- More than 2,000 police departments across all 50 states have purchased high-tech tools that can crack into locked, encrypted smartphones, according to a new report.
- Documents surfaced through open records requests by the Washington nonprofit Upturn show that police use phone-cracking technology far more often than previously known — and often without a warrant.
- Once they break into someone's phones, police can use the technology to extract all of their information, including photos, text messages, contacts, and web browsing history.
- It's routine for police to unlock suspects' smartphones as part of investigations, but the documents show phone-cracking tools are frequently used on suspects of low-level crimes like shoplifting — and civil liberties groups worry the practice puts people's privacy at risk.
- Visit Business Insider's homepage for more stories.
Law enforcement agencies are able to crack into locked, encrypted smartphones far more frequently than was previously known, according to new documents surfaced by through over 100 public records requests by the digital liberties nonprofit Upturn. The documents show how more than 2,000 police departments in all 50 states and the District of Columbia use high-tech gadgets known as mobile device forensics tools, including 49 of the 50 largest police departments in the country. According to the documents, police in the US have broken into hundreds of thousands of phones in the past five years.
Tech companies have promoted the existence of phone-cracking tools for years, which rapidly extract and copy information from phones in order to make the data easily searchable by police. For phones that are locked or encrypted, the devices exploit security vulnerabilities and design flaws to break in — but little is known about their specific technical capabilities, or how widely they're used, and firms that sell the devices closely guard the methods used to crack encryption.
Police routinely obtain warrants to search suspects' phones — just like searching a suspects' home — especially in high-profile investigations. But the new documents show that police regularly crack into phones for low-level cases like vandalism and shoplifting, and can sidestep warrants by obtaining a suspect's consent to search their phone.The tools are sold by firms including Grayshift, Cellebrite, and AccessData. Police spend anywhere from $9,000 to more than $20,000 to buy and license the tools, according to records published by Upturn. Phones that are more difficult to break into — like the newest iPhone models — can be shipped to companies like Cellebrite, which charges from thousands of dollars to unlock a single phone.
Privacy advocates worry that the widespread use of phone-cracking technology in low-level cases — enabled by people's willingness to provide evidence to police if they believe they're innocent — is setting a precedent for far-reaching surveillance that would have been impossible in decades past. The number of Americans who own a smartphone has jumped from 35% in 2011 to over 80% today, the Upturn report notes."Every American is at risk of having their phone forensically searched by law enforcement," Upturn researchers Logan Koepke, Emma Weil, Urmila Janardan, Tinuola Dada, and Harlan Yu wrote in their report. "The emergence of these tools represents a dangerous expansion in law enforcement's investigatory powers. ... We believe that MDFTs are simply too powerful in the hands of law enforcement."
The report shines a new light on a decade-long standoff between big tech companies and law enforcement. Agencies including the Department of Justice have publicly pressured Apple and other phone makers to make it easier for police to crack into encrypted phones, while tech companies have responded that such backdoors can't be reasonably added without compromising the overall security of their devices for all users.
Google also that, regarding legal requests from government agencies in the U.S., “By far the most common is the subpoena, followed by search warrants.” It says it notifies users whose data has been requested where possible, as “If Google receives ECPA legal process for a user’s account, it’s our policy to notify the user via email before any information is disclosed unless such notification is prohibited by law.”.
But, as the records surfaced by Upturn show, law enforcement agencies don't have to rely on phone makers to crack encrypted devices — rather, they can in most cases easily break in on their own.
"Law enforcement use mobile device forensic tools tens of thousands of times, as an all-purpose investigative tool, for an astonishingly broad array of offenses, often without a warrant," the authors concluded. "And their use is growing."