On June 26, 2017, the lifeless body of Ronald French, a bearded auto mechanic with once-twinkling eyes, was mysteriously found in a cornfield in Kalamazoo County, Michigan.
French, a grandfather of eight who always tried to help people “down on their luck,” his daughter Ronda Hamilton told NBC affiliate WOOD of Kalamazoo, had disappeared three weeks before. According to the police report, a cord had been wrapped around his neck, his face and his feet. He had been dragged behind a vehicle so forcefully that he had abrasions along his back, and his skull had been partly flattened. The medical examiner attributed French’s death to “homicidal violence.” But then his grieving family heard nothing about arrests.
For more than two years, Kalamazoo County sheriff’s detectives investigated French’s murder without making any arrests. Then, according to police records obtained by NBC News, one of the detectives learned of an emerging field — digital vehicle forensics — which focuses on extracting the treasure trove of data stored in an automobile’s onboard computers.
They returned to French’s 2016 black Chevy Silverado pickup truck, which had been stolen around the time he vanished, and discovered time-stamped recordings of someone else’s voice using the hands-free system to play Eminem on the radio at the time of French’s murder.
The voice, according to the police report obtained by NBC News, belonged to Joshua Wessel, now 32, who used to tinker on cars and motorcycles with French. Wessel’s voice was identified by relatives, including his wife, key evidence that allowed investigators to reconstruct his movements and the final hours of French’s life, the police report says. In July, Wessel was arrested and charged with French’s murder. He has pleaded not guilty and is awaiting trial subject to psychiatric assessment.
In recent years, investigators have realized that automobiles — particularly newer models — can be treasure troves of digital evidence. Their onboard computers generate and store data that can be used to reconstruct where a vehicle has been and what its passengers were doing. They reveal everything from location, speed and acceleration to when doors were opened and closed, whether texts and calls were made while the cellphone was plugged into the infotainment system, as well as voice commands and web histories.
But that boon for forensic investigators creates fear for privacy activists, who warn that the lack of information security baked into vehicles’ computers poses a risk to consumers and who call for safeguards to be put in place.
“I hear a lot of analogies of cars being smartphones on wheels. But that’s vastly reductive,” said Andrea Amico, founder of Privacy4Cars, which makes a free app that helps people delete their data from automobiles and makes its money by offering the service to rental companies and dealerships. “If you think about the amount of sensors in a car, the smartphone is a toy. A car has GPS, an accelerometer, a camera. A car will know how much you weigh. Most people don’t realize this is happening.”
Law enforcement agencies have been focusing their investigative efforts on two main information sources: the telematics system — which is like the “black box” — and the infotainment system. The telematics system stores a vehicle’s turn-by-turn navigation, speed, acceleration and deceleration information, as well as more granular clues, such as when and where the lights were switched on, the doors were opened, seat belts were put on and airbags were deployed.
The infotainment system records recent destinations, call logs, contact lists, text messages, emails, pictures, videos, web histories, voice commands and social media feeds. It can also keep track of the phones that have been connected to the vehicle via USB cable or Bluetooth, as well as all the apps installed on the device.
Together, the data allows investigators to reconstruct a vehicle’s journey and paint a picture of driver and passenger behavior. In a criminal case, the sequence of doors opening and seat belts being inserted could help show that a suspect had an accomplice.
“I’m sure everyone is aware of how much forensic data is on the phone,” said Lam Nguyen, director of the Defense Cyber Crime Center, a federal forensic laboratory and training center. “What people don’t realize is a lot of that is being transmitted to a car just because you register the phone with the car.”
But compared with the security on smartphones, the security on the systems is much flimsier, digital forensic and privacy experts say. Drivers typically don’t have to unlock a vehicle’s infotainment system with a passcode or a fingerprint, as they do with smartphones. That means that, with a warrant, law enforcement officials can sometimes extract incriminating text messages, calls or files from an automobile far more easily than they could from a suspect’s cellphone.
“If you’ve committed some heinous crime and we can’t get into your phone, we can get peripheral data that has been synced to your car,” Nguyen said. “The contact list, calls made, text messages. In almost any criminal investigation, communication with the victim or co-conspirators is hugely important. Taking that with the telematics you get — how many people were in the car, how many doors opened — and it all paints a strong picture.”
More law enforcement agencies nationwide are using the data to solve cases, and they are devoting more and more resources to this new type of crime solving, law enforcement officers and digital forensic examiners say. That’s partly because the main toolkit law enforcement officers and forensic examiners use has drastically expanded its offerings. Berla Corp., a Maryland-based technology company, launched a tool in 2013 with the ability to access 80 car models. Now, the company says, the number is more than 14,000, including vehicles from General Motors, Ford, Volkswagen, BMW and Mercedes-Benz.
“It helps convict people, and it can help prove they are innocent,” Berla founder Ben LeMere said. “Children’s bodies have been found. Families have had closure.”
Chris Prevette, a detective sergeant with the Michigan State Police Computer Crimes Unit, responsible for the forensic extraction of data from vehicles in the state, was the first person in the agency to start extracting data from automobiles as part of criminal investigations five years ago. Today, four offices across the state do it routinely for “smaller, everyday felonies,” he said, “sometimes two to three times a week.”
Prevette used the technology in an October 2018 case in Norton Shores, Michigan, where police pulled data from a car that had been stolen and later abandoned during a traffic stop. They recovered a log of the journey it had taken the night it was stolen, including two stops it had made at an RV dealership more than 20 miles away in Coopersville County. The data trail showed precisely when the car had parked and the driver’s door opened and closed. The dealership had closed-circuit video of a former employee, David Asher, 55, a handyman who did maintenance work on trailers and RVs, stealing money from the business at the same time.
Without data pulled from the car, police wouldn’t have connected the theft of the car to the burglary of the business, nor would they have pinned their suspect. Asher pleaded guilty to larceny, home invasion and an assault on a police officer during his arrest. He’s serving a minimum two-year sentence in Carson City Correctional Facility.
“We knew he was a suspect, but we didn’t have any hard evidence in the vehicle. It was really how we were able to put him in the vehicle and show how he stole it,” said Ryan Pieske, the detective on the case. “I wasn’t surprised to see the GPS information. But to see things like when the vehicle shifts, when the doors are open, phones connecting, text messages — there was so much more than I expected there to be.”
The growing use of automobile information by law enforcement agencies also has increased because most people don’t realize how much information their vehicles are tracking and that they can try to stop it.
LeMere and other representatives from Berla frequently refer to the relative lack of public awareness about and lack of security in vehicle infotainment systems in presentations to law enforcement, videos of which have been seen by NBC News. LeMere was reluctant to answer questions over the phone.
“People rent cars and go do things with them and don’t even think about the places they are going and what the car records,” LeMere said in a June interview for a podcast made by Cellebrite, a company that makes tools to help law enforcement agencies extract data from locked mobile phones. “Most of them aren’t doing anything wrong, but it’s pretty funny to see the hookers and blow request text messages and answers.”
As automobiles become more automated, with self-parking and other “smart” features, they need more sophisticated sensors and computers, which means autos of the future will collect even more data, digital forensic and privacy experts say. Several technology companies and automakers, such as Volvo and Bosch, have developed driver-facing cameras to detect whether the driver is paying attention to the road. While the features are designed for safety, they could also be a rich source of potential evidence: video from inside the car.
“We are moving in a direction where more sensors and cameras will be required inside the car for driver or occupant monitoring and on the outside for automated vehicles,” said Chelsey Colbert, policy counsel at the Future of Privacy Forum, a data privacy think tank. “Car manufacturers need to focus on privacy by design.”
Just as the trove of data can be helpful for solving crimes, it can also be used to commit them, Amico said. He pointed to a case in Australia, where a man stalked his ex-girlfriend using an app that connected to her high-tech Land Rover and sent him live information about her movements. The app also allowed him to remotely start and stop her vehicle and open and close the windows.
“These crimes have made me feel unsafe,” the victim told the court, according to ABC News Australia, which named neither the victim nor the accused. “Made me fear the technology I once embraced and left me with a deep distrust of the cybersecurity protections and laws currently in place, now I know they can be exploited.”
No federal laws regulate what automakers can collect or do with the vast majority of our driving data. The Driver Privacy Act of 2015 regulates a vehicle’s event data recorder, a computer that stores a snapshot of information from immediately before, during and after a crash. However, privacy activists are calling for protections to extend to data collected by many of the other computers in an automobile, including the infotainment system.
In 2016, the Federal Trade Commission warned about the privacy risks associated with rental cars’ infotainment systems and said that unless user data is deleted, it will be “accessible by third parties including future renters, rental car employees, or even hackers.”
In May, a hacker known as GreenTheOnly showed how he could access personal details and passwords from buying used infotainment computers for Tesla cars on eBay.
He told the electric vehicle blog InsideEVs that each of the modules he bought had “owner’s home and work location, all saved Wi-Fi passwords, calendar entries from the phone, call lists and address books from paired phones, Netflix and other stored session cookies.”
Fraudsters can use those kinds of data for identity theft, Amico said. He has been calling on automakers and leasing and rental companies to provide tools and services to routinely wipe a driver’s information when a vehicle changes hands — similar to how data is wiped from recycled phones and laptops.
His company, Privacy4Cars, recently sent mystery shoppers to test-drive used cars at 72 dealerships. While they were in the vehicles, they checked the infotainment systems to see whether there was any remnant personal information from previous owners. Eighty-eight percent of the shoppers found personal data left on the vehicles, such as home addresses or phone numbers.
“One of the most common crimes in the United States is identity theft. But even without that, would you be comfortable knowing that your home address, text messages, contacts and call history are all in someone else’s hands?” he asked.
Prevette agreed, and he has changed his habits to protect himself. “I don’t sync my device to a rental car. I don’t want all my contacts and phone numbers floating around out there,” he said, although he noted that it required some technical skill to extract all of the data. “There’s a little bit of comfort knowing that.”
In the meantime, Ronald French’s family has found that the data has brought them some consolation while the man accused of his murder sits in jail, Hamilton, his daughter, told local news station WMMT. “We’re just happy and relieved,” she said. “There were a lot of tears and cheers once we found out.”
CORRECTION: (Jan. 13, 2021, 8:13p.m. ET) A previous version of this article misstated the agency Lam Nguyen leads. He is director of the Cyber Forensics Laboratory, an agency within the Department of Defense Cyber Crime Center. He is not the director of the center itself.