The article mentions active catchers "requires RF transmission, which violates FCC laws (and international equivalents) and is detectable"... except...
... couldn't one build a 'modern' IMSI catcher with a CBRS LTE band 48 small cell and their own LTE infrastructure and be above-board legal anyways?
No, because the devices now do authentication of the base station. You would need to issue sim cards with your own service (and then obviously you could track your own carrier's users). Cannot just force other devices to connect to it that are on different carriers. 2G they didn't do this so the malicious base station could just lie about what it was and encourage devices to connect.
... couldn't one build a 'modern' IMSI catcher with a CBRS LTE band 48 small cell and their own LTE infrastructure and be above-board legal anyways?