A little-known policing app credited with helping more than 60 law enforcement departments conduct multi-agency raids may have leaked confidential data about those raids, suspects not yet convicted of crimes, and, in some cases, the very officers involved in the operations, to the open internet.
The leaks, according to a Wednesday Wired report, involve an app called SweepWizard developed by ODIN Intelligence. SweepWizard may have leaked personally identifying information on hundreds of officers and thousands of suspects. Those details include the time of raids, geographic coordinates of suspects’ homes, individuals’ demographic information, and, in some cases, suspects’ Social Security numbers. When combined, the report notes, those and other details could potentially be used to tip off suspects to a potential raid. Gizmodo could not independently verify Wired’s findings.
In total, the report claims SweepWizard may have exposed the locations and names of 5,770 suspects. Social Security numbers were reportedly included for around 1,000 of those suspects. Names, phone numbers, and email addresses of hundreds of officers and details of around 200 operations, meanwhile, were also implicated. Wired reports that data on the app was available as far back as 2011 and as recently as December 2022 was available. All of that exposure was made possible due to a flaw in the app’s API that allowed any users with an exact URL to find supposedly confidential data on the app from a web browser, all without logging in.
ODIN Intelligence did not immediately respond to Gizmodo’s request for comment. Gizmodo was unable to access SweepWizard’s website and app from Apple’s App Store. The tool appears to have been pulled offline. ODIN Intelligence’s website claims it partners with an assortment of law enforcement collectives, including the National Sherriff’s Association, the International Association of Chiefs of Police, and the American Correctional Association, amongst others.
“ODIN Intelligence Inc. takes security very seriously.” ODIN Intelligence CEO, Erik McCauley said in a statement sent to Wired. “We have and are thoroughly investigating these claims. Thus far, we have been unable to reproduce the alleged security compromise to any ODIN system. In the event that any evidence of a compromise of ODIN or SweepWizard security has occurred, we will take appropriate action.”
Multiple law enforcement agencies determined to have previously used free trials of SweepWizard now say they are investigating their use of the app. The Los Angeles Police Department, which reportedly used the app last year in a massive sex offender operation dubbed, Operation Protect the Innocent, told Wired it has since suspended its use of SweepWizard pending the conclusion of an ongoing investigation.
The alleged SweepWizard exposure highlights the potential pitfalls of an increasingly common law enforcement practice: outsourcing policing efforts to small, private companies. From local police to the FBI and Department of Homeland Security, agencies have shown a willingness to collect location and other personal data for a price, a practice some privacy advocates describe as a “legal loophole.”