In 2012 and 2013 I worked for Palantir Technologies, deploying Gotham, their powerful analysis software into state and local police forces. I feel good about how Palantir Gotham helped everyone from beat cops to detectives to crime analysts find and make sense of information to solve crimes.
One thing that left a sour taste in my mouth from the experience was just how much power the police had to get access to people’s private information. It was common practice to
- stop suspected criminals or gang members
- demand they hand over their phone
- copy call logs, texts, pictures and the like with a Cellebrite UFED
- hand the phone back and send them on their way.
The police were probably inspired by the success of a similar program used in Afghanistan. The cell phone data, and especially call and text records would be loaded up into Palantir Gotham, alongside other intelligence and used to try to understand the structure, organization, and operation of roadside bomb (IED in military-speak) makers.
In the US & Canada, police were interested in gangs, rather than bomb-making networks. But, while their intentions were true to the serve and protect ideal, it was really easy for extraneous, private information to be caught up in such a wide net. Joy riding with your friends and one of them is in a gang, was in a gang, or is suspected of being in a gang? The police are probably taking your phone as well. Has anyone associated with a gang ever called you? Your phone number is now in a searchable police database tracking gang activity.
And, even though call logs and text messages are the most important information for mapping out a network, police would seize everything the UFED could access. So, as you can imagine, these databases are also filled with pictures of gang members girlfriends and dogs.
I got a demo of the Cellebrite UFED once, a ruggedized, handheld device that comes with an entire separate case of adapters for the different makes and models of phone the UFED works with. The makers use every trick in the book and then some to pull forensically useful data off the phone: maintenance and data backup protocols, security exploits, whatever. On smartphones, they designed decoders for popular applications, especially communications services like WhatsApp or Skype.
This was all several years ago, so I can’t help but wonder if the efforts by Apple and Google to secure their phones have made the UFED go largely dark.
If the practice was still going (I stopped working for Palantir in 2013), it will certainly be curtailed in California by a new law: the Electronic Communications Privacy Act, which among other things, requires that the police obtain a search warrant before accessing information stored on or transmitted by phones, tablets, laptops or other devices. Police will need a warrant to search cell phones of people they have arrested, whereas courts have previously given police leeway to consider searching a cell phone the same way they would if they asked you to turn out your pockets when you were arrested and found some weed.
The law is written with intentionally broad scope, to cover both new categories of personal devices and new spying tech that haven’t yet been invented. In addition to Cellebrite UFED (or similar devices), other reporting has emphasized how the law will affect another form of warrantless spying: the use of “Stingray” devices that intercept phone communications. It also requires law enforcement to get a warrant before compelling service providers to turn over individual records.
I think it’s a good law; it positively affirms 4th Amendment protection to electronic devices and communications. Law enforcement must rely on a legal framework that’s served us well for centuries: the search warrant.