A secret tool lets police conduct mass surveillance using app data

Spread the love


Advertisement



AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Advertisements

Police from around the country have been using data culled from thousands of apps for suspect surveillance, often without search warrants.

The tool, known as “Fog Reveal” uses advertising identifaction numbers from apps such as Starbucks and Waze. It's sold by Fog Data Science LLC to target ads based on a person's location and interests.

Law enforcement agencies from all levels of government have been using Fog Reveal. The report says it's rarely mentioned in court records, and sometimes not at all. Defense attorneys say this makes it difficult to defend their clients in cases that involve the tool.

Fog Data Science

Fog Data Science was formed by two former high-ranking officials in the Deparment of Homeland Security under former President George W. Bush. It purchases raw geolocation data from around 250 million devices collected by tens of thousands of apps, then aggregates it into a searchable database containing “billions of data points.”

Fog then provides access into this database to law enforcement as a subscription that can start at $7,500 per year. The company claims the data is anonymized, saying it has no way of linking it back to specific devices or owners.

Analysis can identify individuals

The company often parters with Venntel, Inc., a data broker that also works with law enforcement. Together, they can work to gain further insight into peoples' lives, such as home addresses “and other clues that help detectives figure out people's identities.”

Using the data, police can create a geofence around specific areas during an investigation. They can also search a specific device's ad ID number.

Investigators can enter location coordinates into Fog Reveal to see which device IDs were found near a crime scene, going back as far as 180 days. However, emails from a Fog representative reveal the data can go back as far as June 2017.

Even if there is no crime scene, Fog boasts in marketing materials that it can offer police “predictive analytics” that claim to predict future hotspots of crime. The company says that it can provide real-time data on the daily movements of people with their trackable smartphones.

According to the Electronic Frontier Foundation, this mass surveillance is a violation of the Fourth Amendment which protects Americans from unreasonable search and seizures. In one case, Carpenter v. United States, the U.S. Supreme Court ruled that the Fourth Amendment requires police to obtain a warrant before seizing historical location data from phone companies.

Location data and its use

Documents reveal that Fog claims its tool uses data willingly given up by people, even though apps collect data most often without consent. Features such as App Tracking Transparency can be considered consent for advertising.

Data passes through many hands. Users and sometimes even some app makers, have no awareness of their data being sold to law enforcement.

Letter from Fog Data Science

Letter from Fog Data Science

Megan Adams, a Starbucks spokesperson, said the company wasn't aware that its advertising data was used in this manner.

“Starbucks has not approved Ad ID data generated by our app to be used in this way by Fog Data Science LLC,” said Adams. “In our review to date, we have no relationship with this company.”

A spokesperson from Waze said much the same as Starbucks.

“We have never had a relationship with Fog Data Science, have not worked with them in any capacity, and have not shared information with them,” said Waze.

It's reasonable to assume that one's data has been collected inside Fog's database. People can use adblockers and make sure the toggle is off within Settings > Privacy & Security > Tracking on iPhones. Ultimately though, it's up to local, state, and federal governments to limit this and enact — and enforce — strong privacy legislation.

Author: Subham

Leave a Reply

Your email address will not be published. Required fields are marked *