Locks on mobile phone showing phone extraction by law enforcement

US Law Enforcement Agencies Commonly Subject Suspects To Phone Extraction Without Warrants, or for Inappropriate Offenses

A new report from Upturn paints a picture of US law enforcement agencies that are stocked with advanced phone extraction tools and are very eager to use them, even in situations where it is not legally appropriate or even necessary. Across the country, US law enforcement is frequently leaning on warrantless “consent searches” to seize phones, extract nearly all of their data and sift through it in what appear to be habitual fishing expeditions.

Law enforcement has advanced phone extraction capabilities and is eager to use them

Upturn identifies two major factors driving this trend of law enforcement agencies being quick to engage in phone extraction when contacting suspects for just about any reason. The first is simply that they have the tools on hand — powerful mobile device forensic tools (MDFTs) that make it simple to quickly make a copy of pretty much all of the data available on a phone and to apply various types of searches to it. The second is that many law enforcement agencies have little to nothing in the way of policies about the use of these new tools in place, enabling investigators to go on fishing expeditions whenever they feel like it.

The issue begins with the proliferation of MDFTs, which started to become widespread in US police departments in 2015. Public records requests conducted by Upturn indicate that over 2,000 law enforcement agencies across all 50 states (roughly 1-in-8 to 1-in-9 of all of the country’s agencies) now have MDFTs and have collectively performed hundreds of thousands of searches with them in the past five years.

A confluence of factors have led to this new and increasingly common type of search. 81% of Americans now own a smartphone, and many use it as either their primary or only internet connection. That leads to an accumulation of sensitive personal information on the device. Another primary factor is that MDFT systems have become more affordable in recent years. Upturn notes that nearly all of the “major” law enforcement agencies in the country have them, but they are also in the hands of many smaller sheriffs and police departments. Even agencies that are only tangentially related to police investigations such as housing authorities and public schools are in possession of MDFTs. A number of different providers are in the market, with the lower end of the price range being under $10,000. The most advanced MDFTs on the market, such as the GrayKey devices used by federal agencies to break into iPhones, cost between $15,000 and $30,000.

Some agencies are spending more than half a million dollars per year on these devices and their associated annual licenses. They appear to be assisted by federal grants that encourage MDFT purchases, in some cases available even to small cities of about 25,000 people. The Edward Byrne Memorial Justice Assistance Grant (JAG) Program, the Internet Crimes Against Children (ICAC) task force and the Paul Coverdell Forensic Science Improvement Grants Program have been identified as providing substantial funding to various law enforcement agencies for the purpose of purchasing MDFTs.

And even if a law enforcement agency does not have the means to purchase an MDFT for themselves, they can often access them by either engaging in partnerships with larger agencies or by visiting FBI Regional Computer Forensic Laboratories.

How law enforcement agencies search without consent

The information that Upturn has uncovered, drawn primarily from records requests from law enforcement agencies across the nation, indicates that MDFT searches are very frequently conducted without a warrant and in the investigation of relatively small crimes that would normally not merit such methods.

In total there are at least tens of thousands of MDFT searches conducted each year, and potentially as many as hundreds of thousands. Law enforcement agencies use MDFTs when investigating minor crimes and those that do not require a full phone extraction: vandalism and graffiti, marijuana possession, shoplifting and public intoxication as just a few examples.

In some cases, law enforcement agencies stretch the concept of “probable cause” to its legal limits to get a phone extraction included in a search warrant. This appears to be particularly common in relatively minor drug offenses, for which a seizure of any amount of drugs is used as a pretext to extract data for evidence of being involved with drug dealing. However, warrantless searches are also commonly conducted by obtaining the user’s “consent.” Individual agencies have rates of “consent searches” involving MDFTs that range as high as 53%. Legitimate consent is questionable here, however. Some subjects fear reprisal, others are unaware of their legal rights, or they do not understand that phone extractions involve saving a copy of all of the phone’s data to be sifted through later at the department’s leisure. Most departments count the amount of time that they store and have access to this data in months, but the US Border Patrol stores it (and can return to it for other purposes) for 75 years.

Solving the problem

Upturn points out that many law enforcement agencies and crime labs have no formal phone extraction policies, and it’s a technology that state and local law often have yet to catch up with. Of the 81 agencies that responded, only 41 had any kind of a policy in place and only nine of those were characterized as “detailed.” Some policies were unfinished, some were as short as one paragraph and some were so broad that they allowed for just about anything.

The Upturn report ends with some concrete policy recommendations to address these issues. These include banning consent searches that involve MDFTs, abolishing the “plain view” exception for digital searches that allows law enforcement agencies to legally roam through devices looking at things unconnected to their present investigation, and requiring extensive logging of MDFT searches including audit logs (with periodic screenshots of the investigator’s activity) and mandatory monthly reports to the public on phone extractions that have been conducted.