Police Can Get More From Your Phone Than You May Believe
by Michael Dean Thompson
Few of us would not feel violated to learn that our spouse or partner has been digging through our phone. Imagine if they were to use that data to analyze where we’ve been and who we’ve been near, and then, they were to gain access to our cloud services to examine long forgotten backups, images, and documents. Insatiably, they move on to access our social media accounts and peek into every post we and our friends have made. Most people would shudder in horror at such an intrusive sifting of our lives, even if we believed we had nothing to hide.
Emma Well, policy analyst at the technology research and advocacy organization Upturn, asserts, “At no point in human history have we collected and stored so much information about our lives in one place.”
The New York State Police, along with thousands of other agencies in the U.S., wants to dig through your digital devices in just such a nightmarish manner described above. New York’s Gov. Kathy Hochul has announced a $20 million expansion on top of the tens of millions already quietly eased into 2022’s budget. Five-point-three million dollars of that set aside to modernize investigations by “linking digital devices to crimes.” Experts assumed that was a reference to a technology toolset known collectively as Mobile Device Forensic Tools (“MDFT”). One such MDFT comes from the Israeli company Cellebrite, whose product is capable of breaking into phones many have been led to believe are highly secure.
From a technology perspective, some of the tools available from Cellebrite are impressive. The tools include software and devices with the ability to automatically crack highly secure phones, devices, and SIM cards without the need to send them to Cellebrite for processing. Once cracked, the software can access search and web histories as well as spoof the user’s identity to download social media, email, and cloud services.
Information from a single cracked phone can be analyzed and cross-referenced with information drawn from other cracked phones. They have artificial intelligence to analyze images for content, including identifying faces, tattoos, drugs, weapons, and more. Other tools can then rifle through the collective data and create new leads without human assistance. Yet another AI aggregates the data and builds court-ready documents.
Like most states, New York’s search warrant statute was written long before we collectively digitized our lives and focused their access into small mobile devices. That single point-of-failure creates a significant problem with consent searches, which may not truly be consensual when you consider that most people simply are not aware of how invasive an MDFT can be during a consent search.
Weil of Upturn describes the use of MDFTs as “an escalator” because it lifts the probe far beyond the original investigation. A Wisconsin suspect in a hit-and-run case told investigators they could search his text messages and signed a general consent. The MDFT the investigators used in the search pulled across, and stored, all of his phone’s data. That data was later shared with another police department for a separate investigation without warrant or consent.
This is not analogous to investigators serving a warrant for one crime within a home and happening on evidence of another crime. The use of an MDFT is more like investigators being given consent to search a home then using that consent to make copies of that home’s contents – down to the molecule – and sharing it with any interested parties. It is far beyond the scope of anything possible 50 years ago.
There is no consistency, either, when it comes to the various law enforcement agencies, MDFTs, and how the data is acquired and used. Almost half of the 81 agencies Upturn studied admitted to having no policies concerning MDFT searches. Upturn used the phrase “remarkably vague” to describe the policies of most of the rest.
Unfortunately, the courts are in no position to provide leadership on solutions as they can only address the problems in front of them. By the time a given problem can be rectified with a solution, the technologies have already evolved. Jerome Greco, the supervising attorney at the Legal Aid Society’s digital forensics unit, noted, “Technology moves so much faster than anything in law or politics.”
As in the Wisconsin case, neither are there clear delineations regarding with whom the pilfered data can be shared or how it might be used. Emma Well summed it up the current uncharted territory, “This is unprecedented law enforcement power.”
Sources: The State Police Want to Crack Your Phone, http:/nysfocus.com/2022/11/23/new-york-state-police-phone-surveillance-cellebrite
