Exclusive: U.S. Cops Have Wide Access to Phone Cracking Software, New Documents Reveal

While the FBI requests ‘backdoor’ iPhone access, documents indicate law enforcement already has easy access to encrypted devices

Photo Illustration, Source: Getty Images

Apple is once again facing pressure to give officials a “backdoor” into locked iPhones implicated in an act of domestic terrorism. Last week, Attorney General William Barr held a press conference asking the tech company to unlock and pull data from two iPhones belonging to a Saudi Air Force second lieutenant who opened fire at a Pensacola, Florida, military base in December.

The situation echoes another high profile case involving an iPhone used by a shooter in the 2015 terrorist attack in San Bernardino, California. In both cases, Apple has refused to provide a means for investigators to break through the encryption on its devices.

Barr recently complained that Apple had not provided “any substantive assistance” to officials and that the Pensacola case “perfectly illustrates why it is critical that investigators be able to get access to digital evidence once they have obtained a court order based on probable cause.” The Department of Justice (DOJ) insists that it has been unable to open the phones of the Pensacola shooter.

OneZero sent Freedom of Information Act requests to over 50 major police departments, sheriffs, and prosecutors around the country.

But many police departments across the United States already have the ability to crack mobile devices, including the iPhone. While Apple may not provide official support to law enforcement agencies to access iPhones, third-party companies have stepped in to fill the void, allowing police to unlock and access information on encrypted mobile devices at a relatively low cost.

Over the past three months, OneZero sent Freedom of Information Act (FOIA) requests to over 50 major police departments, sheriffs, and prosecutors around the country asking for information about their use of phone-cracking technology using requests developed by Upturn, a nonprofit focused on technology and justice. Hundreds of documents from these agencies reveal that law enforcement in at least 11 states spent over $4 million in the last decade on devices and software designed to get around passwords and access information stored on phones.

OneZero obtained documents from law enforcement agencies in New York, California, Florida, Texas, Washington, Colorado, Illinois, Ohio, Michigan, New Mexico, and Massachusetts. These agencies included district attorneys’ offices, local police departments, and county sheriffs’ offices.

The number of offices with access to phone-cracking tools across the country is likely far greater than what OneZero uncovered. Not all agencies responded to OneZero’s request for documents. Some departments and offices claimed the records were exempt from public release. Others told OneZero they would need several months and thousands of dollars to provide the information.

Below is a list of agencies that have purchased technology designed to crack smartphones, including iPhones, based on documents obtained by OneZero:

Alameda County Sheriff, California

Los Angeles County District Attorney, California

Oakland Sheriff, California

San Bernardino County Sheriff, California

San Diego County District Attorney, California

San Diego Police Department, California

San Francisco City Attorney, California

San Francisco District Attorney, California

San Francisco Police Department, California

San Jose Police Department, California

Santa Clara County District Attorney, California

Denver Police Department, Colorado

Jacksonville Sheriff, Florida

Miami-Dade State Attorney, Florida

Cook County District Attorney, Illinois

Cook County Sheriff, Illinois

Boston Police Department, Massachusetts

Detroit Police Department, Michigan

Bernalillo County District Attorney, New Mexico

New York County District Attorney, New York

Suffolk County District Attorney, New York

Columbus Police Department, Ohio

Dallas County District Attorney, Texas

King County District Attorney, Washington

The documents range from contracts, requests for proposals (RFPs), invoices for payments by law enforcement, quotes from forensic companies, and emails traded between officials discussing vendor approval. They suggest that most law enforcement agencies bought forensic investigation products from a small group of companies that include Cellebrite, Grayshift, Paraben, BlackBag, and MSAB. In addition to selling the software and hardware needed to unlock phones, these companies also charge thousands of dollars each year to upgrade the software in their products. In addition, their customers spend thousands on training sessions to teach personnel in their offices how to use the tools.

California’s Alameda County contract with Cellebrite

OneZero reached out to all of the companies named in these documents. Only Cellebrite and Paraben responded. Amber Schroader, the CEO of Paraben Corporation, told OneZero, “The largest struggle for investigators today is dealing with locked devices.”

“As a primary tool provider in digital forensics, we spend more time researching bypass options than any other function in the tool,” Schroader said. “The premise of digital forensics is seeking the truth in the data, and that benefits anyone involved in an investigation.”

Of the companies currently selling phone-cracking technology, the Israeli company Cellebrite has the highest profile. When Apple refused to unlock the phone linked to the suspected attackers in the San Bernardino shooting, the DOJ reportedly turned to Cellebrite to break into the shooters’ iPhones. Documents suggest it charges over $100,000 a year for software that the company claims will unlock and extract data from iPhones and Android phones.

Other offices spent considerably more to use the technology. For example, Alameda County in California spent $208,000 in 2018 on a package that included Cellebrite’s top-tier software and analytics package.

Some agencies provided documents outlining internal policies for how and when phones can be broken into. For example, the Detroit police have a policy stating that by law, officers “cannot search the digital contents of a cellular telephone device or track any telephonic device without securing a search warrant.”

As Barr and the Trump administration continue to push for legislation that would grant them special access to phones, these policy documents suggest that police have found a lawful way to access phones by first getting a warrant before they deploy the technology.

“Our technology is used by thousands of organizations globally to lawfully access and analyze very specific digital data as part of ongoing investigations.”

Asked if they had been contacted about the Pensacola investigations, a Cellebrite spokesperson said, “As a matter of company policy, we do not comment on any ongoing investigations.”

“Our technology is used by thousands of organizations globally to lawfully access and analyze very specific digital data as part of ongoing investigations,” the spokesperson said in the statement to OneZero. “This aids in unearthing evidence to bring understanding and resolution to cases.”