New Report Shows Cellphone Encryption Isn't Really Stopping Cops From Searching Phones

from the complaining-that-99%-access-isn't-100%-access dept

We’re still hearing quite a bit about law enforcement’s supposedly endless string of losses to criminals and their device encryption. Citing facts not in evidence, consecutive FBI directors — along with outgoing Attorney General Bill Barr — have claimed the implementation of encryption has pretty much made it impossible to successfully prosecute criminals.

We know this isn’t true for several reasons. But let’s begin with the FBI, which has relied on overstated numbers to press the “going dark” theory for a few dozen months at this point. After admitting it couldn’t do math — even when aided by a spreadsheet — the FBI has refused to update its overblown number of locked devices in its possession. The FBI has not corrected its math for 931 days at this point.

Criminal prosecutions haven’t slowed down either. When almost every prosecution ends in a plea deal, it’s pretty rich for prosecutors and law enforcement to complain they’re being beaten by criminals. And a bunch of federal agencies pad their own numbers, engaging in borderline entrapment to ensure a steady stream of prosecutorial wins.

A new report shows just how little of an effect device encryption has had on law enforcement efforts. Some of the report’s highlights are touched on by Lawfare’s Susan Landau. We’ve heard the complaints encryption is keeping law enforcement out of seized cellphones. The reality is much more worrying. Not only is encryption not much of a barrier, but law enforcement tech allows investigators to access pretty much everything before trimming it down to what’s been asked for in warrant affidavits.

These forensic tools are quite sophisticated. FBI Director Christopher Wray once complained that “warrant-proof encryption,” like that used on iPhones, prevents law enforcement access to crucial evidence. But Upturn found that the forensic tools copy all the data found on a cellphone. The tools then sort the data so that law enforcement can easily search through it. And MDFTs include some features that make law enforcement’s job even easier. For example, Cellebrite, perhaps the most sophisticated MDFT, can compare a facial image, such as from a police database, to any of the faces in photos stored on the phone. Others MDFTs classify text conversations by topic, such as drugs, money or family.

The MDFTs work on a variety of sophisticated phones. Cellebrite says it can extract data from “all iPhone devices from iPhone 4S to the latest iPhone 11 / 11 Pro / Max running the latest iOS versions up to the latest 13.4.1.” The company claims to be able to handle even locked iPhones and Android devices.

“Going dark” is nothing more than rhetoric. The reality is encryption isn’t much of a roadblock. The report by DC think tank Upturn shows there’s little standing in the way of law enforcement forensic extractions, no matter how much federal officials claim otherwise. The business of cracking/scraping phones is largely automated — plug-and-play invasive searches that pretty much ignore efforts owners might make to secure their devices against government intrusion.

Mobile device forensic tools (MDFTs) are so powerful, Upturn recommends the ban on consensual searches of cellphones, given what investigators can access when they’re deployed. This makes some sense, given the specious reasons given for some cellphone searches. But that’s going to be a really difficult thing to sell to legislators when one of the most recognized exceptions to the Fourth Amendment is the voluntary waiver. (Counterpoint: the definition of “voluntary” could use more examination by courts, which have decided the third-party doctrine applies even when voluntary consent isn’t obvious, but still side with law enforcement agencies who have coerced confessions and “consent.”)

People may think these powerful tools will only be aimed at the worst criminals — drug kingpins, child molesters, financial services firms, etc. But they’re not. They’re used for everything because they’re cheap, easy, and convenient.

Law enforcement use these tools to investigate not only cases involving major harm, but also for graffiti, shoplifting, marijuana possession, prostitution, vandalism, car crashes, parole violations, petty theft, public intoxication, and the full gamut of drug-related offenses.

Anti-encryption enthusiasts like FBI directors Chris Wray and James Comey have somewhat acknowledged some powerful tools render device encryption moot. But even while (sort of) admitting their “going dark” claims were overblown, proponents of encryption backdoors claim success rates are too low, tools are too expensive, and solutions provided by government contractors won’t scale. Upturn’s report says otherwise.

Our records show that at least 2,000 agencies have purchased a range of products and services offered by mobile device forensic tool vendors. Law enforcement agencies in all 50 states and the District of Columbia have these tools. Each of the largest 50 police departments have purchased or have easy access to mobile device forensic tools. Dozens of district attorneys’ and sheriff’s offices have also purchased them. Many have done so through a variety of federal grant programs. Even if a department hasn’t purchased the technology itself, most, if not all, have easy access thanks to partnerships, kiosk programs, and sharing agreements with larger law enforcement agencies, including the FBI.

So, there’s plenty of access. Funding isn’t a problem. Vendors have solutions that scale because there’s plenty of access and plenty of funding. But the complaints continue. And the complaints continue despite how much is being extracted with each deployment.

MDFTs pull every photo on the device, extracting metadata that shows when and where photos were taken. It pulls data from every app that generates it, including location data, which allows law enforcement to track movement without a warrant. The extraction tools can also pull deleted data, allowing investigators to perform digital trash pulls for additional evidence.

Then there’s the third parties themselves. While the FBI and others complain about a lack of access, any data/communications stored by cloud services can be recovered without having to deal with device encryption.

The wealth of data available to law enforcement allows them to engage in fishing expeditions for evidence of other crimes. The only thing stopping them is the courts, so it’s worth their while to dig through everything, considering the worst case scenario is a dismissed case, rather than fines, fees, sanctions, or anything else that might hurt them more directly.

A city or state might ban facial recognition searches, but cops can still do this without violating the specifics of the ban, thanks to built-in tools.

Cellebrite offers a “search by face” function, whereby law enforcement can compare an image of a face to all other images of faces found on the phone.

They can also look for anything else conceivably incriminating (or titillating) without having to screw with their tools’ default settings.

Cellebrite also allows law enforcement to define new image categories by feeding its software a small set of example images to search for (for example, searching for hotel rooms by giving the software a set of five images of hotel rooms that were taken from Google images). As another example, Magnet Forensics’ AXIOM can employ text classification models in attempts to detect “sexual conversations,” or to filter conversations by topics ranging from family, drugs, money, and police.

Even if encryption is the default option, a variety of software and hardware exploits renders this useless in most cases. Patches from developers and manufacturers make this somewhat of an arms race, but this race remains a tie, at worst. Law enforcement isn’t losing. And if it’s losing access, it’s only temporary.

There’s another “war” at play here — one that’s rarely referenced by law enforcement officials. Every vendor wants more customers, so they’re always improving their tech. The healthy competition makes tools more powerful while dropping their price, ensuring equal access for law enforcement agencies across the nation. The public records obtained by Upturn show there’s not a single state in the Union that doesn’t have access to forensic tools capable of cracking or bypassing encryption. Funding isn’t an issue, given the federal government’s interest in making encryption a non-issue.

That means there’s thousands of extractions a year — something that undercuts the FBI’s “warrant-proof encryption” narrative at least as much as its inability to count physical items accurately.

The records of use we’ve assembled from 44 law enforcement agencies represent at least 50,000 extractions of cellphones between 2015 and 2019.

There is no going dark. If legislators want to believe there is, they’re going to have to do so by ignoring all the evidence to the contrary. What law enforcement wants is convenience — the ability to crack open phones without having to hook them up to a machine or beat the submission out of an arrestee. The options are there and agencies are obviously using them. Every argument that says encryption is locking law enforcement out is not just disingenuous — it’s dishonest.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “New Report Shows Cellphone Encryption Isn't Really Stopping Cops From Searching Phones”

Subscribe: RSS Leave a comment
Upstream (profile) says:

What am I missing?

Cellebrite, perhaps the most sophisticated MDFT, can compare a facial image, such as from a police database, to any of the faces in photos stored on the phone. Others MDFTs classify text conversations by topic, such as drugs, money or family.

I thought that encryption algorithms like 3DES, AES, and RSA were largely unbreakable unless enormous computing resources were employed, and even then it would take a prohibitive length of time. But it sounds like these MDFTs are effectively bypassing them at will. Is this a fault of the phone encryption implementations? Are the phones not really encrypting the data at all and just encrypting the file system’s metadata that is used to access the actual data?

This comment has been deemed insightful by the community.
Anonymous Coward says:

Re: What am I missing?

They have found ways of retrieving the keys which are held on the phone in the secure enclave. That is a problem with long keys, users need to store them somewhere, and make them available to the encryption software, and Apple automate this process, hiding it from the users.

That Anonymous Coward (profile) says:

They want us to think the "bad guys" are hard to catch so they need to spy on everyone to keep us safe.

The problem is their desire for more more more makes them lazy.

When someone spends months on FB talking about shooting up a Synagogue & they never notice… but will spend hours screaming how unless this phone is unlocked people will die its hard to take them seriously.

The popular thinking is they need more more more, when they can’t even see obvious things now. Perhaps its time to ask them about all of the plots & bad things that were planned in the open that they missed because they were more focused on what they imagine might be on a locked phone.

Uriel-238 (profile) says:

The US convicts people for who they are.

When they stop putting blacks away for possession (and killing them in their houses based on bad informers) and are willing to actually focus on white collar criminals with extra layers of encryption, this may become a conversation we can have.

May become.

Until then, no, they’re willfully using bad forensic science for the false positives to fill private prisons with warm bodies. Officials who argue for more privacy-invading police powers are literal antagonists to the public. Enemies of the people, as some politicians like to say.

ECA (profile) says:

Strange isnt it?

That the same things available in the past, before cellphones is/are still available Now, but with abit more data. Call the Cellphone corps or call the Cellphone services, and you can get every name a person has ever used in the recent period of time, Let alone the Probable location of all concerned.

So, what do you get from the cellphone that you cant get from calling a few corps, with a warrant? family pictures?
Would a Smart thief just pay $30 for a throw away if they were doing something stupid? Cheapest phone you can get and not worry about tracking even.
Dip it in Alcohol or Ammonia and ditch the phone.

ANd as Uriel has suggested, How much could we get back by going after the MAJOR white collar crimes?
From general robbery $20- couple 1000, compare that to millions at a time.
How many in Enron went to jail? and got out on good behavior in 3 years or LESS? For over pricing Electricity to California. WHERE is the pay back? Never EVER seen a payback Equal to the Costs of Corp idiocy.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...