The crime was horrific: In 2019, an Ohio man was accused of shooting his wife, her parents and her aunt in the head allegedly over mounting tensions with his in-laws over money and financial pressures created by expensive gifts he was buying for his longtime mistress.

Prosecutors relied heavily on testimony from an expert at a little-known vehicle forensics company called the Berla Corporation to make their case. The employee testified that the FBI asked him to extract data from Singh’s car using the company’s technology, which allows law enforcement to hoover up text messages, GPS locations, emails, call histories, pictures, videos, contact lists, social media feeds and information as granular as when a car door opens.

An FBI digital forensic examiner followed him on the stand, saying his analysis of data from the car’s hard drive put Singh’s vehicle at the scene of the crime at 9:09 p.m. Witnesses testified to hearing gunshots at the apartment between 9:15 p.m. and 9:30 p.m.

Although data collected from automobiles doesn’t always paint a perfect picture — the jury in Singh’s case deadlocked, and he is awaiting a retrial next year — the use of Berla’s technology raises controversial questions about how much consumers should trade their privacy to enhance law enforcement’s ability to solve crimes.

Since many citizens don’t know their car data can easily be sucked up by a company working with law enforcement, potentially without a warrant, the practice shines a light on the complex questions embedded in car data privacy.

And the issue is only growing as carmakers incorporate more computers into automobiles that collect and process vast amounts of data.

Car computer systems are “practically mobile phones at this point,” said Sean McKeever, a senior security specialist at cybersecurity firm GRIMM, which has a focus on automotive cyber. “The difference is my phone doesn’t leave my pocket. To get to my data on my phone you have to get to me, whereas my car is more of a stable target that can be towed away and accessed.”

Go-to source for vehicle forensics

Many police departments don’t discuss their investigative tools, but a quick web search for Berla suggests the company’s products are used widely. Law enforcement officials in San Diego, San Antonio and Anne Arundel County, Maryland, for example, have spoken publicly about the value they have derived from Berla’s tools.

While Berla has competitors, none appear to match its capabilities or reach with law enforcement. Its software is not available to the general public.

The Maryland-based company has been in the spotlight before, but it has taken on new relevance in the wake of a Washington State class action data privacy lawsuit highlighting the company’s capabilities and marketing statements in its claims against five automakers whose systems allegedly allow Berla software to access driver text messages and other data. A Seattle-based federal judge ruled last month that the practice did not violate state privacy laws, which require a victim to prove that “his or her business, his or her person, or his or her reputation” has been threatened.

Despite the controversy, Berla CEO Ben LeMere has never been shy about showcasing his product.

“We’ve assisted in pretty much every major terrorism investigation in the last year, from the Paris bombing to the Chattanooga, Tennessee, shooting to San Bernardino,” he told the Armed Forces Communications and Electronics Association International in 2016.

Berla’s marketing slogan is “Staggering Amounts of Data. Endless Possibilities,” a claim that many in law enforcement appear to agree with. The company’s offerings are extensive and even allow law enforcement to search vehicle profiles from their cell phones. As of March 2022, the most recent data available, Berla’s software worked on 20,752 types of cars.

Police can use Berla’s tools — conceivably without a warrant — to access a car’s navigation system. If a driver has synced their phone with their car’s infotainment center, police can also extract cell phone data transferred to the car while the vehicle is connected.

The Department of Homeland Security began working with Berla in 2013, connecting the company with several state and local police departments. U.S. Customs and Border Protection, a DHS agency, reportedly paid more than $450,000 for five Berla vehicle forensic kits, according to a contract The Intercept reported in 2021. A spokesperson there did not respond to a request for comment, and a DHS spokesperson said it no longer partners with the firm.

A surveillance disclosure statement on the San Diego Police Department’s website says the Berla software it uses takes data stored in the car’s infotainment and telematics system, including vehicle events, location data and data from connected devices.

The document defines vehicle events as, for example, “door openings, ignition activity and seatbelt usage” along with date/time stamps and “the GPS location of the vehicle at the time of the event.”

“There is a chance a vehicle may contain devices connected to the vehicle that are unrelated to the specific criminal case,” the web disclosure says.

For such a powerful investigative tool, Berla’s software is relatively inexpensive, at least for smaller agencies. A San Antonio TV station in 2021 quoted local sheriff Javier Salazar saying the department had paid just $15,000 for a contract with the company across at least two years.

  • Eheran@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    11 months ago

    Why are we talking about that company and not the car makers collecting all of this in the first place and thus enabling all of this?