Schools Are Using Phone-Cracking Tech To Access The Contents Of Students' Devices

from the brave-new-hellscape dept

To the detriment of our nation’s future, the future of our nation is increasingly being subjected to law enforcement’s presents (and presence). On the plus side, it will help students grow up with a healthy distrust of their government.

We’ve put cops in schools so kids can be subjected to the same brutality adults receive. Disciplinary problems long-handled by schools and parents are now handled with handcuffs and criminal charges. The same questionable science that leads cops to believe future criminal acts can be predicted by algorithms and checklists is being wielded against children, turning their bad grades and spotty attendance records into criminal predicates.

Now, there’s this: the use of high-tech hacking tools to forensically scrape kids’ phones for evidence of alleged criminal acts.

In May 2016, a student enrolled in a high-school in Shelbyville, Texas, consented to having his phone searched by one of the district’s school resource officers. Looking for evidence of a romantic relationship between the student and a teacher, the officer plugged the phone into a Cellebrite UFED to recover deleted messages from the phone. According to the arrest affidavit, investigators discovered the student and teacher frequently messaged each other, “I love you.” Two days later, the teacher was booked into the county jail for sexual assault of a child.

While this may have resulted in something that actually prevented further harm to a student, the fact that schools possess tools capable of bypassing device encryption is… well, horrifying. We’re talking about minors here, not dangerous criminals. This case is not a great argument for the acquisition and use of phone-cracking tools by educators. There were many ways to approach this problem, but this one was the easiest. And it shows those selling phone-cracking tech don’t really care who buys it or what they use it for.

Cracking a phone to scrape it for evidence gives investigators easy access to communications and other private info even a consenting minor wouldn’t agree to share with others. But the tools can’t make that distinction. And investigators assume consent for a search means looking at everything the tools give them access to.

The Cellebrite used in this case was owned by the local sheriff’s office. That it decided it was appropriate to use on a minor’s phone is disturbing, to say the least. It seems the same thing could have been accomplished by the minor providing them with access to the messages, which could have been documented and downloaded without engaging in a forensic search of the phone.

This isn’t some sort of anomaly. As Gizmodo reports, multiple school districts are buying phone-cracking tech to access the content of students’ devices.

In March 2020, the North East Independent School District, a largely Hispanic district north of San Antonio, wrote a check to Cellebrite for $6,695 for “General Supplies.” In May, Cypress-Fairbanks ISD near Houston, Texas, paid Oxygen Forensics Inc., another mobile device forensics firm, $2,899. Not far away, majority-white Conroe ISD wrote a check to Susteen Inc., the manufacturer of the similar Secure View system, for $995 in September 2016.

According to Gizmodo, only eight districts in the US acknowledge publicly (via their websites) that they own device-cracking tech. The actual number is definitely much higher. This total doesn’t include law enforcement agencies that own or have access to the tech, and whose “school resource officers” might decide is necessary to investigate students or their accusations against school employees.

Deploying this tech to search students’ phones isn’t just irresponsible, it’s dangerous. Cops and prosecutors have rarely been reluctant to turn consensual sharing of intimate images into the “production” of “child pornography.” Dig deep enough into someone’s phone and you’ll find something incriminating. And that’s if the cops are simply looking for evidence. Some cops like to look at stuff just because they have the access and the power to demand compliance. Access to this tech guarantees abuse. But in these cases, the victim will be a minor — people who are assumed to be more vulnerable and whose lives can be ruined before they can even be started.

Filed Under: , , , , ,
Companies: cellebrite, susteen

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Schools Are Using Phone-Cracking Tech To Access The Contents Of Students' Devices”

Subscribe: RSS Leave a comment
58 Comments
Avatar28 (profile) says:

Re: Re:

The concept of ex loco parentis probably applies here. Still doesn’t make it right, IMHO. As the article notes, too many cops will look at it as permission to go on a fishing expedition. Intimate pictures? That’s kiddie porn. Evidence of accessing a porn site where you had to certify you’re 18? Enjoy your CFAA prosecution. Mentioned smoking weed in a group message with friends? Now everyone is getting their shit searched.

Tanner Andrews (profile) says:

Re: teacher has no expectation of privacy in student phone

The search may well have been violative of the US 4th Amendment, but there is no remedy. The courts have said that the remedy is suppression of evidence, and it is available only to the person with standing, which in this case would be the owner of the phone.

When the state violates the privacy of A to prosecute B, no remedy is available. No remedy for A, because he is not being prosecuted and thus cannot have benefit of suppression. No remedy for B, because he lacks standing.

This comment has been deemed insightful by the community.
PaulT (profile) says:

"Dig deep enough into someone’s phone and you’ll find something incriminating."

Or, as it was written before:

"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.", commonly attributed to Cardinal Richelieu.

A little concerning when we seem to be talking about deleted messages from high schoolers, who would usually use phone messages as a replacement for what would be casual in person speech in Richelieu’s era.

That Anonymous Coward (profile) says:

Won’t someone think of the children!?!?!?

If we can’t just look in their phones whenever we want, how will we stop future school shooters!?!?
Do you want your children to DIE!!!!!!!!!!
If we don’t do this everyone will DIEEEEEEEEEEEE!!!!!!!!!!!!!!

This is authoritarian FOMO.
A school should absolutely not own one of these devices.
They like to pretend they are masters over your children, but hey laws still protect kids.

Student & Teacher hooking up… its a police matter, you let them deal with it. Put the teacher on paid leave, just like cops who shoot the unarmed in the back, while investigating. The last thing anyone wants is a Judge who might actually remember the rule of law & dump a case because the Superintendent had the janitor dl the contents of a phone they seized because they could.

So much time is spent looking for the hidden things, they manage to miss the things in the open. If a student had been texting & hooking up with a teacher you KNOW someone saw them at some point & you didn’t need stealth drones following them working as string ray to see if maybe just maybe there is truth to the worry.

But we need technologies & to spy all the time!!!
We might miss a bad thing otherwise!
Pay no attention to how we’ll abuse this or all of the bad things we ignored b/c the magic box didn’t give us evidence & we refused to use our eyes.

nasch (profile) says:

Re: Re:

Student & Teacher hooking up… its a police matter, you let them deal with it.

They did.

"In May 2016, a student enrolled in a high-school in Shelbyville, Texas, consented to having his phone searched by one of the district’s school resource officers."

That’s a cop. The question is whether there should be police in the schools to begin with.

This comment has been deemed insightful by the community.
Anonymous Coward says:

Re: Re: 90% conviction rate

US prisons are full of innocents

FTFY.

In the US you never repay your debt to society. That’s not the point of the US criminal "justice" system. The point is to punish those that US society has decided to punish. It doesn’t matter if you’re in jail or out of it. Once US society has labeled you a criminal, you’ll spend the rest of your life there suffering for it.

Uriel-238 (profile) says:

Re: Re: "a very bad time"

Kids in shitty schools are already having a very bad time, and not even learning all that much.

Primary schools in the US have always been day-prisons first and institutions of learning second. Our school districts emerged from the crime waves that followed the passing of child labor laws.

Perhaps if we budgeted public schools to be academies, paid our teachers a living salary and then evicted administrative staff who think they’re prison wardens, we might get somewhere.

Until then, the parent who can afford the time and energy to home-school their kids have a valid point… if they have the time and energy. Most adults have to work more than full time to eek out a living.

Anonymous Coward says:

Re: Re: Re: "a very bad time"

Yes, our education system has been under attack for some time and we need to stop that. IMO: Fixing things will be another battle and improving things is just a dream at this point because you can’t handle the truth lol, yeah sure, whatever.

Apparently it is much easier to lie to those who lack knowledge, one particular political party has incorporated this onto their platform and made successful use of same to the detriment of society as a whole. I still can not figure out how middle and lower America rationalizes their support of same. Even the well to do are negatively affected by this but they seem to neither know or care.

Scary Devil Monastery (profile) says:

Re: Between Resource Officers and Zero tolerance policies.....

"Never has there been a better argument for Home Schooling."

…in the US alone.

How come lately every major social crisis or TARFU situation we hear off comes from the explicit fact that the US is so backward in <current topic of discussion> these problems all look like they came out of the 18th century to anyone from the rest of the G20?

Whether it’s police violence, the Flint river, state of education, health care…core infrastructure, politics and state or federal institutions…it all looks like England under King George, except with smartphones and nukes.

R.H. (profile) says:

Re: Re:

That’s not definitely true. For example, I have a spare phone sitting on my desk. If I were to give that phone to my hypothetical child, then I would hold the contract for its service but, I would no longer own the device itself.

Secondly, school’s are allowed to act "ex loco parentis" or in the place of the parents of their students. If the kid had pressed the matter though, they might have called in his parents just to cover themselves.

nasch (profile) says:

Re: Re: Re:

If I were to give that phone to my hypothetical child, then I would hold the contract for its service but, I would no longer own the device itself.

I had thought parents legally owned the property possessed by their children, but apparently that is not so. Children really do own the things they have been given (or bought, or however they were acquired). Cool.

https://blogs.findlaw.com/law_and_life/2018/08/do-parents-own-their-childrens-property.html

Jeroen Hellingman (profile) says:

I never brought a phone to school. Maybe return to those days. I used a handwritten pocket diary, and memorized all phone numbers to use at home. Teachers could inspect that diary, but it would take more than a current technology is capable of to decode my handwriting. Foreign alphabets has been a crazy hobby of me, and it would confuse the hell out of them when writing Dutch in Devanagari… (नेदरलंद्स इस मक्कलक त लेज़न). I used this for a lot of private notes until an Indian co-worker forced me to change to some other script.

This comment has been deemed insightful by the community.
PaulT (profile) says:

Re: Re:

Word to the wise: if your argument starts with "I didn’t personally need X at school, therefore nobody does", it’s likely a faulty argument, and gets less applicable over time.

" I used a handwritten pocket diary, and memorized all phone numbers to use at home"

Yeah, good luck with that when nobody communicates via phone calls any more, especially if the device is expected to be used for non-verbal school related activities.

"Foreign alphabets has been a crazy hobby of me, and it would confuse the hell out of them"

Did you forget we’ve talking about American schools here? They drag kindergarteners into police stations for drawing a picture of a gun, can you imagine what they’ll do when faced with someone deliberately hiding information in a foreign alphabet, especially if the student is brown?

Jeroen Hellingman (profile) says:

Re: Re: Re:

I am aware of this, all I want to say is that in the face of totalitarian repression, which the US school system appears to be regressing into, a fall-back to the old ways of subterfuge is an option.

I wonder what these schools are thinking they teach. Teenagers are supposed to be somewhat rebellious: they need to break free from childhood and find their own place in society. They need to fuel the continuous renewal of new ideas and initiatives that keeps a society alive. If you try to block this, you’re on a road to self-destruction.

The US shows all symptoms of a society living in deep fear, which is on itself evidence of it being a tyranny, far removed from being that hallmark of freedom it claims to be.

PaulT (profile) says:

Re: Re: Re: Re:

"a fall-back to the old ways of subterfuge is an option."

Except, your suggestion isn’t subterfuge so much as it is an announcement that you need to be investigated. A kid using their phone isn’t suspicious on its face, it’s a normal day to day activity that only becomes problematic when someone decides to search it. A kid writing notes in a foreign alphabet that’s not part of a school approved language course is basically announcing "I am trying to hide something", especially if it’s something that can’t be directly translated by someone with familiarity of the language or able to use translation software to get an easy idea of what it says. Which, in the current culture of fear surrounding not only xenophobia but the fear of school shootings and the like, means that the student doing this is asking to be targeted and interrogated.

I agree that kids need to explore ideas and not mindlessly fall in line with whatever they are told, but the trick is not to paint a target on their foreheads while doing so.

"I wonder what these schools are thinking they teach."

My understanding is that modern schools teach to whatever test evaluates the students at the end of the year, and secures their next year’s funding.

"The US shows all symptoms of a society living in deep fear, which is on itself evidence of it being a tyranny, far removed from being that hallmark of freedom it claims to be."

The US has rarely, if ever, actually lived up to the values it announces itself to have, and that’s become less and less reality since 9/11.

Uriel-238 (profile) says:

This case is not a great argument for the acquisition and use of phone-cracking tools by educators.

The availability of effective cracking tools by those outside law enforcement raises the question of why the software manufacturers aren’t ensuring their future phones are secure.

Where are Google and Apple in this, or are students soon to be expected to add an additional commercial layer of crypto to keep themselves (and their associates) from falling into the school-to-prison pipeline?

Scary Devil Monastery (profile) says:

Re: Re: Re:3 Re:

"unbreakable lock – lol"

Yup. Any of the dozen of more popular encryption algorithms provides a lock on your data which is utterly unbreakable unless you brute-force it with enough data processing capacity to keep track on every atom in the sun.

The issue is they key handling. How complex the key is, who has access to it, how many copies exist…etc. And that’s where you hit the main problem of how easy your data will be to access because you really don’t want to have only that one copy of the key which, if lost, means no one will ever access the data.

This comment has been deemed insightful by the community.
Uriel-238 (profile) says:

Re: Re: Crackability

When we imagine our law enforcement and national security institutions to be generally benevolent (a whopper of an if in the new century), encryption is still considered useful if it’s expensive to break.

And so it was, we thought, when we could believe TPMs were secure. Even in the early 2010s it was determined a TPM could be cracked with an electron microscope, a skilled technician and several days. But that meant it was slow and expensive, which means the police won’t be haphazardly cracking and searching every phone that comes in with a detained suspect.

As it is, many states (and I think some federal courts) have decided that it takes a warrant to search a phone and passwords cannot be compelled. But precincts have been ignoring such calls, unlocking phones anyway and then busting people for whatever dirt they find on their phones, even if it’s a CFAA violation.

Keep in mind, unlocking their phone typically also unlocks their entire email and websearch histories as well. And in the current clime in our justice system, that’s enough to convict a six-year-old of treason.

And the problem is, this flies in court anyway, so someone who committed an obscure non-violent crime could end up in jail for decades because he wasn’t reverent enough during a traffic stop. If he’s black or transgendered or disabled or goth then it’s almost guaranteed.

Anonymous Coward says:

Re: Re: Re: Crackability

And so it was, we thought, when we could believe TPMs were secure.

TPMs are not, will not, and have never been secure.

Their purpose is to provide encryption for suckers. I.e. People willing to absolutely trust a predetermined key and hardware backed encryption algorithm installed at the factory that never be changed or inspected. For all you know that TPM’s key is held in escrow for the alphabet soup agencies. Or maybe that hardware algorithm has a hidden backdoor. You’ll never know. It’s designed to be a black box to it’s user. You can’t even inspect or alter the firmware on these things as that’s encrypted and signed too. Never-mind the lack of and complete refusal to implement an "owner override" mechanism for TPMs. Or the fact that one of the openly promoted primary purposes of TPMs is DRM enforcement. The only thing that prevents TPMs from being called "Clipper Chip 2.0" is the lack of a publicly known government backdoor.

TPMs are for suckers and if you’re using one, you’re asking to get owned. You may as well hand over all of your data to the nearest NSA equivalent.

Uriel-238 (profile) says:

Re: Re: Re:2 TPMs

They’re still used for current-release devices. What we know is current devices are compromised. But it’s not clear that it’s a TPM based backdoor that’s doing it.

A TPM is supposed to check to see if a key has been generated and then generate a new one based on the current time / date. I can’t say for sure that is actually how it works, but that’s how it’s supposed to work.

Yes, this is a point of vulnerability where the manufacturer collaborating with government agencies could insert a back door, but sooner or later, it’d get used in a way that exposes the vulnerability or would be discovered by an outside analyst. And then everyone would know that TPM company was a snitch who’ll squeal your business secrets.

Compromised security is not just a problem for the people, but for business, and the economy depends on security being robust enough that government agencies can’t routinely penetrated. If the local school or precinct can bust into our devices, then foreign interests and rival businesses can as well.

I guess this is to say whether or not the vulnerability is the TPM, it’s one that the economy cannot afford to let sit.

Uriel-238 (profile) says:

Re: Re: "Think of the children"

Think of US-owned businesses.

If Google and Apple want businesses to keep using their phones, they need to be able to rely on them not getting cracked open anytime a representative gets detained by law enforcement.

And yeah, if the local precinct can open the phone, then industrial spies can as well, which means keeping data where it’s accessible on a device is a liability if the device is vulnerable.

The first company to make a reasonably-priced phone that’s truly secure is going to make a lot of sales.

This comment has been flagged by the community. Click here to show it.

Penn Zoil, 1st Erl of Crankcase says:

If has one legitimate use, then it's totally legit.

And it shows those selling phone-cracking tech don’t really care who buys it or what they use it for.

So excuses you pirates trot out for hacking, cracking, download programs, and every other tool that PRIATES use — for users and sellers both — just don’t apply when it comes to policing, eh?

This comment has been flagged by the community. Click here to show it.

This comment has been deemed insightful by the community.
Uriel-238 (profile) says:

Re: Pirates

Pirates use cracking software to act against bad law (in this case bad law is law that does not serve the public or dubiously serves the public.)

Law enforcement and school authorities use cracking software to exploit bad law.

In both cases, the law is working against public interests.

This comment has been deemed insightful by the community.
Uriel-238 (profile) says:

Re: Re: Re: When the perpetrator has a badge

Curiously, the big media companies don’t think twice about pirating when it is too inconvenient not to do so themselves. Moguls, techs, whoever, feel entitled and when one has been caught, it sometimes makes it to the TechDirt blog.

I suspect the same goes for our authoritarian benefactors in law enforcement.

Scary Devil Monastery (profile) says:

Re: If has one legitimate use, then it's totally legit.

"So excuses you pirates trot out for hacking, cracking, download programs, and every other tool that PRIATES use — for users and sellers both — just don’t apply when it comes to policing, eh?"

If a pirate cracks his owns property that’s one thing – like jailbreaking an iPhone. Fully legal, according to SCOTUS.

However, police hold a violence monopoly and need to be held to far stricter validation processes because of this.

There is no conflict here, it’s just that as usual you fail to realize there’s a difference between legitimate use of dual-use tech and the fact that government agencies with violence monopoly are held to stricter standards than private citizens.

I’m not too surprised though, Baghdad Bob. Your commie rhetoric has shown multiple times that you are unaware of the difference between even public and private, let alone citizen and authorized government.

bhull242 (profile) says:

Re: If has one legitimate use, then it's totally legit.

If the product/service has substantial noninfringing uses, then the creator(s) of the product/service has not infringed just because they know some—or even many—users use it to infringe as long as they themselves don’t encourage the infringing use(s). That doesn’t make all uses of the product/service legit or absolve infringers that use the tool; just the product/service itself and its creator(s). Basically, don’t blame the tool or toolmaker for the fact that a number of people use the tool for unlawful purposes. That’s like blaming Microsoft for blackmail just because some people use Microsoft Word to write blackmail letters.

Furthermore, hacking one’s own device is completely different from hacking another person’s device.

Davey (profile) says:

I own the phone, not my child

Dear School District:

I am Mr. Thomas Tables, father of little Bobby Tables. The cellular phone that he carries to school is mine. I own it, not Bobby. I have given little Bobby permision to use it; it was not given as a gift. I purchased it with my debit card, which is linked to my checking account. The cellular service contract is under my name and I pay the bill every month.

Please be advised that I absolutely deny the School District or any of its employees permission to inspect the contents of my cell phone. If law enforcement wants permission, tell them that I will be glad to comply as soon as they produce a search warrant.

Anonymous Coward says:

Wishful thinking

You commenters are being hopelessly naive about how students use their phones in school. It can be so difficult for teachers and administrators to tell the difference between students expressing their tastes and evidence of a crime. This very article flew by an adult apprehended taking advantage of a minor. A better target for ire would be the tech giants violating COPPA all school day and nudging students to FaceTime each other instead of participating in school activities. It’s an uphill battle. I’m not in favor of profiling or criminalizing anyone, but I have no doubt that the opprobrium of most of you would disappear if you substitute taught for a day.

Uriel-238 (profile) says:

Re: Differences between tastes and crime

If administrators can’t tell the difference between evidence of crime and students expressing their tastes, that’s an argument to give them even less access to the lives of students, let alone use spyware to invade students’ privacy.

School administrations in the US have a long, established history of disinterest in the welfare of the students, rather to either shuttle them directly into prisons or mold them into obedient solders to fight wars for plutocrats.

When the society decides that the welfare of kids are the first order of business, and they have the right to choose what future they get to live in (rather than to perpetuate the status quo of the present) then maybe administrators should have more influence, but right now they’re banning books and persecuting the victims who present video proof of their own bullying. Right now they’re freaking out about CRT even when CRT is only being introduced at the collegiate level.

Right now our schools are glorified prisons less interested in educating our kids than indoctrinating them so that society can blame them later for being too lazy. And until that changes, our overreaching school districts seeking to peer deeper into students’ lives can fuck right off.

Feel free to consider a career other than faculty. I’m sure one less faculty that regards our students as natural-born criminals can only improve the situation.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...