from the snatch-and-grab dept
UK police are experimenting with a new brute force technique to defeat cellphone encryption:
Undercover surveillance officers trailed Yew and waited for him to unlock his phone to make a call - thereby disabling the encryption.
One officer then rushed in to seize the phone from Yew's hand - just as would happen in a criminal mugging. As his colleagues restrained the suspect, the officer continually "swiped" through the phone's screens to prevent it from locking before they had downloaded its data.
So, it's come to this: lawful mugging. Still, it's not a terrible solution to the problem. Sometimes the best methods are lo-tech, as anyone swinging a $5 Password Acquisition Tool can tell you.
This method will work in the UK. It may not in the US. UK law enforcement would likely find compelling a suspect to unlock a device a long and possibly fruitless endeavor, but there's no Riley decision standing in the way of seizing/searching phones on the hoof (as it were).
Courts here in the US have interpreted the Supreme Court's Riley decision in diverse ways, but a motion to suppress evidence might succeed if US law enforcement began engaging in this novel form of encryption circumvention. In one case, a judge found that simply opening a flip phone constituted a search under Riley. Keeping a phone "alive" until evidence can be retrieved from it might run afoul of the Fourth Amendment, even if the seizure itself is completely lawful.
It's still a better idea than making encryption backdoors mandatory or requiring device manufacturers to make a second set of keys for the government. The solution isn't elegant but it works. And it will only work in certain circumstances, so there's not much potential for abuse. It might encourage rougher arrests than usual, if only to separate the cellphone from the suspect, but the small number of arrests where this process would work shouldn't result in a sharp uptick in excessive force deployment.
This is a technique US law enforcement should definitely look into. While I'm sure most agencies would prefer a precedential court decision compelling decryption or a legislative mandate, this alternative would allow police officers to end up with fewer inaccessible phones.
There are other benefits as well -- some that could positively affect community relations. The arrest of a suspect in conjunction with the seizure of potential evidence could make related searches far less destructive. With the suspect out of the way, searches of homes/places of business wouldn't necessitate a barrage of flashbang grenades and the tearing of new entryholes by predawn raiding parties in SWAT gear. Sure, this less violent approach to serving search warrants won't appeal to officers who find the real military too restrictive but still harbor a desire to carry a gun and pretend they're participants in a war. But that's actually a good thing.
In addition, arrests of suspects out in the open should lower the chance of violent resistance. People tend to expect the arrival of police officers at their residence -- not so much when they're going about their daily, noncriminal business.
If efforts to keep seized phones alive until a search warrant arrives (or: novel idea -- get one first!) adhere to the Riley decision, the "going dark" problem isn't quite as all-encompassing as it's frequently been portrayed. (Even without this method, the "threat" of phone encryption has been greatly overstated.) It's tough to believe "mugging" might be the lesser of law enforcement's desired anti-encryption evils, but that's the reality of the situation.