A recent report lists 50,000 cases where law enforcement turned to third-party firms to bypass encryption on a smartphone.
The security measures that our smartphones are equipped with have become increasingly sophisticated in recent years, from passwords to fingerprints, facial recognition and additional encryption. A new report from US research non-profit organization Upturn reveals how police accessed suspects’ phones despite all of the above protections. By entering into contracts with digital forensics companies that specialize in bypassing blocking, law enforcement agencies received access to terabytes of encrypted data.
According to the report, law enforcement agencies in all 50 US states have contracts with vendors such as Cellebrite and AccessData to access and copy data from locked phones. The police then used the evidence obtained from these phones to close high-profile cases. The authors of the Upturn report say the practice is largely secret and risks creating an "unacceptable threat to the protection of the Fourth Amendment" from excessive searches.
Between 2015 and 2019, Upturn found almost 50,000 cases where police used mobile device forensic tools (MDFT ). The authors of the report argue that the tools provide information about people’s lives far beyond the scope of any investigation, and few police departments restrict how and when they can be used. The team sent requests for public records to state and local law enforcement agencies across the country and found that more than 2,000 agencies were using MDFT at some point in their operations.
“We often see the excuse that people who sell drugs or use drugs [also] use phones," says Logan Koepke, lead author of the report. “But of course everyone uses phones.”
The police may ask someone to voluntarily unlock the phone for investigation purposes. This is called "consent seeking". Their success is highly dependent on the region. Apturn found that people in Texas agreed to it 53 percent of the time, but that figure was about 10 percent.
When the owner refuses to unlock the phone, the police must ask for a warrant. In 2016, Apple objected to an FBI request to give investigators access to a locked iPhone 5C belonging to one of the shooters believed to have killed 16 people in San Bernardino, California. The FBI turned to a third-party firm that helped bypass the lockdown.
In its report, Upturn reviewed hundreds of search warrants requiring the use of MDFT for major and petty crimes, from suspicion of murder to shoplifting. The authors say the police often provided only a weak excuse for wanting to unlock the phone. Also, warrants are usually not limited to the specific information that led the police to the phone. Instead, the warrants and MDFT allow the police to use anything found on the phone against a suspect.
In 2017, police in Coon Rapids, Minnesota, about 30 minutes from Minneapolis, responded to reports of two minors fighting over $70 outside a McDonald’s restaurant. In the search warrant, the officer said the data would determine "whether or not the texts contain references to the $70." The police arrived, arrested both juveniles, and eventually obtained full copies of their phones, including call logs, text and email content, web search history, and GPS data.
The Upturn report does not indicate whether the extracted data leads to additional charges. But the team found that data extracted from phones is rarely deleted. Policies in New Mexico, Utah, and California require the deletion of data not directly relevant to an investigation, but the vast majority of states do not. It is legal for police in other states to keep data received from a phone, even if the owner has never been convicted of a crime.
“What we have heard from some [lawyers] is that an arrest may be made in order to gain access to the phone, so that they could potentially be charged with more serious crimes,” says the author of the report.
He also states that the police in these cases say they are acting on what he considers to be a misinterpretation of the "doctrine of mere sight". This allows the police to look for evidence of one crime and find evidence of other crimes that are "in plain sight" during an investigation. Imagine that the police are looking for stolen credit cards in a car and then they find cocaine.
But MDFTs are so powerful that Koepke says they can give police broad access to a person’s personal data. These types of warrants encourage law enforcement to investigate not only specific crimes, but the lives of people under surveillance, Apturn’s report says.
“In the digital realm, the very concept of what is and what is not is completely out of control, mainly because mobile forensics tools allow you to sort data the way you want,” he says.
While Upturn found almost 50,000 instances of 44 police departments extracting data from phones, the researcher believes the real number is much higher. Some of the largest police departments in the country opposed the group’s requests. The New York, Baltimore, D.C., and Boston police departments declined to provide details on whether they use these tools. Koepke says the lawsuit over access to these recordings is ongoing.