March 25, 2012 ›› Bloomberg Government
Detectives investigating the shooting death of a sheriff’s deputy in Sacramento, California, found a wealth of useful information in the 16-year-old suspect’s mobile phone.
Using a digital forensics tool weighing about 2 pounds, they were able to skirt passwords, pulling text messages and photographs from the teen’s phone and 16 other mobile devices belonging to fellow members of the Tiny Rascal Gang. The evidence helped prosecutors win a murder conviction.
Little known to the general public, the mobile-cracking technology is becoming increasingly popular in law enforcement and government security. Police in Los Angeles and New York City have adopted it to cull data from devices such as Research in Motion Ltd. BlackBerrys to Apple Inc. iPhones. Led by the Department of Homeland Security and the military, the U.S. awarded $5.7 million in contracts in fiscal 2011 to four mobile forensics companies, an 11-fold increase from $489,000 in fiscal 2007, according to data compiled by Bloomberg Government.
“There’s so much information,” said Jim Grady, chief executive officer of Cellebrite USA Corp., a unit of Aichi, Japan-based Sun Corp. that made the device used by the Sacramento County Sheriff’s Department. “People’s PCs are basically in their hand now.”
The U.S. government market for mobile forensics, probably no more than $20 million annually now, is growing as fast as 20 percent a year, said Sonny Farinas, sales director for closely held Susteen Inc. in Irvine, California. Susteen makes a data-extraction tool that works with more than 3,000 mobile phones, he said.
Cellebrite had U.S. government orders valued at $4.94 million in the fiscal year ended Sept. 30, according to federal procurement data compiled by Bloomberg. That led three of its competitors, including Susteen; Paraben Corp. of Ashburn, Virginia; and Micro Systemation AB of Solna, Sweden.
The industry’s growth has followed the proliferation of mobile devices, now able to store and transmit heavier loads of data. Even a basic cell phone contains text messages and contact lists. Smart phones include larger caches of potential evidence for investigators: e-mails, calendars, photos, video and Web-browsing histories.
Marisa Conway, a Research in Motion spokeswoman, didn’t immediately comment. A phone call and an e-mail to Apple weren’t immediately returned.
The extraction devices raise concerns because police may end up violating the Fourth Amendment, which prohibits unreasonable searches and seizures, privacy advocates say.
“Our cell phones are treasure troves of information,” said Jay Stanley, a Washington-based senior policy analyst at the American Civil Liberties Union. “Law enforcement is inevitably going to be tempted to look at that information when they shouldn’t, under the Constitution.”
Search and Seizure
The law hasn’t caught up with mobile forensics tools, said Lee Tien, senior staff attorney at the San Francisco-based Electronic Frontier Foundation, a nonprofit group that advocates for digital privacy rights. For example, it’s not clear when information on a mobile phone is fair game for law enforcement, he said.
Considering the vast amount of data people routinely carry on their smart phones, it’s “really quite ludicrous” to think that the authors of the Constitution would have permitted mobile device searches without warrants, Tien said. Yet such searches take place, he said.
“It’s a pretty significant privacy issue when you think of all the things that are on your phone,” he said.
The forensics devices are used daily at the Sacramento County Sheriff’s Department, and about 80 percent of the extractions are done after obtaining a warrant, said Sergeant Dan Morrissey, a gang intelligence supervisor. Warrants may not be required to scan mobile devices that belong to suspects who are on parole or probation, or to search a device at the time an arrest is made, he said.
Cell-phone photos and text messages helped convict Jimmy Siackasorn in 2010 of first-degree murder in the shooting death of Vu Nguyen, the sheriff’s deputy, Morrissey said.
The extraction device also was the linchpin in a juvenile prostitution investigation the same year in Sacramento County. After arresting a suspected pimp, officers used the tool to get around her phone’s password and obtain text messages, Morrissey said.
They learned that she had told girls when to look out for law enforcement vehicles, where to take “johns” and how much to charge based on the type of car the customer was driving, he said.
“The entire extraction was less than two minutes’ worth of investigative time, but made a difference by saving four girls and putting one pimp in prison,” Morrissey said.
The devices are gaining fans in the federal government. Homeland Security was the biggest buyer of mobile forensics systems among federal agencies in the fiscal year that ended Sept. 30, followed by the Army, according to data compiled by Bloomberg.
U.S. Immigration and Customs Enforcement, part of Homeland Security, has “about 100 of these devices in the field,” Danielle Bennett, an agency spokeswoman, said in an e-mail. They are used to obtain data from suspects’ mobile devices, including information that was deleted, she said.
Data extractions are generally done “pursuant to a judicially authorized search warrant” or after consent to perform the search is granted, she said.
The technology is also used to pull information from mobile devices brought across the border into the U.S., which does not require a warrant or consent, Bennett said.
The military increased its contracts with Cellebrite, Susteen, Paraben and Micro Systemation to $937,000 in fiscal 2011, from $45,300 in 2007, according to the federal data compiled by Bloomberg.
The Army’s Rapid Equipping Force at Fort Belvoir in northern Virginia, ordered 26 Cellebrite units for $11,499 each that “allow the capture of critical mission information from apprehended digital devices,” according to a February military document posted online.
The devices are so important that going without them “has the potential to cause loss of life and mission failure,” according to the Army document.
Christopher Kasker, an Army spokesman, declined to comment on how the devices are used. The Rapid Equipping Force was set up to quickly provide deployed troops, including those in Afghanistan, with current and emerging technologies, according to its website.
In most cases, a mobile forensics tool is connected to a smart phone by a cable when it pulls data, company officials said.
Some extractions may take place wirelessly via an infrared or Bluetooth signal, though this couldn’t take place surreptitiously, said Farid Emrani, chief operating officer of Chatsworth, California- based Logicube Inc., which makes mobile and computer forensics products. The mobile phone’s user would have to accept the wireless connection, he said.
“It is not a device that, for example, can go and randomly get information from other phones,” Emrani said. “I am not aware, at least in my experience, of one instance where the device has been used for snooping purposes.”
The ability to access mobile data remotely still raises concerns that forensic devices may be used for spying or for criminal activity, said Larry Ponemon, chairman of the Traverse City, Michigan-based Ponemon Institute, which researches privacy issues.
“Basically, it puts people at risk,” said Ponemon.