Messaging services like Signal offer end-to-end encryption to hide digital information and transactions from spying eyes, yet in several cases, this has not stopped federal investigators from decoding that data. The issue is not with viability of the encryption, however; DOJ screenshots of a suspect’s phone reveal that decoding was performed on an iPhone in “partial AFU.”
This refers to a device “after first unlock,” which means the phone is set in locked mode but has been unlocked during use and not shut off. In this state, the device still holds the encryption codes in its memory, which agents can then extract.
When the Feds manage to seize a device in partial AFU, forensic companies such as Grayshift and Cellebrite offer products that can retrieve evidence that the user believed was hidden. Again, the problem is not with the encryption but that its key can be pulled from the memory of an unlocked device.
Even phones that are fully locked and shut off may be vulnerable to determined snoops, and other options remain if they are unable to pry inside a device. A shocking amount of personal data have been retrieved from social media sites and other encrypted platforms, cloud backups, and third party data collectors. If investigators still came up empty-handed, they may be granted a warrant to force users into unlocking their devices or may cajole users into consenting to a search.
Encryption can protect personal information from other individuals if your phone is stolen or lost. But when it comes to Big Brother, it is best to assume that nothing in your devices is truly safe.
As a digital subscriber to Criminal Legal News, you can access full text and downloads for this and other premium content.
Already a subscriber? Login