January 3, 2022
Welcome to Decrypting a Defense, the monthly newsletter of the Legal Aid Society’s Digital Forensics Unit. This month, Diane Akerman discusses the Los Angeles Police Department’s use of social media monitoring. Jerome Greco reviews the New York City Department of Correction’s unlawful recording of attorney-client privileged phone calls. Benjamin Burger summarizes a year in legal news. Finally, Donovan Santiago answers a question about Apple Watches and wearable devices.
The Digital Forensics Unit of the Legal Aid Society was created in 2013 in recognition of the growing use of digital evidence in the criminal legal system. Consisting of attorneys and forensic analysts and examiners, the Unit provides support and analysis to the Criminal, Juvenile Rights, and Civil Practices of the Legal Aid Society.
In the News
LAPD is Now Following You!
A series of documents recently obtained by the Brennan Center pursuant to a Freedom of Information Act request, revealed troubling information about the Los Angeles Police Department’s use of social media monitoring. While social media monitoring by law enforcement, who have for years engaged in a practice of surveilling individuals and groups through social media, is nothing new, these particular documents reveal an even darker side of government surveillance of activists and movements.
According to the disclosed documents, the LAPD tested numerous tools to aid in online surveillance. One such monitoring tool, ABTShield, was advertised by both the company and a LAPD representative as a tool that would be used to “help the LAPD at a time when the department is being targeted by organized attacks of bots and trolls (e.g. police brutality misinformation and ‘defund the police’ narratives.)” Already, at its core, the software was not intended to aid in police work, but to aid in law enforcement public relations, and stifle any rhetoric critical of police behavior, by labeling its authors as “bots” and “trolls.”
LAPD and ABTShield developed a list of keywords and categories, which tells a particularly compelling story about how law enforcement views certain political opinions; a cautionary tale about how easily labels can be changed to suit any narrative. For example, Antifa was categorized as “civil unrest” while “racist” was categorized as “Domestic Extremism and White Nationalism.” Search terms as broad as “cops,” “republican,” and “democrat” were included.
LAPD received daily updates from EBT shield by category. On average, ABTShield sent the LAPD almost 2 million tweets in total, an average of 70,000 tweets per day. Even more troubling, the LAPD requested targeted tracking of three specific accounts – two anti-fascist groups, and one account that provided updates on ongoing protests and rallies.
The LAPD encouraged social media monitoring, including the use of fake profiles, but provided little guidance, and almost no oversight of officer’s conduct. Officers did not need to seek approval for, or even document, their use of social media tracking. The choice of who to surveil was subject to the whim of an individual officer, without scrutiny of any kind.
These revelations provide a deeper look into how law enforcement is engaging new technologies to perpetuate a long history of repression of social movements. More stunningly, they show that these methods are no longer employed to target only activists, but also to silence those critical of law enforcement, or who pose a threat to their ability to continue to function without accountability.
NYC Corrections Recorded Almost 2,300 Calls Between Incarcerated People and their Lawyers
The New York City Department of Correction (DOC) contracts with the prison surveillance company, Securus Technologies, to record all phone calls of people who are incarcerated at DOC facilities, except calls to attorneys, doctors, and clergy members. These recordings are routinely provided to NYC prosecutors and other branches of law enforcement; DOC does not require a search warrant be obtained. Despite the prohibition on recording attorney calls, it was publicly revealed in March of 2021 that Securus and DOC had “mistakenly” recorded “118 calls with 29 [incarcerated people] facing charges in the Bronx and another 1,450 chats involving 353 [incarcerated people’s] cases in Brooklyn.” Many of these calls had already been provided to prosecutors.
After challenges to the accuracy of the Securus and DOC audits by public defenders, an additional audit was conducted. The new audit found that Securus recorded almost 2,300 calls between people held in DOC custody and their attorneys. Securus had previously claimed that it was “a phone number processing issue” and the recordings were “inadvertent.” The new revelation and the inaccuracy of the initial audits cast doubt on the company’s ability to properly prevent attorney-client communications from being recorded. These violations are also part of a larger national pattern, exposed in 2015 and dating back at least a decade. The issue is also not unique to Securus. Its chief competitor, Global Tel Link (GTL), has previously recorded privileged phone calls too.
DOC renewed its contract with Securus this past March, disregarding the significance of the surveillance company’s numerous violations of attorney-client privilege. The only way to ensure such a failure does not happen again, and the rights of incarcerated people are protected, is to prohibit the systematic recording of phone calls from correctional facilities.
In the Courts
2021 Legal Roundup
Benjamin Burger Digital Forensics Staff Attorney
Federal and state courts confronted a number of important digital forensics and criminal law issues this year. The summaries below highlight noteworthy cases that were decided in the last year.
Van Buren v. United States, 141 S.Ct. 1648 (2021): A divided Supreme Court (6-3) held that the Computer Fraud and Abuse Act of 1986 (CFAA) does not make it illegal for a computer user to obtain information that is available to them with an improper motive. Instead, the statute applies when a person “accesses a computer with authorization but then obtains information located in particular areas of the computer—such as files, folders, or databases—that are off limits to him.” Van Buren, 141 S.Ct. at 1662. The Court adopted the “gates-up-or-down” theory of liability; in that the law requires a person to bypass a locked gate into portions of a computer that they were not permitted to access. Id. at 1659. With the Supreme Court clarifying the reach of the CFAA, lower courts will now start determining what constitutes a “locked gate” and allow for criminal liability.
Alasaad v. Mayorkas, 988 F.3d 8 (1st Cir. 2021): The United States Court of Appeals for the First Circuit joined other Courts of Appeals and severely limited the applicability of the Fourth Amendment at the United States border. The Court ruled that the “border search” exception to the warrant requirement meant that the government needs neither a warrant nor probable cause to search an electronic device at the border. See Alasaad, 988 F.3d at 18. Furthermore, basic border searches of devices - manually searching through a phone - was a “routine” search that did not require reasonable suspicion of a crime or contraband. Id. at 19. Finally, the Court disagreed with the Ninth Circuit Court of Appeals and determined that the scope of the border search exception was limited to searches for contraband. Id. at 20-21. The last holding of Alasaad sets up a circuit split on the proper scope of searches pursuant to the border search exception; are such searches restricted to looking for contraband or does the scope of the exception also include evidence of contraband and other border-related crimes? Unfortunately, with the current conservative majority on the Supreme Court, the First Circuit’s expansive reading of the border search exception appears lasting.
Leaders of a Beautiful Struggle v. Baltimore Police Department, 2 F.4th 330 (4th Cir. 2021): In an en banc decision, the Fourth Circuit overturned a three-judge panel and found that the Baltimore Police Department’s aerial surveillance program violated the Fourth Amendment. Applying the holding in Carpenter v. United States, 138 S.Ct. 2206 (2018), which requires law enforcement to procure a warrant before seizing historical cell-site location information, Chief Judge Roger Gregory explained that “because the AIR program opens ‘an intimate window’ into a person’s associations and activities, it violates the reasonable expectation of privacy individuals have in the whole of their movements.” Id. at 342. The Court also observed that the long-term nature of the surveillance combined with the ability of law enforcement to use other sources of data to de-anonymize individuals meant that the program “transcend[ed] mere augmentation of ordinary police capabilities.” Id. at 345. The Court concluded by admonishing that the program was like a “general search, enabling the police to collect all movements, both innocent and suspected, without any burden to articulate an adequate reason to search for specific items related to specific crimes.” Id. at 348.
The next year will see courts issue important decisions on Fourth Amendment and digital issues like pole cameras and reverse-location or geo-fence warrants. The Digital Forensics Unit will continue to advocate for strong Fourth Amendment and privacy protections.
Ask an Examiner
Do you have a question about digital forensics or electronic surveillance? Please send it to AskDFU@legal-aid.org and we may feature it in an upcoming issue of our newsletter. No identifying information will be used without your permission.
Q: My client has an Apple Watch. What type of information, like location data, can we get from the device?
A: Smartwatches, which are a type of “wearable,” often contain a lot of data depending on the model of the watch. The Apple Watch, in particular, is becoming increasingly prevalent, and may contain a lot of useful data.
Apple Watches come in two models: WiFi+GPS and cellular. While both models require an initial sync with an iPhone upon setup, many functions, particularly on the cellular model, work without an iPhone being connected to the watch. For example, such features include making phone calls, sending & receiving texts, and using navigation apps for directions. The watch may also contain health data, which can include step counts, heart rate, and sleep monitoring, depending on the model of the watch. Also, with WatchOS 6 released September 2020, users have been able to download third-party apps to the watch, which can expand upon the preloaded apps or add new functionality. Such examples include the messaging platform Telegram and the email client Spark.
Attorneys frequently ask how we can obtain data from an Apple Watch. Normally, because the watch is required to be synced to an iPhone, we can perform an extraction on the latter to try to obtain the data. A large portion of the data is synced to an iPhone on a continuous basis. In other cases, we may be able to obtain the data from an iCloud backup, depending on the client’s cloud storage settings and when the backup was created. This is true for both the WiFi+GPS and cellular models of the watch.
What happens if a client only has the standalone cellular model of the Apple Watch and their iPhone is not available for an extraction? In this scenario, our ability to acquire data from is more limited and requires us to explore alternative options. The cellular Apple Watch can make phone calls without being connected to an iPhone. If an attorney is looking for location data, we can try to subpoena historical cell site location information directly from the wireless carrier. Although the watch often shares the primary phone number on the account, for billing and record purposes, the carrier may have it under a separate number.
As digital technology evolves from computers to mobile devices to wearables, we have to adapt our techniques and investigations to acquire the data important to a case.
- Donovan Santiago, Digital Forensics Examiner
Upcoming Events
January 8, 2022
The Newly Central Role of Defense Investigations in the Digital Age (Association of American Law Schools Open Source Program) (Virtual)
February 3, 2022
Data & Society Network Book Forum Series: Digital Black Feminism (Virtual)
February 15, 2022
The Risks of Bias in Artificial Intelligence (New York City Bar Association) (Virtual)
March 7-10, 2022
Mozilla Festival (MozFest 2022) (Virtual)
April 7-9, 2022
NACDL Making Sense of Science: Forensic Science & the Law Seminar (Las Vegas, NV)
April 11-13, 2022
Magnet User Summit (Nashville, TN)
May 9-12, 2022
Techno Security & Digital Forensics Conference (Myrtle Beach, SC)
October 10-12, 2022
Techno Security & Digital Forensics Conference (San Diego, CA)
Small Bytes
The Popular Family Safety App Life360 Is Selling Precise Location Data on Its Tens of Millions of Users (The Markup)
Your Face Is, or Will Be, Your Boarding Pass (The New York Times)
Facial Recognition Finds Its Match in Once Crime-Plagued Bronx Housing Complex (The City)
Environmental advocates file lawsuit against Oregon Justice Department over surveillance (Oregon Public Broadcasting)
Digital surveillance presents new threats to reproductive freedoms (Washington Post)
Facebook Warns 50,000 Users Were Targeted By Spy-For-Hire Companies (Forbes)
Google Scans Gmail and Drive for Cartoons of Child Sexual Abuse (Forbes)
How technology can help keep the innocent out of prison (New York Daily News)