Olympics Surveillance, Subway Weapons Detection System, Geofence Search Decision, Privacy from Drones, & More

Vol. 5, Issue 8

Aug 05, 2024

A photo of a person holding a cell phone with a clip art picture of a camera on it. — Photo by Andrey Matveev on Unsplash

August 5, 2024

Welcome to Decrypting a Defense, the monthly newsletter of the Legal Aid Society’s Digital Forensics Unit. This month Diane Akerman examines surveillance at the Olympics this year. Jerome Greco reviews the NYPD’s pilot of Evolv Technologies’ weapons detection system in the subway. Joel Schmidt analyzes a recent federal circuit court decision about geofence searches. Finally, our guest columnist, Hannah Zhao, discusses the effects of law enforcement’s growing use of drones on the right to privacy.

The Digital Forensics Unit of The Legal Aid Society was created in 2013 in recognition of the growing use of digital evidence in the criminal legal system. Consisting of attorneys and forensic analysts, the Unit provides support and analysis to the Criminal, Juvenile Rights, and Civil Practices of The Legal Aid Society.

In the News

A clip art surveillance camera with the colors of the French flag overlaid on top of it.

Liberte, Egalite, Securite

Diane Akerman, Digital Forensics Staff Attorney

While all the world’s eyes are the athletes competing in Paris, French authorities have their eyes on…everyone. That a country who would so proudly remind the world that their revolutionary spirit once extended to beheading their extravagant queen, would turn their city into a surveillance panopticon to host such a spectacle certainly brings with it a sense of irony.

France is by no means the first country to embrace high-tech surveillance at the expense of their citizen’s privacy rights to ensure the event goes off without a hitch. There was Lockdown London, which featured a nearly full scale army complete with missile systems and drones. Rio, not to be outdone, brought out fighter jets, drones, and security personal wearing facial-recognition goggles. Then of course there was Sochi, where Russian officials utilized a surveillance system branded “Prism on steroids.”

So what dystopian technology is being visited upon the denizens of Paris during the 2024 Olympics? French authorities have contracted with Wintics, who have connected an algorithm to Paris’ existing CCTV infrastructure. The algorithm is trained to pick up on things like the number of people in a crowd, whether someone is falling, an unattended object and then alerts the operator, who will make the ultimate decision about how to proceed. The system is said to be less invasive than facial recognition (FRT), which remains banned in France, but like FRT and other unreliable surveillance tech – it relies on the fallacy that both algorithms and humans can operate without bias.

The authority to use intelligent surveillance came, as many bad ideas do, from a special little law written just for this one occasion. Law No. 2023-380 permits French law enforcement to “experiment with intelligent video surveillance until March 31, 2025.” Surely, France won’t find itself simply extending and renewing the law, to the detriment of its citizens privacy, over and over again for more than a decade. Quel horreur!

Photo of the Evolv system set up in the Fulton St. Subway Station as the start of the pilot program, and people watching the press conference announcing the pilot. — Evolv System Pilot Begins in the Fulton St. Subway Station by Jerome D. Greco is licensed under CC BY 4.0

The NYPD’s Problematic Surveillance Continues to “Evolv”

Jerome D. Greco, Digital Forensics Supervising Attorney

The NYPD and NYC Mayor Eric Adams continue to push unnecessary and ineffective surveillance tools to allegedly prevent crime in the subway system, while espousing two contradictory positions at the same time, both that the subway system is incredibly dangerous and that it is safe. Continuing in this vein, the mayor has turned to Evolv Technologies, a producer of an alleged electromagnetic weapons detection system, to prevent people with firearms from entering the subway system.

On March 28th, in accordance with the Public Oversight of Surveillance Technology (POST) Act, the NYPD posted a draft Electromagnetic Weapons Detection System Impact and Use Policy (IUP) [PDF], which, like all of the NYPD’s IUPs, was deficient in multiple ways. The Legal Aid Society submitted a letter [PDF] pointing out many of the problems with the IUP during the public comment period. After the required 45-day comment period concluded, the NYPD had another 45 days to publish its finalized policy. However, almost a month after the deadline for the final policy had passed it still had not been issued. This failure did not deter the mayor from announcing that the NYPD was starting a 30-day trial of Evolv’s system. It was only after The Legal Aid Society publicly rebuked the NYPD for both its violation of the POST Act, and its bad judgment in moving forward with testing the detectors, that the final policy [PDF] was posted on July 25th. The updated policy fails to address the many issues that existed in the draft version, including the mounting criticism that Evolv’s product is not effective and prone to false alerts.

The problems with Evolv and their electromagnetic weapons detection product are numerous. But just for fun, let’s name a few:

Their own CEO stated that the subway was “not a good use case.”
Some of its own shareholders are suing the company, alleging that the system “does not reliably detect knives or guns.” (complaint [PDF])
This past February, Evolv revealed that the U.S. Securities and Exchange Commission (SEC) had initiated a “confidential ‘non-public, fact finding inquiry.’”
In October of last year, it was disclosed that the Federal Trade Commission (FTC) was “investigating whether [Evolv’s] artificial intelligence systems operate as it claims, correctly identifying weapons that pass through its screeners.”
IPVM and the BBC reported that, among other issues, a public report on Evolv Express from the National Center for Spectator Sports Safety and Security (NCS⁴) hid known problems with Evolv’s system. IPVM obtained the more extensive private report through a freedom of information request.
During a 7-month pilot of Evolv’s weapons detectors at Jacobi Medical Center in the Bronx, approximately 43,800 of 50,000 alarms – nearly 85% – were false positives.
The electromagnetic radiation emitted from the Evolv system may interfere with implanted medical devices.

A press conference at the Fulton St. station in Manhattan on July 26th kicked off the official start of the Evolv system’s trial period for the NYC subway system. At the event, CBS News reporter Marcia Kramer walked through the detectors while wearing her bag and set the system off. Unsurprisingly, it was a false alarm. Apparently, the iPad case in her bag triggered the alert. It appears to be the same iPad case that the Evolv system falsely alerted on in 2022 when she walked through detectors set up outside of City Hall. I guess there have not been enough, if any, real improvements to the system over the last two years. After the recent false alert, the NYPD required any commuters that went through at the Fulton St. station to remove their bags to be searched manually. It is unclear if that was always the plan or if it was in response to Kramer’s false alert. Notably, the mayor himself did not walk through the system. If the mayor of Paris can swim in the Seine River to show her confidence in its improved water quality, then the mayor of NYC can at least walk through the electromagnetic weapons detectors and have his bag searched.

On the same day the Evolv pilot program commenced, The Legal Aid Society and the New York Civil Liberties Union issued the following joint statement [PDF]:

“With this misguided, fraught, and invasive technology now in effect, we are in the process of preparing litigation to protect the constitutional rights of all New Yorkers. New Yorkers did not consent to give up their rights or be NYPD guinea pigs for over-hyped and error-prone surveillance tech. We are prepared to protect the right of all subway riders to be free from NYPD intrusion and harassment.”

Stay tuned.

In the Courts

A photo of the U.S. Supreme Court building. — Photo by Claire Anderson on Unsplash

Fourth Circuit Eliminates Warrant Requirement for Police Access to Geofence Data

Joel Schmidt, Digital Forensics Staff Attorney

On May 20, 2019 the Call Federal Credit Union in Midlothian, Virginia was robbed. Short on leads, a detective served Google with a search warrant. First, Google had to produce an anonymized list of all cellphones within 150 meters (about 500 ft) of the bank for a half hour before and a half hour after the robbery, which yielded nineteen cellphones. Then, per the search warrant, the detective demanded to know all location information – not limited to the vicinity of the bank – for nine of those anonymized accounts for one hour before and one hour after the robbery. After reviewing the expanded location data for those nine accounts the detective requested the de-anonymization for three of those accounts, which Google was required to comply with.

The search warrant, known as a geofence warrant, led to the arrest of Okello Chatrie, who challenged the warrant’s validity in court. The court’s decision assumed, without holding, that a warrant was necessary for the detective to obtain the data Google handed over, but held the warrant was defective since “a Google user's proximity to the bank robbery does not necessarily suggest that the user participated in the crime.” Nonetheless, the court refused to exclude the evidence from court because it held it was reasonable for the detective to believe the warrant was proper, triggering the federal good faith exception to the rule that unconstitutionally obtained evidence must be excluded from trial.

Chatrie appealed, arguing the good faith expectation shouldn’t apply. A three judge panel of the United States Court of Appeals for the Fourth Circuit never got to the question of whether the good faith exception applies because it held the detective never needed a warrant in the first place. The panel held [PDF] Chatrie had no reasonable expectation of privacy in the data obtained, and thus no warrant was necessary, because it was only two hours worth “which could not reveal the privacies of his life,” and Chatrie affirmatively chose to share his location history with Google by opting in to the feature that allows Google to track him thereby assuming the risk Google would reveal that information without a warrant.

The panel decision was not unanimous, however. A dissenting judge penned a separate 70-page (and highly persuasive) opinion arguing that Chatrie did have a reasonable expectation of privacy in the data obtained because (1) “it provides nearly perfect surveillance” which is “detailed, encyclopedic, and effortlessly compiled,” (2) “the data obtained in a geofence intrusion is pulled from a preexisting database of users’ past movements, empowering police to time travel for each intrusion” all the way back to the day they activated Google Location History, (3) the information revealed is not only detailed but also deeply intimate so much so that “[a] two-hour search could tour a person’s home, capture their romantic rendezvous, accompany them to any number of medical appointments, political meetings, strikes, or social engagements, or otherwise begin constructing their afternoon and early-evening routines,” and because (4) geofence searches are “easy, cheap, and efficient compared to traditional investigative tools” enabling the police “to scour the continuous locations of numerous people in any area at any time - at practically no expense,” risking police abuse of their unrestrained power.

The dissenting judge was also of the view that opting in to Google Location History was not “meaningfully voluntary” since (1) users are unlikely to be aware that location history is “conveyed automatically every two minutes,” (2) even if they are that doesn’t mean by opting in they have chosen to surrender their privacy rights, and (3) in any event most users who check the opt in checkbox “do not understand what they are approving.”

Having found that a warrant should have been required, the dissenting judge found it was so defective that “a reasonable officer could not have relied on the warrant in good faith” and the federal good faith exception, therefore, didn't apply. “I would thus grant Chatrie's Motion to Suppress the evidence that resulted from the geofence search,” he wrote.

Although Google has recently made changes to Location History that would make it difficult, if not impossible, to execute geofence warrants going forward, the “seriously misguided” Fourth Circuit decision should still be reversed because it can apply to other companies, it can potentially apply to other reverse searches such as reverse keyword searches, and because nothing stops Google from ever reinstating their previous policy.

Chatrie has asked for an “en banc” review of the panel court decision by the full United States Court of Appeals for the Fourth Circuit. Hopefully the Court of Appeals does the right thing and reverses the panel court’s decision.

Expert Opinions

We’ve invited specialists in digital forensics, surveillance, and technology to share their thoughts on current trends and legal issues. Our guest columnist this month is Hannah Zhao, a staff attorney with the Electronic Frontier Foundation (EFF).

Backyard Privacy in the Age of Drones

Police departments and law enforcement agencies are increasingly collecting personal information using drones, also known as unmanned aerial vehicles. In addition to high-resolution photographic and video cameras, police drones may be equipped with myriad spying payloads, such as live-video transmitters, thermal imaging, heat sensors, mapping technology, automated license plate readers, cell site simulators, cell phone signal interceptors and other technologies. Captured data can later be scrutinized with backend software tools like license plate readers and face recognition technology. There have even been proposals for law enforcement to attach lethal and less-lethal weapons to drones and robots.

Over the past decade or so, police drone use has dramatically expanded. The Electronic Frontier Foundation’s Atlas of Surveillance lists more than 1500 law enforcement agencies across the US that have been reported to employ drones.¹ The result is that backyards, which are part of the constitutionally protected curtilage of a home, are frequently being captured, either intentionally or incidentally. In grappling with the legal implications of this phenomenon, we are confronted by a pair of U.S. Supreme Court cases from the 1980s: California v. Ciraolo and Florida v. Riley. There, the Supreme Court ruled that warrantless aerial surveillance conducted by law enforcement in low-flying manned aircrafts did not violate the Fourth Amendment because there was no reasonable expectation of privacy from what was visible from the sky. Although there are fundamental differences between surveillance by manned aircrafts and drones, some courts have extended the analysis to situations involving drones, shutting the door to federal constitution challenges.

Yet, Americans, legislators, and even judges, have long voiced serious worries with the threat of rampant and unchecked aerial surveillance. A couple of years ago, the Fourth Circuit found in Leaders of a Beautiful Struggle v. Baltimore Police Department that a mass aerial surveillance program (using manned aircrafts) covering most of the city violated the Fourth Amendment. The exponential surge in police drone use has only heightened the privacy concerns underpinning that and similar decisions. Unlike the manned aircrafts in Ciraolo and Riley, drones can silently and unobtrusively gather an immense amount of data at only a tiny fraction of the cost of traditional aircrafts. Additionally, drones are smaller and easier to operate and can get into spaces—such as under eaves or between buildings—that planes and helicopters can never enter. And the noise created by manned airplanes and helicopters effectively functions as notice to those who are being watched, whereas drones can easily record information surreptitiously.

In response to the concerns regarding drone surveillance voiced by civil liberties groups and others, some law enforcement agencies, like the NYPD [PDF], have pledged to abide by internal policies to refrain from warrantless use over private property. But without enforcement mechanisms, those empty promises are easily discarded by officials when they consider them inconvenient, as NYC Mayor Eric Adams did in announcing that drones would, in fact, be deployed to indiscriminately spy on backyard parties over Labor Day.

Barring a seismic shift away from Ciraolo and Riley by the U.S. Supreme Court (which seems nigh impossible given the Fourth Amendment approach by the current members of the bench), protection from warrantless aerial surveillance—and successful legal challenges—will have to come from the states. Indeed, six months after Ciraolo was decided, the California Supreme Court held in People v. Cook that under the state’s constitution, an individual had a reasonable expectation that cops will not conduct warrantless surveillance of their backyard from the air. More recently, other states, such as Hawai’i, Vermont, and Alaska, have similarly relied on their state constitution’s Fourth Amendment corollary to find warrantless aerial surveillance improper. Some states have also passed new laws regulating governmental drone use. And at least half a dozen states, including Florida, Maine, Minnesota, Nevada, North Dakota, and Virginia have statutes requiring warrants (with exceptions) for police use.

Law enforcement’s use of drones will only proliferate in the coming years, and drone capabilities continue to evolve rapidly. Courts and legislatures must keep pace to ensure that privacy rights do not fall victim to the advancement of technology.

For more information on drones and other surveillance technologies, please visit EFF’s Street Level Surveillance guide at https://sls.eff.org/.

Hannah Zhao (she/they/ze) is a staff attorney with the Electronic Frontier Foundation who focuses on criminal justice, privacy, and cybersecurity issues. Prior to joining EFF, Hannah represented criminal defendants on appeal in state and federal courts in New York, Illinois, and Missouri.

¹Electronic Frontier Foundation, founded in 1990, is a leading nonprofit organization defending civil liberties in the digital world. The Atlas of Surveillance is a database, drawn from public sources, of surveillance technologies deployed by law enforcement in communities across the United States and is the most comprehensive dataset of this kind of information to date.