Cell-phone snoopers: Privacy Eliminator turns police Do Want to Shouldn't Have

Civilians would play games and snoop a little; copy snoop wholesale and play games with the Constituttion

What is it with Brits and the compulsion to hack other people's cell phones?

Does no one remember the bullet Rupert Murdoch put through the head of News of the World to keep it from spilling its guts about more than a decade of routine hacking into the voice mails of celebrities, politicians, ordinary people in juicily dangerous situations and 13-year-old girls who had already been kidnapped and murdered and didn't need any more indignities heaped on them by News Corp?

Do they not remember Tuesday, when British cops arrested Rebekah Brooks, the top editorial executive in News Corp.'s British news division for trying to cover up the hacking?

Of course, I reflexively admire people like Daniel Stuckey, who are able to see something expensive, illegal, corrosive to the health of constitutional democracies everywhere and think only of getting one of his own to play with.

OK, so do a lot of other people, especially when the gadget is a cool, covert spy thing.

Usually they don't go through with it, at least if the spy thing is particularly expensive, complicated or sensitive enough to make an amateur spook compulsively interesting in a long-term, covert-surveilling, civil-right-violating way to professional spooks.

Stuckey appears not to have considered the reflex that causes police and covert intelligence organizations to take a permanent, unhealthy interest in anyone trying to get personal copies of tools that make spooks particularly happy.

What he did think was "Do Want," after spotting a a press release about London's Metropolitan Police Service buying several ACESO data-extraction systems from RadioTactics USA.

ACESO is a cell-phone data sucker of the king that allows police departments to collect every bit of data from a suspect's cell phone quickly and easily, even without having to arrest someone first.

Instead they use these wickedly cool but ethically questionable machines designed to swipe copies of personal data from the phones of both criminals and "innocent" people (more police believe in elves than in innocent civilians who obviously need to have the data sucked from their phones simply because they posess both phones and data.

(Most police depts. that use these hardware taps – which download contact lists, apps, data, logs detailing phone calls, texts, emails and any other organized bits on the phone – aren't quite that arbitrary about whose phone they shake down. Well, ok, they are, according to the NYT. But they claim not to be; however inaccurately.)

According to his account, Stuckey didn't need to think about what he'd do with the data sucker. He just wanted one to test, play with and lord over other geeks who hadn't been able to get ahold of one for even long enough to run out of things (legitimate-ish things) to do with it.

Having it for long enough to get bored turned out not to be a problem.

Even after pleading journalism (he told the company he was going to test it for a story and review about it, not rebuild the phone-hacking empire of News of the World).

Aesco sells the devices to the FBI, CIA, various state police departments, but not to civilians and definitely not to journalists.

The devices are common enough in the U.S. to prompt serious protests from the ACLU and other civil-rights groups.

Police agencies are sensitive enough about data suckers that, when ACLU asked the Michigan State Police for documentation showing who made the decision to buy the Aceso devices, why and what the MSP did with them, it tried to charge half a million dollars to retrieve and assemble the documents and require a deposit of $272,000 to share any portion of the documents.

"The MSP's estimated cost of $544,680 for retrieval and assembly of these documents for the entire period that five of these devices have been in the MSP's position is, in our view, extraordinarily high," ACLU wrote in a complaint to the Michigan State Police.

The MSP probably didn't notice. State police have more exciting things to do than listen to psychotically understated expressions of discontent from civil rights groups.

The MSP only uses the devices when they have a warrant, the agency responded in a public statement.

It eventually admitted it was worried someone might misinterpret the agency's possession of five devices whose only purpose is to quickly and irresistibly suck all the secret data out of cell phones without necessarily letting the owner know.

"The implication by the ACLU that the MSP uses these devices 'quietly to bypass 4th Amendment protections against unreasonable searches is untrue, and this divisive tactic unjustly harms police and community relations," a spokeswoman said.

Stuckey didn't get into that dust-up, but did predict that British police would adopt the devices at least as quickly as U.S. cops did.

There are few rules or standards of conduct written or altered specifically to deal with the risk of illegally searching and seizing a perp's Angry Birds score and game log, even in the U.S.

The Fourth Amendment rule against search and seizure without cause should prevent most uses without a warrant. That doesn’t mean it will actually stop, or even slow down their use, however.

The ACLU charges that the silence and stonewalling makes even possessing the phone a problem for police agencies, which are no strangers as a class to the temptation to overstep one's boundaries in search of evidence (or the phone number of an attractive driver during a traffic stop).

The only thing to do, if you get stopped and it looks as if your phone will be sucked is to delete everything on it using a newish feature in Settings to wipe the phone.

The Android app Whispercore will do something similar, as will Blackberry Enterprise Server, Stuckey wrote.

What none of them will do is make sure the flash memory on cell phones has actually been blanked, not just marked for deletion.

Flash memory in cell phones and USB drives or other devices are notorious for the near-impossibility of deleting files thoroughly enough to actually make them disappear.

Forensic apps can find data unharmed even after many passes by "secure" data shredders.

Data suckers like Aceso don't have the kind of forensic functions available to investigators. They get around that need by simply pulling in everything and letting someone else sort it out later.

That, if you were paying attention during civics class, is an almost perfect example of what not to do under the 4 th Amendment, but police agencies are doing it anyway.

So many people stuff so much of their lives into their cell phones the best way police can get to know someone quickly (or their evil deeds) is to pull those lives off their phones and stash it away in case they ever need it for anything.

Sure it's unconstitutional, but it's more convenient for the police.

And cops aren't that different from geeks or journalists. They see a thing like a slick cell-phone data sucker and think "Do Want," whether wanting or using the thing is legal or not.

The difference is that even a sales rep could say 'no' to Daniel Stuckey's request to buy one of the things.

Not even a big, politically effective organization could get the Michigan State Police to even admit what they were doing with the things, let alone provide any details for less than half a million dollars.

That's the other major reflex of police organizations with a cool data-gathering technology – they want to know every detail of why a civilian would want a secret cell-phone data sucker, but want at least as much to keep from having to admit to anyone at all what they're doing with the things themselves.

Sounds like a News of the World scandal in the making to me. Except, instead of abuses that hurt a small segment of the celeb-o-sphere, data suckers in the hands of street cops, G-men and spooks will lead to large-scale violations of civil rights available to anyone who has ever been stopped for a moving violation, at least in Michigan.

Good thing the victims will never know what happened to their data; it would just make them worry. And would cost half a million dollars for them to find out.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies