A device capable of intercepting phone signals may have been deployed during the 2024 Democratic National Convention (DNC) in Chicago, WIRED has learned, raising key questions about who authorized its use and what it was used for.

The device, known as a cell site simulator, was discovered by the Electronic Frontier Foundation (EFF), a digital rights advocacy group, after analyzing wireless signal data collected by WIRED during an event in August.

Cell site simulators imitate cell towers to intercept communications and indiscriminately collect sensitive data from all phones within their range, such as call metadata, location information, and application traffic. Their use has drawn widespread criticism from privacy advocates and activists, who believe the technology can be used to covertly spy on protesters and stifle dissent.

The Democratic National Committee meeting comes amid widespread protests over Israel's attack on Gaza. While credentialed influencers attended exclusive yacht parties and VIP events, thousands of demonstrators faced heavy-handed law enforcement, including from the U.S. Capitol Police, Secret Service, Homeland Security Investigations, local Sheriff’s Offices and Chicago Police of officials.

Concerns about potential surveillance prompted Wired to conduct its first-ever wireless investigation into whether cell site simulators are being deployed. Equipped with two rooted Android phones and a Wi-Fi hotspot running detection software, the reporter used Rayhunter (a tool developed by EFF) to detect data anomalies related to these devices. WIRED reporters monitor signals at protest and event sites across Chicago, collecting reams of data during political conventions.

Preliminary testing conducted during the Democratic National Committee showed no conclusive evidence of cell site simulator activity. However, several months later, EFF technicians reanalyzed the raw data using improved detection methods. EFF senior technical specialist Cooper Quintin said the Rayhunter tool stores all interactions between devices and cell towers for deeper analysis as detection technology evolves.

The breakthrough came when EFF technicians applied a new heuristic to examine cell towers requesting IMSI (International Mobile Subscriber Identity) numbers from devices. According to EFF's analysis, on August 18, the day before the convention officially started, a device carried by a "Wired" reporter suddenly switched to a new tower on the way to a hotel where Democratic representatives from Midwestern states in the United States were staying. The tower asks for the device's IMSI and then immediately disconnects - a sequence consistent with the operation of a cell site simulator.

"This is extremely suspicious behavior that a normal tower would not exhibit," Quentin said. He noted that Electronic Frontier Front typically only observes similar patterns during simulated and controlled attacks. "This is not 100 percent undisputed fact, but it is strong evidence that a cell site simulator was deployed. We do not know who is responsible — it could be the U.S. government, foreign actors or other entities."

Under Illinois law, law enforcement agencies must obtain authorization to deploy cell site simulators. Likewise, federal agents — including those from the Department of Homeland Security — must obtain a search warrant unless there is an immediate national security threat. However, a 2023 Department of Homeland Security inspector general report found that the Secret Service and Homeland Security Investigations did not always comply with these requirements.