Judge Not Impressed With Government's Warrantless 921-Page 'Peek' Into A Suspect's Cellphone

from the also-discussed:-digital-forensic-tools-and-how-not-to-use-them dept

All the DHS wanted was a warrantless "peek" at the contents of a seized iPhone. The phone, one of three seized from a person suspected of drug trafficking, was examined by the DHS, with the warrant arriving a month later. Now, all of the evidence obtained from the phone is being tossed out.



In the order granting the suppression of evidence obtained from the phone, Judge Sterling Johnson points out that the government revised its story several times during oral testimony.



DHS Special Agent Thomas Wilburt worked with the CBP to detain the suspect, Adamou Djibo, at the JFK Airport. Djibo's iPhone was taken and examined by Wilburt, who couldn't seem to accurately recall the details of the examination.



First off, Wilburt made it clear that the DHS and CBP were searching for a particular kind of "contraband."

Wilburt defined the search as one for "contraband," and when asked by the Court to define contraband stated:



If they're leaving with any weapons, any mostly it's money, I think, they're looking for. Drugs as well. Drugs, often they'll go to Bermuda. Drugs come in here and go to Bermuda, as opposed to Bermuda from here. This particular case, the main search was for money.

Counsel: After they took his boarding pass and his passport, his password was put into his phone. Is that right?



Wilburt: I don't know that his password was put into his phone then, no.



[...]



Counsel: You never saw his passcode get put into his phone?



Wilburt: I don't believe it was put into his phone then, no.



[...]



Wilburt: At some point, I put it into his phone. I don't know if I did it right then or I did it back at our office.

I believe it was after the exam was over and after he was arrested, we went back to our office, and then I proceeded to put that code into the phone.

We wanted to get more in depth in the phone. Cellebrite, as far as I know, gives you basic information.

The Court: Were there any text messages or incriminating calls to the original defendant?



Wilburt: At a later point looking at that report, I believe there were text messages.

I believe after -- nothing was seized at the border search. After he was arrested, I believe they ran an initial Cellebrite report or an initial search on the phone, just a preliminary peek.

It was emails, text messages, undeleted content. So whatever was -- when you turn on your phone and you see your text messages and your emails, that's what they obtained with this initial peek.

The CD contained 921 pages of materials, all of which this Court has reviewed, including hundreds of text messages, WhatsApp messages, photographs and emails. Many of the messages appear to be written in code. For example, there are text messages about orders for 600 cases of diapers and 1500 cases of wipes; "booking confirmations" to a "personal trainer" who provides various styles of "sessions;" and about stomach ailments that have to be operated on in Ghana.

Bauer described a "fairly new" device called an IP-Box, which can be attached to an iPhone and systematically attempt every passcode from 0000 to 9999 without shutting down [the phone]... IP-Boxes came into the fray when Apple Inc. ("Apple") refused to assist the government with cell phone break-ins.

It appears from his testimony that he stood by passively until the phones were discovered, but phones are not contraband. In fact, no contraband was found by the CBP. After that, the border search ended. The line of inquiry into Djibo's telephones thereafter changed the stage because the purpose of the original search was to find currency and currency cannot be found on a phone.

In his affidavit in support of the application for a search warrant, he made no mention of having already looked at 921 pages of data from the phone. Therefore, not only was the initial search unreasonable… Agent Wilburt decided it was insufficient to support the narcotics investigation. He wanted "more." For these reasons, this Court finds that the forensic search of Djibo's phone was the fruit of the illegal initial search and was unreasonable.



[...]



The government's claim that it did not rely on the initial "peek" -- despite the wording of the search warrant -- is simply unsupported by the often contradictory evidence.



[...]



In this case, the search was undertaken to find contraband or currency and neither were found. There was no need to then seek out Djibo's passcode. It had nothing to do with national security at the airport on that day… That Djibo was arrestable based on the information from the Cooperator is of no great moment. He could have been arrested, his phone seized pursuant to border authority, and a search warrant obtained before any searching occurred. Wilburt sought to sidestep these constitutional guarantees.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

The problem was, Djibo's money checked out. The declaration form was legitimate and the amount of currency he was carrying was found to be legal. (Yeah, let that last part sink in for a moment…)Wilburt then took an iPhone from Djibo and asked him to input his passcode. Or not. The opinion contains several quotes from Wilburt's testimony, many of them elusive or contradictory. The opposing counsel found it nearly impossible to get Wilburt to provide an accurate portrayal of the phone's search and seizure.Wilburt first claimed he couldn't recall whether or not he had asked Djibo for his passcode. He then claimed he didn't knowthe passcode was used to unlock the phone and access the contents.At a second hearing, Wilburt suddenly recalled when the passcode had been entered:But he became less clear on the details ofthe agents had viewed on the phone during their warrantless "peek." Wilburt testified that the phone was hooked up to a Cellebrite (a device for forensic phone examinations), where "another agent… obtained all the information off the phone that we were able to."When the court pointed out that the warrant to search the phone didn't arrive until a month later, Agent Wilburt then claimed the Cellebrite didn't actually grab "all the information" the government wanted, despite saying it had only moments earlier.Wilburt vastly underplays the capabilities of this forensic device. It grabs address books, call logs, pictures, videos and text messages.In this case, it returned incriminating information, well ahead of the warrant acquisition.Agent Wilburt, apparently attempting to legalize the illegal search of Djibo's phone, tried to redefine "contraband" -- something he originally claimed was "specifically currency" -- to cover what he had already discovered without the acquisition of a warrant. Wilburt now claimed the phone needed to be accessed to look for "evidence of currency or other crimes."Pressed further, Wilburt admitted the phone had been seized and searched without a warrant, but the DHS had only used its forensic device to get a "peek" at the contents.(Hilariously, when the court asked Wilburt why he would seek a warrant when Djibo had already given him the passcode, he claimed it was to avoid "violating [Djibo's] rights.")And what did that "peek" contain?So, basically all the communications contained in the phone. The court asked for a copy of the "peek" and was informed a CD would be burned and sent out, as the "peek" contained "hundreds" of pages. Three weeks later, it arrived in the court's hands.The government magnanimously agreed to "suppress the peek," while less magnanimously claiming it could have obtained the info anyway, even if itknown the passcode.Further questioning of DHS Special Agent David Bauer revealed the DHS could have taken a look at Djibo's phone without needing to know his passcode.[Here's an IP-Box in action.]Even less magnanimously, the government disputed Djibo's attempts to suppress the evidence it had obtained with a warrant. Starting with the alleged Fifth Amendment violations, the court has this to say about the government's relocation of the investigative goal posts.Citing the Supreme Court's Riley decision , the court finds that the original, warrantless 921-page "peek" was an illegal search, tainting every piece of evidence obtained subsequently.The DHS was so sure it could build it case that it skipped all the essentials of building a case. And now it has no evidence and a guy "caught" carrying a legal amount of cash through an airport, which isn't going to help it "win" the Drug War.

Filed Under: 4th amendment, adamou djibo, dhs, mobile phones, peek, surveillance, warrants