Bluetooth Surveillance Tool Added to List of Known Cache of DHS’ Surveillance Technology
by Douglas Ankney
The Department of Homeland Security (“DHS”) has an impressive cache of surveillance technology that includes, inter alia, automated license plate readers (“ALPR”) and cell-site simulators (“CSS”). The latest tracking and surveillance revelation is that DHS and other law enforcement agencies have been using TraffiCatch since 2019.
Deployed in Texas, TraffiCatch detects WiFi and Bluetooth signals in moving cars for tracking purposes. Bluetooth devices consistently broadcast a Bluetooth Device Address that is either a public address or a random address. Over the lifetime of the device, public addresses do not change and are the easiest to track.
But more common are the random addresses that have multiple levels of privacy. These addresses change regularly. Unless a Bluetooth device with a random address has paired with a device that has a public address, it is hard to track. However, Jenoptik, the manufacturer of TraffiCatch, reports that data derived from Bluetooth is combined with ALPR, permitting law enforcement to track individuals who switch vehicles and change license plates.
Immigration and Customs Enforcement (“ICE”) is already notoriously known for using CSS in violation of the law. CSS are devices that masquerade as legitimate cellphone towers, prompting cellphones within a certain radius to connect to the CSS instead of legitimate phone towers. The subterfuge allows law enforcement to track the user and his or her device. According to a report from DHS’s Inspector General, ICE and other agencies conduct surveillance using CSS without proper authorization and in violation of the law.
Source: EFF.org