ICE used ‘stingray’ cell phone snooping tech hundreds of times since 2017

I wonder if they are using these devices because they cannot legally conduct surveillance at the service providers’ premises.

Is there any documentation on how these devices work? How do they impersonate the legitimate cellphone network stations, and how do they connect to the legitimate station in order to relay the data? As far as I know none of the cellphone standards provide true end-to-end encryption and even transit encryption is known to be weak, especially with the older standards. But is the authentication scheme broken as well?