Pixel Envy

Written by Nick Heer.

Internal Law Enforcement Bulletin Advises Use of iOS Shortcut to Record Police Encounter May Be Suspicious

Brian Krebs writing last month:

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals.

[…]

KrebsOnSecurity obtained an internal June 20 analysis by the National Fusion Center Association (NFCA), which confirmed the validity of the leaked data. The NFCA alert noted that the dates of the files in the leak actually span nearly 24 years — from August 1996 through June 19, 2020 — and that the documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files.

Jack Morse is one of many journalists and activists sharing the contents of leaked materials, and posted a screenshot of one bulletin on Twitter:

The Delaware Information and Analysis Center (DIAC) is providing the following information for situational awareness. A new Apple iPhone application called “Shortcuts” was introduced with the iOS 12 update. In this update, a new feature was added called “Police.”

No, it wasn’t. Robert Petersen created and shared one such shortcut. It was not created by Apple, it is not preinstalled, and saying the phrase “hey, Siri, I’m getting pulled over” won’t do anything unless the user has installed the shortcut — which is not a bad idea.

DIAC emphasizes that the above information describes constitutionally protected activities and may be insignificant on its own. However, when observed in combination with other behaviors, this activity may raise suspicion in a reasonable person and constitute a basis for reporting.

Workflow went from hackathon winner and power user utility to a mainstream law enforcement concern in just six years.