Surveilling the State: Drone Hunting
Using open purchasing records to track down "public safety" surveillance gear.
I was recently involved in a case that required tracking down various pieces of software deployed around a foreign country and then figuring out who bought them. Seemingly tedious work to some is like catnip to yours truly:
Relentlessly searching government procurement records,
Cross-referencing public records requests,
Matching against technical indicatorrs
*inhales deeply* - gawd - I fucking love it.
Throw in some farmer-forensics and mobile application analysis for good measure, and the dopamine needle redlined early for me on this project, that’s for certain.
However, I couldn’t help but find my mind continually drifting towards other clients - in different locales - and some of the software applications and surveillance hardware used by various police agencies in those cases. I kept thinking about a recent case where a drone was deployed, and whose footage I was never able to view, sadly.
So join me today, friends, as we take a brief trip through surveillance history and try to answer the questions:
How do public safety agencies use things like body-worn cameras, drones and hacking tools?1
And who pays for them?
Stroke Sniffers
The ways and means that various public safety and law enforcement agencies can utilize technology to intercept, record or otherwise surveil citizens, suspects and survivors are seemingly endless. I should know, I used to build lawful intercept tools and train people on their use.
After breaking into a system, one of my old-school hacker favourites was deploying a keylogger on a victim’s system. A keylogger is software (but can also be a physical hardware device) that can intercept and record the keystrokes on a keyboard as they are typed. Then, the wily hacker can start seeing your passwords, conversations and all the rest - often in real time.
It’s truly good fun. When you have lawful authorization to do so, of course.
The FBI themselves had a good time with it in fact, well over 20 years ago - 1999 to be precise. Back when Believe by Cher was the number #1 song of the year, Bill Clinton was impeached, and yours truly was likely singing Chumbawumba around a campfire - three sheets to the wind in the Saskatchewan prairie.
Google Scholar2 tells me that this case is US v. Scarfo3, and apparently, it’s been cited a few hundred times, which must mean it’s like legally cool man.
The case is interesting, and one paragraph in the opinion sums it up best:
The Court shall briefly recite the facts and procedural history of the case. Acting pursuant to federal search warrants, the F.B.I. on January 15, 1999, entered Scarfo and Paolercio's business office, Merchant Services of Essex County, to search for evidence of an illegal gambling and loansharking operation. During their search of Merchant Services, the F.B.I. came across a personal computer and attempted to access its various files. They were unable to gain entry to an encrypted file named "Factors."
Oh dear, our old nemesis: encryption. Of course, one way of circumventing an encrypted file that is protected by a passphrase is to record the keystrokes of the passphrase, unlock the file yourself and voila! You’re in! This is precisely what the FBI did, and then there were (rightfully) challenges and questions around what was lawful and what was not. This is normal stuff, with courts tackling new techniques and technologies with laws that might be too archaic to address.
Things have changed since 1999 when the methods and means of interception and surveillance still just sparked in the government’s eye. It didn’t take long for various police agencies to extend their toolkit beyond keyloggers however and thankfully there’s been a dataset developed to assist us as researchers to track those tools down.
United States: Atlas of Surveillance
The Electronic Frontier Foundation developed a unique project called the Atlas of Surveillance. This free, open dataset allows you to search regionally and by technology to see what types of technology your local public safety organization employs. Often with surprising results.
Using the map or a location search from the main page, you can quickly see what technologies may be used in your local community or geographic area where your investigation is focused. Zooming in on Derby, Kansas - a small city south of Wichita - we can see an entry for body-worn cameras, links to city meeting documents and other materials related to these purchases.
For example, we can see that the Sedgwick County Sheriff’s Department has two Chinese-made DJI drones (the Wichita Police Department has one of their own). By clicking on the DJI link in the search result, we are able to see a large list of law enforcement and public safety agencies in the United States that have employed Chinese drones.
Drones are interesting to contemplate as a public safety tool and, like so many other public safety tools, are often considered dual-use. On the one hand, it is safer and easier to use in some crisis and emergency situations, but on the other hand, drones are a well-lubricated way for unlawful surveillance and potentially a form of warrantless search4.
Even more interesting is that the titans of this tech - Chinese drone maker DJI - are facing withering scrutiny as a national security threat, which could create some interesting ripples both economically and from a public safety perspective.
Let’s explore this issue as part of our larger goal of tracing drone payments and usage.
Side Quest: Tracing the Impact of Drone Legislation
On September 9th, 20245, the United States House of Representatives passed the Countering CCP Drones Act, another step towards taking significant and limiting steps towards the large Chinese drone manufacturer that many fear are a threat to national security.
The summary is pretty, let’s say, strongly worded even in beareaucratese6:
This bill requires the inclusion of telecommunications and video surveillance equipment or services produced or provided by Shenzhen Da-Jiang Innovations Sciences and Technologies Company Limited (a Chinese drone maker commonly known as DJI Technologies) on a list of communications equipment or services determined by the Federal Communications Commission (FCC) to pose an unacceptable risk to U.S. national security. Current law prohibits the use of federal funding available through specified FCC programs for purchasing or maintaining listed equipment or services.
H.R.2864 - Countering CCP Drones Act
I have no dog in this digital dogfight but I was definitely interested to see just how widespread the impact of such legislation could be. When looking at the list of FCC7 ‘covered’ companies, it’s not super glamorous: Huawei Technologies Company (China), AO Kaspersky Lab (Russia) and China Unicom (Americas) Operations Limited to name a few.
Finding the Drones
In order to see just how much cash was sloshing around to DJI from American taxpayers and public safety agencies, I turned to one of my favourite tools: open checkbooks. Open checkbooks are quite literally an online spreadsheet of invoices, tenders, payments and yes, sometimes checks - that show the flows of money out from a local government.
What this allows you to do, as a private citizen, is go and find out just how much money your local government has spent with a particular vendor - like a drone manufacturer. It can also help you craft public records requests for the devices you know have been procured and any of the images, audio or video they may have taken when they were employed.
Never know what you'll get back. *wink*
In order to sharpen your skills at this, I recommend first choosing large, metropolitan locations like Chicago (Cook County, Illinois8) or New York City - for two reasons:
Odds will be better if a large metropolitan area purchases the technology you are interested in. This allows you to build an initial set of techniques and search tactics you can apply elsewhere.
These two locales, in particular, have excellent online checkbooks with a variety of search, filter and visualization tools.
I started with Cook County, Illinois, for shits and giggles and - more importantly - because I had one of my favourite blues-themed trips of my life there in 20169. However, the first challenge I had was actually finding records that I could tie between the Atlas of Surveillance and the underlying financial data.
I couldn’t find the damn drones!
Searches for "DJI", and "Da-Jiang Innovations" were turning up nothing, and as usual, I was starting to feel like I didn't know how to investigate anything - let alone this particular money trail. So, more out of frustration than investigative prowess, I searched for "drone", and lo and behold, I got some results back.
Interestingly, while there are no DJI-related terms, most of the spending seems to be from a company called DRONE NERDS INC.
Heading over to Checkbook NYC, the equivalent system in New York City, New York, we can see a similar pattern of DRONE NERDS INC receiving payments, along with various drone training contracts being awarded to other vendors.
What is useful with Checkbook NYC is the ability to filter based on vendor and then drill down into the contracts themselves - sometimes with line items - that have been awarded. In this case, we can see that DRONE NERDS INC received a COVID-19-related contract for $57.97K in April 2020. We know they are also selling drones in Cook County.
This is all pretty typical for all kinds of software and hardware that rely on distributor networks to sell them into local markets and manage and train customers. They are often called a “value-added reseller” - or VAR. So, we may not be able to find DJI-related terms directly, but it definitely looks like there is a large vendor servicing two distinctly different counties.
Wanna guess what DRONE NERDS INC is known for?
So, if you want to trace the financial and law enforcement impacts of the potential upcoming DJI drone ban that may take effect in 2025 - you have to follow the money through Drone Nerds Inc. first.
If you want to figure out whether your local law enforcement agencies are using DJI drones, you should also look for them.
Now, why not try your local city?
If you don’t live in the USA - what can you do to get answers?
And more importantly, how can I get my grubby little paws on the footage using public records requests.
If you’re new to the wonders of Google Scholar, I encourage you to check out
’s previous piece: A Free OSINT Lesson: “Google Scholar,” the OSINTers Dream That No One Uses.For the fancy law people when I click that neat “Cite” button it says to tell you this: US v. Scarfo, 180 F. Supp. 2d 572 (D.N.Y. 2001). (link)
“Why the Minneapolis Police Department wants drones to help police the streets”. Mohamed Ibrahim. MinnPost. September 12, 2022. (link)
“House Passes Countering CCP Drones Act: Now What?”. Miriam McNabb, Drone Life. September 10, 2024. (link)
Not a real language.