Federal Case Shows Cops Still Have Plenty Of Options When Dealing With Device Encryption

from the you-don't-need-a-backdoor-if-the-front-door-has-been-left-open-inadvertently dept

If no one's going to give you an encryption backdoor, maybe you just need to inconspicuously prop open the front door. That's what one cop did in this case discussed by a federal court in Minnesota. (via FourthAmendment.com)

After being picked up by Task Force Officer (TFO) Adam Lepinski on suspicion of being involved in a shooting, Johnnie Haynes asked for some phone numbers off the phone Lepinski had taken from him. (A side note: TFO Lepinski was off-duty, moonlighting as security for a parking lot when he arrested Haynes. But he was still in his full uniform. This seems problematic.)

Lepinski gave the phone back to Haynes who unlocked it with his thumb print. Haynes told Officer Lepinski the numbers and the officer wrote them down for him. He then gave the phone back to the officer with an indication he wished to have his phone locked again. From the order [PDF]:

While reading numbers with the phone in his hand, Haynes said “This the last number right here, man. And then I’m going to turn my phone off.”

That's not what happened. Lepinski's testimony and his body camera footage show the officer instead made sure the phone would not return to a locked state while he sought a warrant.

After “a matter of minutes,” TFO Lepinski changed the settings on the cell phone, which was still unlocked. TFO Lepinski disabled the automatic-lock feature by changing the settings to a setting called “never lock” to prevent the screen from going to sleep or locking. TFO Lepinski believed this was the first instance where he had changed the settings on a cell phone. TFO Lepinski testified that he changed the settings because he did not have the passcode for the phone and believed that he would be able to get into the phone easier to get the data off the phone if it remained unlocked.

No one denies the suspect made it clear he wanted his phone returned to its locked state. The officer handling Haynes and his phone not only ensured it would not lock again by changing its internal settings, he also lied to Haynes about the phone's unlocked state.

At Haynes’s request, TFO Lepinski went back inside the precinct and retrieved another phone number from Haynes’s cell phone. After writing down the phone number on a piece of paper, TFO Lepinski placed the cell phone in a manila envelope, held the envelope flat to prevent the phone from locking, and returned to the squad car. TFO Lepinski handed the piece of paper to the officer in the squad car and notified Haynes of that action. At that time, Haynes asked TFO Lepinski “Did you lock my phone back up? Is it locked up?” TFO Lepinski, carrying the phone in the manila envelope, said the phone was “right here” and would be property inventoried. Haynes responded, “But did you lock it up” and TFO Lepinski responded, “Yes, it is,” to which Haynes continued, “or did you go in it?” TFO Lepinski replied, “I got the number out of it. You asked me to, right?” and Haynes responded, “Oh, OK. Yeah.” TFO Lepinski testified that the cell phone was actually unlocked when he told Haynes that it was locked.

Once a warrant was obtained, the phone was hooked up to a GrayKey device to extract data and communications. According to the officer that performed the search, the phone being on, rather than powered down (a state called "after first unlock" or "AFU"), made it a little easier to extract data from it.

Officer Gustafson later testified that “[t]he GrayKey cannot access 100 percent of Apple devices, but I would say if the device is left on at the time it is seized, whether it is locked or unlocked, and the user has been using the device, I would say roughly 90 percent or more of Apple devices can be accessed.” If the cell phone is left on, the chances increase of being able to access it with GrayKey.

[...]

Officer Gustafson estimated that he retrieved over 95 percent of the data that was on Haynes’s cell phone.

Haynes moved to suppress the evidence pulled from his phone, arguing that TFO Lepinski's original "search" -- the one where he changed settings to prevent the phone from locking -- was illegal. And if that search was illegal, so was the more in-depth search that followed.

The government argued -- citing the Supreme Court's Riley decision of all things -- that Lepinski's changing of the phone settings was nothing more than "securing the scene" of a suspected crime. The Riley decision is cited because of the judges' speculation about how law enforcement could handle edge cases involving device encryption or remote wiping. The judges said using a Faraday cage/bag or putting the phone in airplane mode could prevent remote wiping. And encryption might not pose a problem if the device was seized in an unlocked state, allowing officers to keep it in an unlocked state until evidence could be collected from it.

But there's a difference here. This wasn't "securing a scene." In fact, it diverges greatly from the hypothetical posed by the Supreme Court.

The Government argues that TFO Lepinski’s act in changing the settings was tantamount to securing a scene pending a search warrant. The Court has some concerns about this argument. TFO Lepinski did not “happen to seize a phone in an unlocked state” as contemplated in Riley. The cell phone was seized when TFO Lepinski walked Haynes to the First Precinct and searched him incident to arrest. The phone was locked when TFO Lepinski took it out of Haynes’ pocket during the search incident to arrest. It was not unlocked until TFO Lepinski retrieved it to obtain the phone numbers requested by Haynes and Haynes unlocked it with his thumbprint for that purpose.

[...]

Under these circumstances, it is not clear that the dicta in Riley suggesting that law enforcement can change settings on a phone to prevent encryption if they happen to seize a phone in an unlocked state or the case law authorizing securing a scene to maintain the status quo pending a warrant would apply to the facts of this case.

Unfortunately, even if this act was a search -- which the court doesn't expressly agree it is -- it had little bearing on what happened following it. The phone was searched with a GrayKey device that likely would have pulled as much information from it even if it had been locked. What mattered most, apparently, was that the phone had been on and unlocked previously ("after first unlock"). The court says the overall success rate of GrayKey searches makes this inevitable discovery from an independent source, rather than a violation of the Fourth Amendment.

Haynes’ argument assumes that the only options TFO Lepinski had were (1) turn the phone off to prevent remote wiping or (2) place the phone in airplane mode (which he contends is an illegal search). That is not accurate. TFO Lepinski had the option of doing nothing, and leaving the phone in a powered-on, locked state—the status quo of the phone when seized. Indeed, it appears unlikely that TFO Lepinski would have turned the cell phone off due to remote wiping concerns, because that would lock the phone. If the phone had been kept in its powered-on, locked state, it would have been in an AFU state, and GrayKey would have extracted the same data that was extracted from the phone in its unlocked state. For these reasons, the Court finds that the results of the search of Haynes’ cell phone after TFO Lepinski obtained a warrant constitute an independent source of the evidence, and recommends denial of the Motion and Supplemental Motion on that basis.

This order shows there's more than one way to approach the challenges raised by device encryption. Rather than just complain about it to legislators, law enforcement officers can keep devices unlocked or adjust their settings to keep them unlocked without worrying too much about the Fourth Amendment. But that's only if they constrain themselves from looking at other stuff while changing settings. And that's only in this case in this court where cops used a data extraction device that would have given them pretty much everything they got even if the officer hadn't changed the sleep settings.

However, the Fourth Amendment could swiftly come back into play if law enforcement uses one of Grayshift's other offerings: spyware that allows officers to keylog passcodes and PINs if they're given an opportunity to install the software. This case shows just how easily such a thing could be done. Installing malware would be far more intrusive than simply changing sleep/security settings. Then again, at least one court has held that simply glancing at the lockscreen of a phone constitutes a search, so there's a chance this suppression order might be overturned if it's appealed.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: encryption, going dark, law enforcement, settings


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 7 Jul 2020 @ 4:42am

    I feel like this is, at the very least, sorta clever police work

    link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 7 Jul 2020 @ 5:34am

    Many things are encrypted, and left to the observer to decipher. It struck me recently that the rise of BLM, with huge financial support from Apple, Wells Fargo and many other prominent US companies who do more business in China than the US, this support to the tune of hundreds of millions of dollars, is a huge opportunity. If you take the BLM message and then combine it with billions of dollars of support, does it ring more true or less? You be the judge. Are they really talking about Black Lives, or CCP Lives?

    This is an opportunity for all of us to take sides in a very big battle.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Jul 2020 @ 6:01am

      Re:

      You have been infected by the Orange one, isolate yourself from the online world immediately .

      link to this | view in chronology ]

      • This comment has been flagged by the community. Click here to show it
        identicon
        Anonymous Coward, 7 Jul 2020 @ 6:11am

        Re: Re:

        Another interesting thing that recently crossed my find. It was the visionary work of Zuckerberg and others that made worldwide free expression with unlimited public attention possible. Wow, great. And now people like Parler are following his lead and doing the same thing with a similar technology but a little different management. Wow great again. It's all great. The same technology that promoted and replicated the virus of Leftism will also deliver the antidote. Free expression, more and more. Republicans are white blood cells, soon to deliver a message in the same overwhelming numbers, and with fatal results. Live affirming. Technology and it's application at it's finest. Signed, Dr. House

        link to this | view in chronology ]

        • icon
          PaulT (profile), 7 Jul 2020 @ 7:36am

          Re: Re: Re:

          That prescription is still there for a reason, you might want to fill it at some point.

          link to this | view in chronology ]

          • This comment has been flagged by the community. Click here to show it
            identicon
            Anonymous Coward, 7 Jul 2020 @ 7:46am

            Re: Re: Re: Re:

            You're talking (metaphorically) to Dr. House, right? You mean the Vikadin for my leg pain, right? Or am I misunderstanding the subtlety of your point? A fake prescription that my friend has to go to jail for? The other doctor, I mean, the cancer guy, who got in trouble with the cop because I stole his blank pads. Is that what you mean? WHAT PRESCRIPTION? I NEED TO KNOW!

            link to this | view in chronology ]

        • icon
          Stephen T. Stone (profile), 7 Jul 2020 @ 9:49am

          Republicans are white

          Well, you’re not wrong about that.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 7 Jul 2020 @ 2:53pm

            Re:

            Nothing like making broad general statements and predictions based upon a person's race.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 7 Jul 2020 @ 7:46pm

              Re: Re:

              What was the prediction?

              link to this | view in chronology ]

            • icon
              Scary Devil Monastery (profile), 8 Jul 2020 @ 2:54am

              Re: Re:

              "Nothing like making broad general statements and predictions based upon a person's race."

              Well, there is some truth in that statistically republicans tend to overwhelmingly be caucasian white. More so in recent years as non-white republicans have kept abandoning a party where racism has become a core value.

              link to this | view in chronology ]

    • icon
      Tim Cushing (profile), 7 Jul 2020 @ 7:55pm

      Re:

      ah, it's my favorite commenter, galaxy brain

      link to this | view in chronology ]

    • icon
      Tim Cushing (profile), 7 Jul 2020 @ 7:55pm

      Re:

      ah, it's my favorite commenter, galaxy brain

      link to this | view in chronology ]

    • icon
      Scary Devil Monastery (profile), 8 Jul 2020 @ 2:51am

      Re:

      "Are they really talking about Black Lives, or CCP Lives?"

      Ah, the old desperate attempt to mask naked racism by implying that black civil rights protestors are chinese agent provocateurs. Haven't seen that one since McCarthy tried to link civil rights movements to soviet communism.

      Nice try, Baghdad Bob, but we've seen that one before and I'm afraid it doesn't fly as well here as it does on Stormfront and the other neo-nazi echo chambers where any conspiracy theory is good as it long as it implies "Black Man Bad".

      link to this | view in chronology ]

  • icon
    Upstream (profile), 7 Jul 2020 @ 7:21am

    Another problem not addressed

    Sergeant Adam Lepinski of the Minneapolis Police Department (“MPD”), who is assigned as a Task Force Officer (“TFO”) to the Bureau of Alcohol, Tobacco, Firearms and Explosives (“ATF”)

    So who is Lepinsky actually working for? What rules is he supposed to abide by? Minneapolis PD rules? Minnesota state laws? Federal laws?

    The answer will depend on the particular question being asked, and who is doing the asking. The answer will then be whichever set of rules or laws happens to be most favorable to Lepinsky and the Task Force.

    Heads they win, tails we lose.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Jul 2020 @ 1:58pm

      Re: Another problem not addressed

      He should have been abiding by "parking lot guard" rules.

      link to this | view in chronology ]

      • icon
        Scary Devil Monastery (profile), 8 Jul 2020 @ 2:56am

        Re: Re: Another problem not addressed

        "He should have been abiding by "parking lot guard" rules."

        Parking lots actually have some standards when employing people to watch their property and that of other people. I'm not sure Lepinsky can meet the asked-for criteria.

        link to this | view in chronology ]

  • identicon
    Not THAT AC, 7 Jul 2020 @ 7:24am

    Confused

    "At Haynes’s request, TFO Lepinski went back inside the precinct and retrieved another phone number from Haynes’s cell phone."

    How did Haynes expect Lepinski to get anything from the phone without him being present to supply the thumbprint? It was supposed to be locked.

    link to this | view in chronology ]

    • This comment has been flagged by the community. Click here to show it
      identicon
      Anonymous Coward, 7 Jul 2020 @ 7:47am

      Re: Confused

      Was it Lapinski or Lewinski? Have you met her, the semen on the dress girl? She used to go to my gym. I thought she was an idiot, but not so! She's a fucking millionaire now. Anyway, did you mean her? Do you think she's hot?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Jul 2020 @ 8:52am

    yes, they do. the trouble is, it involves using a bit of brain, a bit of ingenuity and thought processors, things that the PD seem to not want to do!

    link to this | view in chronology ]

  • icon
    Norahc (profile), 7 Jul 2020 @ 8:55am

    5 Lessons learned from this:

    1) Never trust or believe cops
    2) Pen and paper work great for phone numbers you may need
    3) Never trust or believe cops
    4) Never unlock your phone in the presence of cops.
    5) NEVER TRUST OR BELIEVE COPS

    link to this | view in chronology ]

    • icon
      Upstream (profile), 7 Jul 2020 @ 10:32am

      Re:

      P.S. IANAL but . . . never say anything to a cop (or anyone else in the greater law enforcement community) or otherwise give any information to them beyond basics like name, possibly address, and, if you are driving, driver's license, vehicle registration, and proof of vehicle insurance, without your lawyer (either one you have hired or one that has been appointed to you) present. If you think you may be arrested, like at a protest or similar, use a permanent marker to write the phone number(s) of a lawyer or some friends on your arm or leg or elsewhere. They can take pieces of paper away from you.

      Oh, and NEVER TRUST OR BELIEVE COPS

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Jul 2020 @ 12:28pm

      Re:

      Forgot the most important one.

      Never hand to the cops your UNLOCKED phone.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Jul 2020 @ 2:05pm

    At least they appear to have a valid reason for a valid warrant to search the phone. The "securing" beforehand is a bit questionable, but inevitable discovery, whatever. Not necessarily inevitable if it not being unlocked gets less information extracted, or the phone could be wiped minus a Faraday bag. The court's ruling and the government's arguments are pretty damn self-contradictory on this point.

    link to this | view in chronology ]

  • icon
    That One Guy (profile), 7 Jul 2020 @ 3:54pm

    Seriously, it's not like it's a complex lesson to learn

    It boggles the mind that even now there are people who haven't learned that the cops are not your friends and are not to be trusted. If they want to get something from your phone make them work for it by getting a warrant and getting in themselves, and if they want to 'just ask a few question' tell them you don't speak 'cop' and will need a lawyer to translate for you.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.