As a private investigator based in Springfield, Missouri, Derrick Marshall spends a lot of time listening to the police scanner app on his phone. In February, while working an unrelated case, Marshall listened as a Springfield police officer called into dispatch to report a suspect who lacked official ID.
Over the police scanner, Marshall heard the officer rattle off a string of nine digits. It was the suspect's social security number.
That breach wasn't the only time police have broadcast such personal information for all to hear. Over the next few months, Marshall's research found at least ten instances where social security numbers were broadcast, along with other critical personal information.
"They're giving their name, their date of birth, their address, everything. And I’m like, 'This is crazy,'" says Marshall, who shared several recent police scanner recordings with Riverfront Times
that featured Springfield officers reporting social security numbers and other identifying information.
Although the private investigator has listened to uncountable hours of police radio dispatches, it wasn't until the February incident that he realized police were playing a dangerous game with people's personal information. An identity thief, Marshall suggests, could easily skim the numbers while listening to the police scanner or even access recordings of previous dispatches stored in online databases.
Now, Marshall is putting three different agencies on blast for the problematic practice: the Greene County Sheriff’s Office, the Springfield Police Department and the Springfield-Greene County 911 Emergency Communications center.
In a complaint
dated June 16, Marshall and civil rights attorney Stephen Wyse accused the three law enforcement agencies of violating state
The complaint demands that the agencies halt the practice of transmitting personal information over unsecured frequencies and issue a "public reprimand for senior personnel in each of the above agencies for failing to train and/or supervise their subordinate personnel in complying with their legal duty to protect individual private information from wrongful disclosure."
Springfield officials, however, defend the practice. In an email, Springfield spokeswoman Cora Scott said that the city's legal department is currently working on a "thorough legal review" of the matter, "but upon an initial review, we have no indication that we operating outside of the law."
"Springfield Police officers, in the course of their daily interactions, do not use social security numbers unless there’s no other identifier available. It’s important they have the capability to confirm the person’s identity through emergency dispatch via their radios for safety reasons. The safety of the public is our top priority. 911 Emergency Communications and Springfield Police work together to ensure that public safety."
Police departments around the county
, however, are acting to encrypt their dispatches — not only to ensure citizens' privacy, but also to protect officers from possible ambush or attack. That tactic, however, has ramifications of its own: Encryption conceals the chatter on police scanners from public scrutiny, removing a longstanding tool used by public and media to keep police departments accountable.
In response to questions from RFT
, a spokeswoman for the St. Louis Metropolitan Police Department said that its officers' radios are encrypted. Similarly, a a spokesman for the St. Louis County Police Department said that its police radios have been encrypted since October 2016.
Marshall's complaint suggests Springfield could face big ramifications for its broadcasts.
"The fact that potentially millions of people could be listening to these communications at any given time, means every time a social security number and/or other information is leaked, each party who overhears the transmission would constitute a violation of the Driver's Privacy Protection Act, and the related state statutes," his letter of complaint notes. "Although this complaint contains ten recorded violations of the DPPA, the number of times the law was violated would depend on how many people were listening at the time of the transmission."
Follow Danny Wicentowski on Twitter at @D_Towski. E-mail the author at [email protected]