A recent report released by Upturn analyzed law enforcement’s use of mobile device forensic tools (MDFTs). The company looked through about 110 public records belonging to several local and state law enforcement agencies. From their study, they discovered that 2,000+ agencies are using MDFTs in the United States and the District of Columbia. Since 2015, it was found that these agencies have used these tools on hundreds of thousands of cell phones.
The report overall brings into question whether or not law enforcement is abusing their use of MDFTs, and if they should even be allowed to use these tools in the first place.
What Are Mobile Device Forensic Tools?
Mobile Device Forensic Tools (MDFTs) are used by law enforcement to extract all the data on a cell phone. This includes emails, texts, location history, app activities, photos, videos, saved passwords, and more. The tool can even retrieve data that has been deleted by the phone owner.
MDFTs are made specifically to get through practically all modern cell phone security settings and protocols. If the phone is password, PIN, or pattern protected, the tool will continuously run random options until one works. However, the easiest method of gaining access to a phone is to ask for the owner’s consent. Once access is achieved, several methods of extraction can be used including:
- Manual Extraction: Viewing a phone’s content as the phone owner would.
- Logical Extraction: Automatically extracts the data from a cell phone using an application programming interface (API).
- File System Extraction: Extracts the phone’s data including files and data that aren’t usually displayed to phone users.
- Physical Extraction: The copying of the data and files stored on the phone’s hardware.
Once the data is retrieved, law enforcement analyzes the data that they have obtained. They can more easily search it by entering specific keywords, doing an image search, and mapping the GPS data retrieved.
Law enforcement agencies use these tools to investigate all types of criminal cases, from those that cause major harm to shoplifting. Some companies that sell MDFTs to law enforcement agencies include Magnet Forensics, MSAB, Oxygen Forensics, Cellebrite, Grayshift, and AccessData. The cost for one MDFT ranges depending on the company it is purchased from, but typically costs $15,000+, not including the annual renewal cost.
Concerns Of MDFT Use By Law Enforcement Agencies
Using These Tools Without A Warrant
It was found that many MDFTs are used by law enforcement without a warrant. Instead, they rely on obtaining consent to search someone’s phone. The continued and future concern by many is whether just obtaining consent is enough to search through someone’s phone. Along with this, if evidence obtained using an MDFT would be credible if only consent is given versus actually having a search warrant.
Using MDFTs On Cases Where It’s Unnecessary
It’s understandable when law enforcement uses MDFTs on cases where evidence can be found on cell phones such as with drug-related crimes or digital-based crimes. However, it was found that law enforcement has been using these tools for lesser crimes including graffiti and shoplifting,
Vague MDFT Policies & Little Oversight
From the report, it was found that most of the law enforcement agencies had vague policies and little oversight regarding MDFT use. Of the 41 policies received by Upturn, only 9 have detailed policies for their officers to follow. They also found that there was very little public oversight of the use of MDFTs, and officers were given wide discretion when using them.
Extracted Data Storage
One of the concerns brought up by Upturn’s report was what happens to the data that’s extracted from the cell phone, whether it pertains to the case or not. Where is the data stored and can it be used in future cases? Can this data be added to various law enforcement databases? These were all questions that were brought up, and pretty much no answer was provided meaning that currently, there are no restrictions as to what law enforcement can do with data collected from MDFTs.
What Can Be Done To Limit Law Enforcement Use Of MDFTs?
Based on this report and its finding, there are several things to can be done to limit and better oversee law enforcement’s use of MDFTs:
- Require that law enforcement must obtain a search warrant to search someone’s phone and other devices. Consent searches will eventually be a thing of the past in the eyes of the law.
- Place more limitations when it comes to specific phone searches. For example, limiting law enforcement to only extract data about their case, and not all of the data contained on the phone.
- Create better logging systems when data is extracted and viewed by law enforcement and other officials. By doing this, if there is a warrant, judges will be able to tell if law enforcement officers stayed within the bounds of their warrant.
- Create MDFT logs for law enforcement to keep records of when these tools are used and if the use of the tool was successful, and any other pertinent information that may be available.
- Create a data deletion process where irrelevant data that is extracted from a phone is deleted within a certain time frame.
When used properly, mobile device forensic tools can be a great tool for law enforcement when trying to solve and prove a case. However, in its current state, there are too many weaknesses in its use by officers that can lead to misuse of the tool and the data it retrieves.
Related Post: Kids & Technology – Monitoring Their Devices