New Report Shows Cellphone Encryption Isn't Really Stopping Cops From Searching Phones

from the complaining-that-99%-access-isn't-100%-access dept

We're still hearing quite a bit about law enforcement's supposedly endless string of losses to criminals and their device encryption. Citing facts not in evidence, consecutive FBI directors -- along with outgoing Attorney General Bill Barr -- have claimed the implementation of encryption has pretty much made it impossible to successfully prosecute criminals.

We know this isn't true for several reasons. But let's begin with the FBI, which has relied on overstated numbers to press the "going dark" theory for a few dozen months at this point. After admitting it couldn't do math -- even when aided by a spreadsheet -- the FBI has refused to update its overblown number of locked devices in its possession. The FBI has not corrected its math for 931 days at this point.

Criminal prosecutions haven't slowed down either. When almost every prosecution ends in a plea deal, it's pretty rich for prosecutors and law enforcement to complain they're being beaten by criminals. And a bunch of federal agencies pad their own numbers, engaging in borderline entrapment to ensure a steady stream of prosecutorial wins.

A new report shows just how little of an effect device encryption has had on law enforcement efforts. Some of the report's highlights are touched on by Lawfare's Susan Landau. We've heard the complaints encryption is keeping law enforcement out of seized cellphones. The reality is much more worrying. Not only is encryption not much of a barrier, but law enforcement tech allows investigators to access pretty much everything before trimming it down to what's been asked for in warrant affidavits.

These forensic tools are quite sophisticated. FBI Director Christopher Wray once complained that “warrant-proof encryption,” like that used on iPhones, prevents law enforcement access to crucial evidence. But Upturn found that the forensic tools copy all the data found on a cellphone. The tools then sort the data so that law enforcement can easily search through it. And MDFTs include some features that make law enforcement’s job even easier. For example, Cellebrite, perhaps the most sophisticated MDFT, can compare a facial image, such as from a police database, to any of the faces in photos stored on the phone. Others MDFTs classify text conversations by topic, such as drugs, money or family.

The MDFTs work on a variety of sophisticated phones. Cellebrite says it can extract data from “all iPhone devices from iPhone 4S to the latest iPhone 11 / 11 Pro / Max running the latest iOS versions up to the latest 13.4.1.” The company claims to be able to handle even locked iPhones and Android devices.

"Going dark" is nothing more than rhetoric. The reality is encryption isn't much of a roadblock. The report by DC think tank Upturn shows there's little standing in the way of law enforcement forensic extractions, no matter how much federal officials claim otherwise. The business of cracking/scraping phones is largely automated -- plug-and-play invasive searches that pretty much ignore efforts owners might make to secure their devices against government intrusion.

Mobile device forensic tools (MDFTs) are so powerful, Upturn recommends the ban on consensual searches of cellphones, given what investigators can access when they're deployed. This makes some sense, given the specious reasons given for some cellphone searches. But that's going to be a really difficult thing to sell to legislators when one of the most recognized exceptions to the Fourth Amendment is the voluntary waiver. (Counterpoint: the definition of "voluntary" could use more examination by courts, which have decided the third-party doctrine applies even when voluntary consent isn't obvious, but still side with law enforcement agencies who have coerced confessions and "consent.")

People may think these powerful tools will only be aimed at the worst criminals -- drug kingpins, child molesters, financial services firms, etc. But they're not. They're used for everything because they're cheap, easy, and convenient.

Law enforcement use these tools to investigate not only cases involving major harm, but also for graffiti, shoplifting, marijuana possession, prostitution, vandalism, car crashes, parole violations, petty theft, public intoxication, and the full gamut of drug-related offenses.

Anti-encryption enthusiasts like FBI directors Chris Wray and James Comey have somewhat acknowledged some powerful tools render device encryption moot. But even while (sort of) admitting their "going dark" claims were overblown, proponents of encryption backdoors claim success rates are too low, tools are too expensive, and solutions provided by government contractors won't scale. Upturn's report says otherwise.

Our records show that at least 2,000 agencies have purchased a range of products and services offered by mobile device forensic tool vendors. Law enforcement agencies in all 50 states and the District of Columbia have these tools. Each of the largest 50 police departments have purchased or have easy access to mobile device forensic tools. Dozens of district attorneys’ and sheriff’s offices have also purchased them. Many have done so through a variety of federal grant programs. Even if a department hasn’t purchased the technology itself, most, if not all, have easy access thanks to partnerships, kiosk programs, and sharing agreements with larger law enforcement agencies, including the FBI.

So, there's plenty of access. Funding isn't a problem. Vendors have solutions that scale because there's plenty of access and plenty of funding. But the complaints continue. And the complaints continue despite how much is being extracted with each deployment.

MDFTs pull every photo on the device, extracting metadata that shows when and where photos were taken. It pulls data from every app that generates it, including location data, which allows law enforcement to track movement without a warrant. The extraction tools can also pull deleted data, allowing investigators to perform digital trash pulls for additional evidence.

Then there's the third parties themselves. While the FBI and others complain about a lack of access, any data/communications stored by cloud services can be recovered without having to deal with device encryption.

The wealth of data available to law enforcement allows them to engage in fishing expeditions for evidence of other crimes. The only thing stopping them is the courts, so it's worth their while to dig through everything, considering the worst case scenario is a dismissed case, rather than fines, fees, sanctions, or anything else that might hurt them more directly.

A city or state might ban facial recognition searches, but cops can still do this without violating the specifics of the ban, thanks to built-in tools.

Cellebrite offers a “search by face” function, whereby law enforcement can compare an image of a face to all other images of faces found on the phone.

They can also look for anything else conceivably incriminating (or titillating) without having to screw with their tools' default settings.

Cellebrite also allows law enforcement to define new image categories by feeding its software a small set of example images to search for (for example, searching for hotel rooms by giving the software a set of five images of hotel rooms that were taken from Google images). As another example, Magnet Forensics’ AXIOM can employ text classification models in attempts to detect “sexual conversations,” or to filter conversations by topics ranging from family, drugs, money, and police.

Even if encryption is the default option, a variety of software and hardware exploits renders this useless in most cases. Patches from developers and manufacturers make this somewhat of an arms race, but this race remains a tie, at worst. Law enforcement isn't losing. And if it's losing access, it's only temporary.

There's another "war" at play here -- one that's rarely referenced by law enforcement officials. Every vendor wants more customers, so they're always improving their tech. The healthy competition makes tools more powerful while dropping their price, ensuring equal access for law enforcement agencies across the nation. The public records obtained by Upturn show there's not a single state in the Union that doesn't have access to forensic tools capable of cracking or bypassing encryption. Funding isn't an issue, given the federal government's interest in making encryption a non-issue.

That means there's thousands of extractions a year -- something that undercuts the FBI's "warrant-proof encryption" narrative at least as much as its inability to count physical items accurately.

The records of use we’ve assembled from 44 law enforcement agencies represent at least 50,000 extractions of cellphones between 2015 and 2019.

There is no going dark. If legislators want to believe there is, they're going to have to do so by ignoring all the evidence to the contrary. What law enforcement wants is convenience -- the ability to crack open phones without having to hook them up to a machine or beat the submission out of an arrestee. The options are there and agencies are obviously using them. Every argument that says encryption is locking law enforcement out is not just disingenuous -- it's dishonest.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: access, doj, encryption, fbi, going dark, law enforcement, prosecutors


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Upstream (profile), 10 Dec 2020 @ 11:56am

    What am I missing?

    Cellebrite, perhaps the most sophisticated MDFT, can compare a facial image, such as from a police database, to any of the faces in photos stored on the phone. Others MDFTs classify text conversations by topic, such as drugs, money or family.

    I thought that encryption algorithms like 3DES, AES, and RSA were largely unbreakable unless enormous computing resources were employed, and even then it would take a prohibitive length of time. But it sounds like these MDFTs are effectively bypassing them at will. Is this a fault of the phone encryption implementations? Are the phones not really encrypting the data at all and just encrypting the file system's metadata that is used to access the actual data?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Dec 2020 @ 12:24pm

      Re: What am I missing?

      They have found ways of retrieving the keys which are held on the phone in the secure enclave. That is a problem with long keys, users need to store them somewhere, and make them available to the encryption software, and Apple automate this process, hiding it from the users.

      link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 10 Dec 2020 @ 12:11pm

    They want us to think the "bad guys" are hard to catch so they need to spy on everyone to keep us safe.

    The problem is their desire for more more more makes them lazy.

    When someone spends months on FB talking about shooting up a Synagogue & they never notice... but will spend hours screaming how unless this phone is unlocked people will die its hard to take them seriously.

    The popular thinking is they need more more more, when they can't even see obvious things now. Perhaps its time to ask them about all of the plots & bad things that were planned in the open that they missed because they were more focused on what they imagine might be on a locked phone.

    link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 10 Dec 2020 @ 12:19pm

    The US convicts people for who they are.

    When they stop putting blacks away for possession (and killing them in their houses based on bad informers) and are willing to actually focus on white collar criminals with extra layers of encryption, this may become a conversation we can have.

    May become.

    Until then, no, they're willfully using bad forensic science for the false positives to fill private prisons with warm bodies. Officials who argue for more privacy-invading police powers are literal antagonists to the public. Enemies of the people, as some politicians like to say.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Dec 2020 @ 5:27pm

      Re: Undefined item

      Mobile device forensic tools (MDFTs) are so powerful, Upturn recommends the ban on consensual searches of cellphones, (...)

      link to this | view in chronology ]

  • icon
    ECA (profile), 10 Dec 2020 @ 1:50pm

    Strange isnt it?

    That the same things available in the past, before cellphones is/are still available Now, but with abit more data. Call the Cellphone corps or call the Cellphone services, and you can get every name a person has ever used in the recent period of time, Let alone the Probable location of all concerned.

    So, what do you get from the cellphone that you cant get from calling a few corps, with a warrant? family pictures?
    Would a Smart thief just pay $30 for a throw away if they were doing something stupid? Cheapest phone you can get and not worry about tracking even.
    Dip it in Alcohol or Ammonia and ditch the phone.

    ANd as Uriel has suggested, How much could we get back by going after the MAJOR white collar crimes?
    From general robbery $20- couple 1000, compare that to millions at a time.
    How many in Enron went to jail? and got out on good behavior in 3 years or LESS? For over pricing Electricity to California. WHERE is the pay back? Never EVER seen a payback Equal to the Costs of Corp idiocy.

    link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 10 Dec 2020 @ 2:55pm

      The Enron Graft

      Enron execs went to jail for costing profits to the shareholders. Conspicuously grafting Californians to the tune of billions by shutting down California power plants and selling us Texas power at inflated prices was never prosecuted.

      link to this | view in chronology ]

      • identicon
        Annonymouse, 11 Dec 2020 @ 4:46am

        Re: The Enron Graft

        It has always been so.
        Prosecution of ripping off the rich but praised for ripping off and abusing everyone else.
        Gates is still free and praised as a genius just like Edison or the robber barons in their day.

        link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.