Law enforcement agencies across the United States have the facilities to break even the most sophisticated smartphone encryption, new research has revealed.
According to a report from digital rights champion Upturn, at least 2,000 intelligence and police organizations across all 50 states have access to tools that allow them to circumvent smartphone security protections to conduct investigations.
Almost all of the 50 largest police departments in the country were found to have the facilities to extract data from fully encrypted devices, and the same can be said for many smaller regional police departments and sheriff’s offices.
- Check out our list of the best encrypted messaging apps available
- Here's our list of the best VPN services around
- Check out our list of the best anonymous browsers out there
Those that do not own mobile device forensic tools (MDFTs), meanwhile, can send devices to state-run or federal facilities, which specialize in unlocking smartphones.
According to Upturn, state and local law enforcement agencies have conducted and commissioned hundreds of thousands of “cell phone extractions” in the past half decade.
Breaking into encrypted smartphones
The level of security and privacy available to smartphone users grows with every passing year. Apple, for example, has made privacy a cornerstone of its marketing efforts in recent years.
However, it is now clear that law enforcement has the ability to bypass even the most complex encryption, irrespective smartphone vendors’ claims.
In fact, the Upturn report paints a scene in which breaking into smartphones has become routine for US law enforcement. The practice is not reserved for the most serious of crimes, but is often used to investigate small-time infractions as well, such as graffiti, shoplifting, marijuana possession, petty theft etc.
Although it has long been understood that investigating digital communications is an important part of criminal inquiries, the extent to which these tools are used has never before been clear.
Given the prevalence of encryption-breaking tools in the US, it is also perhaps safe to assume the practice is common among law enforcement agencies in other regions as well.
According to Upturn, “MDFTs are simply too powerful in the hands of law enforcement”, but the organization also concedes that the glut of such tools in the US means preventing their use is near-impossible.
Instead, the group has made the following recommendations to guard against the misuse of MDFTs in the short term:
- Banning the use of consent searches of mobile devices
- Abolishing the plain view exception for digital searches
- Requiring easy-to-understand audit logs
- Enacting robust data deletion and sealing requirements
- Here's our list of the best endpoint protection around
Via NY Times