New Report on Police Decryption Capabilities

from Schneier on Security

There is a new report on police decryption capabilities: specifically, mobile device forensic tools (MDFTs). Short summary: it’s not just the FBI that can do it.

This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant. To our knowledge, this is the first time that such records have been widely disclosed.

More here.

Posted in Law, Privacy, Technology and tagged , , .

14 Comments

  1. Having talked a lot about privacy in a recent class this article on police decryption capabilities caught my attention. While in class we discussed how companies such as google track what we do online and store our data as well as the fact that we have very little privacy while online. However, it can be much more chilling knowing that your privacy can be invaded by law enforcement as well as online companies. When companies like google store your data, to my knowledge they mostly use your information for targeted advertisements and sales of your information to companies that are similar to the sites that you frequently view. However, this article shows that not only the FBI has the ability to decrypt your devices but local authorities as well. Widespread adoption of mobile device forensic tools has made its way into local law enforcement and can be utilized in all 50 states of the US. This allows law enforcement to uncover things from your phone such as photos, conversations, location, and app data by decrypting your device. This is a lot of information that they can uncover about you and the worst part is they can do it without your knowledge as they have done it without having proper warrants before. This gives law enforcement the ability to police a broader scope of “crime”, but it does it at the expense of the privacy of citizens. Everyone expects to be able to have their privacy and this is a clear invasion. The only way that law enforcement should be able to decrypt and search your devices is when a phone is being processed as evidence in a high priority legal matter. Using “consent searches” and the “plain view” exception allow authorities to uncover much more than information on someone than they need to and is an invasion of people’s online privacy. They can then bring charges up against people based on what they find, and that information should never have been available to them. This seems to me like an abuse of power and an invasion of privacy and must be monitored. Every search should require a warrant and all findings should be documented. This is a huge amount of power handed to law enforcement and because of that it must be properly monitored to help protect the privacy of citizens.

  2. A read through of this news report shows the over-reaching power of law enforcement. While law enforcement undoubtedly has a tough job, American citizens have certain rights to privacy that are granted through the US Constitution. The Fourth Amendment gives citizens the right to privacy, “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” It seems that these MDTF’s bypass these rights, just because it is mobile phones in question. So is it really okay for law enforcement to use these? A search of someone’s home is allowed after a warrant is issued by a court. Maybe they should be able to use this system, when the necessary protocol is followed by obtaining a warrant.

    Using these types of forensic tools to help law enforcement solve crimes or acquire evidence can without a doubt be helpful to get criminals off of the street. However, there is and should be a process. Especially, in this day and age of profiling by law enforcement. Not all law enforcement employees are guilty of this, but it has been prove time and time again that there are some bad apples among them. Tools such as these should not be allowed to invade the privacy of American citizens at the whim of law enforcement personnel, without a specialized process. It’s just another step in the direction of the American citizens losing their rights.

  3. It is concerning that local and federal law enforcement agencies have the ability to conduct such invasive measures without a warrant. It would seem that such an action would be a violation of the Fourth Amendment and we would be protected against unreasonable search and seizure. Surely the phone is as valid as any other piece of property in terms of what is protected. It is equally startling how widespread this technology has become in such a limited amount of time, with forty nine of the fifty largest U.S police departments acquiring this technology as well as some more local departments. The article also mentioned that every single one of the US states has purchased these tools, including over 2000 agencies. Such widespread distribution means that no place in the United States is safe from having their personal phones searched. It is even specified in the article that these cellphone extractions often took place without a warrant. With a supposed hundreds of thousands of extractions performed since 2015, this surely amounts to a massive breach of the rights of many Americans. Despite this, the benefits of law enforcement having this ability are certainly significant, as terrorist organizations and plots would become much easier to uncover. Additionally, the police would be able to identify potential security risks with increased accuracy and in higher absolute numbers. These pros would greatly improve the safety of the American people and there is certainly a discussion to be had here about striking a balance between the ability of law enforcement agencies to do their jobs, and the privacy of the people, however these stories do not seem to be in the headlines as much as they should be. This is especially true during an election year, like the one we are experiencing right now. It is hard to think at least some element of this apparent suppression of information is by design, however I am sure it is at least partially due to the fact that there are more sensational headlines to be written. Regardless, topics like this should be more frequently discussed by mainstream media organizations in addition to small publications like this one.

  4. Lately privacy has been a large issue for many people. Not only does it pertain to people using the internet, now people who have cell phones need to watch out for their privacy. The fact that law enforcement wants to have the ability to look through cell phones is understandable. As I was reading through the article, I was finding it interesting how there is technology that is able to decrypt cell phones. I found it even more surprising when the article explained that some law enforcement were doing these decryptions without any warrants. There seems to be some type of contradiction while these encryption acts are going on without warrants. The officers are working to uphold the constitutional rights of citizens. At the same time, It is arguable that what the law enforcement officers are doing with people’s phones without warrants could be violating some kind of constitutional right. This could make it extremely easy for people’s privacy to be violated.

    Even though it seems that there could be some privacy issues with these devices, I also think that if it is organized correctly, these devices could be used in a way to help law enforcement without infringing on people’s rights. One of the most important aspects with these devices could be in regard to consent. That is where warrants can come into play. If there is a problem with people rights regarding these devices, serving warrants in order to enable law enforcement to use this technology could potentially solve the issue. Regardless of warrants, I believe that people’s privacy should be a priority when it has to do with searching through people’s information. Not only is privacy an issue, the price of this technology is very expensive. Even though there seems to be a lot of negatives with this technology, there most likely could be many more positives if they are used correctly.

  5. It seems as though privacy for U.S. citizens is impossible. There is no such thing as true privacy and now with technology advancing rapidly and technological devices being created such as the MDFT’s it makes it even harder to stay to yourself with zero tabs. Having devices just handed out to 49 out 50 police departments isn’t efficient and can be scary for many. Especially in a day in age like today where many individuals can’t trust law enforcement to utilize their power properly, giving new tracking devices to law enforcement is not a smart idea. It has also been proven countless times where devices given to law enforcement haven’t been utilized correctly for example, guns. This can be really scary for citizens especially those that are targeted more than others.

    However, if the MDFT’s were only utilized for important situations such as murder and kidnapping then I can see the purpose of this device. Using the devices as they are being introduced is unconstitutional and pointless. According to the fourth amendment U.S. citizens have the right to privacy but, devices like this doesn’t exemplify that. Also, what type of training is happening behind the scenes prior to obtaining these devices? If there is none or minimal we can expect the same negligence.

  6. Having privacy is pretty much nonexistent today since so much activity occurs online. Technology offering all these cool features such as the amazon echo with built in AI Alexa, have had numerous issues regarding consumer privacy. The issue was that consumers who have bought the echo have had incidents where their conversations have been recorded and sent to someone else which can lead to private information becoming leaked to an unknown user. The fact that law enforcement are allowed to access our information without any type of warrant is scary because anyone can be looked at by the law enforcement without them having a clue on what is going on. Privacy is now more important than ever since the pandemic has made people go remote with their work so all of their confidential information needs to be stored somewhere safe. Sadly, the best way to prevent any type of privacy issue is to not use any devices which almost seems impossible today in our society because smartphones and other devices have become an essential part of their everyday life. Citizens rights are essentially thrown out the window since the law enforcement are allowed to just extract data from our devices without having a warrant to do so. Even though finding important data through people’s phone might be helpful to law enforcement if there is an ongoing crime they are trying to solve, using it on everyone that isn’t a suspect sounds a bit excessive and is an overuse of their power.

  7. The right to privacy is a very grey area within our society these days. Smartphones allow for personal information to be accessed through apps and different companies. How else would google show you advertisements for the king size comforter you were looking at yesterday online? This simple example just shows how easy it is for these companies to observe what you are doing. Because of the pandemic, privacy has become even more important than before. People are forced to order items online if they cannot go outside. Many people work and attend school remotely as well. Personal information needs to be stored somewhere within a device that is safe for the user. I am a very personal person. I do not even like it when my friends ask to use my phone for something. I do not have anything to hide, but I prefer my private affairs to be just that: MY private affairs.
    The fact that law enforcement is able to obtain cellular devices and go through them, without a warrant is unsettling. This is a huge problem when it comes to a person’s privacy and right to privacy. I can understand if law enforcement obtains a warrant to search a device, and then they do. Law enforcement should not be able to just take a phone and search it without the owner’s consent. I also do understand how law enforcement would ask for a “back door” to get into people’s devices, but this could also allow hackers to access a device even easier. If law enforcement wants a “backdoor” to devices, there have to be very strict policies put in place to allow for this to happen. There will be problems if they decide this is necessary, but I personally, do not believe it is a necessary option.

  8. Privacy in today’s age isn’t a current thing. Technology is used for pretty much everything. Especially during the pandemic everyone does things online. Schoolwork, work, applications, are all done virtually and there is no privacy with that. Especially on social media. Amazon has a built-in Alexa which has been publicly leaking private information to so-called law enforcement. Being in a pandemic and doing everything online privacy is very important to many people but how do you know that your information is being meat and the devices you are using aren’t giving out information? Amazon has Alexa. The iPhone has Siri. Many smart TVs have their belts in assistance. All this information that you think is confidential is being stored somewhere “safely “. People really don’t make it a big deal that law-enforcement has taken over our privacy through technology. You have the right to privacy yet all of your technology that is being used as a database where everything is extracted from euro devices and stored into a type of warranty where if law-enforcement felt like your activity was suspicious you could go to jail. Which violates your privacy because if that didn’t look that you wouldn’t be going to jail. And it all goes into play as a question should lawn Forssman be able to access your information or is that a violation of privacy.

  9. After previously reading many articles on the privacy of the people in this country, this does not surprise me at all. Citizens should have certain rights to privacy, based on the Fourth Amendment, but it is clear that the way the police are handling this issue, that privacy is being ignored. MDFTs are forensic tools for mobile devices that, “Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant.” The first part that surprised me was how many agencies owned these devices. I was surprised how inexpensive this equipment is because there are so many agencies that have these tools. Since they are so accessible, of course there will be more cases of this happening. This is also proven in this article when it states, “At least 49 of the 50 largest U.S. police departments have the tools, according to the records, as do the police and sheriffs in small towns and counties across the country…” My question is, how has this never been caught until now? And how is this not a huge legal issue? Many data providers do not give the government access to people’s phones and their data, so how can the government get away with this? This is just another example of how privacy in our country is slowly being taken from the people, and these new technologies are the main reason for that. Now, I do agree that having this tool will help drastically decrease the amount of crimes, there still needs to be boundaries. There should still be a process that must be followed, and the police should not be able to access these files without consent from the owner of the data plan. I believe that problems with privacy will continue to occur because of the growth of technology, and it is going to be increasingly more difficult to stop these breaches.

  10. In this generation, privacy is a rare occurrence. Since technology is used basically everywhere, confidential data can leak at any time and can be easily given to other companies. This is how Facebook and Instagram produce advertisements. The algorithm’s within these websites and applications allow them to monitor what you look at, click, browse, etc. Their advertisements are based on the websites that you look at and products that may have been browsed before. Ever since COVID became a big issue and people are staying at home more often, privacy is at an all-time low. From having to work from your computer, to ordering things off of the internet because retail shops may be closed, someone’s privacy is easily breached through the internet. I think that law enforcement being able to search someone’s cellphone or other devices without a warrant is intrusive. I believe that a warrant is needed even if all law enforcement is going through is a cellphone. In all honesty, I thought that they had already needed a warrant to search through someone’s device. Not needing a warrant is an invasion of privacy and in my opinion an abuse of power. Someone’s most private information can be stored on their cellular device and to be able to search if freely without any jurisdiction seems like an abuse of power to me.

  11. Privacy is something that we all became used to losing, which is a sad statement. We are no longer confident that our personal information is personal in this day in age. An adding factor to this situation is Police Decryption. While most of the time, knowing our private information is now public is upsetting, but in terms of Police Decryption, this is a good thing. With new and improved decryption, police are better able to get the proper information/evidence needed to help them with their job. This new decryption ranges from FBI Agents to small town Sheriff Departments. The other benefits of this new decryption consist of catching and convicting criminals. By being able to gather more information than normal, police are able to gather more evidence when covering a case and this helps in convicting those proven to be guilty. This helps a lot during the COVID-19 Pandemic as well because decryption is contactless which paves a way for a new type of police investigation. The world is changing, and so are we. With new forms of police decryption, they can properly put the bad guys away.

  12. The newfound police decryption capabilities are frightening. Police and government agencies, such as the FBI, have the ability to extract data from peoples’ cellphones. The fact that law enforcement does this without warrants makes the situation even more horrendous. The logic behind this form of behavior is dangerous, as the logic that is employed is that people should not have to worry about getting prosecuted as long as they are not doing anything wrong. This form of behavior is also a direct infringement on the rights laid out in the fourth amendment, which states that people have a right to privacy and “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” This type of decryption capabilities and the way they are used seems to correlate with government behavior exemplified in dystopian literature, such as George Orwell’s “1984.”

    This technology has some positive aspects, such as the fact that employing this technology will consequentially make it easier for law enforcement to pinpoint terrorist organizations or uncover security risks. Unfortunately, I believe that the flaws outweigh the benefits, as there are many issues that need to be resolved in order to employ the use of this technology without infringing on the privacy rights of citizens.

  13. Mobile Device Forensic Tool Capabilities (MDFT) are not just for the FBI anymore, but fir State and local law enforcement agencies as well. This tool allows enforcement agencies to have access to locked, encrypted phones and extract their personal data dispelling the rumors that an iPhone is impenetrable. According to public records, over 2000 law enforcement agencies have already purchased these devices and regularly break into encrypted smart phones. This includes law enforcement agencies in all 50 States and the District of Columbia. Most people would be surprised to know that since 2015, state and local law enforcement agencies extracted the data on hundreds of thousands of iPhone devices without ever appearing before a judge or stepping foot inside a court room to request a search warrant. In addition, it has become more prevalent in recent years for police and sheriffs in small towns and counties to purchase these mobile tool capabilities. The widespread use of MDFT has positioned local law agencies to expedite the process of information whereas before the device had to be sent to a state or federal crime labs to be examined. The MDFT’s are manufactured in a company in Atlanta, Georgia called Grayshift. This company was co-founded by a former Apple engineer and Cellebrite, an Israeli unit of Japan’s son corporation. The price of these Mobile Device Forensic Tools are considered a reasonable expenditure for the value each agency acquires and the practicality and convenience the technology affords. Most state and local departments find it reasonable to spend an upfront fixed cost of between 9000 to 18000 dollars with an additional 3500 to 15000 annually on licensing fees. One has to wonder why these agencies aren’t held accountable for the invasion of privacy and constitutionality violations. The widespread access to these tools has led law enforcement agencies to gain entry to private data and prosecute citizens for minor crimes. The Forth Amendment of the United States Constitution is part of the Bill of Rights and “prohibits unreasonable searches and seizures.” There used to be law challenges for forensic examination, but these tools have made it far easier for law enforcement agencies to violate United States citizens Constitutional rights.

  14. Internet based services and tools, new apps, and many capabilities by technology have enacted many people to create illegal businesses or to do some illegal activities. Those services have been increasing in the past years, since criminals have found another way to be anonymous and to be more efficient on doing illegal activities. The dark-web, which had been in discussion in the United States about eight years ago, has increased drugs and weapons selling with a complete anonymity. I have been conducting many researches when I represented my country (Italy) in the United Nations committee about 5 years ago, and I have found that most of the illegal businesses have moved in the dark-web, and it enacts billions of dollars to be exchanged without knowing who is purchasing or who is selling. Many countries have started to fight those activities, but most of them have encountered in many issues since decryption requires many expensive tools, and the transactions are a lot. United States, as we can see from this report, has increased its resources to fight any local illegal encrypted activity, in fact, 49 of 50 big police department has the tools to decrypt. More than 2,000 agencies have purchased the tools to prevent the enlargement of illegal activities. The United States have been creating new products and tools that can prevent illegal activities even for large businesses, since an employer can take an action of seizure of the employees’ technological devices. Decryption has been in discussion about its ethical principles since it violets people’s privacy whenever they are communicating. Many people have incurred in searching new software that prevents government in decrypting their messages, but those people who encrypt their messages are mostly endangering someone else or they are trying to incur in some illegal activity, so the governments has the duty to stop those people even if they are violating their privacy. The country’s safety is the first thing that a government has to guarantee, so their investment on decryption tools has a positive effect on the future protection of the country. The United States will guarantee more protection than other countries.

Leave a Reply

Your email address will not be published. Required fields are marked *