New York City prosecutors spend ‘hundreds of thousands of dollars’ to hack seized cellphones
The Manhattan District Attorney’s Office has spent hundreds of thousands of dollars hiring professionals hackers to break into lawfully seized smartphones in order to obtain data from mobile devices protected by purportedly impenetrable digital encryption, according to a new report.
Stonewalled by secure products sold by Apple and Google, New York City prosecutors have repeatedly turned to private contractors for help gleaning text messages, photos, videos and other digital evidence off of lawfully seized but supposedly “warrant-proof” devices, they said in their third annual “Smartphone Encryption and Public Safety” report published Thursday.
Echoing concerns raised recently by President Trump’s deputy attorney general, the report said the office has found itself outsmarted more than ever by smartphones locked using full-disc encryption, a security feature found on mobile operating systems that makes a device’s data completely inaccessible without a passcode unknown to its manufacturer.
“The number of investigations that involve full-disk encrypted smartphones continues to balloon, in cases ranging from white collar crime to homicides,” the report said. “To solve these crimes, law enforcement is increasingly relying on expensive ‘workarounds’ developed by third parties, while providers work to thwart even lawful access to smartphone data.”
Typically authorities can’t access evidence contained on encrypted smartphones without hiring hackers to unlock devices on a case-by-case — a costly dilemma evidenced most notably after the FBI reportedly paid upwards of $1 million to access the contents of an Apple iPhone owned by one of the suspects blamed with waging the 2015 terrorist attack in San Bernardino, California.
The number of locked smartphones lawfully seized by the Manhattan District Attorney’s Office surged nearly tenfold in recent years from 78 in 2014 to 702 in the first 10 months of 2017, including 466 locked Apple iPhones and 236 locked devices running Google’s Android operating system, the report said.
The prosecutors didn’t specify how many phones were professionally hacked since 2014, but the report said that “the overall cost of these workarounds to our office to date is in the hundreds of thousands of dollars.”
“While workarounds like ‘lawful hacking’ have been used by law enforcement with some success over the past year, they are not a realistic solution to the problem going forward — they are timeconsuming and costly, and become obsolete when new devices and operating systems are released, creating an endless cat-and-mouse system that strains resources and undermines public safety,” the report said.
Federal investigators, meanwhile, are facing the same dilemma on a larger scale, according to Deputy Attorney General Rod Rosenstein. The FBI has seized roughly 7,500 mobile devices during the last year that are “impervious to search warrants,” Mr. Rosenstein said last month.
“When investigations of violent criminal organizations come to a halt because we cannot access a phone, lives may be lost. When child molesters can operate anonymously over the internet, children may be exploited. When terrorists can communicate covertly without fear of detection, chaos may follow,” Mr. Rosenstein said.
Indeed, the Manhattan District Attorney’s Office has hired hackers to access data contained on lock devices central to a handful of homicide and sexual assault cases purposed by New York City prosecutors, according to the report.
“It’s just impossible to overstate the value of this kind of direct evidence,” Cyrus R. Vance Jr., the Manhattan district attorney, said at an event Thursday, New York Daily News reported.
“It is actually the data, the pictures, the conversations that are on the devices that make the difference between a case that can be proven beyond a reasonable doubt and a case that can only lead to disappointment and often heartbreak for a victim of a crime,” Mr. Vance said.
Tech companies including Apple and Google have dismissed previous concerns about encryption because they argue that weakening existing security measures would make customers prone to hackers and eavesdroppers.
According to Mr. Vance’s office, “a legislative solution that compels compliance with court-ordered production of plaintext data is necessary to ensure that justice is served in criminal cases, without regard to where crimes occur or the third-party resources available.”