Chicago Aldermen’s Plan for “Textalyzer” Tool Could Infringe on Digital Privacy

Posted on May 1, 2017

According to a report from the Chicago Sun-Times, two Chicago city aldermen have proposed a measure that would subject those suspected of texting while driving to a search of their phone using a potentially invasive forensic device. In the hopes of more effectively enforcing Chicago’s law against texting while driving, Alderman Edward Burke and Alderman Anthony Beale have put forward a bill that would call for Chicago Police responding to a traffic accident to employ a so-called “textalyzer” to probe the phones of those involved in the accident for evidence that their phones were in use at the time of the crash. While a forensic tool of this kind is not yet commercially available, such a device would likely be highly invasive given the nature of its specific investigatory application.

Currently, the leading contender to offering a textalyzer device is the Israeli surveillance and forensic device manufacturer Cellebrite, which already sells a number of cell-site simulator products, more commonly known as IMSI catchers or “stingrays,” designed to pinpoint and identify cell phone users and, in some cases, intercept data sent to and from their phones. The company began prototyping a textalyzer product after advocates for stricter traffic laws and legislatures in multiple states expressed interest in equipping police forces with such a tool. From what is known about the device so far, it would supposedly scan a phone for evidence that there had been keyboard or swipe input on the phone leading up a crash, and the legislation currently under consideration would direct police to plug the forensic device into a driver’s phone at the scene of the traffic accident. Some of the textalyzer bills under consideration stipulate that the device would not be able to view or retain the content of the phone, but purely evidence of user activity on the phone.

However, such a forensic device would be intrusive by virtue of how its evidence collection processes would run. Since not all apps keep track of timestamps for sent and received messages, and those that do usually don’t keep time records precise enough to determine their impact on the split-second events of a traffic accident, a textalyzer-type tool would have to tap into the kernel of a smartphone’s operating system. The kernel is a core piece of software that mediates requests between the user-facing parts of the operating system and the lower-level processes and hardware inputs. Logs generated and retained by the kernel keep precise records of all hardware use, but the kernel and its logs are normally off-limits for users. To access them, then, a forensic tool would have to burrow into the system and gain kernel access, which would also give it total access to any and all processes and data on the device under analysis. Even assuming no malicious intent on the part of the textalyzer manufacturer or police officers administering tests with it, flaws or bugs in such a device could subject users of scanned devices to security risks during and after a analysis, as it essentially cracks the device’s operating system wide open. It is also possible that this forensic device could incidentally copy and store part or all of the content of a phone, which could then be inadvertently retained by police which, again, opens up users of analyzed devices to compromise should the police data store be breached. This is to say nothing of the harm that could be done if these analytical tools are intentionally abused by individual malicious actors with legitimate access to them.

Pursuing more effective enforcement of motor safety laws is undoubtedly an admirable initiative, but method currently being proposed would be both heavy-handed and costly. A more reliable, inexpensive, and oversight-minded approach would be for investigators to simply utilize a standard search warrant. As the investigation would presumably occur after a traffic accident has occurred, there is no time constraint that must be adhered to, so the search warrant can be requested, processed, and executed normally. This tried-and-true method would be more than sufficient to effectively carry out enforcement. But whenever a nascent technology or technique is applied to an issue, unless accompanied by thorough and conscientious regulations, it can often introduce more problems than it solves.

However, there remains a strong possibility that a policy ordering police to employ a textalyzer forensic tool in determining the role of cell phone use in traffic violations would be illegal under state law, as it would not be in compliance with legislation regulating the use of cell-site simulators and related devices. The Citizen Privacy Protection Act, signed into law in July of last year, stipulates that along with cell-site simulators which use radio waves for data collection, any device which “otherwise obtains [content and metadata] through passive means, such as through the use of a digital analyzer,” is limited to only collecting real-time location data, not content or other types of metadata, which would include records of keyboard usage. It is not entirely clear if the proposed textalyzer device would be considered in the same class of device as a cell-site simulator, but the state law’s wording is broad enough that it may well extend its regulations to forensic analysis tools of this kind.

You can find the full story from the Chicago Sun-Times here

Jonathan Terrasi has been a Research Assistant with the Chicago Committee to Defend the Bill of Rights since January 2017. His interests include computer security, encryption, history, and philosophy. In his writing, he regularly covers topics on current affairs and political developments, as well as technical analyses and guides on security issues, published on his blog, Cymatic Scanning, and Linux Insider.