State Police can suck data out of cell phones in under two minutes

You don’t want to be pulled over by the police in Michigan. When law enforcement wants half a million dollars to produce documents for a FOIA request, something is not right. And since the high-tech mobile forensic device in question can grab data in one-and-a-half minutes off more than 3,000 different cell phone models, it could be used during minor traffic violations to conduct suspicionless and warrantless searches without the phone owner having any idea that all their phone data was now in the hands of authorities.

The Universal Forensic Extraction Device (UFED) made by Cellebrite can extract data off 95% of cell phones on the market. It can also grab GPS information from units in most vehicles. According the company’s profile [PDF], the UFED is stand-alone gadget designed for “recovery and analysis” used by law enforcement, intelligence agencies, military and governments across the world in 60 different countries.

The ACLU of Michigan has been trying to get more information to determine if the Michigan State Police (MSP) are using these gadgets to “violate Fourth Amendment protections against unreasonable searches if a warrant is not issued.” Back in 2008, after the ACLU filed the first FOIA request for logs, reports and records of use, the MSP said Okay but it will cost $544,680 to retrieve and assemble the documents to disclose how five of the devices were being used. The MSP wanted $272,340 deposit before showing the ACLU documents. After sending 70 different FOIA requests in November, narrowing the time period and the UFED models, the ACLU was told no documents existed with that criteria. It’s like a endlessly expensive and unfruitful fishing expedition for information.

Update: Michigan State Police reply to ACLU about cell phone data extraction devices.

There are many different UFED models, but most can access current or past phone lock codes, access any deleted data, or as stated on the company’s website for the UFED Physical Analyzer 2.0, it can decode chat, email, instant messages, call logs, text messages, web bookmarks and history, Facebook contacts, Skype contacts/calls/chats, photos, videos . . . pretty much whatever you have on your phone. Besides those forensic features, the UFED Ruggedized model can also clone a SIM Card when it is PIN locked or when “SIM is not available.”

The ACLU of Michigan sent this letter [PDF] to the MSP which included the statements, “Law enforcement officers are known, on occasion, to encourage citizens to cooperate if they have nothing to hide. No less should be expected of law enforcement, and the Michigan State Police should be willing to assuage concerns that these powerful extraction devices are being used illegally by honoring our requests for cooperation and disclosure.”

The smarter and more powerful our technology gets, the more intelligence agencies will want ways to exploit it. Such mobile forensic devices could be utilized by thieves who might get their hands on lost or stolen phones. A smart phone is like a little laptop packed full of personal details. If those details are being extracted just to see if the person is suspicious of anything, then that violates our Fourth Amendment rights. If UFED can basically scrape all the data in under a couple minutes, then it may be tempting to authorities with voyeuristic tendencies.

Some feds are predisposed to voyeurism. For example, the FBI gathered evidence of insider trading by intercepting more than 1,000 phone calls of former Galleon Group trader Craig Drimal. New York District Judge Sullivan “scolded” FBI investigators for “voyeuristic intrusion” while eavesdropping on private, intimate calls between Drimal and his wife, reported the Galveston County Daily News. The FBI should have stopped listening and hung up once it was clear that the phone calls were not related to their investigation. Despite the 10-page ruling which criticized the government for failing to stop listening during privileged, non-pertinent calls, the judge did not allow the wiretap evidence to be suppressed. “Given the wiretap’s scope and the substantial manpower needed to sustain it, the Court concludes that, on the whole, the wiretap was professionally conducted and generally well-executed,” Sullivan wrote.

PogoWasRight’s Dissent makes an excellent point that also crossed my mind. The “judge may be troubled by it, but there really doesn’t seem to be an adverse consequences to the prosecution.”

Image Credit: Cellebrite Brochure [PDF]

Like this? Here’s more posts:

• Watchdog to Obama: Schmidt policing online privacy is like Madoff heading SEC
• TSA Surveillance: Peep Show, Police State, Privacy Invasion or All Three?
• Security Researchers Exploit Logic Flaws to Shop for Free Online
• Hacked: Xbox LIVE Banhammer Stepto Gets Jacked
• Will Google’s legal woes define how far it crossed the creepy line?
• No Conspiracy Theory Needed: Tor Created for U.S. Gov’t Spying
• Ridiculous DHS list: You might be a domestic terrorist if…
• Former FBI Agent Turned ACLU Attorney: Feds Routinely Spy on Citizens
• Complain about the TSA and your First Amendment right might get you flagged

Follow me on Twitter @PrivacyFanatic