When Your Freedom Depends on an App

When Your Freedom Depends on an App
Illustration: Jim Cooke (Gizmodo)
We may earn a commission from links on this page.

On the day Layla got out of prison and back to her home in Georgia, she was told she would need to purchase a smartphone—not an insignificant task for someone who’d just completed a sentence, but Layla was lucky to have a friend who could buy one for her. She says she was at home in bed a few days later when the app she had been mandated to install under the terms of her release went off unexpectedly, the high-pitched warning alarm blaring as it sent a notification to her parole officers telling him that she was not, in fact, at home.

Panicked, Layla took a picture of herself and sent him her location, trying to correct the app’s mistake. The process would repeat relentlessly, she says, waking her up every half hour during the night. “I’d wake up crying,” she says. Sometimes, when she tried to authenticate her location or check in the app would tell her it didn’t recognize her voice. “I’d feel so tired, and I thought if I didn’t answer, I was going to go back to prison.” Soon, she says, she was “begging my parole officer to put an ankle monitor on me.”

The app Layla was forced to download upon her release, Guardian, is part of the latest wave of surveillance technologies utilized by enforcement agencies to monitor the recently incarcerated or those awaiting trial. Launched in 2015, it’s marketed as a way for agencies to cut down costs and take advantage of the existing tracking technology in smartphones for more seamless and convenient parole. Based on the terms of their supervision, users are prompted to check in with their parole officers at certain intervals by reading a random series of numbers into the app. Guardian then analyzes that check-in using a combination of geolocation data and voice or facial recognition. The idea is to accurately track where parolees are at a given moment, and report the results to the case manager, who has the authority to decide whether they can remain out in the world.

According to federal spending records, at least 10 cities have contracts to use Guardian for “re-entry” services, and it has been downloaded up to 50,000 times, according to data from the app analytics firm App Figures. Telmate, which owns Guardian, advertises the app as a “technically advanced” GPS-based “solution for community corrections.” But Gizmodo spoke to parolees who have recently used the app who report devastating results. Like Layla, all asked to be identified by a pseudonym or remain anonymous, concerned that speaking to the press could impact the terms of the releases they were trying so hard to keep intact. They say the app is faulty to the point of being unusable, inaccurately reporting their locations, failing to recognize the biometric data it relies on, and asking them to check in so often it makes daily life nearly impossible.

These reports are corroborated by a review of the Android version of the app’s underlying architecture and conversations with security experts, who call the app’s code “sloppy” and “irresponsible” and its default privacy settings wildly invasive, asking for “excessive permissions” to access device data, among other issues. Though it’s unclear how often this function is used, if at all, Guardian also has the built-in potential to covertly record ambient audio from an app user’s phone. When Gizmodo brought these users’ experiences and the security expert’s findings to the company that owns Telemate, the Global Tel*Link Corporation, a spokesperson declined to comment on the record.

In any other circumstance, a janky app would be a nuisance; one that’s capable of ambiently collecting audio without a user’s knowledge would be an alarming potential to infringe user privacy. But in Guardian’s case, this “sloppy” code is governing people’s entire lives, dictating their options as they attempt the already difficult process of reintegrating after incarceration. The potential privacy violations carry darker implications. There are 4.5 million Americans currently on supervised release. As of 2017, an estimated 61,250 people were in prison for violating parole, in many cases for simple infractions like missing a scheduled meeting with an officer or failing to report a change of address. Technical violations like these are, by some counts, responsible for one in four admissions to state prisons. Recently, the first person to die of covid-19 at the prison on New York’s Rikers island was there for violating the terms of his parole.

Formerly incarcerated people who have used Guardian say they have had their attempts to live a normal life completely upended by technical problems and the app’s relentless, invasive design. Consequences allegedly range from a loss of employment to near-total lockdown to reincarceration: Last month, says a formerly incarcerated woman living in a Washington halfway house, Guardian was given to several of the residents, all of whom experienced issues with the app. She says one man went back to the detention center almost immediately after being released: “Either he didn’t hear the app” when it was asking him to check in, “or it didn’t go off,” she says. Fearing a similar scenario, she simply stayed home: “I’d be so scared that my phone would die that I wouldn’t leave my house.”

“Just getting out of prison and working and trying to get used to everything…and then having this app that’s going off constantly, it’s awful,” says Layla. “Guardian cost me my job,” says another person who had been incarcerated for more than a decade who used the app and remembers it asking him to check in more than 10 times an hour. “At night I couldn’t sleep, and then at work I’d have to pull my phone out all the time.” Half the time, he says, it wouldn’t accurately recognize his face or his voice.

“All I wanted was to reintegrate,” he says. “Why would they make it so hard?”

While the total number of Americans being surveilled by electronic monitoring devices after leaving prison is difficult to determine, one report from the Center for Media Justice estimates about 80,000 people are using technology as part of the terms of their release. Smartphones are an obvious progression from the ankle monitors that have traditionally, and with much attending controversy, been used to track the movements of parolees: Phones are stuffed with more surveillance capacity and are supposedly already in most peoples’ hands.

The further use of mobile applications in the criminal justice system seems inevitable, and a handful of companies have launched products in recent years, developing their own versions of ankle monitors that live in parolees’ phones. In 2018, Jay-Z launched a “community supervision” app called Promise, to develop individual “care plans” and monitor compliance. Touchpoint, another similarly situated mobile app, was announced by the electronic monitoring company SCRAM systems last year.

But the rise of smartphone technology developed to replace older forms of supervised release monitoring brings with it a new set of problems: Phones are deeply personal objects, full of sensitive private information, and the capacity for near-total surveillance is built right into the device. Digital literacy for recently incarcerated people who may have been in prison for decades, already a pressing issue for many parolees, could become a matter of whether they stay on supervised release or boomerang right back into jail. “These guys I know, they spend 43 years in prison, and then all of a sudden he’s asked to buy a smartphone—how’s he supposed to do that?” asks James Kilgore, a formerly incarcerated activist who runs the Challenging E-Carceration Project, an advocacy group out of the Center for Media Justice.

Even once a parolee has secured a device and paid to use Guardian—Layla says she paid $90 a month for the app—the success of such supposedly less invasive options for supervised release deeply depends on how well-intentioned or effectively built the technology actually is. Nearly all of the users Gizmodo spoke to described Guardian as wildly disruptive, perhaps more so than an ankle monitor, even considering that ankle monitor hardware might look less innocuous. According to multiple people, the application requests users check in dozens of times throughout the night, sounds alarms frantically at 2:00 AM, and falsely claims users are violating stay-at-home orders—to the effect of terrorizing them psychologically as much as putting them at risk for going back to jail. “It was awful and terrifying,” says the woman from the Seattle halfway house who used the app. “I’d wake up with this thing beeping and yelling, ‘Out of bounds! Out of bounds!’”

Some people Gizmodo spoke to, including Layla, mentioned the app had trouble recognizing their voices or faces on multiple occasions, an issue within face recognition functionality that has historically disproportionately affected people of color or those who are not gender conforming. And the check-in process Guardian uses is cumbersome even when it works as intended: A how-to video file bundled in the application demonstrates how a parolee should authenticate using facial recognition on the app. In the video, a confident-looking white man in a crew cut and polo shirt effortlessly rotates his head to follow the movement of a ball drawn on the screen. In another video posted on the company’s website, the man strolls down a sunlit street reading randomly generated numbers aloud into his phone. Even if the technology works, it’s not hard to imagine why going through these motions several times over the course of a day might make it harder to find and keep work.

“This all sounds fairly innocent, asking someone to read numbers into a phone,” says Kilgore, “but imagine you are an Uber driver, or you work in service, or in a warehouse, or you are asleep in your bed. There’s a whole range of situations where this breaks your spirit. It’s a constant reminder that you are in control of the state.” Kilgore is suspicious of apps like Guardian for more existential reasons, too. He believes smartphone surveillance tools like this are going to become more popular and will be used to collect data from vulnerable populations. “It’s part of this bigger picture, of grabbing data on the criminalized sector in order to keep tabs on them,” he said.

Mike Nellis, a former probation officer and an emeritus professor of criminal justice at the University of Strathclyde in Glasgow, has written about the use of mobile technology to keep track of former offenders. In a paper last year, he explored how smartphone monitoring of the formerly incarcerated could grow to become a kind of “coercive connectivity” that would infiltrate more deeply into offender’s everyday lives. The effectiveness of such technologies, he says, is as much how a country treats the incarcerated as an app’s design. But, he’s noticed, America’s penchant for “disruptive innovation,” as epitomized by Silicon Valley, means the country may cut corners in its quest to rapidly implement the newest and best.

“I have a sense that in the rush to market, American companies are much more careless about the quality of the equipment,” he told Gizmodo in an interview. And the app that’s been terrorizing parolees was built mostly by a third-party that brags on its website about taking the idea of a parole surveillance app “from the back of a napkin to an MVP in 60 days.”

In a response to several detailed questions, a representative from 10Pearls told Gizmodo, “Guardian is a GTL-managed product and 10Pearls has no knowledge of the issues referenced here. Note that geo-location data is provided by the device. 10Pearls assisted in creating the initial prototype in 60 days. The production app was/is a separate version. Nevertheless, we absolutely stand behind our work and contribution to this innovative project, helping reduce recidivism.”

Guardian owner Telmate is a subsidiary of the Global Tel*link Corporation, the conglomerate best known for an exploitative prison telecommunications system. But though Telmate is listed as the developer in various app stores, a company called 10Pearls, with offices in Washington, DC, and San Francisco as well as a team of engineers in Pakistan, appears to have created most of Guardian’s underlying code.

According to its website, 10Pearls is designing the IRS web portal and claims clients such as the AARP and National Geographic. It also claims to have had a relationship with the Department of Homeland Security since 2010, supplying the technology behind the collection, storage, and analysis of biometric data with the Office of Biometric Identity Management.

Gizmodo reviewed Guardian’s code with both Barracuda Networks and Lorenzo Hernandez, a security researcher at Netragard, a penetration testing company. Hernandez characterized the code as “sloppy” and “irresponsible.”

As we found in the review, Guardian checks in with Telmate’s servers every single minute, waking up a phone if it’s asleep and ignoring the operating system’s requests to optimize the battery. Given what Guardian is used for, the app predictably relies on the user granting it access to a number of potentially privacy-invasive sensors on their device, including wifi, Bluetooth, audio settings, and camera access. If a user’s device is jailbroken (a procedure that technically savvy users implement to unlock extra features for their devices), Guardian can potentially access the device’s “super user” account, granting it permission to read, modify, and possibly download all files on the device, including contact information, text messages, photos, videos, and media files.

Perhaps Hernandez’s biggest concern, however, is that the app seems to be capable of recording and storing audio from the device’s microphone without users necessarily knowing it. He says that there is “code for this functionality that’s bolted into the app” that could be triggered even when the phone is in standby or sleep mode—further fueling advocates’ concern about the potential for mass surveillance of recently incarcerated populations.

Almost every review of Guardian on the Google Play store is negative. “If you have this app you’re going to jail,” reads one, citing an inability to check in—the single service the app is supposed to provide for parolees. “Hate it,” reads another, “it goes off for nothing and it’s supposed to be GPS but can’t even detect the right location.” The sole glowing review was left by someone named Jonathan Kudla, who curiously shares a name with Telemate’s former patent attorney.

To Mike Nellis, the Glasgow professor, app-based data collection is a reflection of the punitive American carceral system and the tendency of its parole officers to view their jobs as closer to those of cops than of social workers. When all of this information can be potentially collected, he says, “it’s as if they want to see offenders be unguarded with their phones. It’s a very correctional way of thinking.” Instead of building up resources and providing a semblance of real support for individuals who are coming home from prison, the solution appears to be to offload the price and the labor of re-entry onto individuals, while potentially storing their information for later use.

Layla says being watched by the app felt like a trap. “No matter what I did, they wanted to put me back,” she says. Frustrated after months of Guardian going off for no apparent reason, she was tempted to stop responding to it. “I wanted my parole officer to show up at my house,” she says. “I wanted him to know I was home.”

Other Guardian users were more resigned to the jarring, beeping, misfiring technology they carried around in their pockets as the terms of their release. Asked whether she was concerned the app was collecting information from her or listening in on her calls, the woman in the halfway house in Washington said she’d thought about it. “But there’s nothing you can do,” she said. “If you don’t accept it, then you go back to prison. You’re considered their property. That’s how they see it.”

Update April 27, 2020: Updated to include on the record statement from 10pearls.