Judge Not Impressed With Government's Warrantless 921-Page 'Peek' Into A Suspect's Cellphone
from the also-discussed:-digital-forensic-tools-and-how-not-to-use-them dept
All the DHS wanted was a warrantless “peek” at the contents of a seized iPhone. The phone, one of three seized from a person suspected of drug trafficking, was examined by the DHS, with the warrant arriving a month later. Now, all of the evidence obtained from the phone is being tossed out.
In the order granting the suppression of evidence obtained from the phone, Judge Sterling Johnson points out that the government revised its story several times during oral testimony.
DHS Special Agent Thomas Wilburt worked with the CBP to detain the suspect, Adamou Djibo, at the JFK Airport. Djibo’s iPhone was taken and examined by Wilburt, who couldn’t seem to accurately recall the details of the examination.
First off, Wilburt made it clear that the DHS and CBP were searching for a particular kind of “contraband.”
Wilburt defined the search as one for “contraband,” and when asked by the Court to define contraband stated:
If they’re leaving with any weapons, any mostly it’s money, I think, they’re looking for. Drugs as well. Drugs, often they’ll go to Bermuda. Drugs come in here and go to Bermuda, as opposed to Bermuda from here. This particular case, the main search was for money.
The problem was, Djibo’s money checked out. The declaration form was legitimate and the amount of currency he was carrying was found to be legal. (Yeah, let that last part sink in for a moment…)
Wilburt then took an iPhone from Djibo and asked him to input his passcode. Or not. The opinion contains several quotes from Wilburt’s testimony, many of them elusive or contradictory. The opposing counsel found it nearly impossible to get Wilburt to provide an accurate portrayal of the phone’s search and seizure.
Wilburt first claimed he couldn’t recall whether or not he had asked Djibo for his passcode. He then claimed he didn’t know when the passcode was used to unlock the phone and access the contents.
Counsel: After they took his boarding pass and his passport, his password was put into his phone. Is that right?
Wilburt: I don’t know that his password was put into his phone then, no.
[…]
Counsel: You never saw his passcode get put into his phone?
Wilburt: I don’t believe it was put into his phone then, no.
[…]
Wilburt: At some point, I put it into his phone. I don’t know if I did it right then or I did it back at our office.
At a second hearing, Wilburt suddenly recalled when the passcode had been entered:
I believe it was after the exam was over and after he was arrested, we went back to our office, and then I proceeded to put that code into the phone.
But he became less clear on the details of what the agents had viewed on the phone during their warrantless “peek.” Wilburt testified that the phone was hooked up to a Cellebrite (a device for forensic phone examinations), where “another agent… obtained all the information off the phone that we were able to.”
When the court pointed out that the warrant to search the phone didn’t arrive until a month later, Agent Wilburt then claimed the Cellebrite didn’t actually grab “all the information” the government wanted, despite saying it had only moments earlier.
We wanted to get more in depth in the phone. Cellebrite, as far as I know, gives you basic information.
Wilburt vastly underplays the capabilities of this forensic device. It grabs address books, call logs, pictures, videos and text messages.
In this case, it returned incriminating information, well ahead of the warrant acquisition.
The Court: Were there any text messages or incriminating calls to the original defendant?
Wilburt: At a later point looking at that report, I believe there were text messages.
Agent Wilburt, apparently attempting to legalize the illegal search of Djibo’s phone, tried to redefine “contraband” — something he originally claimed was “specifically currency” — to cover what he had already discovered without the acquisition of a warrant. Wilburt now claimed the phone needed to be accessed to look for “evidence of currency or other crimes.”
Pressed further, Wilburt admitted the phone had been seized and searched without a warrant, but the DHS had only used its forensic device to get a “peek” at the contents.
I believe after — nothing was seized at the border search. After he was arrested, I believe they ran an initial Cellebrite report or an initial search on the phone, just a preliminary peek.
(Hilariously, when the court asked Wilburt why he would seek a warrant when Djibo had already given him the passcode, he claimed it was to avoid “violating [Djibo’s] rights.”)
And what did that “peek” contain?
It was emails, text messages, undeleted content. So whatever was — when you turn on your phone and you see your text messages and your emails, that’s what they obtained with this initial peek.
So, basically all the communications contained in the phone. The court asked for a copy of the “peek” and was informed a CD would be burned and sent out, as the “peek” contained “hundreds” of pages. Three weeks later, it arrived in the court’s hands.
The CD contained 921 pages of materials, all of which this Court has reviewed, including hundreds of text messages, WhatsApp messages, photographs and emails. Many of the messages appear to be written in code. For example, there are text messages about orders for 600 cases of diapers and 1500 cases of wipes; “booking confirmations” to a “personal trainer” who provides various styles of “sessions;” and about stomach ailments that have to be operated on in Ghana.
The government magnanimously agreed to “suppress the peek,” while less magnanimously claiming it could have obtained the info anyway, even if it hadn’t known the passcode.
Further questioning of DHS Special Agent David Bauer revealed the DHS could have taken a look at Djibo’s phone without needing to know his passcode.
Bauer described a “fairly new” device called an IP-Box, which can be attached to an iPhone and systematically attempt every passcode from 0000 to 9999 without shutting down [the phone]… IP-Boxes came into the fray when Apple Inc. (“Apple”) refused to assist the government with cell phone break-ins.
[Here’s an IP-Box in action.]
Even less magnanimously, the government disputed Djibo’s attempts to suppress the evidence it had obtained with a warrant. Starting with the alleged Fifth Amendment violations, the court has this to say about the government’s relocation of the investigative goal posts.
It appears from his testimony that he stood by passively until the phones were discovered, but phones are not contraband. In fact, no contraband was found by the CBP. After that, the border search ended. The line of inquiry into Djibo’s telephones thereafter changed the stage because the purpose of the original search was to find currency and currency cannot be found on a phone.
Citing the Supreme Court’s Riley decision, the court finds that the original, warrantless 921-page “peek” was an illegal search, tainting every piece of evidence obtained subsequently.
In his affidavit in support of the application for a search warrant, he made no mention of having already looked at 921 pages of data from the phone. Therefore, not only was the initial search unreasonable… Agent Wilburt decided it was insufficient to support the narcotics investigation. He wanted “more.” For these reasons, this Court finds that the forensic search of Djibo’s phone was the fruit of the illegal initial search and was unreasonable.
[…]
The government’s claim that it did not rely on the initial “peek” — despite the wording of the search warrant — is simply unsupported by the often contradictory evidence.
[…]
In this case, the search was undertaken to find contraband or currency and neither were found. There was no need to then seek out Djibo’s passcode. It had nothing to do with national security at the airport on that day… That Djibo was arrestable based on the information from the Cooperator is of no great moment. He could have been arrested, his phone seized pursuant to border authority, and a search warrant obtained before any searching occurred. Wilburt sought to sidestep these constitutional guarantees.
The DHS was so sure it could build it case that it skipped all the essentials of building a case. And now it has no evidence and a guy “caught” carrying a legal amount of cash through an airport, which isn’t going to help it “win” the Drug War.
Filed Under: 4th amendment, adamou djibo, dhs, mobile phones, peek, surveillance, warrants
Comments on “Judge Not Impressed With Government's Warrantless 921-Page 'Peek' Into A Suspect's Cellphone”
Half is better than none I suppose
The government’s claim that it did not rely on the initial “peek” — despite the wording of the search warrant — is simply unsupported by the often contradictory evidence.
While it’s certainly nice that the judge tossed the evidence, it would be even better if those that lied in their request for the search warrant faced some actual punishment. You’d think one judge would be particularly sensitive to the idea of government officials lying to another judge, but I guess all he can do without more evidence is crush their case for them and rub their noses in the fact that in their eagerness they screwed up to such an extent that they’re left with nothing.
Shaking my head at the bias
I always love stories like this. Techdirt chooses to glorify judges who look kindly upon behavior that interferes with law enforcement, but when it comes to righteous enforcers such as Liam O’Grady, he will do anything he can to paint them in a bad light. Your obsession with obtaining warrants is mostly to ensure that law enforcement progresses as slowly as possible, to the point that you can argue spoilation of evidence. And now, you even have the gall to demand that those who did not obtain the proper warrants be punished? What a laugh. You insult authorities who rightly and legally confiscate the phones you shove in the face of police officers, while discussing ways to keep your dirty business away from the eyes and arms of the law. It’s a sham what Techdirt has become.
(Also not signing in, because I know PaulT is watching. You can go report my account in some other thread; I won’t be coming back to this one unless I’m signed in or with another IP address. Mike Masnick is hampering my efforts to give PaulT fifty downvotes, which again proves what a disaster this community is.)
Re: Shaking my head at the bias
Like the Bill of Rights written by that hippy Madison. You could think its sole purpose was to be interfering with law enforcement.
Which is not all that surprising because it is. And the judge is sworn to make sure the limits it sets to the means allowed to law enforcement are heeded.
Now indeed it’s a bit sad that it’s a cause for “glorification” when some judge actually tries doing the job he has sworn to do in return for his wages. But one needs a bit of an offset to the people singing the praises of those out to abolish the Constitution.
Re: Re:
You are one fucked up fuck, you know that?
Re: Shaking my head at the bias
Mike Masnick is hampering my efforts to give PaulT fifty downvotes, which again proves what a disaster this community is.
Yeah, it’s really unfortunate that you can’t single-handedly try to be 50 different people.
You’re such an asshole, and what’s worse, you don’t try to hide it.
Re: Shaking my head at the bias
And now, you even have the gall to demand that those who did not obtain the proper warrants be punished?
I don’t think this is the real Whatever. He would never admit the police did something wrong.
Re: Re: Shaking my head at the bias
Actually, he hasn’t actually admitted they did something wrong. He’s using the same pathetic tactics he used when arguing in favor of the Megaupload raid. Sure, the DOJ fucked up the warrants, but it’s okay because Dotcom was obviously guilty, and how dare you try to argue otherwise.
The rest is the usual Whatever-style moral outrage and pandering towards authoritarianism.
Re: Shaking my head at the bias
No one is demanding that those who didn’t get the necessary warrants be punished per se.
Instead, we’re demanding that those who violate the law at a minimum not benefit from it. Since the law is clearly established that a warrant is required under these circumstances, failure to get one means that the Agent of the people didn’t have authority to seize and search the phone.
Taking another persons property without authority to do so is theft, or in this case probably armed robbery.
We’re demanding that we, the people, be held accountable for the actions of our agent. The minimal level of accountability is that we lose our advantage (the information we obtained without authority), so suppression is a minimalist first step. Some of us are also demanding that we be accountable for damages caused by our agent, under simple agency principles.
It appears that some people think theft is ok as long as it’s done by the agent of the people against a single person.
Re: Shaking my head at the bias
Your subject line is apropos.
What?!? Tyranny! Censorship!!!1! You’re a looney.
It is a very sad day when those charged with upholding the law seem to have no problem blatantly lying in court. We keep wanting to give them free passes to abuse the rights of “bad guys” and pretend that they won’t take these new found powers out for a test drive against others…. they just have to say there were bad people and all will be forgiven.
This agent needs to be taken off of anything serious or requiring him to provide evidence. The inability to be coherent (even when your lying) and keep the story straight should raise bright red flags to any lawyer who has represented anyone accused by this agent.
The government cuts corners and expects it to all be okay, but can’t see why people trust them less and less. The ends should never justify cutting corners to get there, and undermining anyones rights undermines everyones rights. It is clear they feel they no longer need to follow the rules, and it is time to punish them much more harshly to remind them the rules always apply.
Re: Re:
It is a very sad day when those charged with upholding the law seem to have no problem blatantly lying in court.
There’s your first mistake, and one of the main causes of police and government abuse of power. Many of them don’t see their jobs as ‘upholding the laws’ at all, rather they believe that it’s their jobs to ‘catch/stop the bad guys’.
If you believe that your job is to uphold the law, then clearly any actions which break the law are to be avoided. If on the other hand you believe that it’s your job to ‘catch bad guys’, then laws become guidelines that can be ignored, rather than hard and fast rules that must be followed.
Re: Re: Re:
Except doing this makes you the bad guy.
Re: Re: Re: Re:
True, but they don’t believe so, which is part of the problem.
They have the mindset of ‘The end justifies the means’, and since they’re trying to stop/catch ‘bad guys’, then by default that makes them the ‘good guys’, no matter what they do.
Re: Re: Re: Re:
No, it doesn’t. Breaking laws is neither good nor bad. It’s penalized and, depending on the law, criminal. However, laws usually have a purpose in prescribing and assuring behavior compatible with keeping a society working cooperatively and safely.
In particular, the Bill of Rights pins down a number of things that are not absolute goods but rather concern the balance of interests between individual citizens and the government.
Privacy is not inherently good or bad. The Constitution puts down rules for balancing the people’s interest in privacy with the government’s interest in gathering information making some parts of its operation more efficient.
Not heeding those restrictions means that the government is not doing its job but taking shortcuts. That’s not “bad” inherently, but lazy and careless. They are not upholding their part of the deal.
Re: Re: Re:
The thing is, when the deciding factor that determines whether someone is a good guy or a bad guy is, “did he break the law”, then breaking the law to catch someone means you’re just creating more bad guys, not reducing the number running around.
If the guy you’re breaking the law to catch is in fact a good guy, then the bad guys won no matter who goes to jail.
Two additional points to consider
Bauer described a “fairly new” device called an IP-Box, which can be attached to an iPhone and systematically attempt every passcode from 0000 to 9999 without shutting down [the phone]… IP-Boxes came into the fray when Apple Inc. (“Apple”) refused to assist the government with cell phone break-ins.
1. Sounds like Apple needs to fiddle with their iPhones such that a device like that no longer works. Perhaps a system that increases the time between password attempts exponentially, so that if someone screws up their password a few times they might need to wait half an hour, but if someone(or something in this case) tries a few hundred combinations the wait is measured in years between attempts.
2. That such a device exists makes it pretty clear that the ‘going dark’ myth is even more absurd than it already is. If they’ve got something they can plug an iPhone into that will cough up the password, that means that so long as they can get access to the phone itself, encryption isn’t a problem, which means what they’re really complaining about is the increasing inability to gain access to the contents without the owner knowing about it. Call me crazy, but if someone’s going to be searching someone’s property, seems that the owner should know about it, so that they can file an objection if nothing else.
Re: Two additional points to consider
But if Apple does that, then the 480 million dollars spent on those devices would be wasted. Our budget would be ruined and our nation would be in debt. For the love of our children, let’s keep iPhones easy to hack.
Re: Two additional points to consider
I may be wrong, I am not a savvy iPhone user, however I do have one – an iPhone5 – and although initially I used a 4-digit password for ease of unlocking at some point I got an updated iOS (possibly the same version that put encryption in place) that asked me if i wanted to change the 4-digit numeric PIN out for a standard multi-character alphanumeric password much as you would use for website and email accounts.
I think that the device that just runs through 4-digit PINs would not work in the case where an iPhone user has chosen a multi-digit alphanumeric pwd.
Initially I didn’t change to using the long password. I do now.
Re: Re: Two additional points to consider
It probably wouldn’t, no, but that requires people to shift over to using alphanumeric passwords, when most people are probably still thinking that simple 4-digit passwords are plenty.
Re: Re: Re: Two additional points to consider
Very true – I, like many (most?) have been conditioned to use a 4-digit PIN for things like a phone where I want quick/easy access to my stuff, with the original thought that someone who steals my phone wouldn’t have the patience to go through all 9999 combinations before I could shut it off remotely.
But now that I have to worry about LEOs cracking it too, I am willing to live with the few extra seconds it takes to unlock with a long pwd.
Many (most?) people won’t do this, but at least int he future when some stormtrooper kicks in my door and steals my phone, at least (when they ask me to provide the pwd) i can – with some little confidence – say “Sorry, NO, I won’t do that until my lawyer directs me to do so.”
Not that I have anything to hide in there, but sometimes the littlest victories can mean something when you have the cuffs on and the stormtroopers are swaggering around in their infallible and invincible glory.
Re: Re: Re:2 Two additional points to consider
“S’okay, we got a machine’ll do it in minutes.”
Re: Re: Re:2 Two additional points to consider
At which point the cop decides that your contempt has risen to the level that he fears for his life…..
Re: Re: Re: Two additional points to consider
I have a phone that lets you enable encryption. It also has a setting that will factory reset the phone if the wrong password is entered 10 times. Not ideal, I know, because things can still be recovered, but not terrible.
I assume the fruit flavored phones can do the same?
Re: Two additional points to consider
Don’t use 4-digit, numeric passcodes, use actual passwords. Even if there is no interval this can take years. Specially if you add a mix of letters (capital included), numbers and special ones.
Re: Re: Two additional points to consider
Or, you know, use a phone that isn’t an iPhone.
Re: Two additional points to consider
surprising fact: newer versions of iOS have the exponential time until next attempt thing. I’ve had to hard-reset a few that got timers into the year+ range…
Scooby-Doo
I would have gotten away with it too, if it wasn’t for that darn 4th amendment.
Re: Scooby-Doo
“I’d have bitten off his king’s head if it weren’t for that darned chess rules”.
If you are not going to play according to the rules, get off the tournament.
…were searching for a particular kind of “contraband.”…This particular case, the main search was for money…
I don’t have a “wallet” on my phone and now I never will.
And I don’t support the philosophy of having all accounts in one wallet.
Not to mention: unless they found physical contraband why would they need to search the phone to begin with?
Re: Re:
Well, you know nothing is shadier to the DHS child-agencies these days than NOT finding contraband.
Re: Re:
Because why not? They were unlucky enough to find a judge that wasn’t swayed by the Drug War! excuse, but most of the time those two words let them get away with pretty much anything, and if they can get some evidence from the phone to really pile on the charges, why wouldn’t they try and search through it?
Re: Re:
fishing expedition
Nice
Yes, such wins in court are great. But in the escalating war on the citizenry, it only means that testiliers will be better prepared for trial. There will be fewer contradictions to pursue for the rare judge who cares about such things
Armed robbery!
A pregnant silence, staring off into the distance, watching the guy think, “What can I come up with now?”
If filling out all the right forms warning them and getting them stamped isn’t enough, then what’s really going on? They want his money and they’ll finagle him into jail to get it?
Legal?
The declaration form was legitimate and the amount of currency he was carrying was found to be legal. (Yeah, let that last part sink in for a moment…)
Is there some amount of money that is not legal to carry?
Re: Legal?
Arguably, if you are carrying 50 trillion dollars with you, you are likely going to try destabilizing the economy with falsies.
Re: Re: Legal?
Arguably, if you are carrying 50 trillion dollars with you, you are likely going to try destabilizing the economy with falsies.
The federal government has demonstrated that they have no interest in prosecuting people who destabilize the economy for personal gain.
Re: Legal?
Depends on the cop and how greedy they are at the time.
iPhone Security
I had thought that after a number of failed attempts (6? 10?) the iPhone basically is toast, best you can get is a factory reset mode with no data. I will have to check settings.
The crime is not failing to get a warrant. The crime is lying about the situation on the stand, or to the judge when you give a sworn statement to ask for a warrant.
I assume they still managed to steal (in the name of justice!) his properly declared over-$10,000 wad of cash?
Re: iPhone Security
As someone mentioned above, it’s easy to set iOS on the Iphone and Ipad to erase all contents of the device after eight attempts. I believe it takes 30 minutes to make all attempts as the device apparently slows down the input as you reach the point of “bricking” your device. iOS is more secure and has less malware than any other system out there. If you want the best in security, I recommend setting up iOS as I suggested.
One hopes, of course, that you aren’t so unlucky that the authorities make a correct guess somewhere between try 1 through 7.
Using laws, requested, to deal with one issue…….surprise, being used for general issues
Terrorist threat, the excuse used to get away with more authority, more control
The more they gain, the more the leash tightens, the better an idea of just how fucked we, as the less more important human beings, are.
im starting to think governments and freedom are’nt on the same side…….seems to be their nature, and yet, thats not what were “taught”
Re: Re:
Would you be surprised to learn your government has been teaching police the founding fathers were terrorists?
Re: Re:
Read some history. Imperial Rome looked a lot like today looks. The same players play the same game now as they were then for the same reasons. When gov’ts mention freedom and things like inalienable rights, it’s for PR purposes only. WW2 was great PR. The West vs. Communism was great PR. The Drug War is great PR. Al Quaida is great PR. There’s always a mailed fist inside the velvet glove.
In theory, the alternatives are worse. As a die-hard “hope for the best and expect the worst” kind of guy, I can’t agree.
good to see criminals have to face the music of their lawless actions. By that I mean the government criminals.