June 5, 2023
Welcome to Decrypting a Defense, the monthly newsletter of the Legal Aid Society’s Digital Forensics Unit. In this issue, Shane Ferro reviews the digital forensic failures by the FBI in the prosecution of an ex-CIA agent. Diane Akerman discusses ShotSpotter’s rebranding. Joel Schmidt provides an overview of the Legal Aid Society’s advocacy in surveillance and privacy policy. Jerome Greco gives a recap of the successful Decrypting a Defense: Revenge of the Data conference.
The Digital Forensics Unit of the Legal Aid Society was created in 2013 in recognition of the growing use of digital evidence in the criminal legal system. Consisting of attorneys and forensic analysts, the Unit provides support and analysis to the Criminal, Juvenile Rights, and Civil Practices of the Legal Aid Society.
In the News
The Feds May Lose a Case Because the FBI Forgot How an iPhone Works
Shane Ferro, Digital Forensics Staff Attorney
This week, NBC News reported that a federal criminal case against ex-CIA agent Brian Jeffrey Raymond, who is accused of dozens of counts of sexual abuse, is in danger of collapse because the FBI improperly executed the search warrant for the defendant’s cell phone.
While laypersons or true crime girlies may be tempted by the defendant and the crime touted in this headline, a defense attorney’s head turns at the mention of “improperly executed search warrant.”
It seems that most of the evidence against Raymond comes from the digital evidence seized from his two iPhones, which were searched in 2020.
The details from the story state that the government got a warrant for Mr. Raymond’s personal and work iPhones, served it, and seized the phones. However, “agents got tripped up… by their apparent lack of understanding of the layers of security on iPhones, and by the complex body of law governing how law enforcement must deal with those security measures.”
It is strange that the FBI would be “tripped up” by a lack of understanding of iPhone security in the year 2020, as most children know how to get into an iPhone in this third decade of the twenty-first century. Alas, the FBI struggled.
On the one hand, Mr. Raymond apparently “told [the FBI] he had photos of unclothed women on them” just before the phones were seized, which makes the lawyer in me very sad, but he gets two thumbs up for this move:
Agents took the phones from Raymond after meeting him in the lobby of his hotel, but he had turned them off before handing them over. Accessing them at that point required the passcode, which the agents did not have.
The legalities of executing phone search warrants are finicky, because passcodes add a Fifth Amendment layer on top of the warrant. While biometrics, like thumbprints and FaceID, can be compelled (though defense attorneys should still fight it!), forcing someone to put in a passcode is more clearly considered testimonial, and a Fifth Amendment violation. That seems to be what happened here.
The story says the agents first took the phones that were turned off, realized they couldn’t get in, went back to Raymond and forced him to use his thumb to open the phones. However, that only worked as long as the phone remained unlocked. Once the screen went black, they lost access again. So they went back to Raymond once more and forced him to provide the passcode so they could get in continuously. They apparently asked for the passcode or passwords 27 times.
The Digital Forensics Unit’s own Senior Analyst Brandon Reim was baffled after reading this story. He noted that they should have either known they would need the passcode from the beginning, or known to immediately changed the phone’s settings to never lock once they got in the first time. Because they didn’t, suppression could be on the table.
There’s both a Fourth and a Fifth Amendment argument here: first, once they got into the phone once, that was the execution of the search warrant. Defense attorneys argue that going back for a thumbprint or passcodes again was a new search, requiring a new warrant under the Fourth Amendment. Second, forcing him to turn over his passcode was a “compelled self-incriminating statement to law enforcement” under the Fifth Amendment.
While the judge hasn’t yet ruled on the motion to suppress, the article quotes a prior ruling in the case in which she stated “‘there are viable concerns regarding the manner in which the warrant was executed’ and ‘troubling’ actions by law enforcement agents stemming from their ‘admitted technological ineptitude’ and their failure to plan.”
A Junk Science By Any Other Name
Diane Akerman, Digital Forensics Staff Attorney
Portland’s Mayor announced last week that the city wouldn’t be pursuing a contract to use ShotSpotter in the city, and instead invest in community violence intervention and outreach programs. The decision came after numerous news outlets reported not only on the unreliability of the technology, but on a troubling relationship between the group who recommended the technology and the police bureau.
Portland is yet another in a series of cities over the years ending contracts with ShotSpotter after acknowledging the technology is essentially useless. The movement urging cities to cut ties with the problematic tech has grown as more studies show the tech is unreliable and fails to have any real effect on crime, despite the companies claims.
Meanwhile, if you’ve recently gone hunting for “ShotSpotter.com” to read some of those claims, you’d be out of luck. As of April, the company rebranded as SoundThinking, and expanded their product line beyond just ShotSpotter. Rebranding may not seem like news, but products rely on consumer name recognition. ShotSpotter was not the only gunshot detection technology on the market, but it’s certainly the only one most people can name.
The move is reminiscent of Taser’s name change to Axon in 2017 in an effort to distance themselves from the eponymous weapon they spent so long claiming was non-lethal. Some might say that having your company name become synonymous with the service it provides is a sign of market dominance - like Google, Xerox, or Photoshop - until it starts becoming clear to the public that the emperor both has no clothes (and that his stock value is tanking). When your company is both synonymous with the service it provides and dominates the market, changing the name really screams “we’re hiding something.”
This rebranding should highlight something litigators should always keep in mind when faced with the use of these products – these are for-profit companies whose claims are nothing but marketing material aimed at luring customers. And what customer, after all, is better than law enforcement, with notoriously bloated budgets. When prosecutors come to court touting the reliability of surveillance tools, the first question you should always ask is whether these claims are verified anywhere but the “about us” section on a website. 404 reliability not found.
Policy Corner
Banning Big Brother
Joel Schmidt, Digital Forensics Staff Attorney
A coalition of civil rights organizations, including The Legal Aid Society, are advocating for the passage of a package of state bills that would reign in the government’s unlawful mass surveillance of New Yorkers and the wholesale violations of our privacy.
Included in the package is a bill that would prohibit reverse location searches, or geofence warrants as the practice is widely known. A geofence warrant compels a company (most typically Google) to disclose every cellphone known to have been in a particular area at a particular time. Last month this column discussed just how important it is for judges to closely scrutinize geofence warrants, and reported on the decision of a California appellate court to invalidate a warrant drafted by the Los Angeles County Sheriff’s Department.
Now a bill is before the New York State Senate and Assembly that would completely prohibit reverse location searches, with or without a warrant. Should this bill become law, reverse location searches would be completely prohibited in New York State, even if appellate courts were in the future to hold that warrants are not required for such searches.
Reverse location searches ensnare everyone within a given area, almost all of whom are innocent New Yorkers who have not committed any crime. A letter of support [PDF] for the bill, signed by forty-three civil rights organization, warns that reverse location searches “pose a clear threat to New Yorkers, putting them at risk of false arrest, chilling First Amendment rights to protest and worship, and giving police an Orwellian power to track the public.”
The harm is not just theoretical. In 2018, Jose Molina was falsely accused of murder, and jailed for six days, when data obtained by a geofence warrant allegedly placed him at the scene of the homicide. During his interrogation, Mr. Molina was told “one hundred percent, without a doubt” his cellphone was at the shooting scene. Mr. Molina was ultimately exonerated, but as the Harvard Law Review noted, as result of his arrest “Molina dropped out of school, lost his job, car, and reputation, and still has nightmares about sitting alone in his jail cell.”
Zachary McCoy is an avid biker who goes on frequent bike rides in and around his neighborhood in Gainesville, Florida. Like many bikers (and runners), McCoy tracks his activities on a GPS-enabled app on his phone, such as Strava, or as in McCoy’s case RunKeeper. McCoy became a suspect in a burglary when data obtained by way of a geofence warrant showed that as part of his frequent loops around the neighborhood he had biked pass a house a mile from his home three times in one hour. Ultimately, the police were persuaded by details in a court filing prepared by McCoy’s attorney to drop McCoy as a suspect, but not everyone may be as fortunate. “If you’re innocent, that doesn’t mean you can’t be in the wrong place at the wrong time, like going on a bike ride in which your GPS puts you in a position where police suspect you of a crime you didn’t commit,” McCoy told NBC News.
The most recent figures [PDF] released by Google, in 2021, show that in 2018 there were 50 New York geofence warrants served on Google. That number shot up to 172 in 2019 and 265 in 2020. Nationally, those numbers are 982, 8,396, and 11,554, respectively. The number of Geofence warrants served on Google have almost certainly exponentially increased since 2020 and will only continue to rocket upwards if we don’t put a stop to it.
As a legislative trendsetter, when New York passes a law other states frequently follow. The passage of this bill would not only protect New Yorkers from the harms of reverse location searches, but it also has the very real potential of protecting others across the country as well. The Legal Aid Society supports this bill and encourages the New York State Legislature to pass it.
Recap
Decrypting a Defense: Revenge of the Data
Jerome D. Greco, Digital Forensics Supervising Attorney
The Digital Forensics Unit hosted its second annual Decrypting a Defense conference on April 27, 2023 at CUNY School of Law. This year’s theme was Revenge of the Data. We were excited to have over 120 defense attorneys, investigators, law school students, and others attend.
The first presentation of the day was Private Until Presumed Guilty: Surveillance in a Post-Dobbs World by DFU’s own Diane Akerman and Allison Young. Armed with original forensic analyses of period tracking apps, health data, and search history, among other sources of information, Diane and Allison explained how methods of privacy invasion that already existed were now being applied by law enforcement in the investigation and prosecution of pregnancy outcomes and reproductive decisions.
The next presentation was They’re Listening: A Quick Tour of Big Data’s Collision with Jail Surveillance by Elizabeth Daniel Vasquez from Brooklyn Defender Services. While most defense attorneys have received recordings of their incarcerated client’s calls in discovery, the magnitude of this surveillance and data analytics is not as well known. Elizabeth explored the depths of these issues, using Securus Technologies as a case study.
Before breaking for lunch, DFU’s Diane Akerman, Shane Ferro, Christopher Pelletier, and Brandon Reim presented “He Says There Are Messages on His Phone”: Building a Narrative Through Digital Investigation. Attorneys have heard it before, their client tells them there are messages or other important case related data on their cell phone. The presenters created a mock case example by generating data using two test phones. Using the test data and case hypothetical, they walked the audience through how to build a defense based on digital evidence. This included a tutorial on Cellebrite Reader reports, admissibility issues, and challenging the prosecution’s evidence.
In Unfounded Suspicion: Challenging the Science of ShotSpotter, DFU’s Benjamin Burger held a discussion with the Innocence Project’s Tania Brief and the Cook County Public Defender Office’s Brendan Max. As ShotSpotter rebrands itself, attorneys and activists continue to fight back against its use. With that in mind, Benjamin started with a brief overview of the ShotSpotter technology, and followed with an informative conversation between Tania, Brendan, the attendees, and himself, on topics ranging from Frye/Daubert challenges to cross-examination of ShotSpotter “experts.”
Following the ShotSpotter conversation, Brian Cummings from the New York State Defender Association presented Not Caught on Camera: Video Alterations and Metadata. Video evidence is ubiquitous in criminal cases, and so are the issues regarding admissibility, metadata, and alterations. Brian also discussed photogrammetry and video compilation/timelines. He expertly guided attendees through these issues by providing valuable technical information and applicable case law.
Closing out the day, I presented Handling Digital Contraband: Ethical and Practical Considerations fulfilling New York’s new Cybersecurity, Privacy and Data Protection [PDF] CLE requirement for attendees. As discovery and evidence continues to move from paper to electronic, the potential for possessing digital contraband grows. I discussed the unique complications that arise under these circumstances and the best way to address them.
Thank you to all the presenters, DFU members, conference workers, CUNY School of Law, and attendees. We look forward to next year’s conference. We hope to see you there.
Upcoming Events
June 5-8, 2023
RightsCon Costa Rica (San Jose, Costa Rica & Virtual)
June 5-8, 2023
Techno Security & Digital Forensics Conference East (Wilmington, NC)
June 8, 2023
(Un)sound Detection System: The Many Flaws In ShotSpotter’s Surveillance System (NYSACDL) (Virtual)
June 20, 2023
E-Discovery 101: How To Gather And Use Electronically Stored Information (NYSBA) (Virtual)
June 22, 2023
Video Mitigation in Criminal Defense (NYSACDL) (Virtual)
July 13, 2023
AI Admissibility And Use At Court Hearings (NYSBA) (Virtual)
July 19, 2023
The Ethics Of Social Media Use By Attorneys (NYSBA) (Virtual)
August 3-11, 2023
Digital Forensics & Incident Response Summit & Training 2023 (SANS) (Austin, TX & Virtual)
August 10-13, 2023
DEF CON 31 (Las Vegas, Nevada)
September 11-13, 2023
Techno Security & Digital Forensics Conference West (Pasadena, CA)
Small Bytes
SMH: The rapid and unregulated growth of e-massaging in prisons (Prison Policy Initiative)
New Tool Shows if Your Car Might Be Tracking You, Selling Your Data (Vice)
How Digital Trails And Digitized Data Complicate The Surveillance And Criminalization Of Abortion Care (Equity Forward)
Colorado Supreme Court hears first-of-its-kind challenge to police’s use of Google search terms to ID murder suspects (Greeley Tribune)
People are trying to claim real videos are deepfakes. The courts are not amused (NPR)
*
Privacy or safety? U.S. brings ‘surveillance city to the suburbs’ (Context)
Eyes on the poor; Cameras, facial recognition watch over public housing (Washington Post)
Here’s What Happens When Your Lawyer Uses ChatGPT (New York Times)
*We have removed a link to an article from The TRiiBE titled “Why is the State’s Attorney’s Office hiding ShotSpotter evidence” after being informed by SoundThinking (f/k/a ShotSpotter) that The TRiiBE had retracted the article and replaced it with the following message: “Editor’s Note: The TRiiBE has decided to retract the story Why is the State’s Attorney’s Office Hiding ShotSpotter evidence based on additional information provided after the story ran regarding the role of the ShotSpotter alert in the Williams case.”