“Sensorveillance” Turns Ordinary Life Into Evidence

Every time you unlock your smartphone or start your connected car, you are generating a trail of digital evidence that can be used to track your every move. In Your Data Will Be Used Against You: Policing in the Age of Self-Surveillance, just published by NYU Press, law professor Andrew Guthrie Ferguson exposes how the Internet of Things has quietly transformed into a vast surveillance network, turning our most personal devices into digital informants. The following excerpt explores the concept of “sensorveillance,” detailing the specific mechanisms—such as Google’s Sensorvault, geofence warrants, and vehicle telemetry—that allow law enforcement to repurpose consumer technology into powerful tools for investigation and control.

A man walked into a bank in Midlothian, Va., his black bucket hat pulled low over dark sunglasses. He handed a note to the teller, brandished a gun, and walked away with US $195,000. Police had no leads—but they knew that the robber had been holding a smartphone when he entered the bank. Guessing that the smartphone, like most smartphones, had some Google-enabled service running, police ordered Google to turn over information about all the phones near the bank during the holdup. In response to a series of warrants, Google produced information about 19 phones that had been active near the bank at the time of the robbery. Further investigation directed the police to Okelle Chatrie, who was ultimately charged with the crime. Cathy Bernstein had a tough time explaining why her own car reported an accident to police. Bernstein had been driving a Ford equipped with 911 Assist, which was automatically enabled when she struck another vehicle. Rather than stick around to trade insurance information, she sped away. But her smart car had registered the bump—and called the police dispatcher, leading to a fairly awkward conversation:

Computer-Generated Voice: Attention, a crash has occurred. Line open. 911 Operator: Hello. Can anyone hear me? Unidentified Woman: Yes, yes. 911 Operator: Okay. This is 911. You’ve been involved in an accident. Unidentified Woman: No. 911 Operator: Well, your car called in to us because it said you’d been involved in an accident. Are you sure everything’s okay? Unidentified Woman: Everything’s okay. 911 Operator: Okay. Are you broke down? Unidentified Woman: No, I’m fine. The guy that hit me—he did not turn. 911 Operator: Okay, so you have been involved in an accident. Unidentified Woman: No, I haven’t. 911 Operator: Did you hit a car? Unidentified Woman: No, I didn’t. 911 Operator: Did you leave the scene of an accident? Unidentified Woman: No. I would never do anything like that. Apparently, Bernstein did do something “like that.” She was soon caught and cited for leaving the scene of the accident. Her own car provided evidence of her guilt. The Rise of “Sensorveillance” Once upon a time, our things were just things. A bike was a tool for biking. It got you from one location to another, but it didn’t “know” more about your travels than any other inanimate object did. It was dumb in a comforting way, and we used it as intended. Today, a top-of-the-line bike can track your route and calculate your average speed along the way. Hop on an e-bike from a commercial bike share, and it will collect data for your trip, plus the trips of everyone else who used it that month. These “smart” objects belong to what technologist Kevin Ashton named the Internet of Things. Ashton proposed adding radio-frequency identification (RFID) tags and sensors to everyday objects, allowing them to collect data that could be fed into networked systems without human intervention. A sensor in a river could monitor the cleanliness of the water. A tag on a bottle of shampoo could trace its journey throughout the supply chain. Add enough sensors to enough objects and you can model the health of an entire ecosystem—or learn whether you’re sending too much of your inventory to Massachusetts and too little to Texas. Ashton first theorized the Internet of Things (IoT) in the late 1990s. Today, the IoT goes well beyond his initial vision, including not only RFID tags but also sensors with Wi-Fi, Bluetooth, cellular, and GPS connections. These small, low-cost sensors record data about movement, heat, pressure, or location and can engage in two-way communication. Of course, such a system is also, by necessity, a system of surveillance. “Sensorveillance”—a term I created to highlight the intersection of sensors and surveillance—is slowly becoming the default across the developed world. Cellphone Surveillance Networks Let’s start with phones. You’re probably not surprised that your cellphone company tracks your location; that’s how cellphones work. Both smartphones and “dumb” mobile phones use local cell towers, owned by cellphone companies, to connect you to your friends and family, which means those companies know which towers you are near at all times. If you always carry your phone with you, your phone’s whereabouts—recorded as cell-site location information (CSLI)—reveal yours. One man, Timothy Carpenter, found this out the hard way after he and a group of associates set out to rob a series of electronics stores. Carpenter was the alleged ringleader, but he didn’t enter the stores himself. He served as the lookout, waiting in the car while his associates stuffed merchandise into bags. It might have been hard for investigators to tie him to the crimes—if not for the fact that every minute he kept watch, his cellphone was pinging a local tower, logging his location. Using that information, the FBI was able to determine that he had been near each store during the exact moment of each robbery. Cell signals are the tip of the proverbial data iceberg. If you have a smartphone, you’re almost certainly using something created by Google. Google makes money off advertising. The more Google knows about users, the better it can target ads to them. Google’s location services are on all Android phones, which use the company’s operating system, but they’re also on Google apps, including Google Maps and Gmail. For years, all that location information ended up in what the company called the Sensorvault. The Sensorvault, as the name suggests, combined data from GPS, Bluetooth, cell towers, IP addresses, and Wi-Fi signals to create a powerful tracking system that could identify a phone’s location with great precision. As you might imagine, police saw it as a digital evidence miracle. In 2020, Google received more than 11,500 warrants from law enforcement seeking information from the Sensorvault. “Sensorveillance”—a term I created to highlight the intersection of sensors and surveillance—is slowly becoming the default across the developed world. In 2024, Google announced that it would no longer retain all of this data in the cloud. Instead, the geolocation information would be stored on individual devices, requiring police to get a warrant for a specific device. The demise of the Sensorvault came about through a change in corporate policy, which could be reversed. But at least for now, Google has made it significantly harder for police to access its data. And while the Sensorvault was the biggest source of geolocational evidence, it is far from the only one. Even apps that have nothing to do with maps or navigation might nonetheless be collecting your location data. In one Pennsylvania case, prosecutors learned that a burglar used an iPhone flashlight app to search through a home, and they used the data from the app to prove he was in the home at the time of the break-in. These apps might be advertised as “free,” but they come with a hidden cost. Cars, increasingly, collect almost as much information as phones. Mobile extraction devices can collect digital forensics about a car’s speed, when its airbags deployed, when its brakes were engaged, and where it was when all that happened. If you connect your phone to play Spotify or to read out your texts, then your call logs, contact lists, social media accounts, and entertainment selections can be downloaded directly from your vehicle. Because cars are involved in so many crimes (either as the instrument of the crime or as transportation), searches of this data are becoming more commonplace. Even without physically extracting information from the car, police have other ways to get the data. After all, the car’s built-in telemetry system is sharing information with third parties. In addition to the usual personal information you give up when buying a car (name, address, phone number, email, Social Security number, driver’s license number), when you own a Stellantis-brand car, the company collects how often you use the car, your speed, and instances of acceleration or braking. Nissan asserts the right to collect information about “sexual activity, health diagnosis data, and genetic [data]” in addition to “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.” Nissan’s privacy policy specifically reserves the right to provide this information to both data brokers and law enforcement. The Law of Smart Things The fact that government agents can glean so much information from our things does not mean that they should be able to do so at any time or for any reason. The U.S. Fourth Amendment—drafted in an era without electricity—protects “persons, houses, papers, and effects” against unreasonable search and seizure, but is naturally silent on the question of location data. The first question is whether the data from our smart things should be constitutionally protected from police. In the language of the constitutional text, the smart device itself is an “effect”—a movable piece of personal property. But what about the data collected by the effect? Is the location data collected by your smartwatch considered part of the watch, or part of the person wearing the watch? Neither? Both? To its credit, the U.S. Supreme Court has addressed some of the hard questions around digital tracking. In two cases, the first involving GPS tracking of a car and the second involving the CSLI tracking of Timothy Carpenter’s cellphone, the court has placed limits on the government’s ability to collect location data over the long term. United States v. Jones involved GPS tracking of a car. Antoine Jones owned a nightclub in Washington, D.C. He also sold cocaine and found himself under criminal investigation for a large-scale drug distribution scheme. To prove Jones’s connection to “the stash house,” police placed a GPS device on his wife’s Jeep Cherokee. This was before GPS came standard in cars, so the device was physically attached to the undercarriage of the vehicle. Data about Jones’s travels was recorded for 28 days, during which he visited the stash house multiple times. The prosecutors introduced the GPS data at trial, and Jones was found guilty. Jones appealed his conviction, arguing that the warrantless use of a GPS device to track his car violated his Fourth Amendment rights. “When the Government tracks the location of a cell phone it achieves near perfect surveillance.” — the Supreme Court In 2012, the Supreme Court held that a warrant was required, based on the reasoning that the physical placement of the GPS device on the Jeep was itself a Fourth Amendment search requiring a warrant. Justice Sonia Sotomayor agreed regarding the physical search but went further, discussing the harms of long-term GPS tracking: “GPS monitoring generates a precise, comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.” Timothy Carpenter’s ill-fated robbery spree gave the Supreme Court another chance to address the constitutional harms of long-term tracking. In their attempts to connect Carpenter to the six electronics stores that had been robbed, federal investigators requested 127 days of location data from two mobile phone carriers. The problem for the police, however, was that they had obtained the information on Carpenter without a judicial warrant. Carpenter challenged the FBI’s acquisition of his CSLI, claiming that it violated his reasonable expectation of privacy. In a 5–4 opinion, the Supreme Court determined that the acquisition of long-term CSLI was a Fourth Amendment search, which required a warrant. As the Court stated in its 2018 ruling: “A cell phone faithfully follows its owner beyond public thoroughfares and into private residences, doctor’s offices, political headquarters, and other potentially revealing locales.... [W]hen the Government tracks the location of a cell phone it achieves near perfect surveillance.” Jones and Carpenter are helpful for setting the boundaries of location-based searches. But, in truth, the cases generate a lot more questions than answers. What about surveillance that is not long-term? At what point does the aggregation of details about a person’s location violate their reasonable expectation of privacy? The Warrant According to Google Okelle Chatrie’s case, in which police used Google’s location data to identify him as the mystery bank robber, offers a stark warning about the limits of Fourth Amendment protections under these circumstances. It’s also a terrific example of why “geofence” warrants, which request information within a certain geographic boundary, are appealing to police. From surveillance footage, detectives could see that the suspect had a phone to his ear when he walked into the bank. A geofence could identify who the suspect was, and likely where he came from and where he went. Google held the answer in its virtual vault. A warrant gave investigators the key. The police cast a broad net. The geofence warrant asked for data on all the cellphones within a 150-meter radius, an area, as the court described it, “about three and a half times the footprint of a New York city block.” After receiving the police’s initial request for information on all the phones in the area, Google returned 19 anonymized numbers. Over the course of a three-step warrant process, the company narrowed those 19 phones down to three and then to one, which it revealed as belonging to Okelle Chatrie. If the police wish to buy the data, just like an insurer or marketing firm might, how can you object? It’s not your data. The three-step warrant process is a unique innovation in the digital evidence space. Google’s lawyers developed a procedure whereby detectives seeking targeted geolocation data had to file three separate requests, first requesting identifying numbers in an area, then narrowing the request based on other information, and finally obtaining an order to unmask the anonymous number (or numbers) by providing a name. To be clear, Google—a private company—required the government to jump through these hoops because Google considered it important to protect its customers’ data. It was the company’s lawyers—not the courts or the government—who demanded these warrants. Buying Data Warrants provide at least some procedural barrier to data collection by police. If government agencies want to avoid that minor hassle, they can simply buy the data instead. By contracting with data-location services, several federal agencies have already done so. The logic for this Fourth Amendment loophole is straightforward: You gave your data to a third-party company, and the company can use it as it wishes. If you own a car that is smart enough to collect driving analytics, you clicked some agreement saying the car company could use the data—study it, analyze it, and, if it wants, sell it. If you don’t want to give them data in the first place, that is okay (although it will likely result in less optimal functionality), but you cannot rightly complain when they use the data you gave them in ways that benefit them. If the police wish to buy the data, just like an insurer or marketing firm might, how can you object? It’s not your data. Who Is to Blame? Fears about the amount of personal information that could be revealed with long-term GPS surveillance have become reality. Today, police don’t need to plant a device to track your movements—they can rely on your car or phone to do it for them. This happened because companies sold convenience and consumers bought it. So it might be tempting to blame ourselves. We’re the ones buying this technology. If we don’t want to be tracked, we can always go back to using paper maps and writing down directions by hand. If few of us are willing to make that trade, that’s on us. But it’s not that easy. You may still be able to choose a dumb bike over a smart one, but a car that tracks you will soon be the only type of car you can buy. And while cars and data can, in theory, be separated, that’s not true for all our smart things. Without cell-signal tracking capabilities, a cellphone is just a paperweight. And in today’s world, living without a phone or a car is simply not practical for many people. There are technological steps we can take toward protecting privacy. Companies can localize the data the sensors generate within the devices themselves, rather than in a central location like the Sensorvault. Similarly, the information that allows you to unlock your Apple iPhone via facial recognition stays localized on the phone. These are technological fixes, and positive ones. But even localized data is available to police with a warrant. This is the puzzle of the digital age. We can’t—or don’t want to—avoid creating data, but that data, once created, becomes available for legal ends. The power to track every person is the perfect tool for authoritarianism. For every wondrous story about catching a criminal, there will be a terrifying story of tracking a political enemy or suppressing dissent. Such immense power can and will be abused.