Skip to main content

Go read this report on how law enforcement can extract sensitive data from your car

Go read this report on how law enforcement can extract sensitive data from your car


US Customs and Border Protection recently bought five ‘vehicle forensics kits’

Share this story

Illustration by Alex Castro / The Verge

A new report from The Intercept has shed light on a worrying new technology that lets law enforcement agencies extract personal data from people’s cars. It reports that US Customs and Border Protection (CBP) recently made an order worth hundreds of thousands of dollars from Swedish data extraction firm MSAB which included iVe “vehicle forensics kits” made by US firm Berla. Here’s what MSAB advertises the kits can do, according to The Intercept:

MSAB marketing materials promise cops access to a vast array of sensitive personal information quietly stored in the infotainment consoles and various other computers used by modern vehicles — a tapestry of personal details akin to what CBP might get when cracking into one’s personal phone. MSAB claims that this data can include “Recent destinations, favorite locations, call logs, contact lists, SMS messages, emails, pictures, videos, social media feeds, and the navigation history of everywhere the vehicle has been.” MSAB even touts the ability to retrieve deleted data, divine “future plan[s],” and “Identify known associates and establish communication patterns between them.”

In some cases, it’s a comparable amount of personal data to what you might find on a smartphone. But while most people are aware of the sensitive data held in their phones, thanks in part to companies like Apple making a big show of promoting the privacy and security features of the latest models, The Intercept argues we’re less aware of how much data our cars’ infotainment systems are collecting. And that leaves a treasure trove of data for the Berla-manufactured kits to vacuum up.

The people behind CBP’s new tool are well aware that they are preying on consumer ignorance. In a podcast appearance first reported by NBC News last summer, Berla founder Ben LeMere remarked, “People rent cars and go do things with them and don’t even think about the places they are going and what the car records.” In a 2015 appearance on the podcast “The Forensic Lunch,” LeMere told the show’s hosts how the company uses exactly this accidental-transfer scenario in its trainings: “Your phone died, you’re gonna get in the car, plug it in, and there’s going to be this nice convenient USB port for you. When you plug it into this USB port, it’s going to charge your phone, absolutely. And as soon as it powers up, it’s going to start sucking all your data down into the car.”

The Intercept’s report focuses on just one agency, US Customs and Border Protection, but civil liberties campaigners, like Mohammad Tajsar from the American Civil Liberties Union of Southern California, fear that the technology could easily trickle down to other law enforcement agencies across the US:

“What CBP have will trickle down to what your local cops on the street end up getting. That is not a theoretical concern.”

The Intercept’s report is well worth reading in full.