Decrypting A Defense: Revenge of the Data, Ring Search Warrants, Body-Worn Camera Audit Trails, P2P Analysis & More

Vol. 4, Issue 4

Apr 03, 2023

A photo of a utility pole with multiple surveillance cameras. — Photo by Kostiantyn Li on Unsplash

April 3, 2023

Welcome to Decrypting a Defense, the monthly newsletter of the Legal Aid Society’s Digital Forensics Unit. In this issue, we announce our second annual Decrypting a Defense Conference. Joel Schmidt discusses search warrants for Ring videos. Shane Ferro analyzes a recent decision finding body-worn camera audit trails to be discoverable. Finally, Donovan Santiago explains how Peer-to-Peer transactions work.

The Digital Forensics Unit of the Legal Aid Society was created in 2013 in recognition of the growing use of digital evidence in the criminal legal system. Consisting of attorneys and forensic analysts, the Unit provides support and analysis to the Criminal, Juvenile Rights, and Civil Practices of the Legal Aid Society.

In the News

Decrypting a Defense: Revenge of the Data

Benjamin Burger, Digital Forensics Staff Attorney

The Legal Aid Society’s Digital Forensics Unit proudly announces its second annual in-person conference, Decrypting a Defense: Revenge of the Data. The all-day conference will be held at CUNY School of Law in Queens, New York on April 27, 2023. Legal Aid Society staff, interns, and volunteers can register here. All others can register at this link.

Similar to our inaugural conference in 2019, Decrypting a Defense presenters will include both attorney and analysts from the Digital Forensics Unit and prominent external experts in digital forensics and surveillance technologies. Presentation topics will include surveillance in a Post-Dobbs world, creating defense strategies from digital investigations, litigating video evidence, challenging the science behind the ShotSpotter gunshot detection system, handling digital contraband, and more. Continuing Legal Education credits will be available, including the new Cybersecurity, Privacy and Data Protection credit.

There are a limited number of seats available and we encourage those interested to register as soon as possible. We hope you are able to join us for this exciting opportunity to learn and share ideas on how criminal defense practitioners can further their understanding of digital forensics.

A photo of Ring doorbell on a door frame outside of a home. — Ring Video Doorbell by Ring from its Press Images

Ring Cameras and the Fourth Amendment

Joel Schmidt, Digital Forensics Staff Attorney

We’re all familiar with the warrant requirement of the Fourth Amendment to the United States Constitution. If the police want to search your home against your will they need a search warrant signed by a judge. The warrant requirement makes frequent appearances in American pop culture, and there are hundreds of varieties of “come back with a warrant” doormats available for purchase online.

In today’s technological age that smartphone in your pocket can frequently reveal more about you than anything in your home. Sure, the police need a warrant to search your home but what good is that protection if your phone is vulnerable to warrantless intrusion by the police?

Fortunately, in 2014 the United States Supreme Court held that in most cases the police need a warrant to search your phone. Back then, almost a decade ago, the court noted “it is no exaggeration to say that many of the more than 90% of American adults who own a cell phone keep on their person a digital record of nearly every aspect of their lives—from the mundane to the intimate.”

In 2018 the Supreme Court extended the warrant requirement to cellphone location records, noting that location data provides “an intimate window into a person's life.” If the police want your cell phone service provider to turn over your phone’s historical location data, they must present the company with a search warrant supported by probable cause signed by a judge.

The protections of the Fourth Amendment depend on judges scrupulously scrutinizing search warrant applications, and refusing to sign warrants that are not supported by probable cause. It is a judge’s obligation to uphold the Fourth Amendment and push back against law enforcement when they seek an unconstitutional warrant. One recent case involving the popular Amazon Ring camera system illustrates what can happen when a judge fails to be faithful to the Fourth Amendment.

Previously this column reported on the NYPD’s relationship with Amazon Ring, allowing it to view all videos posted on the Amazon Neighbors app, and permitting it to post “requests for assistance” seeking doorbell camera video footage, frequently with serious privacy ramifications. Those privacy concerns have now become significantly worse.

Michael Larkin is one of ten million Amazon Ring customers in the United States. He lives in Hamilton, Ohio where he has 21 Ring cameras in and around his home and nearby business, including cameras in his living room and bedroom. Police investigating area drug activity twice asked Larkin for doorbell cam footage, which he provided. When he refused a subsequent more onerous request for all his footage for a particular day the police cut Larkin out of the picture entirely. They sought and obtained a search warrant signed by a judge ordering Amazon to turn over all the footage from all the cameras, including the cameras in the living room and bedroom – potentially deeply private footage of no value to the investigation.

Fortunately for Larkin, although Amazon provided all the requested footage in their possession, his indoor cameras were not recording for the timeframe requested. Yet, this episode highlights a vulnerability in the protections of the Fourth Amendment: judges frequently sign warrants they shouldn’t.

Unfortunately for us, our privacy protections are only as strong as the willingness of our judges to uphold their oath of office and be faithful to our Constitution. Sometimes that can’t be depended upon.

In the Courts

Supreme Court of the United States building — Photo by Claire Anderson on Unsplash

Audit Trails Are Discoverable in Queens

Shane Ferro, Digital Forensics Staff Attorney

Earlier this month, Queens Criminal Court Judge Wanda Licitra ruled in People v. Flores Torres (2023 NY Slip Op 50169(U) [Queens Co. Sup. Ct. 2023]) that body-worn camera audit trails are discoverable in New York under Criminal Procedure Law Article 245--something that the Digital Forensics Unit has been fighting for since the 2020 discovery reforms were enacted.

Audit trails, for those who aren't obsessed with the minutiae of body cams, are akin to a chain of custody form for each body cam video. Many people (prosecutors) mistakenly claim they are the same as the metadata forms, but they are in fact significantly more detailed. The audit trails track when a body cam is turned off and turned on, when it malfunctions, when its video is uploaded, when the video is accessed later, and when and if the video is edited and by whom. When we receive the audit trails, they can help us resolve factual disputes about the body-worn camera in a case before we have to bring it up to the court, for example helping us determine whether a camera cut off because it malfunctioned or whether the officer intentionally turned it off.

Yet, to this day, many of the prosecutors in New York City continue to refuse to turn over these documents. In Queens specifically, prosecutors have continued to maintain that they don't have access to them and, because the body cam management software is run by a third party, it is technically the entity that creates the log, so it “isn't in the possession of the People.” A judge recently ruled against the Bronx District Attorney’s Office when they made a similar argument regarding ShotSpotter discovery materials. In other boroughs, there has been more of an emphasis on whether they're discoverable at all.

Judge Licitra's decision in Torres held that “audit trails fall plainly within the ambit of automatic discovery,” citing to C.P.L. § 245.20[u][i][B]. The court went on to note that,

“The defense asserts—and the People do not dispute—that Axon audit trails contain metadata associated with the body-worn camera video files from this case. The audit trails ‘permanently log[] all activity related to each piece of footage.’ Without dispute from the People, the defense alleges that the audit trails include ‘modifications made to the video, any notes added or deleted, when the video was watched and by whom, when the camera was turned on and off, if the camera malfunctioned, if the battery died on the camera, and many other pieces of detailed information.’”

Torres at *4 (internal citations omitted).

The ongoing question in the decision then was not whether the audit trails are discoverable but whether they are within the “actual or constructive possession” of the People. The Court ordered a 30.30 hearing to determine the answer.

You will notice here it says the question “was.” That is not an oversight. The hearing in this case was scheduled for April 17. However, last week, the Appeals Bureau at the Queens DA's office emailed all the parties in the case conceding the factual point. The email stated that while line ADAs do not have access, the office as a whole does. (What was not said, but we know, is that the NYPD does, too, and it's as simple as checking a box when sending the body cam to also send the audit trails.) The DA's office has asked for time to file further supplemental briefing on the legal question of whether audit trails are discoverable, which was granted by the Court.

For now, factually, we have confirmation that at least the Queens DA's office has access to the body cam management software, Evidence.com. And we have a decision that for the moment says the audit trials are discoverable. We can only hope it stays that way.

Ask an Analyst

Do you have a question about digital forensics or electronic surveillance? Please send it to AskDFU@legal-aid.org and we may feature it in an upcoming issue of our newsletter. No identifying information will be used without your permission.

Q. What is a Peer-to-Peer transaction, and what apps are commonly associated with this?

A. Have you ever been in a situation where you didn’t have cash on you, and instead asked someone to “Venmo” you? This is an example of a Peer-to-Peer or “P2P” transaction. It is a method of electronically transferring money, usually with a mobile device such as a phone. Depending on the recipient’s preferences, the funds may be transferred instantly. The money commonly comes out of a bank account or debit card. There is also usually an option to use a credit card, although this may incur an additional fee. Platforms like Venmo and Cash App are commonly used for this purpose. Zelle is another popular platform, although there is a slight distinction in that it is usually integrated within (and is a partner of) the banks themselves, as opposed to a third-party app.

P2P platforms are commonly used to send money between individuals and purchase goods or services from businesses. From a digital forensics perspective, there is a lot of data that can be acquired from these platforms. However, the data can vary depending on the method by which it is obtained. The three main methods to obtain data are a subpoena or search warrant to the company, a phone extraction, and logging into the relevant site with proper credentials.

For a subpoena or search warrant, each platform has different legal guidelines that apply to the data they will disclose in response to a legal demand (Cash App, Venmo). Typically, search warrants will garner the most information.

Site logins with account credentials will also enable the acquisition of a good amount of data. For example, a successful login will usually allow for statements to be downloaded, which may include transaction history, the amount of money being transferred, the funding source, the date of the transaction, and the names of the sender and recipient. Additionally, a Venmo user can retrieve a copy of their data by going to their privacy settings on the web and requesting the data (Cash App does not offer this option and only allows for statement downloads).

Phone extractions will capture some transaction history but, as with most things regarding this method, it will vary by several factors including, phone model, operating system, and app version.

In addition, it should be noted that these platforms are also equipped to accept cryptocurrency such as Bitcoin and Ethereum. So, if a case involved cryptocurrency, it may also involve a P2P app.

P2P payments and platforms have become a popular method for users to send payments to each other and conduct business transactions. Criminal defense attorneys should be aware of these apps and the different types of data that can be acquired by both the prosecution and defense experts.

Donovan Santiago, Digital Forensic Analyst