Now that the use of smartphones have became prevalent throughout American culture, particularly with the younger generation, humans are becoming increasingly interconnected with technology and are leaving behind a footprint of data on their devices which is now discoverable by state law enforcement agencies through the use of advanced forensic technology previously only privy to the F.B.I. and other three-letter agencies.
According to a Pew Research Center survey taken in early-to-mid 2015, 72% of Americans own smartphones and are using their devices on a regular basis to communicate with others both verbally and digitally. Additionally the survey concluded that a vast percentage of Millennials between the ages of 18 and 34 use the Internet on a daily basis, accessing it from their devices, some 99% of them.
More importantly, data stored internally on users smartphones has now become readily accessable by state and local law enforcement agencies on a grand scale through the use of cell-site simulators, also known as International Mobile Subscriber Identity (ISMI) catchers like the DirtBox, StingRay, or TriggerFish), and Universal Forensic Extraction Devices (UFEDs).
Over the past five years the Department of Justice and the Department of Homeland Security have spent over $95 million dollars to acquire at least 430 cell-site simulation devices which can be used to target persons of interest, according to a new Committee on Oversight and Government Reform report released December 19 which was based on an internal investigation.
An excerpt from the report reads:
During the course of the investigation, it became clear that the use of cell-site simulators
by state and local law enforcement agencies was not governed by any uniform standards or policies. In an effort to determine how widespread this problem was, the Committee identified four cities of varying sizes and crime rates, along with two states, for the purpose of ascertaining the number and type of cell-site simulators in use, as well as the policies that were employed for their use. In particular, the Committee sent letters to the police departments in Washington, D.C.; Alexandria, Virginia; Sunrise, Florida; Baltimore, Maryland; the Tennessee Bureau of Investigation; and the Virginia State Police, requesting among other things, information regarding the number, the funding, and the use of these devices at the state and local level.
As I reported Tuesday:
These “robust and sophisticated technologies” are reported to be used primarily against “foreign actors” and so-called ‘targeted individuals,’ but have been used in many cases to covertly monitor and engage American citizens.
Now, yet more information has come to light after an Israeli-based firm named Cellebrite was found to have sold advanced plug and play wares to “regional agencies” in at least “20 states, and likely many more,” allowing law enforcement to access data from “thousands of different mobile devices” via a “rugged” portable interface, according to documents recently obtained by Motherboard.
“We use it for any and all crimes,” Nate McLaren, Special Agent in Charge at the Iowa Department of Public Safety’s Cyber Crime Unit and Internet Crimes Against Children Task Force, told Motherboard in a phone call. “Anywhere we think there might be a digital footprint or a digital fingerprint.”
Motherboard’s investigation concluded that “most of the agencies spent tens of thousands of dollars acquiring Cellebrite’s phone cracking and forensic UFEDs” and are extracting data “either in a logical form, or a physical form.”
Cellbrite’s technology allows the user to get around complex passcodes in most cases, besides the exception of the iPhone 4s or above, allowing the user to extract the target’s data converting it into PDF form.
According to a memorandum put out by the Delaware State Police Criminal Intelligence and Homeland Security Section, IFEDs, often portable, are very user friendly and take little to no training to operate.
“They made it portable. They made this thing where they can put it in the back of police cars,” Jon Rajewski, director and principal investigator at the Senator Patrick Leahy Center for Digital Investigation, who has worked with law enforcement,” Motherboard reported.
Additionally Cellbrite’s own website admits:
As of April 2014, a permission management feature was included in the UFED 3.0 update. UFED Permission Management is an optional feature that allows forensic lab administrators to enforce operator accountability and limit search scopes, either based on extraction type or to speciﬁc data types.
This way, administrators can control who performs extractions based on their level of training, job responsibilities, or other “right to know, need to know” criteria as speciﬁed in their organization’s policies or standard operating procedures. Cellebrite encourages all customers who distribute mobile evidence collection in their organizations to use UFED Permission Management.
The technology can and will be used to investigate anything ranging from “traffic accidents to homicides,” a public information officer told Motherboard, opening up a whole new realm of investigative capabilities not previously available on state levels.
While there are ways to defend yourself against cellphone spoofing, there is a lot less one can do to protect against intrusion once law enforcement has a physical hold on your smartphone.
You can find the treasure trove of documents here.
Shepard Ambellas is an opinion journalist and the founder and editor-in-chief of Intellihub News & Politics ( Intellihub.com ). Shepard is also known for producing Shade: The Motion Picture (2013) and appearing on the Travel Channel’s America Declassified (2013). Read more from Shep’s World. Get the Podcast. Follow Shep on Facebook and Twitter.