Judge Not Impressed With Government's Warrantless 921-Page 'Peek' Into A Suspect's Cellphone
from the also-discussed:-digital-forensic-tools-and-how-not-to-use-them dept
All the DHS wanted was a warrantless "peek" at the contents of a seized iPhone. The phone, one of three seized from a person suspected of drug trafficking, was examined by the DHS, with the warrant arriving a month later. Now, all of the evidence obtained from the phone is being tossed out.
In the order granting the suppression of evidence obtained from the phone, Judge Sterling Johnson points out that the government revised its story several times during oral testimony.
DHS Special Agent Thomas Wilburt worked with the CBP to detain the suspect, Adamou Djibo, at the JFK Airport. Djibo's iPhone was taken and examined by Wilburt, who couldn't seem to accurately recall the details of the examination.
First off, Wilburt made it clear that the DHS and CBP were searching for a particular kind of "contraband."
Wilburt defined the search as one for "contraband," and when asked by the Court to define contraband stated:The problem was, Djibo's money checked out. The declaration form was legitimate and the amount of currency he was carrying was found to be legal. (Yeah, let that last part sink in for a moment…)
If they're leaving with any weapons, any mostly it's money, I think, they're looking for. Drugs as well. Drugs, often they'll go to Bermuda. Drugs come in here and go to Bermuda, as opposed to Bermuda from here. This particular case, the main search was for money.
Wilburt then took an iPhone from Djibo and asked him to input his passcode. Or not. The opinion contains several quotes from Wilburt's testimony, many of them elusive or contradictory. The opposing counsel found it nearly impossible to get Wilburt to provide an accurate portrayal of the phone's search and seizure.
Wilburt first claimed he couldn't recall whether or not he had asked Djibo for his passcode. He then claimed he didn't know when the passcode was used to unlock the phone and access the contents.
Counsel: After they took his boarding pass and his passport, his password was put into his phone. Is that right?At a second hearing, Wilburt suddenly recalled when the passcode had been entered:
Wilburt: I don't know that his password was put into his phone then, no.
[...]
Counsel: You never saw his passcode get put into his phone?
Wilburt: I don't believe it was put into his phone then, no.
[...]
Wilburt: At some point, I put it into his phone. I don't know if I did it right then or I did it back at our office.
I believe it was after the exam was over and after he was arrested, we went back to our office, and then I proceeded to put that code into the phone.But he became less clear on the details of what the agents had viewed on the phone during their warrantless "peek." Wilburt testified that the phone was hooked up to a Cellebrite (a device for forensic phone examinations), where "another agent… obtained all the information off the phone that we were able to."
When the court pointed out that the warrant to search the phone didn't arrive until a month later, Agent Wilburt then claimed the Cellebrite didn't actually grab "all the information" the government wanted, despite saying it had only moments earlier.
We wanted to get more in depth in the phone. Cellebrite, as far as I know, gives you basic information.Wilburt vastly underplays the capabilities of this forensic device. It grabs address books, call logs, pictures, videos and text messages.
In this case, it returned incriminating information, well ahead of the warrant acquisition.
The Court: Were there any text messages or incriminating calls to the original defendant?Agent Wilburt, apparently attempting to legalize the illegal search of Djibo's phone, tried to redefine "contraband" -- something he originally claimed was "specifically currency" -- to cover what he had already discovered without the acquisition of a warrant. Wilburt now claimed the phone needed to be accessed to look for "evidence of currency or other crimes."
Wilburt: At a later point looking at that report, I believe there were text messages.
Pressed further, Wilburt admitted the phone had been seized and searched without a warrant, but the DHS had only used its forensic device to get a "peek" at the contents.
I believe after -- nothing was seized at the border search. After he was arrested, I believe they ran an initial Cellebrite report or an initial search on the phone, just a preliminary peek.(Hilariously, when the court asked Wilburt why he would seek a warrant when Djibo had already given him the passcode, he claimed it was to avoid "violating [Djibo's] rights.")
And what did that "peek" contain?
It was emails, text messages, undeleted content. So whatever was -- when you turn on your phone and you see your text messages and your emails, that's what they obtained with this initial peek.So, basically all the communications contained in the phone. The court asked for a copy of the "peek" and was informed a CD would be burned and sent out, as the "peek" contained "hundreds" of pages. Three weeks later, it arrived in the court's hands.
The CD contained 921 pages of materials, all of which this Court has reviewed, including hundreds of text messages, WhatsApp messages, photographs and emails. Many of the messages appear to be written in code. For example, there are text messages about orders for 600 cases of diapers and 1500 cases of wipes; "booking confirmations" to a "personal trainer" who provides various styles of "sessions;" and about stomach ailments that have to be operated on in Ghana.The government magnanimously agreed to "suppress the peek," while less magnanimously claiming it could have obtained the info anyway, even if it hadn't known the passcode.
Further questioning of DHS Special Agent David Bauer revealed the DHS could have taken a look at Djibo's phone without needing to know his passcode.
Bauer described a "fairly new" device called an IP-Box, which can be attached to an iPhone and systematically attempt every passcode from 0000 to 9999 without shutting down [the phone]... IP-Boxes came into the fray when Apple Inc. ("Apple") refused to assist the government with cell phone break-ins.[Here's an IP-Box in action.]
Even less magnanimously, the government disputed Djibo's attempts to suppress the evidence it had obtained with a warrant. Starting with the alleged Fifth Amendment violations, the court has this to say about the government's relocation of the investigative goal posts.
It appears from his testimony that he stood by passively until the phones were discovered, but phones are not contraband. In fact, no contraband was found by the CBP. After that, the border search ended. The line of inquiry into Djibo's telephones thereafter changed the stage because the purpose of the original search was to find currency and currency cannot be found on a phone.Citing the Supreme Court's Riley decision, the court finds that the original, warrantless 921-page "peek" was an illegal search, tainting every piece of evidence obtained subsequently.
In his affidavit in support of the application for a search warrant, he made no mention of having already looked at 921 pages of data from the phone. Therefore, not only was the initial search unreasonable… Agent Wilburt decided it was insufficient to support the narcotics investigation. He wanted "more." For these reasons, this Court finds that the forensic search of Djibo's phone was the fruit of the illegal initial search and was unreasonable.The DHS was so sure it could build it case that it skipped all the essentials of building a case. And now it has no evidence and a guy "caught" carrying a legal amount of cash through an airport, which isn't going to help it "win" the Drug War.
[...]
The government's claim that it did not rely on the initial "peek" -- despite the wording of the search warrant -- is simply unsupported by the often contradictory evidence.
[...]
In this case, the search was undertaken to find contraband or currency and neither were found. There was no need to then seek out Djibo's passcode. It had nothing to do with national security at the airport on that day… That Djibo was arrestable based on the information from the Cooperator is of no great moment. He could have been arrested, his phone seized pursuant to border authority, and a search warrant obtained before any searching occurred. Wilburt sought to sidestep these constitutional guarantees.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, adamou djibo, dhs, mobile phones, peek, surveillance, warrants
Reader Comments
The First Word
“There's your first mistake, and one of the main causes of police and government abuse of power. Many of them don't see their jobs as 'upholding the laws' at all, rather they believe that it's their jobs to 'catch/stop the bad guys'.
If you believe that your job is to uphold the law, then clearly any actions which break the law are to be avoided. If on the other hand you believe that it's your job to 'catch bad guys', then laws become guidelines that can be ignored, rather than hard and fast rules that must be followed.
Subscribe: RSS
View by: Time | Thread
Half is better than none I suppose
While it's certainly nice that the judge tossed the evidence, it would be even better if those that lied in their request for the search warrant faced some actual punishment. You'd think one judge would be particularly sensitive to the idea of government officials lying to another judge, but I guess all he can do without more evidence is crush their case for them and rub their noses in the fact that in their eagerness they screwed up to such an extent that they're left with nothing.
[ link to this | view in chronology ]
Shaking my head at the bias
(Also not signing in, because I know PaulT is watching. You can go report my account in some other thread; I won't be coming back to this one unless I'm signed in or with another IP address. Mike Masnick is hampering my efforts to give PaulT fifty downvotes, which again proves what a disaster this community is.)
[ link to this | view in chronology ]
Re: Shaking my head at the bias
Like the Bill of Rights written by that hippy Madison. You could think its sole purpose was to be interfering with law enforcement.
Which is not all that surprising because it is. And the judge is sworn to make sure the limits it sets to the means allowed to law enforcement are heeded.
Now indeed it's a bit sad that it's a cause for "glorification" when some judge actually tries doing the job he has sworn to do in return for his wages. But one needs a bit of an offset to the people singing the praises of those out to abolish the Constitution.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Shaking my head at the bias
Yeah, it's really unfortunate that you can't single-handedly try to be 50 different people.
You're such an asshole, and what's worse, you don't try to hide it.
[ link to this | view in chronology ]
Re: Shaking my head at the bias
I don't think this is the real Whatever. He would never admit the police did something wrong.
[ link to this | view in chronology ]
Re: Re: Shaking my head at the bias
The rest is the usual Whatever-style moral outrage and pandering towards authoritarianism.
[ link to this | view in chronology ]
Re: Shaking my head at the bias
Instead, we're demanding that those who violate the law at a minimum not benefit from it. Since the law is clearly established that a warrant is required under these circumstances, failure to get one means that the Agent of the people didn't have authority to seize and search the phone.
Taking another persons property without authority to do so is theft, or in this case probably armed robbery.
We're demanding that we, the people, be held accountable for the actions of our agent. The minimal level of accountability is that we lose our advantage (the information we obtained without authority), so suppression is a minimalist first step. Some of us are also demanding that we be accountable for damages caused by our agent, under simple agency principles.
It appears that some people think theft is ok as long as it's done by the agent of the people against a single person.
[ link to this | view in chronology ]
Re: Shaking my head at the bias
What?!? Tyranny! Censorship!!!1! You're a looney.
[ link to this | view in chronology ]
This agent needs to be taken off of anything serious or requiring him to provide evidence. The inability to be coherent (even when your lying) and keep the story straight should raise bright red flags to any lawyer who has represented anyone accused by this agent.
The government cuts corners and expects it to all be okay, but can't see why people trust them less and less. The ends should never justify cutting corners to get there, and undermining anyones rights undermines everyones rights. It is clear they feel they no longer need to follow the rules, and it is time to punish them much more harshly to remind them the rules always apply.
[ link to this | view in chronology ]
Re:
There's your first mistake, and one of the main causes of police and government abuse of power. Many of them don't see their jobs as 'upholding the laws' at all, rather they believe that it's their jobs to 'catch/stop the bad guys'.
If you believe that your job is to uphold the law, then clearly any actions which break the law are to be avoided. If on the other hand you believe that it's your job to 'catch bad guys', then laws become guidelines that can be ignored, rather than hard and fast rules that must be followed.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
They have the mindset of 'The end justifies the means', and since they're trying to stop/catch 'bad guys', then by default that makes them the 'good guys', no matter what they do.
[ link to this | view in chronology ]
Re: Re: Re:
In particular, the Bill of Rights pins down a number of things that are not absolute goods but rather concern the balance of interests between individual citizens and the government.
Privacy is not inherently good or bad. The Constitution puts down rules for balancing the people's interest in privacy with the government's interest in gathering information making some parts of its operation more efficient.
Not heeding those restrictions means that the government is not doing its job but taking shortcuts. That's not "bad" inherently, but lazy and careless. They are not upholding their part of the deal.
[ link to this | view in chronology ]
Re: Re:
If the guy you're breaking the law to catch is in fact a good guy, then the bad guys won no matter who goes to jail.
[ link to this | view in chronology ]
Two additional points to consider
1. Sounds like Apple needs to fiddle with their iPhones such that a device like that no longer works. Perhaps a system that increases the time between password attempts exponentially, so that if someone screws up their password a few times they might need to wait half an hour, but if someone(or something in this case) tries a few hundred combinations the wait is measured in years between attempts.
2. That such a device exists makes it pretty clear that the 'going dark' myth is even more absurd than it already is. If they've got something they can plug an iPhone into that will cough up the password, that means that so long as they can get access to the phone itself, encryption isn't a problem, which means what they're really complaining about is the increasing inability to gain access to the contents without the owner knowing about it. Call me crazy, but if someone's going to be searching someone's property, seems that the owner should know about it, so that they can file an objection if nothing else.
[ link to this | view in chronology ]
Re: Two additional points to consider
[ link to this | view in chronology ]
Re: Two additional points to consider
I *think* that the device that just runs through 4-digit PINs would not work in the case where an iPhone user has chosen a multi-digit alphanumeric pwd.
Initially I didn't change to using the long password. I do now.
[ link to this | view in chronology ]
Re: Re: Two additional points to consider
[ link to this | view in chronology ]
Re: Re: Re: Two additional points to consider
But now that I have to worry about LEOs cracking it too, I am willing to live with the few extra seconds it takes to unlock with a long pwd.
Many (most?) people won't do this, but at least int he future when some stormtrooper kicks in my door and steals my phone, at least (when they ask me to provide the pwd) i can - with some little confidence - say "Sorry, NO, I won't do that until my lawyer directs me to do so."
Not that I have anything to hide in there, but sometimes the littlest victories can mean something when you have the cuffs on and the stormtroopers are swaggering around in their infallible and invincible glory.
[ link to this | view in chronology ]
Re: Re: Re: Re: Two additional points to consider
"S'okay, we got a machine'll do it in minutes."
[ link to this | view in chronology ]
Re: Re: Re: Re: Two additional points to consider
At which point the cop decides that your contempt has risen to the level that he fears for his life.....
[ link to this | view in chronology ]
Re: Re: Re: Two additional points to consider
I assume the fruit flavored phones can do the same?
[ link to this | view in chronology ]
Re: Two additional points to consider
[ link to this | view in chronology ]
Re: Re: Two additional points to consider
[ link to this | view in chronology ]
Re: Two additional points to consider
[ link to this | view in chronology ]
Scooby-Doo
[ link to this | view in chronology ]
Re: Scooby-Doo
If you are not going to play according to the rules, get off the tournament.
[ link to this | view in chronology ]
I don't have a "wallet" on my phone and now I never will.
And I don't support the philosophy of having all accounts in one wallet.
Not to mention: unless they found physical contraband why would they need to search the phone to begin with?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Nice
[ link to this | view in chronology ]
Armed robbery!
A pregnant silence, staring off into the distance, watching the guy think, "What can I come up with now?"
If filling out all the right forms warning them and getting them stamped isn't enough, then what's really going on? They want his money and they'll finagle him into jail to get it?
[ link to this | view in chronology ]
Legal?
Is there some amount of money that is not legal to carry?
[ link to this | view in chronology ]
Re: Legal?
[ link to this | view in chronology ]
Re: Re: Legal?
The federal government has demonstrated that they have no interest in prosecuting people who destabilize the economy for personal gain.
[ link to this | view in chronology ]
Re: Legal?
[ link to this | view in chronology ]
iPhone Security
The crime is not failing to get a warrant. The crime is lying about the situation on the stand, or to the judge when you give a sworn statement to ask for a warrant.
I assume they still managed to steal (in the name of justice!) his properly declared over-$10,000 wad of cash?
[ link to this | view in chronology ]
Re: iPhone Security
As this act was carried out by a member of the law enforcement community, I think, and correct me if I am wrong, that it is, technically, by definition, not a crime. At least that's the only justification I can think of for charges not being immediately filed against this fine upstanding officer of the law.
[ link to this | view in chronology ]
One hopes, of course, that you aren't so unlucky that the authorities make a correct guess somewhere between try 1 through 7.
[ link to this | view in chronology ]
Terrorist threat, the excuse used to get away with more authority, more control
The more they gain, the more the leash tightens, the better an idea of just how fucked we, as the less more important human beings, are.
im starting to think governments and freedom are'nt on the same side.......seems to be their nature, and yet, thats not what were "taught"
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Read some history. Imperial Rome looked a lot like today looks. The same players play the same game now as they were then for the same reasons. When gov'ts mention freedom and things like inalienable rights, it's for PR purposes only. WW2 was great PR. The West vs. Communism was great PR. The Drug War is great PR. Al Quaida is great PR. There's always a mailed fist inside the velvet glove.
In theory, the alternatives are worse. As a die-hard "hope for the best and expect the worst" kind of guy, I can't agree.
[ link to this | view in chronology ]
[ link to this | view in chronology ]