Powerful Mobile Phone Surveillance Tool Operates in Obscurity Across the US
POWERFUL MOBILE PHONE SURVEILLANCE TOOL OPERATES IN OBSCURITY ACROSS THE COUNTRY
CellHawk helps law enforcement visualize large quantities
of information collected by cellular towers and providers.
UNTIL NOW, the Bartonville, Texas, company Hawk Analytics and
its product CellHawk have largely escaped public scrutiny. CellHawk has
been in wide use by law enforcement; the software is helping police
departments, the FBI, and private investigators around the United States
convert information collected by cellular providers into maps of people’s
locations, movements, and relationships. Police records obtained by The
Intercept reveal a troublingly powerful surveillance tool operated in
obscurity, with scant oversight.
CellHawk’s maker says it can process a
year’s worth of cellphone records in 20 minutes, automating a process that used
to require painstaking work by investigators, including hand-drawn paper plots.
The web-based product can ingest call detail records, or CDRs, which track
cellular contact between devices on behalf of mobile service providers, showing
who is talking to whom. It can also handle cellular location records, created
when phones connect to various towers as their owners move around.
Such data can include “tower dumps,” which
list all the phones that connected to a given tower — a form of dragnet
surveillance. The FBI obtained over 150,000 phone numbers from a single tower
dump undertaken in 2010 to try and collect evidence against a bank robbery
suspect, according to a report from the Brennan Center for
Justice at NYU.
Police use
CellHawk to process datasets they routinely receive from cell carriers like
AT&T and Verizon, typically in vast spreadsheets and often without a
warrant. This is in sharp contrast to a better known phone surveillance
technology, the stingray: a mobile device that spies on cellular devices
by impersonating carriers’ towers, tricking
phones into connecting, and then intercepting their communications. Unlike the
stingray, CellHawk does not require such subterfuge or for police to position a
device near people of interest. Instead, it helps them exploit information
already collected by private telecommunications providers and other third
parties.
CellHawk’s surveillance capabilities go beyond analyzing
metadata from cellphone towers. Hawk Analytics claims it can churn out
incredibly revealing intelligence from large datasets like ride-hailing records
and GPS — information commonly generated by the average American. According to
the company’s website, CellHawk uses GPS records in its “unique animation
analysis tool,” which, according to company promotional materials, plots a
target’s calls and locations over time. “Watch data come to life as it moves
around town or the entire county,” the site states.
The tool can also help map interpersonal
connections, with an ability to animate more than 20 phones at once and “see
how they move relative to each other,” according to a promotional brochure.
CellHawk helps police exploit information already collected by
private telecommunications providers.
The company has touted features that make
CellHawk sound more like a tool for automated, continuous surveillance than for
just processing the occasional spreadsheet from a cellular company. CellHawk’s
website touts the ability to send email and text alerts “to surveillance teams”
when a target moves, or enters or exits a particular “location or Geozone (e.g.
your entire county border).”
On its website, Hawk Analytics claims this
capability can help investigators “view plots & maps of the cell towers used
most frequently at the beginning and end of each day.” But in brochures sent to
potential clients, it was much more blunt, claiming that CellHawk can help
“find out where your suspect sleeps at night.”
A screenshot showing the previously more honest version of their marketing. Screenshot: Sam Richards
Data
Sharing and Loose Regulation in Minnesota
The sheriff’s office in Hennepin County,
Minnesota, which includes Minneapolis, certainly seemed impressed after
it started using the software in early 2015. One
criminal intelligence analyst lauded CellHawk’s ease of use in a February
2016 email comparing the subscription software
to a competing tool. “CellHawk is pretty new and a lot cheaper! The great thing
about cellhawk is that it is ‘hands off’ by the user, as the software does
everything for you. It is drag and drop. The software can download calls from
all major phone companies. The biggest selling point is of course the mapping.
it also has animation, which is cool!”
Hennepin County Sheriff’s Office uses
CellHawk as part of an effort to share intelligence through a Minnesota fusion
center known as the Metro Regional Information Center, which brings together
the FBI and eight counties serving up to 4 million people, according to the St. Cloud Times. In
February 2018, the latest year for which The Intercept obtained HCSO invoices,
the sheriff’s office renewed its annual subscription, providing the capability
to store 250,000 CDRs.
A spokesperson for the sheriff’s office,
Andrew Skoogman, said the office used certain CellHawk features infrequently.
For example, it is “extremely rare” for HCSO to analyze tower dumps, he said,
and “fairly rare” for it to use CellHawk’s automated location alerting service,
which is used “based in the analytical needs of the investigator.”
The telecommunications data at the heart of
CellHawk is shared extensively by providers. For example, Verizon in 2019 received more than 260,000 subpoenas, orders, warrants,
and emergency requests from various U.S. law enforcement entities, including
more than 24,000 for location information. But the legal requirements for
obtaining that information are sometimes unclear. The American Civil Liberties
Union in 2014 called the legal standards related to tower dumps “extremely murky.” A 2018 Brennan
Center report stated that the courts were
“split” on the handling of such dumps, with some lower courts allowing access
to the data using a court order, which under the Stored Communications Act is
obtained using a lower evidentiary standard than a warrant, requiring only
“reasonable grounds to believe” the records are relevant to an ongoing
investigation. Location records particular to a given subscriber, meanwhile,
can be obtained with just a court order — unless they span seven days or more,
in which case police need to get a full warrant, according to a 2018 Supreme
Court ruling. Courts have also been divided on whether police need a court
order or warrant to obtain “real-time” cellular location data.
Hennepin County defined its own legal standards to rely upon in
deploying technology like CellHawk.
Hennepin County defined its own legal
standards to rely upon in deploying technology like CellHawk. These were
articulated in a sheriff’s office policy document dated August 2015 — months
after CellHawk was already in use. The document, titled “Criminal Information
Sharing and Analysis,” was released following a data request that was initiated
in 2018 and fulfilled several years later following the election of a new
sheriff. It stated that the office needed “[r]easonable suspicion,” which was
deemed “present when sufficient facts are established to give … a basis to
believe that there is, or has been, a reasonable possibility that an individual
or organization is involved in a definable criminal activity or enterprise.”
The policy does not say that investigators
must receive approval from a judge to retain information. Skoogman did not
respond to The Intercept’s question about what legal standard is applied to the
collection of CDRs.
Chad Marlow, senior advocacy and policy
counsel for the ACLU, when asked to review Hennepin County’s CellHawk policy,
said the CellHawk technology was “not inherently problematic” but that the
county set a low standard for how it handles the collection of CellHawk data.
Requiring “reasonable suspicion” is a typical threshold for traffic stops, not
for intrusive searches, which require probable cause. CellHawk’s capabilities —
combing through data from calls, texts, ride-hailing applications, etc. — are
patently more intrusive than a traffic stop. Beyond that, Marlow said, the county’s
“definition of reasonable suspicion is bizarrely convoluted” and should require
that investigators “have to have a reasonable basis for a crime being committed
not MAY BE being committed.”
Hennepin County’s policy continued:
Criminal intelligence information shall be
retained for up to five years from the date of collection of use, whichever is
later. After that time, this information shall be deleted unless new
information revalidates ongoing criminal activities of that individual and/or
organization. When updated criminal intelligence information is added into the
file on a suspect individual or organization, such entries revalidate the
reasonable suspicion and reset the five year standard for retention of that
file.
The policy empowers HCSO investigators to
scoop up this data and retain it for five years based on a fairly low legal
standard.
And while this policy says the sheriff may
not retain information based “solely” on support for “unpopular causes” or an
individual’s “race, gender, age or ethnic background” and “personal habits
and/or predilections that do not break any laws or threaten the safety of
others” — mentioning activities covered by the First Amendment — if a crime
were to occur during a protest, as is routine, that data is considered fair
game by law enforcement. Under such low standards and with such a powerful
surveillance utility, it wouldn’t take long to map out the social network of an
entire protest movement.
Under such low standards
and with such a powerful surveillance utility, it wouldn’t take long to map out
the social network of an entire protest movement.
For instance, during a protest outside a detention center in downtown
Minneapolis to show solidarity with demonstrations in neighboring Wisconsin following the shooting of an unarmed Black man by the
Kenosha Police Department, Dave Hutchinson, the Hennepin County sheriff, said,
“11 individuals were arrested and are being held on probable cause riot, damage
to property and unlawful assembly,” according to an HCSO press release. Should
the criminal intelligence investigators at the fusion center run those
individuals’ information through CellHawk, it is not at all a stretch to say
that the police would then possess a map of those individuals’ associations
based on calls, texts, and other records. That map of social interactions could
include thousands of activists who were not at all party to the crimes of which
those 11 individuals are accused. Hawk Analytics markets such social network
analysis as a primary feature.
When asked whether the use of CellHawk undermined the presumption of innocence — essentially reversing the investigative process, so that evidence comes first and suspicion of a specific crime after — Skoogman replied, essentially, that innocent people had nothing to fear. “People come under suspicion of having committed a crime based on information developed by investigators,” he wrote. “Based on evidence developed by those investigations, a suspect’s cell phone records may be obtained and analyzed. On occasion, that analysis has developed information suggesting that the suspect did not commit the crime under investigation. This is the investigative process. It is exactly why data is analyzed. To determine whether the data available supports continued focus on an individual as a suspect or perhaps rules them out.”
Screenshot from a Hawk
Analytics promotional video displaying “link analysis,” which reveals a large
network of “co-conspirators and associates” in a matter of seconds. The more
data points, in this case cellphone numbers, run through CellHawk likely
exponentially expands the number of other individuals roped into an
investigation. Screenshot: The Intercept
Deployed
— and Promoted — Across the Country
Hawk Analytics CEO Mike Melson, whose bio on
the company website describes him as a former NASA engineer, offers free trials
to law enforcement organizations to which he hopes to sell his product.
Additionally, Melson has worked as an expert witness, ready to testify on
behalf of prosecutors. His testimony sometimes appears in local news outlets
without mention of the fact that he is the CEO of the company that could stand
to financially benefit, albeit indirectly, from a conviction. Hawk Analytics
failed to comment on the record after multiple attempts were made over the phone
and by email.
“This highlights how the rapid development of surveillance tech
outstrips existing laws.”
In December 2013, Heather Elvis went missing
from her South Carolina home after becoming embroiled in a lovers’ quarrel.
Several years later, an 11-day trial resulted in two 30-year sentences for one
Tammy Moorer. During the second day of that trial, Melson made an appearance as
“an expert witness when it comes to analyzing cell phone data,” according to WBTW News 13. The station
did not include that Melson was intimately involved in the creation of software
that helped connect the dots in this case.
Additionally, according to reports from Northern Virginia, Hawk Analytics was reimbursed for their expert services which led to “the prosecution of a man convicted of first-degree murder in the 2017 shooting death of a … CVS store manager.” For their “cellular data analysis and two days of expert testimony,” Hawk Analytics was paid $8,175. That certainly isn’t a windfall, but it rivals the amount made from the sale of a small number of CellHawk subscriptions, and it effectively compounds revenue streams from multiple sides of the criminal justice system.
CellHawk is not the only technology that
investigators in the Twin Cities use to process intelligence about suspects and
others. Hennepin County and their law enforcement partners use automated
license plate readers; stingrays and competing, similar devices; aerial
surveillance; and social media intelligence, among other spy
tech. CellHawk alone is powerful — but added to the area police’s already
expansive arsenal, it tips local law enforcement toward becoming more like
intelligence agencies than municipal cops.
Lengthy data retention policies and the
power of these surveillance tools create a litany of frightening possibilities
for overreach and abuse. While HCSO has acknowledged its use of some of these
tools, it has not released any public reports on its use of CellHawk. Rachel
Levinson-Waldman, deputy director of the Brennan Center’s liberty and national
security program, who reviewed Hennepin County’s policy said, “The reference to
use is concerning, since that could significantly expand the time for retention.”
Minnesota state law requires an individual
whose electronic device was subject to a tracking warrant be notified within 90
days if that evidence did not end up in court. This “tracking warrant” law has
been on the books since 2014 and yet, judging from press reports in recent
years, it’s not clear anyone in the state has ever received such a notice or if
a tracking warrant has ever been unsealed by the courts. The law seems to have
been thwarted in part by police avoiding warrants and obtaining instead court
orders under the much lower “reasonable suspicion” standard. This, despite the
fact that Minnesota law clearly states, under a subdivision titled “Tracking
warrant required for location information,” that “a warrant granting access to
location information must be issued only if the government entity shows that
there is probable cause the person who possesses an electronic device or is
using a unique identifier is committing, has committed, or is about to commit a
crime.”
Julia Decker, policy director for the ACLU
of Minnesota, said that “there doesn’t seem to be oversight” for the use of
CellHawk in the state, even though surveillance should get oversight of
“the highest standard possible.” She also said that Hennepin’s policy to retain
CellHawk and similar data for five years raises the potential for harm to civil
liberties.
“I think this highlights how the rapid
development of surveillance tech outstrips existing laws, and how that can be
really problematic,” said Decker. “Without oversight/regulation, powerful
surveillance technology is integrated into already-existing investigatory
frameworks, instead of being examined and considered beforehand for its
potential to actually expand or push the limits/bounds of those frameworks and
encroach on civil liberties. … In this moment of talking about police reform,
use of surveillance tech needs to be part of the discussion.”
Hawk Analytics has many clients around the
United States. This reporter conducted a survey using the Freedom of
Information Act to collect invoices for CellHawk subscriptions from agencies
referenced on CellHawk’s website, referred to in CellHawk’s training sessions,
or mentioned in local news reports. He found numerous agencies fielding the
technology: Atlanta and Fayette County, Ga.; Kansas City, Kan.; Franklin County, Va.; Utah County, Utah,; Fort Collins, Colo.; Hidalgo County, Texas; Orange County, Calif.; and, of course, the FBI all have paid for CellHawk in the
last several years. The Madison, Wisconsin, police department appears to have thousands of potential
CellHawk records from 2018 alone but has demanded close to $700 to examine and
provide them.
Comments
Post a Comment