Michigan State Police defend use of data-extraction tool for cell phones

ACLU told FOIA request for records would cost $500K

The Michigan State Police is being challenged by the American Civil Liberties Union over its use of cell phone data extraction technology.

The portable device, manufactured by Israel-based Cellebrite, can extract personal data from 95 percent of cell phones on the market, as well as from GPS devices, in less than two minutes, reported NetworkWorld.

MSP has defended its use of the technology, saying it has been used only with warrants in cases of serious crimes. But it has not yet supplied records via Freedom of Information Act requests, and in one case requested more than a half-million dollars to fulfill the request.

The Cellebrite UFED Forensic System can extract a variety of information, including contacts, text messages, deleted texts, location information, call history, audio and video recordings, phone details, such as the phone number, and, on some handsets, complete memory dumps. According to the manufacturer, it is used by law enforcement, intelligence agencies, military and governments in 60 different countries.

In a letter from the Michigan ACLU, the organization said the police initially requested $544,680 to disclose under the Freedom of Information Act how and when the devices are being used, with a $272,340 deposit first.

“In order to reduce the cost, the ACLU of Michigan narrowed the scope of its request. However, each time the ACLU submitted more narrow requests, MSP claimed that no documents exist for that time period and then it refused to reveal when the devices were used, so a proper request could be made,” said the release.

In a response, the department said it only uses the devices if a search warrant has been obtained or if the user gives consent.

“The department’s internal directive is that the DEDs only be used by MSP specialty teams on criminal cases, such as crimes against children. ... The DEDs are not being used to extract citizens' personal information during routine traffic stops,” said the release. The department further noted that the devices used by the police cannot download information without the officer possessing the handset.

The department also defended the cost of the requests, noting that, “as with any request, there may be a processing fee to search for, retrieve, review, examine, and separate exempt material, if any.”

Similar data privacy complaints have been brought up recently with the Justice Department, which is fighting legislation to tighten privacy laws on e-mail in the cloud, reported Wired.

Current law  the Electronic Communications Privacy Act, adopted in 1986 — is based on decades-old technology. Under the law, officials can obtain and access a cloud e-mail without a warrant if it is older than 180 days, although a warrant is needed if the e-mail is stored on a hard drive.

“At that time, e-mail left on a third-party server for six months was considered to be abandoned, and thus enjoyed less privacy protection,” said David Kravets, author of the Wired article.

A coalition of technology companies, including Google, AOL and AT&T, spoke this month to the Senate Judiciary Committee on the topic, arguing that the law should treat both types of e-mail the same.

About the Author

Kathleen Hickey is a freelance writer for GCN.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Tue, Apr 26, 2011

The department further noted that the devices used by the police cannot download information without the officer possessing the handset. ???? False. The Cellebrite UFED can scrape info via Bluetooth.

Tue, Apr 26, 2011 Paul

The point here is that we only have their word about it. If they are following their guidelines, then I'm all for it but they need to be able to fulfill the FOIA requests and it shouldn't cost that much to extract if they are keeping proper electronic records. All search and seizures require documentation for use in court so this shouldn't be a problem.

Tue, Apr 26, 2011

Do you actually believe that MSP will only use it for serious crimes ? Time will tell.

Tue, Apr 26, 2011

A lot of Police agencies are using Celebrite. And yes it is a lot like going thru a purse or wallet of someone arrested. It is only being done with consent or a warrant

Tue, Apr 26, 2011

The issue is that the MSP were using the tool on phones of anyone arrested without their knowledge. Are you comfortable with the police searching through your wallet and phone if you get arrested? In some cases the police simply asked "can we look at your phone" and the answer was "yes", not realizing that they consented to a full data dump.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group