Are we living in the drowsy beginnings of an Orwellian nightmare? The signs don’t look great. In Orwell’s most famous book, 1984, the protagonist Winston exclaims, “Freedom is the freedom to say two plus two make four,” as an appeal to the uncontroversial description of objective reality. You may think our society hasn’t sunk that low yet, but with 2+2=5 receiving some mainstream acceptance[1], sirens should be sounding in your head.

Beyond that can of worms lies less abstract evidence that our world is slipping into dystopia, such as the increasingly-shady tactics law enforcement agencies use to pry evidence from peoples’ phones.

A bit of backstory

The 2014 Supreme Court case Riley v. California scored a rare unanimous decision[2]. In it, the Justices upheld that law enforcement is not allowed to search a suspect’s phone upon arrest without a warrant. Privacy advocacy groups saw this as a significant win in the fight against unconstitutional search procedures.

Since then, the central issue centers around the topic of encryption. Police don’t like encryption, as it makes their job more difficult, even when they have a warrant. The frustration is understandable. Going through the trouble of attaining a warrant against an alleged criminal and still being unable to access their device to get crucial evidence would be upsetting. This is precisely what happened in the high-profile cases of the 2015 San Bernardino[3] shooting and the 2019 Pensacola Naval Air Station[4] shooting.

It boils down to the Department of Justice wanting tech companies like Apple and Google to implement “backdoors” into their operating systems, allowing law enforcement to bypass the encryption when necessary. Of course, the problem is that once you put a backdoor in a piece of software, there is no way to ensure only the “good guys” can use it. As we’ve seen with cyberattacks such as the recent SolarWinds breach, malicious hackers seem to be one step ahead of cybersecurity as-is. Now, imagine if developers had to code in an explicit path that allowed system breaches. It doesn’t seem like a good idea, right?

The guns used by the San Bernardino shooter.
San Bernardino County Sheriff’s Department, Public domain, via Wikimedia Commons

In the end, the bluster of the United States Department of Justice wasn’t necessary. In both of the shooting cases mentioned above, the feds cracked the encryption without Apple’s help[5][6]. Although, in the San Bernardino case, authorities shelled out over a million dollars to freelance hackers to do so. Those payment requirements are unsustainable, even for the U.S. government. So, their typical workflow is a bit different.

How they do it

Law enforcement agencies use Mobile Device Forensic Tools (MDFTs) to break into locked, encrypted phones. Third-party vendors such as Grayshift and Cellebrite

Cellebrite Logo
Alon Klomek, GM, InternationalChris Armstrong (Toronto), CC BY-SA 4.0, via Wikimedia Commons

provide these tools[7][8]. Cellebrite is an Israeli company that requires the agency to send in the device they wish to crack. In contrast, the United States-based Grayshift gives the software and hardware packages directly to law enforcement. Both cost tens of thousands of dollars or more. MDFTs bypass locking and encryption mechanisms through system exploits. This is why Cellebrite has law enforcement send the mobile devices directly to them. It prevents the actual mobile companies (Apple and Google) from purchasing the tools to see which exploits they use and patching them.

 

MDFT packages are designed to be easy-to-use. Clients with little technical knowledge on staff can still use them and acquire all the desired information. They automatically scan the device’s directories for files and then sort them into categories such as “Images, SMS, Audio, etc.”

MDFT abuse

An October 2020 study by Upturn uncovered many startling facts about law enforcement’s use of MDFTs[9]  in the United States. Here’s a brief synopsis of their findings:

  • Over 2000 agencies throughout all 50 states, including the 50 largest police departments, purchased MDFTs between 2015-2020.
  • Many departments have no set guidelines regarding the use of MDFTs, resulting in little accountability.
  • Police skirt warrant regulations by coercing people involved in minor crimes to consent to a phone search. Then, they use the MDFT to analyze the entirety of the person’s device and collect evidence relating to other, more serious crimes.

The usage of these criminal analysis tools is widespread. Even smaller departments can usually pay the exorbitant fees through indirect avenues such as federal grant programs. Worryingly, those consenting to an electronic search typically assume it will be limited to the particular crime that sparked the investigation. Unfortunately, this isn’t the case.

Other shady tactics

Coercion isn’t the only loophole for law enforcement. In the age of Big Data, many agencies simply purchase information like detailed location data from third-party sellers[10]. It’s a particularly sneaky way to get around the pesky Fourth Amendment.

You never really know which apps will sell your data to law enforcement. Multiple recent stories prove that many seemingly innocuous applications collect a surprising amount of your personal info and are willing to sell to law enforcement or the military[11]. Download a digital level app to make sure your bookshelf isn’t crooked? You might be in a police database. It’s a strange reality most people don’t give a second thought to, but it truly is pushing society toward totalitarianism.

How to protect yourself

It isn’t easy. Firstly, if you’re in a situation where law enforcement wants to search your phone without a warrant, do not consent. Even if you have nothing to hide, we should hold the police to high standards of ethical behavior.

Furthermore, recognize Big Tech doesn’t have your back (although Apple’s new privacy labels for their App Store[12] are reasonable first steps.) We recommend only installing apps from reputable companies committed to keeping your data safe. It’s also a good idea to move away from free Big Tech services as much as you can. Free services sound great, but these companies are some of the most profitable in the world and are making money somehow. Usually, this means selling your data.

AXEL Go

You can move away from cloud storage and file-sharing apps such as Google Drive, OneDrive, or DropBox by using AXEL Go. AXEL is dedicated to providing users with full data custody and never selling personal information. AXEL Go delivers one of the most secure and private ways to share and store data on the internet. It utilizes technologies such as blockchain, IPFS servers, and AES 256-bit encryption for industry-leading security. Try it out today and sign up for a free, full-featured Basic account with 2GB of storage and complimentary fuel for hundreds of typical shares.

 

 

 

 

[1] Caroline Delbert, “Why Some People Think 2+2=5…and why they’re right, Popular Mechanics, Aug. 7, 2020, https://www.popularmechanics.com/science/math/a33547137/why-some-people-think-2-plus-2-equals-5/

[2] Marc Rotenberg, Alan Butler, “Symposium: In Riley v. California, a unanimous Supreme Court sets out Fourth Amendment for digital age”, SCOTUSblog, June 26, 2014, https://www.scotusblog.com/2014/06/symposium-in-riley-v-california-a-unanimous-supreme-court-sets-out-fourth-amendment-for-digital-age/

[3] Arjun Karpal, “Apple vs. FBI: All you need to know”, CNBC, March 29, 2016, https://www.cnbc.com/2016/03/29/apple-vs-fbi-all-you-need-to-know.html

[4] Joseph Marks, “The Cybersecurity 202: Bar ramps up encryption war with Appl over Pensacola shooter’s phone”, May 19, 2020, https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2020/05/19/the-cybersecurity-202-barr-ramps-up-encryption-war-with-apple-over-pensacola-shooter-s-phone/5ec32a4188e0fa6727ffe363/

[5] Thomas Brewster, “FBI Hacks iPhones in Pensacola Terrorist Shooting Case, But The War With Apple Goes On”, Forbes, May 18, 2020, https://www.forbes.com/sites/thomasbrewster/2020/05/18/feds-hack-iphones-in-pensacola-case-apple-not-needed-after-all/?sh=1db6e89675e9

[6] Matt Drange, “FBI Hacks Into San Bernardino Shooter’s iPhone Without Apple’s Help, Drops Case”, Forbes, May 28, 2016, https://www.forbes.com/sites/mattdrange/2016/03/28/fbi-gets-into-san-bernardino-iphone-without-apples-help-court-vacates-order/?sh=492873d93b18

[7] Thomas Brewster, “Mysterious $15,000 ‘GrayKey’ Promises To Unlock iPhone X For The Feds”, Forbes, March 5, 2018, https://www.forbes.com/sites/thomasbrewster/2018/03/05/apple-iphone-x-graykey-hack/?sh=1419c67b2950

[8] Thomas Brewster, “This Powerful iPhone Hacking Tool Can Now Break Into Samsung Androids”, Forbes, Feb. 1, 2021, https://www.forbes.com/sites/thomasbrewster/2021/02/01/the-powerful-graykey-iphone-hacking-tool-can-now-break-into-samsung-androids/?ss=cybersecurity&sh=1cbafece4d61

[9] Logan Koepke, Emma Weil, Urmila Janardan, Tinuola Dada, Harian Yu, “Mass Extraction: The Widespread Power of U.S. Law Enforcement to Search Mobile Phones”, Upturn, Oct. 2020, https://www.upturn.org/reports/2020/mass-extraction/

[10] Gilad Edelman, “Can the Government Buy Its Way Around the Fourth Amendment?”, Wired, Feb. 11, 2020, https://www.wired.com/story/can-government-buy-way-around-fourth-amendment/

[11] “Mobile App Monetisation – Covert trackers in your pocket”, Privacy International, Jan. 28, 2021, https://privacyinternational.org/case-study/4404/mobile-app-monetisation-covert-trackers-your-pocket

[12] Sarah Perez, “Apple launches its new app privacy labels across all its App Stores”, Tech Crunch, Dec. 14, 2020, https://techcrunch.com/2020/12/14/apple-launches-its-new-app-privacy-labels-across-all-its-app-stores/