Cartapping: How Feds Have Spied On Connected Cars For 15 Years

Forbes – by Thomas Fox-Brewster

The rapid spread of connected devices that can listen and locate has been a boon for law enforcement. Any new technology hooked up to the web has the potential to become a surveillance device, even if it’s original purpose was benign, as shown in a 2016 Arkansas murder investigation where Amazon was asked to hand over audio from a suspect’s Echo.

But such information and much more, I’ve learned, has long been retrievable from cars. Indeed, court documents reveal a 15-year history of what’s been dubbed “cartapping,” where almost real-time audio and location data can be retrieved when cops order vehicle tech providers to hand it over.  

One of the more recent examples can be found in a 2014 warrant that allowed New York police to trace a vehicle by demanding the satellite radio and telematics provider SiriusXM provide location information. The warrant, originally filed in 2014 but only recently unsealed (and published below in full), asked SiriusXM “to activate and monitor as a tracking device the SIRIUS XM Satellite Radio installed on the Target Vehicle for a period of 10 days.” The target was a Toyota 4-Runner wrapped up in an alleged illegal gambling enterprise.

SiriusXM told FORBES it complied with the order and did so by switching on the stolen vehicle recovery feature of its Connected Vehicle Services technology, which is only available in a subset of cars it supplies (the satellite radios alone cannot be tracked as the telematics services can). The request was, then, akin to the police demanding Apple hand over a customer’s location data by turning on the Find My iPhone feature. The company said it also worked sporadically with law enforcement to provide such information, noting it always required a valid warrant, estimating it receives five valid court orders a year to activate the stolen vehicle recovery feature to monitor a suspect. It declined to offer on-record comment.

The SiriusXM case got me thinking: what other providers were being asked to track cars and in what manner? It was little surprise to find General Motors (GM) had repeatedly worked with cops to hand over not just location but also audio, where conversations were recorded when the in-car cellular connection was switched on; its OnStar service is one of the best-known telematics providers on the market.

So it was that in December 2009 police asked GM to cough up OnStar data from a Chevrolet Tahoe rented by a suspected crack cocaine dealer Riley Dantzler. The cops who were after Dantzler had no idea what the car looked like or where it was, but with OnStar tracking they could follow him from Houston, Texas, to Ouchita Parish, Louisiana. OnStar’s tracking was accurate too, a court document revealing it was able to “identify that vehicle among the many that were on Interstate 20 that evening.” They stopped Dantzler and found cocaine, ecstasy and a gun inside.

In 2007, suspected heroin dealer Lamauro Coleman was tracked after OnStar was ordered to continuously reveal the physical location of the defendant’s GMC Envoy SUV as he travelled around Michigan. When he was stopped and searched, the cops found 43 grams of heroin.

In at least two cases, individuals unwittingly had their conversations listened in on by law enforcement. In 2001, OnStar competitor ATX Technologies (which later became part of Agero) was ordered to provide “roving interceptions” of a Mercedes Benz S430V. It initially complied with the order in November of that year to spy on audible communications for 30 days, but when the FBI asked for an extension in December, ATX declined, claiming it was overly burdensome. (The filing on the FBI’s attempt to find ATX in contempt of court is also published below).

In 2007, the OnStar system in a Chevrolet Tahoe belonging to a Gareth Wilson in Ohio contacted OnStar staff when an emergency button was pushed. As noted in a 2008 opinion from the case, Wilson was unaware the button had been hit. Subsequently, an OnStar employee heard the occupants discussing a possible drug deal, and allowed an officer from the Fairfield County Sheriff’s Office to listen to the conversation. When the vehicle was located and searched, marijuana was found and an indictment filed days later. Ironically, the suspect hadn’t even signed up to the OnStar service, but it hadn’t been switched off.

A GM spokesperson said: “We do not monitor or otherwise track the location of OnStar-equipped cars, unless required by a valid court order in criminal procedures or under exigent circumstances; and we don’t release the number of those requests. We take our customers’ privacy, safety and security very seriously, and we assist them on average more than 600 times each month in North America with some form of Stolen Vehicle Assistance.”

Arguments against cartapping

For those who were surveilled via their vehicle, their lawyers argued for the evidence to be thrown out. In the case of Dantzler, the defense said the order compelling OnStar to provide the information was made in Louisiana and, as the tracking started in Texas, it went beyond the jurisdiction of the court. They also contended that Dantzler had an expectation of privacy, as per the Fourth Amendment.

In the Coleman case, his representation argued not only for a right to privacy, but that police had no authority under any statute to use a third-party’s factory-installed GPS as a tracking device. Referring to the law that allowed the installation of location-monitoring tech on a vehicle, a motion to suppress the evidence read: “The statute is silent as to the authority of the government to use a third-party product in lieu of physically installing a device of their own.

“Allowing this type of intrusion is a leap the court should not be willing to make. Authorizing OnStar agents to activate the system within a suspect’s car renders statutory authority null. It effectively makes every single General Motors vehicle and every OnStar service representative an agent of the government.”

Wilson, meanwhile, argued that snooping on his conversations and the subsequent search were illegal, violating Ohio’s wiretapping and electronic surveillance law.

In all cases, attempts to have the evidence thrown out foundered. The government was able to argue that as a warrant was signed off, there was no longer an expectation of privacy. In the Coleman case, the court decided there was no distinction between a planted GPS tracker and repurposing the factory-installed technology: the results were the same. The judge went further: “The instant procedure is less invasive than defendant’s suggested requirement since there is no foreign device.”

As for Wilson, the court determined that as the government didn’t actually initiate the call, someone in his vehicle did, police didn’t illegally install any spy device. And, the state ruled, the OnStar employee and cops were only doing their job in checking on the person who’d hit an emergency button, regardless of whether he’d signed up to the service. They were only looking out for his safety; it just so happened he was also dealing drugs, the government successfully argued.

Listening in on your car illegal?

In the case of ATX, the company was unsuccessful in its bid to quash the order and was forced to provide the surveillance capability for a total of two months. But, whilst it was much too late and the FBI had already enjoyed their new snooping powers, the district court’s decision was reversed in November 2003 (see page 85 in linked PDF). That was because the ruling didn’t satisfy a statute that demanded any such surveillance be carried out with “a minimum of interference.” The cops in that case had to stop the Mercedes’ cellular function from working normally, and wasn’t inconspicuous enough.

That could indicate that if police can do the same discretely, it’s legal. University of Dayton, Ohio, law professor Susan Brenner said she suspects law enforcement has “become more sophisticated about these embedded technologies that can be used to eavesdrop, and therefore are taking steps to reduce the impact the 4th Amendment has in this context.” Indeed, FORBES was unable to find any court documents pointing to cartapping in the last two years.

Brenner, whose blog followed many of the early car tracking cases and coined the term “cartapping”, told me the government has a solid argument in noting drivers’ right to privacy does not stand where they consent to using services like OnStar that rely on tracking to work effectively. As a SiriusXM spokesperson told me, all customers agree to the terms and conditions, and the privacy policy, of the service when they sign up.

“I could make an argument to the contrary, which is based on the fact that we are increasingly surrounded by embedded interactive, broadcast technologies and therefore can tend to forget the fact that we may be broadcasting as we hold what we think are private conversations in a vehicle or, for that matter, other mundane settings,” Brenner added.

“My sense is that people take the technology so completely for granted that they forget that it has the capacity to bite back… Most people are still quite naive about embedded technologies, and therefore tend to forget that it can compromise privacy.” She noted encrypting communications would go some way to protecting private confabs.

Cops can go further than simply surveilling a car too. In numerous carjacking cases, police have been able to turn off a car’s engine to recover the vehicle. For instance, in 2015, police were able to locate and shut down a stolen motor in Camden, New Jersey. A shocking case in July 2016 saw a 12-year-old girl take Montgomery County Sheriff Office police on a high-speed chase, with her 7-year-old sister as a passenger. The car came to a stop once OnStar had disabled the engine as the juvenile drove into a high school car park.

It shouldn’t be much of a surprise that various forms of car tracking exist then, noted car security researcher and Uber staffer Charlie Miller. In now-famous research into car security with Uber colleague Chris Valasek, Miller was “able to track vulnerable vehicles in a similar manner if we wanted to”.

“As far as privacy, I really don’t want police tracking where I go just because I happen to have a nice enough car to be internet connected,” he said, adding that it was possible police could “scale out the surveillance easier with this method,” than with a physical GPS tracker

Neema Singh Guliani, legislative counsel with the American Civil Liberties Union (ACLU), said cases of connected car monitoring were part of the growing trend towards government access to internet-enabled technology. “Fundamentally, what’s happening is the technology is moving at warp speed, and there are more and more ways to get information on people, about their personal activities, but you have the law standing utterly still,” Guliani added.

“What’s often happening the police are trying to massage laws that were written at the time, in some cases when we didn’t even have the internet or the concept of a telephone, or GPS, and massage them to fit these modern technologies.”

http://www.forbes.com/sites/thomasbrewster/2017/01/15/police-spying-on-car-conversations-location-siriusxm-gm-chevrolet-toyota-privacy/#5882880c649b

One thought on “Cartapping: How Feds Have Spied On Connected Cars For 15 Years

  1. The law cannot be trusted to protect privacy. Even when the law ostensibly does this on paper, the pigs will break the law when they can.

    Therefore, the best way to ensure that the pigs can’t use network connectivity to spy on you is to refuse to buy devices with that feature. If for some reason you MUST buy such a device, physically disable the wireless capability.

    I remember hearing about the OnStar case a decade or so ago. I wasn’t in the market for a new car at the time, but I remember thinking to myself, “Gee, I guess I’ll never buy a car that has anything like OnStar in it.” Years later, when I did buy a new car, a lot of manufacturers were immediately ruled out because of the network connectivity in their vehicles.

    I wonder how much business some companies have lost, or will lose, because they insist on building backdoors into their products.

    If I were an electronic device or car manufacturer, I would install simple switches that would PHYSICALLY disconnect microphones and antennas, shutter cameras, etc., so my customers could have total privacy whenever they wanted it.

Join the Conversation

Your email address will not be published. Required fields are marked *


*