New Report on Police Decryption Capabilities

from Schneier on Security

There is a new report on police decryption capabilities: specifically, mobile device forensic tools (MDFTs). Short summary: it’s not just the FBI that can do it.

This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant. To our knowledge, this is the first time that such records have been widely disclosed.

More here.

Posted in Law, Privacy, Technology and tagged , , .

6 Comments

  1. After previously reading many articles on the privacy of the people in this country, this does not surprise me at all. Citizens should have certain rights to privacy, based on the Fourth Amendment, but it is clear that the way the police are handling this issue, that privacy is being ignored. MDFTs are forensic tools for mobile devices that, “Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant.” The first part that surprised me was how many agencies owned these devices. I was surprised how inexpensive this equipment is because there are so many agencies that have these tools. Since they are so accessible, of course there will be more cases of this happening. This is also proven in this article when it states, “At least 49 of the 50 largest U.S. police departments have the tools, according to the records, as do the police and sheriffs in small towns and counties across the country…” My question is, how has this never been caught until now? And how is this not a huge legal issue? Many data providers do not give the government access to people’s phones and their data, so how can the government get away with this? This is just another example of how privacy in our country is slowly being taken from the people, and these new technologies are the main reason for that. Now, I do agree that having this tool will help drastically decrease the amount of crimes, there still needs to be boundaries. There should still be a process that must be followed, and the police should not be able to access these files without consent from the owner of the data plan. I believe that problems with privacy will continue to occur because of the growth of technology, and it is going to be increasingly more difficult to stop these breaches.

  2. In this generation, privacy is a rare occurrence. Since technology is used basically everywhere, confidential data can leak at any time and can be easily given to other companies. This is how Facebook and Instagram produce advertisements. The algorithm’s within these websites and applications allow them to monitor what you look at, click, browse, etc. Their advertisements are based on the websites that you look at and products that may have been browsed before. Ever since COVID became a big issue and people are staying at home more often, privacy is at an all-time low. From having to work from your computer, to ordering things off of the internet because retail shops may be closed, someone’s privacy is easily breached through the internet. I think that law enforcement being able to search someone’s cellphone or other devices without a warrant is intrusive. I believe that a warrant is needed even if all law enforcement is going through is a cellphone. In all honesty, I thought that they had already needed a warrant to search through someone’s device. Not needing a warrant is an invasion of privacy and in my opinion an abuse of power. Someone’s most private information can be stored on their cellular device and to be able to search if freely without any jurisdiction seems like an abuse of power to me.

  3. Privacy is something that we all became used to losing, which is a sad statement. We are no longer confident that our personal information is personal in this day in age. An adding factor to this situation is Police Decryption. While most of the time, knowing our private information is now public is upsetting, but in terms of Police Decryption, this is a good thing. With new and improved decryption, police are better able to get the proper information/evidence needed to help them with their job. This new decryption ranges from FBI Agents to small town Sheriff Departments. The other benefits of this new decryption consist of catching and convicting criminals. By being able to gather more information than normal, police are able to gather more evidence when covering a case and this helps in convicting those proven to be guilty. This helps a lot during the COVID-19 Pandemic as well because decryption is contactless which paves a way for a new type of police investigation. The world is changing, and so are we. With new forms of police decryption, they can properly put the bad guys away.

  4. The newfound police decryption capabilities are frightening. Police and government agencies, such as the FBI, have the ability to extract data from peoples’ cellphones. The fact that law enforcement does this without warrants makes the situation even more horrendous. The logic behind this form of behavior is dangerous, as the logic that is employed is that people should not have to worry about getting prosecuted as long as they are not doing anything wrong. This form of behavior is also a direct infringement on the rights laid out in the fourth amendment, which states that people have a right to privacy and “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” This type of decryption capabilities and the way they are used seems to correlate with government behavior exemplified in dystopian literature, such as George Orwell’s “1984.”

    This technology has some positive aspects, such as the fact that employing this technology will consequentially make it easier for law enforcement to pinpoint terrorist organizations or uncover security risks. Unfortunately, I believe that the flaws outweigh the benefits, as there are many issues that need to be resolved in order to employ the use of this technology without infringing on the privacy rights of citizens.

  5. Mobile Device Forensic Tool Capabilities (MDFT) are not just for the FBI anymore, but fir State and local law enforcement agencies as well. This tool allows enforcement agencies to have access to locked, encrypted phones and extract their personal data dispelling the rumors that an iPhone is impenetrable. According to public records, over 2000 law enforcement agencies have already purchased these devices and regularly break into encrypted smart phones. This includes law enforcement agencies in all 50 States and the District of Columbia. Most people would be surprised to know that since 2015, state and local law enforcement agencies extracted the data on hundreds of thousands of iPhone devices without ever appearing before a judge or stepping foot inside a court room to request a search warrant. In addition, it has become more prevalent in recent years for police and sheriffs in small towns and counties to purchase these mobile tool capabilities. The widespread use of MDFT has positioned local law agencies to expedite the process of information whereas before the device had to be sent to a state or federal crime labs to be examined. The MDFT’s are manufactured in a company in Atlanta, Georgia called Grayshift. This company was co-founded by a former Apple engineer and Cellebrite, an Israeli unit of Japan’s son corporation. The price of these Mobile Device Forensic Tools are considered a reasonable expenditure for the value each agency acquires and the practicality and convenience the technology affords. Most state and local departments find it reasonable to spend an upfront fixed cost of between 9000 to 18000 dollars with an additional 3500 to 15000 annually on licensing fees. One has to wonder why these agencies aren’t held accountable for the invasion of privacy and constitutionality violations. The widespread access to these tools has led law enforcement agencies to gain entry to private data and prosecute citizens for minor crimes. The Forth Amendment of the United States Constitution is part of the Bill of Rights and “prohibits unreasonable searches and seizures.” There used to be law challenges for forensic examination, but these tools have made it far easier for law enforcement agencies to violate United States citizens Constitutional rights.

  6. Internet based services and tools, new apps, and many capabilities by technology have enacted many people to create illegal businesses or to do some illegal activities. Those services have been increasing in the past years, since criminals have found another way to be anonymous and to be more efficient on doing illegal activities. The dark-web, which had been in discussion in the United States about eight years ago, has increased drugs and weapons selling with a complete anonymity. I have been conducting many researches when I represented my country (Italy) in the United Nations committee about 5 years ago, and I have found that most of the illegal businesses have moved in the dark-web, and it enacts billions of dollars to be exchanged without knowing who is purchasing or who is selling. Many countries have started to fight those activities, but most of them have encountered in many issues since decryption requires many expensive tools, and the transactions are a lot. United States, as we can see from this report, has increased its resources to fight any local illegal encrypted activity, in fact, 49 of 50 big police department has the tools to decrypt. More than 2,000 agencies have purchased the tools to prevent the enlargement of illegal activities. The United States have been creating new products and tools that can prevent illegal activities even for large businesses, since an employer can take an action of seizure of the employees’ technological devices. Decryption has been in discussion about its ethical principles since it violets people’s privacy whenever they are communicating. Many people have incurred in searching new software that prevents government in decrypting their messages, but those people who encrypt their messages are mostly endangering someone else or they are trying to incur in some illegal activity, so the governments has the duty to stop those people even if they are violating their privacy. The country’s safety is the first thing that a government has to guarantee, so their investment on decryption tools has a positive effect on the future protection of the country. The United States will guarantee more protection than other countries.

Leave a Reply

Your email address will not be published. Required fields are marked *