Law enforcement agencies in the United States have the facilities to break through even the most advanced smartphone encryption, new research shows.
According to a report by digital rights advocate UpturnAt least 2,000 intelligence and police organizations in all 50 states have access to tools to bypass smartphone security measures to conduct investigations.
Nearly all of the 50 largest police departments in the country were found to have the facilities to extract data from fully encrypted devices, and the same can be said for many smaller regional police departments and sheriff’s offices.
- Check out our list of the best encrypted messaging apps available
- Here’s our list of the best VPN services out there
- Check out our list of the best anonymous browsers out there
Those who do not own mobile device forensic tools (MDFTs), meanwhile, can send devices to state-run or federal facilities that specialize in unlocking smartphones.
According to Upturn, state and local law enforcement agencies have conducted and commissioned hundreds of thousands of “cell phone extractions” over the past six months.
Breaking into encrypted smartphones
The level of security and privacy available to smartphone users is growing every year. For example, Apple has made privacy a cornerstone of its marketing efforts in recent years.
However, it is now clear that law enforcement officials can bypass even the most complex encryption, regardless of smartphone vendor claims.
In fact, the Upturn report outlines a scene where smartphone hacking has become routine for US law enforcement. The practice is not reserved for the most serious crimes, but is also often used to investigate minor offenses such as graffiti, shoplifting, marijuana possession, petty theft, etc.
While it has long been known that investigating digital communications is an important part of criminal investigation, the extent to which these tools are used has never been clear before.
Given the prevalence of encryption-breaking tools in the US, it might also be safe to assume that this practice is also common among law enforcement agencies in other regions.
According to Upturn, “MDFTs are simply too powerful in the hands of law enforcement,” but the organization also admits that the abundance of such tools in the US means it is impossible to prevent their use.
Instead, the group made the following recommendations to prevent short-term abuse of MDFTs:
- Prohibit the use of consent searches on mobile devices
- Deprecated plain view exception for digital searches
- Require easy-to-understand audit logs
- Powerful data deletion and sealing requirements
Through New York times