Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Senators Push to Reform Police’s Cellphone Tracking Tools

Civil rights lawyers and Democratic senators are pushing for legislation that would limit U.S. law enforcement agencies’ ability to buy cellphone tracking tools to follow people’s whereabouts, including back years in time, and sometimes without a search warrant.

Civil rights lawyers and Democratic senators are pushing for legislation that would limit U.S. law enforcement agencies’ ability to buy cellphone tracking tools to follow people’s whereabouts, including back years in time, and sometimes without a search warrant.

Concerns about police use of the tool known as “Fog Reveal” raised in an investigation by The Associated Press published earlier this month also surfaced in a Federal Trade Commission hearing three weeks ago. Police agencies have been using the platform to search hundreds of billions of records gathered from 250 million mobile devices, and hoover up people’s geolocation data to assemble so-called “patterns of life,” according to thousands of pages of records about the company.

Sold by Virginia-based Fog Data Science LLC, Fog Reveal has been used since at least 2018 in criminal investigations ranging from the murder of a nurse in Arkansas to tracing the movements of a potential participant in the Jan. 6 insurrection at the Capitol. The tool is rarely, if ever, mentioned in court records, something that defense attorneys say makes it harder for them to properly defend their clients in cases in which the technology was used.

“Americans are increasingly aware that their privacy is evaporating before their eyes, and the real-world implications can be devastating. Today, companies we’ve all heard of as well as companies we’re completely unaware of are collecting troves of data about where we go, what we do, and who we are,” said Sen. Ed Markey, a Massachusetts Democrat.

Panelists and members of the public who took part in the FTC hearing also raised concerns about how data generated by popular apps is used for surveillance purposes, or “in some cases, being used to infer identity and cause direct harm to people in the real world, in the physical world and being repurposed for, as was mentioned earlier, law enforcement and national security purposes,” said Stacey Gray, a senior director for U.S. programs for the Future of Privacy Forum.

The FTC declined to comment specifically about Fog Reveal.

Matthew Broderick, a Fog managing partner, told AP that local law enforcement was at the front lines of trafficking and missing persons cases, but often fell behind in technology adoption.

“We fill a gap for underfunded and understaffed departments,” he said in an email, adding that the company does not have access to people’s personal information, nor are search warrants required. The company refused to share information about how many police agencies it works with.

Advertisement. Scroll to continue reading.

Fog Reveal was developed by two former high-ranking Department of Homeland Security officials under former President George W. Bush. It relies on advertising identification numbers, which Fog officials say are culled from popular cellphone apps such as Waze, Starbucks and hundreds of others that target ads based on a person’s movements and interests, according to police emails. That information is then sold to companies like Fog.

Federal oversight of companies like Fog is an evolving legal landscape. Last month, the Federal Trade Commission sued a data broker called Kochava that, like Fog, provides its clients with advertising IDs that authorities say can easily be used to find where a mobile device user lives, which violates rules the commission enforces. And a bill introduced by Sen. Ron Wyden that is now before Congress seeks to regulate the way government agencies can obtain data from data brokers and other private companies, at a time when privacy advocates worry location tracking could be put to other novel uses, such as keeping tabs on people who seek abortions in states where it is now illegal.

“It wasn’t long ago that it would take high-tech equipment or a dedicated group of agents to track a person’s movements around the clock. Now, it just takes a few thousand dollars and the willingness to get in bed with shady data brokers,” said Wyden, an Oregon Democrat. “It is an outrage that data brokers are selling detailed location data to law enforcement agencies around the country — including in states that have made personal reproductive health decisions into serious crimes.”

Because of the secrecy surrounding Fog, there are scant details about its use. Most law enforcement agencies won’t discuss it, raising concerns among privacy advocates that it violates the Fourth Amendment to the U.S. Constitution, which protects against unreasonable search and seizure.

Advocates on both sides of the aisle should be concerned about unrestricted government use of Fog Reveal, said former Virginia Republican Rep. Bob Goodlatte, who previously served as U.S. House Judiciary Chairman.

“Fog Reveal is easily de-anonymized tracking of Americans’ daily movements and location histories. Where we go can say a lot about who we are, who we associate with, and even what we believe or how we worship,” said Goodlatte, who now works as a senior policy advisor to the Project for Privacy and Surveillance Accountability. “The current political climate means that this technology could be used against people left, right and center. Everyone has a stake in curbing this technology.”

The New York Police Department used Fog Reveal at its Real Time Crime Center in 2018 and 2019, a previously undisclosed relationship confirmed by public records. A spokesperson said in an emailed statement that the NYPD used Fog on a trial basis, “strictly in the interest of developing leads for criminal investigations and lifesaving operations such as missing persons.” The department did not say if it was successful in either scenario.

Two nonprofits that have supported privacy rights cases in New York City said the tool exploited consumers’ personal data and was “ripe for abuse,” according to Surveillance Technology Oversight Project Executive Director Albert Fox Cahn.

“The lack of any meaningful regulation on the collection and sale of app data is both a consumer and privacy crisis,” Legal Aid Society Staff Attorney Benjamin Burger wrote in a recent post. “Both federal and state governments need to develop policies that will protect consumer data.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.