Michigan State Police defend use of data-extraction tool for cell phones
ACLU told FOIA request for records would cost $500K
- By Kathleen Hickey
- Apr 25, 2011
The Michigan State Police is being challenged by the American Civil Liberties Union over its use of cell phone data extraction technology.
The portable device, manufactured by Israel-based Cellebrite, can extract personal data from 95 percent of cell phones on the market, as well as from GPS devices, in less than two minutes, reported NetworkWorld.
MSP has defended its use of the technology, saying it has been used only with warrants in cases of serious crimes. But it has not yet supplied records via Freedom of Information Act requests, and in one case requested more than a half-million dollars to fulfill the request.
The Cellebrite UFED Forensic System can extract a variety of information, including contacts, text messages, deleted texts, location information, call history, audio and video recordings, phone details, such as the phone number, and, on some handsets, complete memory dumps. According to the manufacturer, it is used by law enforcement, intelligence agencies, military and governments in 60 different countries.
In a letter from the Michigan ACLU, the organization said the police initially requested $544,680 to disclose under the Freedom of Information Act how and when the devices are being used, with a $272,340 deposit first.
“In order to reduce the cost, the ACLU of Michigan narrowed the scope of its request. However, each time the ACLU submitted more narrow requests, MSP claimed that no documents exist for that time period and then it refused to reveal when the devices were used, so a proper request could be made,” said the release.
In a response, the department said it only uses the devices if a search warrant has been obtained or if the user gives consent.
“The department’s internal directive is that the DEDs only be used by MSP specialty teams on criminal cases, such as crimes against children. ... The DEDs are not being used to extract citizens' personal information during routine traffic stops,” said the release. The department further noted that the devices used by the police cannot download information without the officer possessing the handset.
The department also defended the cost of the requests, noting that, “as with any request, there may be a processing fee to search for, retrieve, review, examine, and separate exempt material, if any.”
Similar data privacy complaints have been brought up recently with the Justice Department, which is fighting legislation to tighten privacy laws on e-mail in the cloud, reported Wired.
Current law — the Electronic Communications Privacy Act, adopted in 1986 — is based on decades-old technology. Under the law, officials can obtain and access a cloud e-mail without a warrant if it is older than 180 days, although a warrant is needed if the e-mail is stored on a hard drive.
“At that time, e-mail left on a third-party server for six months was considered to be abandoned, and thus enjoyed less privacy protection,” said David Kravets, author of the Wired article.
A coalition of technology companies, including Google, AOL and AT&T, spoke this month to the Senate Judiciary Committee on the topic, arguing that the law should treat both types of e-mail the same.
Kathleen Hickey is a freelance writer for GCN.