US Marshal charged with abusing access to cell location data to conduct personal research

from if-you-give-a-cop-an-access-code… department

Give somebody access to tons of sensitive personal information and it is bound to lead to abuse. Give the cops access to this data and the abuse is guaranteed. Why? Because law enforcement officials – for reasons unfathomable to ordinary people – face far fewer consequences for violating internal policies and breaking laws.

Ordinary people get fired. The cops get slaps on the wrist and a few weeks of bad press. Abuse of sensitive law enforcement databases is so common that it has simply become more mundane noise generated by news cycles.

More than half of law enforcement officers in Minnesota have abused access to driver’s license databases. This scandal managed to raise eyebrows for perhaps half a day in 2013. MORE THAN HALF! More … than 5,550 officers! And yet, that’s little more than a data point a decade later.

Why? Because it keeps happening and very little is done in response. Twenty-five Denver police officers were caught abusing access to sensitive law enforcement databases. Almost all of the officers received nothing more than a written reprimand, rather than the criminal penalties the same PD would mete out to ordinary people who illegally accessed sensitive information.

Once in a while, a cop gets a harsh punishment. But these anomalies only underscore the frequency of abuse. An Ohio police officer has been fired for using law enforcement tools to spy on ex-wives and their loved ones. Two California police officers have been charged with using DMV and other government documents to [rereads post] select the women they wanted to date. A Michigan police officer did the same, resulting in an ultra-rare criminal conviction.

Here’s another anomaly…not in terms of abuse, which continues to be prevalent, but that a law enforcement officer could be punished for abusing law enforcement databases. The DOJ is pursuing criminal charges against a U.S. Marshal who abused access to cell location data to research people for purely personal reasons.

Adrian Pena, 48, of Del Rio, Texas, made his first appearance in federal court yesterday in the Western District of Texas.

According to court documents, Pena allegedly illegally used a law enforcement service operated by Securus Technologies Inc. (Securus) for personal reasons, including to obtain cellphone location information about several individuals with whom the accused had personal relationships and their spouses. Pena obtained this information by uploading false and fraudulent documents into the Securus system and certifying that these documents were official documents authorizing obtaining the location information of the mobile phones of the persons concerned.

The indictment [PDF] also notes that the U.S. Marshal lied to Inspector General investigators about his abuse, downplaying his unauthorized searches as nothing more than tests or demonstrations for others…like his wife.

The system Pena allegedly accessed is run by Securus, a company with its own questionable history. In 2015, he was caught ignoring his own internal safeguards to pick up privileged calls between prisoners and their legal representatives. Not much happened to the company, due to its near-monopoly control of prison telephone services. This led to the company taking heat a few years later for providing law enforcement with unfettered access to cell location data collected from nearly every cellphone user nationwide.

This is the database the US Marshal apparently had access to. And the system was easy to beat. According to the indictment, the database could be tricked into providing access with nothing more than a blank Microsoft Word document.

Even though the system requires users to upload supporting documents justifying the searches, no one seems to perform verification of the uploaded documents. All Pena had to do was upload literally any document in a supported format and click on a box indicating that the submitted document was “official” and granted “permission to search for the requested phone number “.

To obtain location data relating to the cell phones of these individuals, PENA uploaded fake and fraudulent documents to the Securus LBS platform, including blank pages, award certificates, list of justifications for merit promotion , letterhead templates and other assorted documents.

Any document, a checkbox, and Pena was free to go.

Through this process, PENA has repeatedly obtained cell phone location data of its personal associates and their relatives through false claims and without the required documentation or official authorization. These requests were made for personal and unofficial reasons and have not been authorized by the United States Marshals Service, the Uvalde County Sheriff’s Office, or any other law enforcement or intelligence agency..

That’s it. This is the “process”. As easy to circumvent as age restrictions on a YouTube video. Just plug in some fake information and get out. Except it’s not a red tape trailer being accessed, but sensitive location data, including the current location of the targeted phone.

Backups are supposed to do something. Those that Securus has put in place do nothing. While it may be impossible for Securus employees to determine what the real justification for a search is or is not, a cursory examination of, I don’t know, a blank MS Word document should have shown that someone was cheating the system.

And if it’s wrong to expect Securus to guess downloads, law enforcement should get more involved in this process and ensure – as close to real-time as possible – that agents don’t do not abuse the system. While it’s good that this US Marshal’s actions were exposed, it only happened when he abused the system more than a dozen times. This type of delayed response does little to prevent future abuse or to ensure that sensitive location data about millions of cellphone users in the United States does not become a plaything for law enforcement. .

Filed Under: adrian pena, doj, location data, privacy, surveillance, us marshal

Companies: Securus

About Geraldine Higgins

Check Also

With over 900 courses to choose from, there’s something for everyone

Want to learn how to run your own business, take photos professionally, speak a new …