Hardware that breaks into your phone; software that monitors you on the internet; systems that can recognize your face and track your car: The New York State Police are drowning in surveillance tech.
Last year alone, the Troopers signed at least $15 million in contracts for powerful new surveillance tools, according to a New York Focus and Intercept review of state data. While expansive, the State Police’s acquisitions aren’t unique among state and local law enforcement. Departments across the country are buying tools to gobble up civilians’ personal data, plus increasingly accessible technology to synthesize it.
“It’s a wild west,” said Sean Vitka, a privacy advocate and policy counsel for Demand Progress. “We’re seeing an industry increasingly tailor itself toward enabling mass warrantless surveillance.”
So far, local officials haven’t done much about it. Surveillance technology has far outpaced traditional privacy laws, and legislators have largely failed to catch up. In New York, lawmakers launched a years-in-the-making legislative campaign last year to rein in police intrusion — but with Gov. Kathy Hochul pushing for tough-on-crime policies instead, none of their bills have made it out of committee.
So New York privacy proponents are turning to Congress. A heated congressional debate over the future of a spying law offers an opportunity to severely curtail state and local police surveillance through federal regulation.
At issue is Section 702 of the Foreign Intelligence Surveillance Act, or FISA, which expires on April 19. The law is notorious for a provision that allows the feds to access Americans’ communications swept up in intelligence agencies’ international spying. As some members of Congress work to close that “backdoor,” they’re also pushing to ban a so-called data broker loophole that allows law enforcement to buy civilians’ personal data from private vendors without a warrant. Closing that loophole would likely make much of the New York State Police’s recently purchased surveillance tech illegal.
Members of the House and Senate judiciary committees, who have introduced bills to close the loopholes, are leading the latest bipartisan charge for reform. Members of the House and Senate intelligence committees, meanwhile, are pushing to keep the warrant workarounds in place. The Democratic leaders of both chambers — House Minority Leader Hakeem Jeffries and Senate Majority Leader Chuck Schumer, both from New York — have so far kept quiet on the spying debate. As Section 702’s expiration date nears, local advocates are trying to get them on board.
On Tuesday, a group of 33 organizations, many from New York, sent a letter to Jeffries and Schumer urging them to close the loopholes. More than 100 grassroots and civil rights groups from across the country sent the lawmakers a similar petition this week.
“These products are deeply invasive, discriminatory, and ripe for abuse.”
“These products are deeply invasive, discriminatory, and ripe for abuse,” said Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project, which signed both letters. They reach “into nearly every aspect of our digital and physical lives.”
Jeffries’s office declined to comment. Schumer’s office did not respond to a request for comment before publication.
Both letters cited a Wired report from last month, which revealed that Republican Rep. Mike Turner of Ohio, the chair of the House Intelligence Committee, pointed to New York City protests against Israel’s war on Gaza to argue against the spying law’s reform. Sources told Wired that in a presentation to fellow House Republicans, Turner implied that protesters in New York had ties to Hamas — and therefore should remain subject to Section 702’s warrantless surveillance backdoor. An intelligence committee spokesperson disputed the characterization of Turner’s remarks, but said that the protests had “responded to what appears to be a Hamas solicitation.”
“The real-world impact of such surveillance on protest and dissent is profound and undeniable,” read the New York letter, spearheaded by Empire State Indivisible and NYU Law School’s Brennan Center for Justice. “With Rep. Turner having placed your own constituents in the crosshairs, your leadership is urgently needed.”
Police surveillance today looks much different than it did 10, five, or even three years ago. A report from the U.S. Office of the Director of National Intelligence, declassified last year, put it succinctly: “The government would never have been permitted to compel billions of people to carry location tracking devices on their persons at all times, to log and track most of their social interactions, or to keep flawless records of all their reading habits.”
That report called specific attention to the “data broker loophole”: law enforcement’s practice of obtaining data for which they’d otherwise have to obtain a warrant by buying it from brokers. The New York State Police have taken greater and greater advantage of the loophole in recent years, buying up seemingly as much tech and data as they can get their hands on.
In 2021, the State Police purchased a subscription to ShadowDragon, which is designed to scan websites for clues about targeted individuals, then synthesize it into in-depth profiles.
“I want to know everything about the suspect: Where do they get their coffee? Where do they get their gas? Where’s their electric bill? Who’s their mom? Who’s their dad?” ShadowDragon’s founder said in an interview unearthed by The Intercept in 2021. The company claims that its software can anticipate crime and violence — a practice, trendy among law enforcement tech companies, known as “predictive policing,” which ethicists and watchdogs warn can be inaccurate and biased.
The State Police renewed their ShadowDragon subscription in January of last year, shelling out $308,000 for a three-year contract. That was one of at least nine web surveillance tools State Police signed contracts for last year, worth at least $2.1 million in total.
Among the other firms the Troopers contracted with are Cognyte ($310,000 for a three-year contract); Whooster ($110,000 over three years); Skopenow ($280,000); Griffeye ($209,000); the credit reporting agency TransUnion ($159,000); and Echosec ($262,000 over two years), which specializes in using “global social media, discussions, and defense forums” to geolocate people. They also bought Cobwebs software, a mass web surveillance tool created by former Israeli military and intelligence officials — part of that country’s multibillion-dollar surveillance tech industry, which often tests its products on Palestinians.
That’s likely not the full extent of the State Police’s third party-brokered surveillance arsenal. As New York Focus revealed last year, the State Police have for years been shopping around for programs that take in mass quantities of data from social media, sift through them, and then feed insights — including users’ real-time location information — to law enforcement. Those contracts don’t show up in the state contract data, suggesting that the public disclosures are incomplete. Depending on how the programs obtain their data, closing the data broker loophole could bar their sale to law enforcement.
The State Police refused to answer questions about how its officers use surveillance tools.
“We do not discuss specific strategies or technologies as it provides a blueprint to criminals which puts our members and the public at risk,” State Police spokesperson Deanna Cohen said in an email.
Closing the data broker loophole wouldn’t entirely curtail the police surveillance tech boom. The New York State Police have also been deepening their investments in tech the FISA reforms wouldn’t touch, like aerial drones and automatic license plate readers, which store data from billions of scans to create searchable vehicle location databases.
They’ve also spent millions on mobile device forensic tools, or MDFTs, powerful hacking hardware and software that allow users to download full, searchable copies of a cellphone’s data, including social media messages, emails, web and search histories, and minute-by-minute location information.
Watchdogs warn of potential abuses accompanying the proliferation of MDFTs. The Israeli MDFT company Cellebrite has serviced repressive authorities around the globe, including police in Botswana, who used it to access a journalist’s list of sources, and Hong Kong, where the cops deployed it against leaders of the pro-democracy protest movement there.
In the United States, law enforcement officials argue that more expansive civil liberties protections prevent them from misusing the tech. But according to the technology advocacy organization Upturn, around half of police departments that have used MDFTs have done so with no internal policies in place. Meanwhile, cops have manipulated people into consenting to having their phones cracked without a warrant — for instance, by having them sign generic consent forms that don’t explain that the police will be able to access the entirety of their phone’s data.
In October 2020, New York police departments known to use MDFTs had spent less than $2.2 million on them, and no known MDFT-using department in the country had hit the million-dollar mark, according to a report by Upturn.
Between September 2022 and November 2023, however, the State Police signed more than $12.1 million in contracts for MDFT products and training, New York Focus and The Intercept found. They signed a five-year, $4 million agreement with Cellebrite, while other contracts went to MDFT firms Magnet Forensics and Teel Technologies. The various products attack phones in different ways, and thus have different strengths and weaknesses depending on the type of phone, according to Emma Weil, senior policy analyst at Upturn.
Cellebrite’s tech initially costs around $10,000–$30,000 for an official license, then tens or low hundreds of thousands of dollars for the ability to hack into a set number of phones. According to Weil, the State Police’s inflated bill could mean either that Cellebrite has dramatically increased its pricing, or that the Troopers are “getting more intensive support to unlock more difficult phones.”
If Congress passes the Section 702 renewal without addressing its warrant workarounds, state and local legislation will become the main battleground in the fight against the data broker loophole. In New York, state lawmakers have introduced at least 14 bills as part of their campaign to rein in police surveillance, but none have gotten off the ground.
If the legislature passes some of the surveillance bills, they may well face opposition when they hit the governor’s desk. Hochul has extolled the virtues of police surveillance technology, and committed to expanding law enforcement’s ability to disseminate the information gathered by it. Every year since entering the governor’s mansion, she has proposed roughly doubling funding to New York’s Crime Analysis Center Network, a series of police intelligence hubs that distribute information to local and federal law enforcement, and she’s repeatedly boosted funding to the State Police’s social media surveillance teams.
The State Police has “ramped up its monitoring,” she said in November. “All this is in response to our desire, our strong commitment, to ensure that not only do New Yorkers be safe — but they also feel safe.”
This story was published in partnership with New York Focus, a nonprofit news site investigating how power works in New York state. Sign up for their newsletter here.
The post Congress Has a Chance to Rein In Police Use of Surveillance Tech appeared first on The Intercept.
This post was originally published on The Intercept.