Exclusive: U.S. Cops Have Wide Access to Phone Cracking Software, New Documents Reveal

While the FBI requests ‘backdoor’ iPhone access, documents indicate law enforcement already has easy access to encrypted devices

Apple is once again facing pressure to give officials a “backdoor” into locked iPhones implicated in an act of domestic terrorism. Last week, Attorney General William Barr held a press conference asking the tech company to unlock and pull data from two iPhones belonging to a Saudi Air Force second lieutenant who opened fire at a Pensacola, Florida military base in December.

The situation echoes another high profile case involving an iPhone used by a shooter in the 2015 terrorist attack in San Bernardino, California. In both cases, Apple has refused to provide a means for investigators to break through the encryption on its devices.

Barr recently complained that Apple had not provided “any substantive assistance” to officials, and that the Pensacola case “perfectly illustrates why it is critical that investigators be able to get access to digital evidence once they have obtained a court order based on probable cause.” The Justice Department insists that it has been unable to open the phones of the Pensacola shooter.

But many police departments across the United States already have the ability to crack mobile devices, including the iPhone. While Apple may not provide official support to law enforcement agencies to access iPhones, third-party companies have stepped in to fill the void, allowing police to unlock and access information on encrypted mobile devices at a relatively low cost.

Over the past three months, OneZero sent Freedom of Information law requests to over 50 major police departments, sheriffs, and prosecutors around the country asking for information about their use of phone-cracking technology. Hundreds of documents from these agencies reveal that law enforcement in at least 11 states spent over $4 million in the last decade on devices and software designed to get around passwords and access information stored on phones.

OneZero obtained documents from law enforcement agencies in New York, California, Florida, Texas, Washington, Colorado, Illinois, Ohio, Michigan, New Mexico, and Massachusetts. These agencies included district attorneys’ offices, local police departments, and county sheriffs’ offices.

The number of offices with access to phone-cracking tools across the country is likely far greater than what OneZero uncovered. Not all agencies responded to OneZero’s request for documents. Some departments and offices claimed the records were exempt from public release. Others told OneZero they would need several months and thousands of dollars to provide the information.

Below is a list of agencies that have purchased technology designed to crack smartphones, including iPhones, based on documents obtained by OneZero:

  • Los Angeles County District Attorney, California
  • New York County District Attorney, New York
  • San Francisco Police Department, California
  • San Francisco District Attorney, California
  • San Francisco City Attorney, California
  • San Diego District Attorney, California
  • San Diego Police Department, California
  • San Jose Police Department, California
  • Santa Clara District Attorney, California
  • Miami-Dade State’s Attorney’s Office, Florida
  • Jacksonville Sheriff’s Department, Florida
  • Boston Police Department, Massachusetts
  • Suffolk County District Attorney, New York
  • Detroit Police Department, Michigan
  • Dallas County District Attorney, Texas
  • Columbus Police Department, Ohio
  • King County District Attorney, Washington
  • Denver Police Department, Colorado
  • Cook County Sheriff, Illinois
  • Cook County District Attorney, Illinois
  • Bernalillo County District Attorney, New Mexico
  • San Bernardino Sheriff, California
  • Alameda County Sheriff’s Office, California
  • Oakland Sheriff, California

The documents range from contracts, Requests for Proposals (RFPs), invoices for payments by law enforcement, quotes from forensic companies, and emails traded between officials discussing vendor approval. They suggest that most law enforcement agencies bought forensic investigation products from a small group of companies that include Cellebrite, Grayshift, Paraben, BlackBag, and MSAB. In addition to selling the software and hardware needed to unlock phones, these companies also charge thousands of dollars each year to upgrade the software in their products. In addition, their customers spend thousands on training sessions to teach personnel in their offices how to use the tools.California’s Alameda County contract with Cellebrite

OneZero reached out to all of the companies named in these documents. Only Cellebrite and Paraben responded. Amber Schroader, the CEO of Paraben Corporation, told OneZero, “The largest struggle for investigators today is dealing with locked devices.”

“As a primary tool provider in digital forensics we spend more time researching bypass options than any other function in the tool,” Schroader said. “The premise of digital forensics is seeking the truth in the data and that benefits anyone involved in an investigation.”

Of the companies currently selling phone-cracking technology, the Israeli company Cellebrite has the highest profile. When Apple refused to unlock the phone linked to the suspected attackers in the San Bernardino shooting, the DOJ reportedly turned to Cellebrite to break into the shooters’ iPhones. Documents suggest it charges over $100,000 a year for software that the company claims will unlock and extract data from iPhones and Android phones.

Other offices spent considerably more to use the technology. For example, Alameda County in California spent $208,000 in 2018 on a package that included Cellebrite’s top-tier software and analytics package.

Some agencies provided documents outlining internal policies for how and when phones can be broken into. For example, the Detroit Police have a policy stating that by law, officers “cannot search the digital contents of a cellular telephone device or track any telephonic device without securing a search warrant.”

As Barr and the Trump administration continue to push for legislation that would grant them special access to phones, these policy documents suggest that police have found a lawful way to access phones by first getting a warrant before they deploy the technology.

Asked if they had been contacted about the Pensacola investigations, a Cellebrite spokesperson said, “As a matter of company policy we do not comment on any ongoing investigations.”

“Our technology is used by thousands of organizations globally to lawfully access and analyze very specific digital data as part of ongoing investigations,” the spokesperson said in the statement to OneZero. “This aids in unearthing evidence to bring understanding and resolution to cases.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.