Any action taken at the outset of an investigation can play a pivotal role in solving a case. And finding evidence is crucial.
In some situations, things are clear-cut. Evidence left on public grounds is up for grabs by the authorities, while private property requires warrants.
However, legislation has been slow to catch up with the digital world, so things are still debatable when it comes to evidence online.
After lobbying for backdoors, it now looks like federal and state governments have regularly paid third-party vendors to break into people’s encrypted devices. But the American Civil Liberties Union (ACLU) is having none of it and is suing.
Evidence trails have moved online
It’s not a secret that most governments now have local surveillance programs or are part of surveillance alliances. Any information coming from them can constitute evidence if they help with protecting public safety and national security.
And even though these mass surveillance programs overreach and endanger citizens’ privacy, authorities worldwide still push legislation allowing law enforcement agencies to break into devices.
But, in some cases, access to a phone, for example, might not even be needed because a lot of potential evidence is stored elsewhere. For example, if you back up your iPhone to Apple’s iCloud, the police can forward a warrant to Apple. If they need to see whose DMs you slid into, they can contact Twitter.
Even if your phone is protected by a passcode or biometric unlocking features, there is no guarantee that law enforcement won’t be able to get into your phone, thanks to hacking.
The US is a fan of breaking into phones
When it comes to smartphones, Google has often cooperated with law enforcement agencies.
On the other hand, Apple has long prided itself on making iPhones nearly impossible to break into.
Between 2015 and 2016, Apple objected to or challenged 11 orders issued by US district courts. These orders tried to compel Apple to extract data like contacts, photos, and calls from locked iPhones running on iOS to assist in criminal investigations and prosecutions.
Ever since then, Apple has maintained its stance and highlighted the importance of unbreakable encryption.
Because the reality is that if you—let’s say you just pulled encryption. Let’s ban it. Let’s you and I ban it tomorrow. And so we sit in Congress and we say, thou shalt not have encryption. What happens then? Well, I would argue that the bad guys will use encryption from non-American companies, because they’re pretty smart and encryption isn’t—I don’t own encryption, Apple doesn’t own encryption. Encryption, as you know, is everywhere. In fact, some of encryption is funded by our government. Some of the best encryption is funded by the government. But you’ll see encryption coming out of most countries in the world.Tim Cook, Apple’s CEO, in a Time interview
But iPhone hacking tech entered the law enforcement market.
Meet Grayshift, the mobile device forensics company making headlines with Graykey.
Graykey became famous in 2018 as a relatively inexpensive encryption bypass tool. It’s primarily intended for use by police and law enforcement agencies.
Grayshift allows investigators entry to a locked iPhone without needing the user’s permission. It’s believed to be capable of hacking models up to iPhone 11 and was already used by the feds in high-profile investigations.
In March 2020, Grayshift launched Hide UI, a software tool that could be used to reveal an iPhone’s passcode without cracking the device but by monitoring keystrokes.
The ACLU is suing for more information
In December 2020, the ACLU announced they filed a lawsuit over the FBI’s lack of transparency with Grayshift.
The ACLU also highlighted that the FBI is developing their means of breaking into devices with the Electronic Device Analysis Unit (EDAU). The team is tasked with unlocking and decrypting information on cell phones.
But besides some general definitions on EDAU, there’s very little information on their scope. Who they target, what information they decrypt, where they store it, and for how long; it’s still all a mystery.
Here’s what the ACLU said in a statement announcing the lawsuit:
Seeking some much-needed transparency, today we asked a federal court to intervene and order the DOJ and the FBI to turn over all responsive documents pertaining to the EDAU. We’re demanding the government release records concerning any policies applicable to the EDAU, its technological capabilities to unlock or access electronic devices, and its requests for, purchases of, or uses of software that could enable it to bypass encryption.
Cryptography is continuously improving and moving towards stronger and more efficient solutions, but there’s a lot of resistance from politicians and law enforcement agencies.
What do you think? Is a lack of privacy warranted to bring criminals faster to justice? Should the police be worried that this tech could fall into the wrong hands? Let me know in the comments below.
Until next time, stay safe and secure!