Here Is the Manual for the Mass Surveillance Tool Cops Use to Track Phones

Local police departments across the U.S. have been purchasing a tool that allows them to track individual devices without a warrant based on data harvested from ordinary smartphone apps installed on peoples’ phones, according to investigations by activist organization the Electronic Frontier Foundation (EFF) and the Associated Press.

Now, Motherboard is publishing the user manual for the tool, called Fog Reveal. Bennett Cyphers, a staff technologist at the EFF who worked on the investigation using public records requests, shared the user manual with Motherboard.

The document provides new insight into a technology that was relatively unknown until recently and that is being used by local police departments in a variety of different investigations, sometimes with success. The Associated Press reported that despite authorities using the tool in murder cases and other investigations, prosecutors have “rarely, if ever” disclosed its use in relevant court filings.

“The manual is a key window into how cops access and use our data. It shows just how easy it is to point, click, and track arbitrary people with Fog Reveal. These records should be public by default so that the public can hold surveillance companies and law enforcement accountable,” Cyphers told Motherboard in an email. 

Virginia-based Fog Data Science is the company behind Fog Reveal. The Associated Press reported Fog Reveal refers to a company called Venntel as its “data partner,” but neither company would clarify their relationship to the outlet. Motherboard has reported extensively on how Venntel sources global advertising data from its parent company Gravy Analytics. The data itself comes from apps installed on peoples’ smartphones; app developers often enter agreements to sell their users location information to third parties. Venntel then sells its own surveillance product to government agencies, including Customs and Border Protection. 

Fog Data Science, meanwhile, appears focused on providing a similar capability to local and state law enforcement agencies, according to the EFF and Associated Press investigations. The Associated Press reported that Fog Data Science clients include “local law enforcement agencies from suburban Southern California to rural North Carolina.”

The Fog Reveal user manual says that “Information that was previously ‘unknown’ or knowable only through the investment of significant time in efforts such as witness interviews, reviewing surveillance video and travel records can now be revealed in minutes via a desktop or laptop computer.”

When first logging in, users are presented with a message that reminds them that the data they are about to access is sensitive and that it “should be appropriately safeguarded.” From there, it appears simple for a user to start searching for historical but recent data on what devices were in a particular area via a search box that accepts latitude and longitude coordinates and addresses. Users can also draw geofences to see what devices were in an area, with a rectangle, circle, or custom polygon, according to the manual.

Sign up for Motherboard’s daily newsletter for a regular dose of our original reporting, plus behind-the-scenes content about our biggest stories.

The manual indicates that it's possible to surveil a massive amount of people at once, although this may not be helpful. The manual explains that “some caution needs to be applied when using large fences in urban areas. A user would probably not want to fence a large area of a major city at noon because the returning search will probably result in an overwhelming number of devices and signals. Queries that exceed 100,000 signals will result in the overage signals being dropped.”

Users can then “tag” a device to mark it as a device of interest, the manual says. From there, they can “query” that particular device and the system will show a 90 day pattern of activity for that device.

Some police departments like how quickly they can access this data, according to the Associated Press. Ordinarily, Google might provide information on what devices were present in a particular area at a specific time, but authorities would need to obtain a so-called “reverse location warrant,” which can take time. With Fog Reveal, they can just log in. The Associated Press spoke to a prosecutor in Washington County, Arkansas, who told the outlet that he had used Fog Reveal without a warrant in the past, especially in "exigent circumstances."

The manual also includes a screenshot that lists what it describes as “User Groups,” showing different users. These include “Arkansas,” “Atlanta PD,” “Barnstable MA Police,” “CT State Police,” “Delaware State Police,” and more. Cyphers told Motherboard that this list includes law enforcement customers they already knew about, and others that they did not.

Notably, the list also includes what appears to be a reference to a private company: “iWorksCorp.” iWorksCorp might refer to iWork Corporation, a federal government contractor. iWork Corporation did not immediately respond to a request for comment.

Elsewhere in the documents obtained by the EFF, one file says that Fog Data Science can assist “Corporate Security Departments” as well as law enforcement and intelligence agencies. 

The manual also includes examples of "cases" that queries can be run under, including “CA Gangbangers” and “Wanted Multi-State Bank Robber.”

The manual also lays out some limitations of the surveillance product. One is that it takes around 24 hours for the system to process and store a day’s worth of data. 

Fog Data Science did not respond to Motherboard's request for comment.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.