This is part two of a three-part series on automotive privacy that runs through December. Read the previous article here.
The crime was horrific. In 2019, an Ohio man filed a lawsuit against his wife, parents, and aunt, citing growing tensions with his in-laws over money and financial pressure from expensive gifts he had bought over the years. He was charged with shooting himself in the head. mistress.
Prosecutors relied heavily on expert testimony from a little-known automotive forensics company, Berla, in their defense. The employee testified that the FBI asked him to use the company’s technology to extract data from Singh’s car. The technology allows law enforcement to examine information such as text messages, GPS locations, emails, call logs, photos, videos, contact lists, and social media feeds. It’s grainy, like when a car door opens.
FBI digital forensic examiners followed Mr. Singh on the witness stand and said after analyzing data on the car’s hard drive that Mr. Singh’s car was at the crime scene at 9:09 p.m. The witness said he heard gunshots in the apartment between 9:30 p.m. and 9:30 p.m.
While data collected from cars doesn’t always paint a perfect picture (the jury in Singh’s case was deadlocked and he awaits a retrial next year), Verla’s use of technology could improve law enforcement surveillance. It raises controversial questions about how much privacy consumers should sacrifice for the sake of empowerment. Ability to solve crimes.
This practice is a sign of the complexities embedded in car data privacy, as many citizens are unaware that their car data can be easily siphoned off by companies working with law enforcement, sometimes without a warrant. It will shed light on the problem.
And this problem will only grow as automakers build computers into cars that collect and process vast amounts of data.
In-vehicle computer systems “are essentially cell phones at this point,” said Sean McKeever, senior security specialist at Grimm, a cybersecurity firm focused on automotive cyber. “The difference is that my phone never leaves my pocket. To access my data on my phone, you have to go to me, but my car has to be towed to access it. It’s a stable target that can.”
Your go-to source for vehicle forensics
Many police departments don’t mention their investigative tools, but a quick search for Berla on the Web reveals that the company’s products are widely used. For example, law enforcement officials in San Diego, San Antonio, and Anne Arundel County, Maryland, have spoken publicly about the value they have gained from Berla’s tools.
Berla has competitors, but none seem to match its capabilities or work with law enforcement. That software is not publicly available.
The Maryland-based company has been in the spotlight for a while, but it has taken on new relevance in the wake of a data privacy class action lawsuit in Washington state. The company’s capabilities and marketing statements are highlighted in the complaint against five automakers that are said to be able to use Berla software in their systems. Access your driver’s text messages and other data. A Seattle-based federal judge ruled last month that the practice did not violate state privacy laws. The law requires victims to prove that “their business, their person, or their reputation” is threatened.
Despite the controversy, Berla CEO Ben LeMere has never been shy about introducing his products.
“From the Paris bombings to the shootings in Chattanooga, Tennessee, and San Bernardino, we have supported nearly every major terrorism investigation in the last year,” he told the International Military Communications and Electronics Association in 2016. .
Police can extract mobile phone data transferred to the car through the infotainment center. Image: Unsplash/Swansway Motor Group
Many in law enforcement seem to agree with Berla’s marketing slogan: “Incredible amounts of data. Endless possibilities.” The company’s services are extensive and can even enable law enforcement to search vehicle profiles from a mobile phone. As of March 2022, the most recent data available, Berla’s software worked on 20,752 of his vehicles.
Police can use Berla’s tools to access a car’s navigation system, possibly without a warrant. If a driver syncs their mobile phone with the car’s infotainment center, police can also extract mobile phone data transferred to the car while the vehicle is connected.
The Department of Homeland Security began working with Berla in 2013, connecting the company with multiple state and local police departments. U.S. Customs and Border Protection, an agency of DHS, reportedly paid more than $450,000 for five Berla vehicle forensics kits, according to a contract reported by The Intercept in 2021. A spokesperson for the agency did not respond to a request for comment, and a DHS spokesperson said: We are no longer affiliated with that company.
According to a surveillance disclosure statement posted on the San Diego Police Department’s website, the Berla software used by the company stores information in a car’s infotainment and telematics system, including vehicle events, location data, and data from connected devices. It is said that the data obtained is obtained.
The document defines vehicle events as things like “door opening/closing, ignition operation, seatbelt use,” along with a date/time stamp and “vehicle’s GPS location at the time of the event.”
“There may be equipment connected to the vehicle that is unrelated to the specific criminal case,” the web disclosure states.
Despite being such a powerful investigative tool, Berla’s software is relatively inexpensive, at least for smaller institutions. In 2021, a San Antonio television station quoted local sheriff Javier Salazar as saying the department paid the company just $15,000 for a contract that lasted at least two years.
Vehicle inspection and the constitution
Nearly 100 years ago, the U.S. Supreme Court established a motor vehicle exception to the Constitution’s protection against unreasonable searches and seizures. Today, this exception allows police to “search a vehicle’s computer system without authorization and extract vast amounts of cell phone data,” according to a paper published earlier this year by a professor at the William & Mary School of Law. means that it is allowed.
Professor Adam Gersowitz said: “Just as police can rip up seats or slash tires to search for drugs under the motor vehicle exemption, they can also use the vehicle’s infotainment system to search for drugs. “Tesla meets the fourth generation,” Professor Adam Gersowitz writes in an article titled “Tesla Meets the Fourth Generation.” Fixed. “
There is no such exception for mobile phones, and police are not allowed to search them without a warrant. Gershowitz said precedent for the motor vehicle exception dates back to the bootlegging era, when law enforcement searches were limited to illegal physical items such as mugs of alcohol. At the time, the vehicle’s maneuverability was used to justify the warrantless search, he said.
“This precedent was never intended for a world where what was in the car wasn’t something tangible like drugs, bootleg alcohol or firearms,” Gershowitz said in an interview. “We now live in a world where cars are stuffed with vast amounts of data.”
Gershowitz’s 51-page article cites Barra 74 times and says advanced digital extraction techniques will become commonplace among law enforcement agencies (sometimes without a warrant). They argued that state and federal laws were needed to address the practice.
Gershowitz said the issue deserves more attention, citing court decisions in at least six states that show police have downloaded data from vehicles without a warrant.
“Given that there are approximately 18,000 law enforcement agencies nationwide, it is likely that many police departments allow officers to extract data from vehicles without authorization,” Gershowitz said. mentioned in the article.
John Davison, director of litigation at the Electronic Privacy Information Center, agreed that vehicle searches were unfairly conducted to a relatively low legal standard and that there was no need for a warrant.
“If information obtained using Berla later leads to a criminal prosecution, the evidence will be excluded if law enforcement lacked the requisite reasonable suspicion or probable cause at the time the data was exposed. “It’s possible,” Davison said. “But as a practical matter, police can certainly get that data in the first instance because there is no judge on scene when law enforcement is stopping a vehicle.”
computer on wheels
Berla declined to comment for this article, but Lemaire has spoken openly about the software in the past, and in one case his team removed 70 cell phones from the infotainment system of a rented Ford Explorer. He told a podcast interviewer that he had extracted data from the site, collected call records and contact information. , SMS history, and even his Facebook and his Twitter posts.
“When you sit down and read the text messages, it’s pretty funny,” he says.
In another now-deleted podcast, Lemaire even more bluntly stated that many of the people using the infotainment systems he studied were “not doing anything wrong, but they were prostitutes and assaulters.” “It’s pretty funny to see people text and demand answers.” Go to NBC News.
A big problem with data extraction at scale is that it is largely unknown to most people.
“Most people who use their cars to send text messages are aware that their cars are processing the data,” said Cody Wehnke, senior policy adviser for surveillance, privacy, and technology at the ACLU. I don’t think I’m surprised,” he said. . “What’s surprising to them is that that information is retained.”
According to McKeever, data retention stems from the fact that cars have essentially become computers.
“Just like any other computer, what’s stored there remains a file,” he said of infotainment centers and other systems. “Automotive computers use the same basic technology as regular computers, and some even use the same operating systems.”
McKeever said data retention is difficult to avoid given the way computers work, but manufacturers can “make it easy for customers to delete that information.”
He said today’s computerized car features were not built with consumer privacy in mind. He said enforcing privacy would cost millions of dollars, supply chain changes could cost years’ worth of money, and it would not be an easy problem to solve.
Previous public statements from LeMere say the automaker is well aware of the mountain of data it stores and what Berla’s products can do.
He has spoken in the past about his close relationships with automakers and their suppliers, and at a Department of Homeland Security event in 2016, he spoke about how Verla customers can easily access their technology when they need it. said it provides security expertise to manufacturers.
He told the audience that he would only do business if infotainment system manufacturers agreed to give law enforcement access to their products.
“When we go out and do presentations, it’s really a double-edged sword. Everyone is immediately scared to death and doesn’t want to plug anything into their car again,” Lemaire said. “But I hope you guys don’t try to kill anyone, so it’ll work out.”
recorded future
intelligence cloud.
learn more.
There are no past articles
There are no new articles
Suzanne Smalley is a reporter covering privacy, disinformation and cybersecurity policy at The Record. She previously worked as a cybersecurity reporter at Cyber Scoop and Reuters. Early in her career, Suzanne covered Boston police for the Boston Globe and covered two presidential campaigns for Newsweek. She lives in Washington with her husband and her three children.