23 October 2021

How Police Can Crack Locked Phones—and Extract Information


SMARTPHONE SECURITY MEASURES have grown increasingly sophisticated in recent years, evolving from passcodes to thumbprints to face recognition and advanced encryption. A new report from the Washington, DC-based research nonprofit Upturn uncovers how police have maintained access to suspects’ phones even as these defenses grow more complex: by contracting with digital forensic firms that specialize in bypassing locks and accessing and copying encrypted data.

Law enforcement in all 50 states have contracted with vendors like Cellebrite and AccessData to access and copy data from locked phones, according to the report. While police have relied on the evidence uncovered from these phones to close high-profile cases, the authors of the Upturn report say the practice is largely secretive and risks an “unacceptable threat to Fourth Amendment protections” against overbroad searches.

Between 2015 and 2019, Upturn found almost 50,000 instances of police using mobile device forensic tools (MDFTs). The report’s authors argue the tools provide information about people’s lives far beyond the scope of any investigation, and few police departments limit how or when they can be used. The team sent public-record requests to state and local law enforcement agencies across the country and found that more than 2,000 agencies have at some point used an MDFT.

“The justification we often see is: People who sell drugs or use drugs [also] use phones,” says Logan Koepke, the report’s lead author. “But, of course, everyone uses phones.”

Police can ask someone to unlock their phone in connection with a case. This is called a “consent search.” Their success varies greatly by region. Upturn found that people consented to 53 percent of the more than 1,500 extractions conducted by the Harris County, Texas, Sheriff’s Office. In Atlanta, however, only about 10 percent of the nearly 1,000 extractions were done with the owner’s consent.

When the owner refuses to unlock the phone, police must seek a warrant. In 2016, Apple objected to an FBI request to grant investigators access to a locked iPhone 5C belonging to one of the shooters believed to have killed 16 people in San Bernardino, California. The FBI turned to an outside firm, which helped law enforcement bypass the lock.

For its report, Upturn reviewed hundreds of search warrants requesting the use of MDFTs for offenses large and small, from suspected murder to shoplifting. The authors say police often provided only a tenuous justification for wanting to unlock a phone. Further, the warrants typically are not limited to the specific information that led police to the phone. Instead, the warrants, and the MDFTs, allow for police to use anything on the phone against a suspect.

In 2017, police in Coon Rapids, Minnesota, about 30 minutes from Minneapolis, responded to a report of two juveniles fighting over $70 in a McDonald’s. In the search warrant obtained by Upturn, an officer said the data would determine whether the texts “possibly include discussions of the $70.” Police arrived, arrested both juveniles, and eventually obtained full copies of their phones, including their call logs, the contents of texts and emails, internet search history, and GPS data.

The Upturn report doesn’t detail whether the extracted data leads to additional charges. But, the team found that data extracted from phones is rarely deleted. Policies in New Mexico, Utah, and California require deleting data not immediately pertinent to an investigation, but the overwhelming majority of states do not. It’s legal for police in other states to retain data extracted from a phone, even if the owner is never convicted of a crime.

“What we've heard from some [defense lawyers] is that an arrest might be made in order to get access to the phone, such that they can then potentially charge higher offenses or more serious offenses,” Koepke says.

Koepke says police in these cases say they’re acting under what he considers an improper interpretation of the “plain view exception.” That allows police searching for evidence of one crime to recover evidence of other crimes that is “in plain view” during their investigation. Imagine police looking through a car for stolen credit cards, then finding cocaine.

But MDFTs are so powerful that Koepke says they can give police wide access to a person’s private data. As Upturn’s report finds, these types of warrants lead law enforcement to investigate not just specific crimes, but the lives of the people under surveillance.

“In the digital realm, the very concept of what is or is not in plain view is completely unmoored, largely because mobile device forensic tools allow you to sort data how you want,” he says.

While Upturn found nearly 50,000 cases where 44 police departments had extracted data from phones, Koepke thinks the true total is much higher. Some of the nation’s largest police departments fought the group’s records requests. The New York, Baltimore, DC, and Boston police departments refused to provide details on whether they use the tools. Koepke says litigation to access these records is ongoing.

No comments: