Since last September, police departments in San Francisco have used smartphone apps that allow law enforcement officials to access local, state and federal criminal databases from out in the field. For the last couple years, the NYPD has taken advantage of social media scanners to mine posts for criminal-related activity. When it comes to technology innovation and law enforcement, smartphones have become policing agents’ very powerful investigative ally.
For the upstanding citizen, the smartphone is also an invaluable asset. If you break the law, though, that pocket-sized device you rely on for daily convenience can also become the very thing that incriminates you. Your phone calls, emails, texts, calendars, photos, social media accounts, contacts, and GPS data are all conveniently stored into a single package that’s protected by just a couple of digits.
Joel Greenblatt Owned Hedge Fund On Why Value Investing Isn’t Working Now
Acacia Capital was up 12.27% for the second quarter, although it remains in the red for the year because of how difficult the first quarter was. The fund is down 14.25% for the first half of the year. Q2 2020 hedge fund letters, conferences and more Top five holdings Acacia's top five holdings accounted for Read More
If you have to hand over your phone to police, they can’t uncover any evidence without a password. Think twice about withholding that information, though. Jeffrey Fisher is a Stanford Law School professor who says that courts haven’t figured out exactly how to translate the outdated amendment to standards of modern technology and rights to privacy. While your rights against self-incrimination are technically protected under the Fifth Amendment, withholding your password from law enforcement could be risky a move.
“You can have anything from contempt of court to obstruction of justice,” Fisher said. “All kinds of other problems.”
The U.S. Supreme Court has been facing multiple requests this year to review cases related to felony convictions that resulted from incriminating evidence pulled from defendants’ phones. Under the Fourth Amendment, police must obtain a search warrant when they show “probable cause” that a crime has been committed. If you’ve been arrested and you’ve got your phone on you, there’s no established precedent yet to determine whether or not police can search through its contents without a search warrant.
Apple requested for help in unlocking Pistorius’ iPhone
And even if you are resistant, police can still find a way around the password obstruction. Just last month, investigators in the Oscar Pistorius case made a dash from Cape Town to Cupertino, California (Apple Inc. (NASDAQ:AAPL)’s headquarters) to request help in unlocking Pistorius’ iPhone. Since Pistorius claimed he couldn’t remember his four-digit passcode, prosecutors wanted access to the phone’s SMS and WhatsApp message systems to uncover possible incriminating evidence.
Police agencies have also been using software programs to do the dirty work of unlocking confiscated smartphones to pull useful evidence against a person under arrest. In what’s called jailbreaking, software like “Redsn0w” gets into an Apple Inc. (NASDAQ:AAPL) iPhone’s “root” system to then deploy other kinds of software to extract the phone’s PIN. This routine works best on older iPhones.
Guidance Software and Cellebrite are two companies that sell products to law enforcement that pull data in bulk from smartphones. These “image” smartphones are phone-copying systems that rely on security flaws (which hackers refer to as “exploits”) in phones’ operating systems to get around password protection.
In a “brute-force” attack, the software throws out four-digit permutations until one works. Compared to the countless hours you would spend making up to 10,000 guesses to find a four-digit PIN, some software can crack the code in less than an hour.
XRY is an application from Micros Systemation that can find Apple Inc. (NASDAQ:AAPL)’s iOS or Android password, dump its data onto a PC, and then decrypt the data to pull up the user’s GPS location, files, contacts, call logs, and messages. According to the firm’s Marketing Director, Mike Dickinson, the firm supplied its software to 98 percent of the UK’s police departments in 2012, as well as to many U.S. police departments and the FBI.
Apple adds more security with fingerprint scanner
Apple Inc. (NASDAQ:AAPL) recently introduced the fingerprint reader as a more secure way to protect your phone from snoopers. But until otherwise clarified, police don’t need a warrant to take your fingerprints.
Also up for grabs is the information that’s not protected by a passcode. Photos stored on your phone are unencrypted so that you can quickly and easily access them.
Google Inc (NASDAQ:GOOG)’s Android phones are even easier to encrypt. Since users generally pick simple patterns for their screen lock, police can easily guess most passwords. Since login credentials can be attained with a warrant, police can also bypass the screen lock by entering the owner’s Google username and password. While Google is selective about the user information it offers up to police, authorities recently confirmed that if police provide the proper kind of court order (like an anticipatory warrant), Google can remotely unlock a phone via remote control.
Since Android and Apple’s iOS innovation moves so fast, decryption technology usually can’t keep up. Law enforcement is still far behind in the arms race of smartphone advancements and criminal investigation. Even when police send recovered iPhones off to Apple Inc. (NASDAQ:AAPL), they have to wait months to get any data; and even then, decryption can’t always offer up all the information stored on the phone. The newest Apple iPhones are especially tough to crack. Apple’s newest operating system, iOS 7, closed the known window for brute force attacks, but hackers are looking for new ways to exploit the system and gain access to the data.
As long as smartphones continue to improve, so will the technology to decrypt them. But hey, if you don’t break the law, then you’ve got nothing to worry about. Right?