AT LEAST TWO TEXAS COMMUNITIES ALONG THE U.S.-MEXICO BORDER HAVE PURCHASED TECHNOLOGY THAT TRACKS PEOPLE’S LOCATIONS USING DATA FROM PERSONAL ELECTRONICS AND LICENSE PLATES.
Big Brother isn’t just watching you: He’s using your cell phone, smartwatch, wireless earbuds, car entertainment systems and license plates to track your location in real time.
Contracting records and notes from local government meetings obtained by NOTUS show that federal and state Homeland Security grants allow local law enforcement agencies to surveil American citizens with technology more commonly found in war zones and foreign espionage operations.
At least two Texas communities along the U.S.-Mexico border have purchased a product called “TraffiCatch,” which collects the unique wireless and Bluetooth signals emitted by nearly all modern electronics to identify devices and track their movements. The product is also listed in a federal supply catalog run by the U.S. government’s General Services Administration, which negotiates prices and contracts for federal agencies.
“TraffiCatch is unique for the following reasons: ability to detect in-vehicle wireless signals [and] merge such signals with the vehicle license plate,” wrote Jenoptik, the Germany-based manufacturer, in a contracting solicitation obtained by NOTUS under Texas public records law.
In another bid to win a contract from a public consortium that services Texas school districts, Jenoptik describes TraffiCatch as a “wireless device detection” system that “records wireless devices Wifi, Bluetooth and Bluetooth Low Energy signal identifiers that come within range of the device to record gathered information coupled with plate recognition in the area. This can provide additional information to investigators trying to locate persons of interest related to recorded crimes in the area.”
Combining license plate information with data collected from wireless signals is the kind of surveillance the U.S. military and intelligence agencies have long used, with devices mounted in vehicles, on drones or carried by hand to pinpoint the location of cell phones and other electronic devices. Their usage was once classified and deployed in places like Afghanistan and Iraq.
Today, similar devices are showing up in the streets of American cities near the U.S.-Mexico border.
Webb County, Texas — which includes the border city of Laredo — received funding under a Department of Homeland Security grant program called Operation Stonegarden to purchase TraffiCatch, contracting records show. County commissioners in another border county, Val Verde County, also voted to buy TraffiCatch, meeting minutes show. That purchase was funded through a Texas state grant program called Operation Lone Star. Val Verde County did not respond to a request for comment.
Capt. Federico Calderon, from the Webb County Sheriff’s office, told NOTUS after publication that the technology was used as a pilot to scan for radiofrequency signals in areas where no devices should be — specifically to try and protect seasonally-used rural ranches from trespassers. He said the county did not share data with the federal government.
Calderon said the county purchased a “very restricted” version of TraffiCatch compared to what governments abroad have purchased. There is a version of the technology that can capture even more information about phones than just Bluetooth and Wi-Fi identifiers. A second person who has seen Jenoptik’s demo confirmed such a model exists.
The Supreme Court has said that attaching a GPS tracking device to a car or getting historical location data from a cell carrier requires a search warrant, and, therefore, probable cause of a crime.
However, law enforcement has found ways around these prohibitions. They sometimes use a device called a “Stingray,” which mimics a cell tower and forces nearby mobile phones to connect to it instead of the legitimate cell network. Agencies also buy data on cell phones’ movements from brokers.
And increasingly, as people walk around with headphones, fitness wearables and other devices, emitting a cloud of radio frequency signals unique to them, their data can be linked to a car, even after they have ditched the car.
“If I worked as a small-county sheriff, I would’ve probably caught something like 200% more of our criminals with just two of these boxes,” said Aaron Brown, a former Central Intelligence Agency countersurveillance and digital tracking expert. Brown said he has built his own version of TraffiCatch from off-the-shelf components and drives around the Washington area with it to see what interesting information he can capture.
Collecting radio emissions, called signals intelligence, was once the purview of specialized classified military units or intelligence agencies. But with so much modern technology emitting information that can be collected by anyone with the right antenna, the practice is becoming more widespread by both commercial and governmental entities.
Courts have not definitively grappled with the question: Under what circumstances can law enforcement passively capture ambient signal information and use it as a tracking tool? But by and large, this kind of intelligence gathering, when done by private parties, is not illegal.
Jenoptik makes no mention of TraffiCatch on its website. It did not respond to multiple requests for comment. It is one of many commercial vendors that sell automatic license plate reader systems to law enforcement and public safety entities worldwide. It claims to run the U.K.’s national license plate database with access to more than 30,000 cameras reading 67 million plates a day.
In the U.S., various private sector and government entities are all linked together in data-sharing partnerships that effectively give local, state and federal law enforcement the ability to track the movement of cars around the country.
One Operation Stonegarden grant reviewed by NOTUS required the counties to share license plate data with the Texas Department of Public Safety. Texas and many other states are connected to a national database run by a nonprofit group called Nlets. Private companies also capture huge databases of license plate scans, including a Motorola-owned subsidiary called Vigilant Systems. Jenoptik is listed as a “strategic partner” to Nlets.
In addition, a DHS Border Patrol Special Operations Group obtained a tracking technology from a different vendor, according to a contract document obtained by NOTUS. Border Patrol’s BORTAC bought a device from a contractor called Weathered Security that also vacuums up Wi-Fi and Bluetooth, according to the contract’s description of the product.
One description of Weathered Security’s products online boasts that it can also track other signal emissions from key fobs, satellite receivers, low-powered radio chips in modern credit cards or passports, car tire sensors that monitor tire pressure and even medical devices. In an emailed response to a request for comment, the company said: “We do not have any issues with you reporting information obtained under FOIA.”
“One of the critical elements within the BORTAC special operations is the ability to gather real-time intelligence. The ability to gather real-time intelligence enables Special Operations to assist the investigatory process and target development to aid in the dismantling of Transnational Criminal Organizations (TCOs). BORTAC is frequently utilized for intelligence gathering and surveillance in support of national security operations,” DHS wrote in the contract.
TraffiCatch and other similar systems take advantage of the fact that electronic devices need to communicate with each other. Phones need to pair with cars to deliver navigation information and audio. Likewise, phones need to exchange information with smartwatches, Bluetooth speakers and wireless earbuds. They also all need unique identifiers to keep track of each other.
“We needed the ability for two devices to communicate, so we gave every device a unique identifier,” said Joel Reardon, a technologist and researcher at the University of Calgary, who studies privacy and security vulnerabilities in mobile devices. “But over time, they took on these new functionalities to support surveillance that were never part of the initial plan.”
Recognizing the privacy vulnerability, Apple and Google have their mobile phones rotate and randomize identifiers at specific intervals to prevent long-term tracking.
However, vendors of other kinds of consumer products reliant on Bluetooth or Wi-Fi have taken few steps to protect their consumers. Reardon recalls running his own experiment on privacy vulnerabilities when prepping for a privacy course he was teaching, vacuuming up Bluetooth identifiers on a road trip.
He captured a pair of JBL speakers at two separate locations — once in the city while stuck in traffic and once again at his hotel in Kamloops, Canada, illustrating how a Bluetooth speaker can be turned into a tracking tool by anyone with some technical know-how.
A Norwegian programmer named Bjørn Martin Hegnes ran a similar experiment in 2021. Over the course of 12 days, he biked nearly 200 miles around Oslo, vacuuming up this kind of data for an academic project. In numerous instances, he saw the same car, phone or set of Bluetooth headphones more than once. Headphones, in fact, were a potent way to track people because they rarely randomized their unique addresses, he said in his findings.
The military has experimented with similar wireless data sets: obtaining information about cell tower networks, Wi-Fi base stations and Bluetooth devices through partnerships with commercial data-gathering companies.
One project gathered information using unwitting gig workers who downloaded an American-made app that was, in the background, scanning for Wi-Fi signals and cell towers. Another project tapped millions of people running game, weather and city guide apps to collect Bluetooth and wireless identifiers. In interviews with NOTUS, service members described other special operations, such as simply driving around with an antenna and a cheap computer to find devices that belonged to high-value targets.
“These devices are inherently dangerous for the public,” said Jennifer Granick, surveillance and cybersecurity counsel at the American Civil Liberties Union. “You have these police departments where officers have access to information like this. This information tells them things about their friends and family. It’s very sensitive information that you don’t want people to randomly have access to.”
“We are well beyond the idea that people have no privacy in public. Here, they’re installing this mass surveillance system. The public doesn’t know about it,” Granick said.