Without strong cybersecurity and privacy safeguards, growing collections of law enforcement data pose an “existential” threat, as adversaries exploit that information to compromise major investigations, the Center for Internet Security (CIS) and Multi-State Information Sharing and Analysis Center (MS-ISAC) warned in a new report.
As emerging technologies such as open-source tools, mobile devices, and generative artificial intelligence (GenAI) become more widespread, they are making it easier for foreign and domestic actors to exploit data collected through Ubiquitous Technical Surveillance (UTS), CIS and MS-ISAC said in their report shared with MeriTalk.
UTS refers to the vast collection of digital, physical, and financial data – from phone signals and social media to travel and banking records – that can connect people to specific places, events, and activities.
That data can be used to “identify, track, or threaten law enforcement officers [and] witnesses … to detect, avoid, or undermine law enforcement operations; or to identify, adapt to, and evade common law enforcement investigative strategies,” according to the report.
Criminal groups, state-sponsored hackers, and cartels have already exploited this type of data – using cell phone signals, hacked police databases, social media posts, and public surveillance cameras to track officers, identify informants, and leak sensitive information, according to the report, which drew on data from multiple federal agencies.
For example, in 2025, a Louisiana sheriff’s office was hit by a ransomware attack that allegedly exposed 842 gigabytes of data. In 2024, a Russia-based group compromised 77,000 police case files in Wichita, Kan., including records about witnesses and victims.
Cartels have used cell phone data to locate and harm law enforcement officials, while online databases have been exploited to find home addresses of targeted individuals before planned attacks, the report said.
Emerging tools such as GenAI and drones are further complicating security. The report noted that “GenAI has shifted how users access publicly available data and conduct research by providing answers to highly specific and targeted questions.”
Despite these vulnerabilities, there is still no authoritative national guidance for addressing the risks posed by UTS, the report said.
To help mitigate those risks, the report recommended that U.S. law enforcement “consider incorporating cybersecurity controls focused on mission-critical technologies, stringent mobile device policies, online rules of behavior for all personnel and CHSs (confidential human sources), and holistic counter-UTS programming.”
A working group of law enforcement agencies who helped with the report’s recommendations also urged agencies to use data encryption and multifactor authentication; disable Bluetooth, Wi–Fi, and location services; encrypt all radio communications; and train personnel and their families on safe online behavior and social media privacy.
The report further advised agencies to conduct regular vulnerability assessments, develop UTS-specific incident response plans, and provide recurring training for officers and confidential sources to strengthen awareness and resilience against digital surveillance threats.
“Today’s increasingly complex threat landscape is fueled by rapidly evolving commercial technologies, which fundamentally change how threat actors engage in malicious activities. In response, U.S. law enforcement must promptly update its policies and practices to protect critical investigations, ongoing operations, and law enforcement’s greatest asset – its personnel – from the UTS threat,” the report’s authors wrote.