Wednesday, March 14, 2012

FBI seeks warrant to force Google to unlock Android phone

Today, I stumbled across a recent FBI application and accompanying affidavit for a search warrant ordering Google to unlock a screen-locked Android phone. The application asks Google to: "provide law enforcement with any and all means of gaining access, including login and password information, password reset, and/or manufacturer default code ("PUK"), in order to obtain the complete contents of the memory" of a seized phone.

The phone in question was seized from a gentleman named Dante Dears, a founding member of the "Pimpin' Hoes Daily" street gang. On January 17, 2012, a cellphone was seized from Dears by an FBI agent, who then obtained a search warrant to look through the device. According to the affidavit, the technicians at the FBI Regional Computer Forensics Lab (RCFL) were unable to get past the electronic "pattern lock" access controls protecting the phone (apparently, entering multiple incorrect unlock sequences will lock the memory of the phone, which can then only be accessed by entering the user's Gmail username and password).

So why is this interesting and noteworthy?

First, it suggests that the FBI's computer forensics lab in Southern California is unable, or unwilling to use commercially available forensics tools or widely documented hardware-hacking techniques to analyze seized phones and download the data from them.

Second, it suggests that a warrant might be enough to get Google to unlock a phone. Presumably, this is not the first time that the FBI has requested Google unlock a phone, so one would assume that the FBI would request the right kind of order. However, we do not know if Google has complied with the request. Given that an unlocked smartphone will continue to receive text messages and new emails (transmitted after the device was first seized), one could reasonably argue that the government should have to obtain a wiretap order in order to unlock the phone.

Third, on page 13 of the warrant application, the government asks that the owner of the phone not be told about the government's request to unlock his phone. It is surprising then that the warrant and the associated affidavit have not been sealed by the court.

22 comments:

Anonymous said...

The first argument that you bring stating that the FBI is unwilling/unable to use devices or techniques does not stand at all.




If you use hacking method, the information you then gather is not valid in court, and if you use a device, you have to make sure you didn't change the state of the phone (shutdown/power up) because files on the phone are updated...and again the information you gather is useless in court.

Maurice said...

What surprises me is that the forensics lab doesn't have the chops to pull that off without asking for help.

As for the type of warrant: As a non-lawyer, I'd comment that it probably doesn't matter--unless evidence they want to use wanders into the phone after it was seized. (I want to search your device for evidence versus I want to use your seized device to surveil you) I'd hope that ultimately a good lawyer could get evidence obtained after seizure tossed.

But then perhaps once they're in, and noticing that evidence is still coming in, they would have better evidence for the wiretap.

Part of me actually likes the two stage process: search warrant and then wiretap: it's a non-overreaching use of search that'd I (and hopefully the courts) would want to encourage.

Oh, and I'm surprised that they mispelt "hoes". I thought it was "ho"...

Chris Berry said...

@Anonymous:

The first argument that you bring stating that the FBI is unwilling/unable to use devices or techniques does not stand at all.

If you use hacking method, the information you then gather is not valid in court


Then it stands to reason that they'd be unwilling to hack it, does it not?

Shadow14l said...

> 11:11 am Anonymous

Anonymous has no idea what he's talking about. Not a single thing is correct here.

Also really... "hardware-hacking techniques", you're confusing the poor anon. Especially since the link you provided has nothing to do with hardware at all.

Anonymous said...

haha PhD pimpin hoes daily

Anonymous said...

"Hoes" is the plural of "Ho"

as in, "That Ho took my last potato chip" versus "Some of the Hoes from South Central Los Angeles moved to New York"

I'd assume that this gang Pimped multiple Hoes daily as overworking one Ho is bad business practice.

Anonymous said...

Pluraral/singular spellings.

Anonymous said...

Pimpin Garden Implements Daily just doesn't have the same ring..

Anonymous said...

The wiretap point doesn't make sense because nobody would do forensics while connected to a network. If they wanted to collect real time data they would need to get a tap, but just opening it up to do forensics on what is present does not trigger wiretap requirements.

Anonymous said...

Note that the suspect was subject to a 4th waiver as a condition of parole. That was likely a consideration for the Magistrate.

Int'l Bleu said...

GOOGLE vs OUR FIRST AMENDMENT RIGHTS

I always knew that this electronic era is going to be the death of our constitutional rights.

Now Google wants to feed all the consumers whom been feeding them to the wolves on some he say she say, or a mere assumption-not facts.

Do we continue to use Google? Google won't protect the privacy of American citizen as stated in the constitution. Or, do we began to utilize those other such-like companies whom would more than likely tell the FBI to go to hell on this one? Not enough evidence!

I got my eye on you Google, and you will be hearing from your public, positive or negative, the ball's in Google's court!

Anonymous said...

"If you use hacking method, the information you then gather is not valid in court, and if you use a device, you have to make sure you didn't change the state of the phone (shutdown/power up) because files on the phone are updated...and again the information you gather is useless in court. "

What? Are you speaking with expertise in this field or are you making that up? What is a "hacking" method to you and why is that "not valid in court"? All they have to do is describe the method for accessing information off the phone and show how that process retrieves data and doesn't alter data.

Int'l Bleu said...

I just hope Google doesn't allow the FBI to mock the u.s. constitution which was set forth by our forefathers. it's more than them trying to unlock a pimp's smart phone riding on this. there are laws that govern this kinda stuff. what about due-process? due-diligence? right to privacy? search and seizure? i've read many of articles and the actual search warrant regarding this matter, it's all he say-she say, or mere assumptions from this man's past-life. nothing factual.
if Google provides entry into this man's phone; where does our society go from here? who's rights are violated next? o yea, it will continue, think about it.... IT MAY BE YOU! are we a democracy? or, are we becoming a communist society? hnmmmmm!

one more thing, if google gives them this info; the next person is really going to get violated because they going to go into there pone str8 illegally. they got the back door key, won't nobody no!

Anonymous said...

Well its likely that Google will give up the info, however if they do, bye-bye rights to privacy and let that be a lesson to us all that these companies get rich off of exposing US citizens but we give them that power by putting our rights in there corporate hands....this what the political fatheads in the congress fight about everyday.....also the government uses this gathered info for various reasons that benefits their studies of US citizens likely lab rats..its a profit pool for them in many ways.....

Anonymous said...

As an FYI, the tool you linked to in your article doesn't work for this phone, so you just proved it's not that easy to circumvent the phone's lock. (Not to mention I rarely even hear of anyone using that tool at all). To my knowledge, I don't know of any tools currently on the market with a "point and click" solution for a locked phone of that particular model.

As for the JTAG method, while that works on many Android phones, it is a very difficult process that can be destructive of the phone. The author of that blog makes it out to be a cake walk, an issue that happens all too commonly on DIY blogs. "Doing XYZ mechanical work is easy" you say? But when you try it, you come to find out that, oh no, it's actually not.

And if anyone was curious and wanting to rebut, I do work in the mobile forensic industry, so I do know what I'm talking about.

Hoss said...

FYI, he waived his fourth amendment rights (voluntarily) to receive parole. The constitution only guarantees rights to free men. In that day, a guilty man usually died, but in all cases, convicted felons were never considered "free men", hence no vote. I'd pay more attention to Washington than Silicon Valley, as the former are bound by the Constitution, not the later.

Jane said...

If you don't like Google tracking you then use Duck Duck Go - easy! Oh, and give FB the flick and use Diaspora* - great community there, enjoy!

Anonymous said...

This is exactly why I never use the G word. Nor do I ever get on any website that has the G word, F word, or T word...

Timothy J. Conlon, Esq. said...

One of the problems with this case for privacy advocates is that the phone was still in service when the FBI requested this information. This means the phone will continue to receive telephone calls, text messages and emails. Therefore, the FBI should obtain a wiretap order if they wish to monitor this ongoing activity. While I am not defending the actions of this alleged criminal, it is disarming to see our wiretap laws brushed aside or ignored.

Anonymous said...

I don't think it is true that evidence gathered by hacking tools would be admissible in court. Or rather, it might be admissible, but the defense could have a field day asking whether the FBI is certain that the use of clandestine, third-party tools to break into the phone didn't alter the contents of the phone or, say, give unknown hackers remote access to it. You need to be careful handling evidence, especially digital evidence.

Nick P said...

@ Jane

Nah, don't use diaspora. Credible analyses of it showed plenty of basic security flaws. The concept & maybe certain design elements seem good, but the programmers are ineffective at even basic secure software implementation. The privacy of diaspora can't be trusted.

You're better off using PGP, encrypted text, or just phone calls or texts. You generally won't have anything to worry about unless your targeted by a serious three letter or criminal organization. At that point, using social networking properly should be the least of your concerns.

nikler said...

What is this fear of the abandonment or breach of 1st Amendment Rights shouted by Int'l Bleu?
The First Amendment states that the freedom of speech shall not be abridged. But in a criminal investigation, does the accused have a right to free speech in documents that he has written regarding his scheme to defraud another? Of course not. From the postings, and without any personal knowledge, it is apparent that the FBI did exactly what it is required to do: apply for a warrant before a Judge. Due Process under the Fifth Amendment is therefore satisfied and the evidence can be admitted at trial. Now many comments have also brought up the issue of hacking into the Phone and again, unfortunately, lack any general criminal legal knowledge. As long as the process is done with a specified method that can be described in Court and the FBI "hacker" could testify did not alter the evidence they were looking for and found, it would be admissible at Trial, though the defense could of course could hire its own expert, perhaps, "Anonymous" to testify that the hacking modified the information in the Phone making whatever they found unreliable. That does not go to admissibility--which, since they obtained a warrant, would not be at issue--rather, it would go to the issue of relevance or "weight" of the evidence that the Jury would weigh against this clearly troubled felon.