practicable.Enforcement and oversight provisions create new civil remedies (statutory damages up to $500 per violation, actual damages, injunctive relief, and attorneys’ fees), administrative discipline triggers for agency employees involved in serious violations, and annual joint IG reports to Congress—unclassified with a classified annex—covering usage counts, emergency uses, numbers of targeted and non‑targeted devices, and intergovernmental sharing of equipment.
The statute also directs the FCC to initiate any rulemakings necessary to implement the law within 180 days and phases the law in over two years (three for preexisting models if the Attorney General needs more time for independent testing).
The Five Things You Need to Know
The bill criminalizes knowing use of a cell‑site simulator in the U.S. (and limits certain intelligence uses abroad) and sets a maximum civil fine of $250,000 for violators.
Evidence gathered through an unlawful cell‑site simulator operation is inadmissible in judicial, administrative, and legislative proceedings, with a narrow exception allowing admission in proceedings alleging the illicit use itself.
Warrants for law‑enforcement use must specify area/time, certify other methods have failed or are impracticable, include FCC‑compliance disclosures, and be limited to no more than 30 days (extensions permitted in additional up to‑30‑day increments).
Emergency use is allowed but must be followed by an application for a warrant within 48 hours (except certain search‑and‑rescue scenarios); if the warrant is later denied, data must be destroyed and inventories provided to named individuals.
The act creates a private civil cause of action (actual damages, statutory damages up to $500 per violation, injunctive relief, and attorneys’ fees), mandates annual joint IG reporting, and directs the FCC to begin related rulemaking within 180 days.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
General prohibition, penalty, and evidence exclusion
The bill establishes a statutory ban on knowingly using a cell‑site simulator in the United States, and limits certain intelligence community uses of such devices abroad when the target is a U.S. person. It imposes a maximum fine of $250,000 for violation and creates an exclusionary rule: information obtained in breach of the prohibition, and derivative evidence, is generally inadmissible in any federal, state, or local proceeding. The exclusion is narrowly qualified to permit admission of information in proceedings that challenge the unlawful use itself.
Warrant framework and specific application requirements
Law‑enforcement use is lawful only under a court‑issued warrant complying with Federal Rules (or state/military equivalents). The application must show other investigative techniques were tried and failed or are unlikely or dangerous, specify the simulator’s likely area of effect and operation time, certify the request is as narrow as reasonably possible, and detail FCC compliance. Practically, this forces agencies to collect technical and operational facts before applying and gives judges explicit statutory factors to weigh when authorizing disruptive radio operations.
30‑day limit, extensions, and automatic termination
A warrant may not authorize use longer than necessary and in any event not more than 30 days; courts may grant extensions up to 30 days after a fresh showing. Each warrant and extension must include an execution/termination provision; the 30‑day clock begins either when use first starts or 10 days after the warrant is issued, whichever is earlier. These provisions place an affirmative time‑boxing discipline on operations that historically could be effectively open‑ended under internal policies.
Emergency exception with 48‑hour warrant backstop and destruction rules
The bill allows emergency law‑enforcement use when immediate danger, organized‑crime conspiracies, or national‑security threats make waiting for a warrant impracticable. Except for certain search‑and‑rescue or disaster scenarios, agencies must apply for a warrant within 48 hours. If a subsequent application is denied, the statute requires destruction of gathered information and inventories served on named applicants; agencies must stop using the device once the information sought is obtained or the warrant is denied. This creates a tight operational timeline and a high compliance bar for after‑the‑fact judicial review.
Disclosure, certification, notice, and minimization obligations
Warrants must disclose potential disruptions to emergency services and other critical communications, and include a third‑party accredited lab inspection certifying the device model’s behavior. Courts can delay notice on ex parte showing of good cause, but otherwise must order inventories to affected persons within 90 days. The Attorney General must adopt and publish minimization procedures to limit acquisition/retention/dissemination of non‑target data; agencies must follow these rules and destroy non‑target data at the earliest opportunity. Together, these provisions impose technical certification, public notice, and data‑sanitation duties previously handled in policy memos.
Exceptions, FISA integration, and testing/training allowances
The statute preserves narrow exceptions: FISA‑compliant foreign‑intelligence activities, bona fide research/teaching by non‑governmental actors, protective‑services missions, correctional contraband interdiction systems (subject to FCC compliance, signage, annual testing, and reporting), routine testing/training under AG procedures, and FCC/accredited‑lab testing. The bill amends FISA to fold the cell‑site simulator requirements into FISA application standards, so orders authorizing simulator use must meet similar disclosure, minimization, and technical certification requirements.
Civil remedy, administrative discipline, IG oversight, FCC rulemaking, and phased implementation
The bill creates a private civil action with actual damages, statutory damages (up to $500 per violation), injunctive relief, and attorneys’ fees; it also requires agencies to pursue disciplinary proceedings when courts find willful or intentional violations. Four Inspectors General must issue an annual joint report (public with classified annex) on compliance, counts of applications/grants/emergencies, and device targeting and collateral collection. The FCC must open any necessary rulemakings within 180 days. The statutory provisions take effect two years after enactment, with a possible three‑year delay for models in use before enactment if the Attorney General needs more time for independent testing.
This bill is one of many.
Codify tracks hundreds of bills on Privacy across all five countries.
Explore Privacy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Individual mobile users and protestors — gain statutory protection against warrantless IMSI‑catcher sweeps, explicit notice rights, and a private cause of action to pursue damages and injunctive relief.
- Privacy and civil‑liberties organizations — receive codified minimization rules, mandatory public AG procedures, and IG reporting that together increase transparency and create enforcement levers.
- Telecom consumers and public‑safety services — benefit from required FCC compliance disclosures and third‑party certification designed to limit unintended service disruption to emergency calls and critical communications.
- Judges and courts — obtain clear statutory factors and technical disclosures to evaluate whether disruptive radio surveillance is justified, creating a defined standard for judicial review.
Who Bears the Cost
- Federal, state, and local law enforcement agencies — must change operational procedures, collect technical certifications, seek more judicial approvals, train personnel, and potentially face fines, civil suits, or internal discipline.
- Correctional facilities and private vendors operating contraband‑interdiction systems — must meet signage, testing, FCC compliance, annual evaluations, and incident reporting obligations, which will raise procurement and compliance costs.
- Manufacturers and accredited testing labs — face demand for third‑party inspections and certification of device models, along with potential liability and reputational risk if models fail to perform as disclosed.
- The FCC and DOJ — must allocate staff and resources to new rulemaking, certification guidance, AG minimization procedures, and oversight activities required by the statute and the 180‑day rulemaking deadline.
Key Issues
The Core Tension
The central dilemma is practical: how to protect privacy and prevent indiscriminate radio surveillance while preserving a legal, operational pathway for rapidly locating suspects or saving lives in emergencies. Tight judicial limits and technical safeguards reduce collateral harm but can delay or complicate time‑sensitive law‑enforcement work; looser exceptions speed response but risk normalized mass collection of location and device data.
The bill stitches technical, constitutional, and administrative threads into a single statutory regime, but several practical and legal tensions remain. First, the law depends on accurate technical certifications from accredited labs to predict disruptive effects and verify device behavior; that regime will be effective only if the FCC moves quickly to define standards and labs have the necessary access and testing methodologies.
Second, the evidence exclusion and fine structure create mixed incentives: exclusion protects privacy but may prompt agencies to cite operational exigencies or classify activities to avoid judicial exposure; the $250,000 fine is civil and may be insufficient as a deterrent for larger agencies unless combined with aggressive civil litigation or internal discipline.
Implementation raises operational headaches. The 30‑day limit and 48‑hour emergency backstop create tight time pressures that may be realistic for short, targeted locates but hard to meet for complex investigations.
The obligation to destroy non‑target data as soon as practicable depends on robust technical logging and proof of destruction—auditable chains that agencies will need to build. IG reporting will improve transparency, but classified annexes and the potential for national‑security redactions may limit public accountability.
Finally, coordination with FISA authorities creates parallel regimes; agencies operating under both statutes will need clear internal rules to avoid conflicting requirements or inadvertent overcollection.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.