https://www.techdirt.com/2024/12/04/federal-court-says-dismantling-a-phone-to-install-firmware-isnt-a-search-even-if-was-done-to-facilitate-a-search/ Hide Check out our Kickstarter for One Billion Users, a competitive card game about social media. Back the campaign and secure your copy >> [ ] Techdirt. [ ] * Sign In * Register * Preferences Techdirt [ ] * TechDirt * GreenHouse * Free Speech * Error 402 * Ctrl-Alt-Speech * Deals * Jobs * Support Techdirt [podcast-ti] Elon Musk Should Be Shouting About The Florida And Texas Social Media Laws (But Are You Surprised That He's Not?) Techdirt Podcast Episode 407: Brendan Carr Is A Threat To Free Speech Federal Court Says Dismantling A Phone To Install Firmware Isn't A 'Search,' Even If Was Done To Facilitate A Search [legal-issu] Legal Issues from the no-disassemble dept Wed, Dec 4th 2024 11:48am - Tim Cushing This is probably the correct conclusion to arrive at, at least at this point in extremely limited jurisprudence, but it still raises some questions courts will likely have to confront in the future. Is manhandling a phone to make it responsive to a search itself a search, or does the Fourth Amendment not kick in until after the search of the phone's contents occurs? (h/t FourthAmendment.com) As is often the case when Fourth and Fifth Amendment concerns are raised during evidence suppression efforts, this one involves alleged possession of child sexual abuse material. That doesn't mean the defendant doesn't raise good points. That just means the public is less likely to sympathize with the defendant. It also means -- given the hefty sentences often handed to child sexual abusers -- they have more reason than most to try to get the evidence suppressed. It doesn't work here, though. The court notes in the opening of its decision [PDF] that the final search occurred months after devices were seized. And the search that produced the evidence used here wasn't possible until after the government had done a lot of other stuff to the suspect's phone. The Government executed a search warrant at Defendant's residence and seized fifty-two devices, including an iPhone and an iPad. Law enforcement identified contraband on several devices, but could not examine the iPad, which was passcode-protected, or the iPhone, which would not power on. The Government retained the iPad and iPhone for over a year. Eventually, with the assistance of a digital forensics expert who had not previously been involved in the investigation, the Government was able to repair the iPhone and power it on. The Government then applied for, and received, a new search warrant. Pursuant to this authority, agents searched the iPhone and--thanks to intervening developments in digital forensics tools--the iPad. First of all: wow. "Seized 52 devices." I'd love to see a list of these devices because I don't think I even own enough items with screens and/or internet connectivity in any condition to fill up an inventory list with 22 slots, much less the 52 taken here. Second, there's this twist: the government held onto all of these for more than a year and had to bring the suspect's iPhone back to life to search it. The most logical assumption would be that a non-working device would be of limited evidentiary value. But the DHS (whose Homeland Security Investigations unit took point in this case) apparently felt otherwise. What's almost hidden here is that reviving the phone led to the government being able to crack it, despite the presence of a passcode. And, in case you're still wondering about the value of walled gardens, cracking the iPhone immediately led to cracking the iPad, which suggests if the government has one Apple device owned by a suspect it can get into, it can probably get into the rest of their Apple devices. There are more details further on in the court's discussion. HSI took control of 52 devices in May 2022. Investigators couldn't break into the devices so they applied for an extension two months later, which gave them another six months to accomplish this. HSI still couldn't crack the devices so another six-month extension was sought. And granted, bringing this 14 months of no movement forward on the searches originally approved back in May 2022. And that raises another question that isn't answered here: do temporal limitations on warrants even matter anymore? I mean, if the government can just ask for (and obtain) six month extensions at will, why even bother placing time limits on the original warrants? At best, this only means government agents who are too stupid to seek a rubber stamp before expiration might see their evidence suppressed. At worst, it means the government is free to fold, spindle, and manipulate seized devices in perpetuity, because few judges are willing to tell the government that if they don't have the stuff they're looking for by now, they're probably never going to get it. Now, the narrative says the iPhone was "inoperable" (to use HSI's own words). But the DHS sent it out to a "partner forensic laboratory" (I'm going to assume this was the FBI), which was able to finally obtain access to the phone by: ...replacing its circuit board and re-flashing the device's firmware. Now, that looks like the sort of thing not covered or considered by previous case law or the original warrant request. This is something else. This is another government party extensively modifying seized property to make it more receptive to phone-cracking efforts. One would think a court would need to be apprised of this opportunity before it became a reality, if for no other reason than the original warrant only authorized a search, not the literal cracking of a cell phone (or its casing, at least) to replace a circuit board and install new firmware. I think the defendant raises a good point. But I also think, given the lack of precedent, the court is not completely wrong to rule that reviving a device so it can be searched isn't actually a search under the Fourth Amendment. To put it in other physical terms, no court would believe pulling a car out of the water after dredging a lake would be a search, even if the recovered vehicle was searched pursuant to a search warrant. But maybe that's not the best analogy. What if the onboard electronics were damaged and investigators had a warrant authorizing the recovery of GPS data and anything else recorded by onboard systems? Would it be ok to take the car to the shop to have the electronics re-flashed and the touchscreen replaced to provide easier access to stored info? If we look at it that way, I'm not so sure this should happen without a visit to the court to either extend the confines of the existing warrant or to submit a new one that addresses what efforts the government will be engaging in to recover this information. As it stands now, firing up a phone defibrillator (so to speak) isn't a search and therefore isn't a Fourth Amendment violation. But that ruling won't last. Investigators will, at some point, perform a resurrection a court can't cope with. It's one thing to seize, hold indefinitely, and hope for the best. It's quite another thing to perform a series of physical and digital acts on a device -- all without informing the court of your intentions -- and pretend the circumstances are the same as they were more than a year earlier. If courts are going to ignore time limits just because cops haven't gotten what they wanted in the first 6-18 months they've been in control of a device, the least they can do is start questioning the methods they use after the usual stuff has failed to give them what they want. Filed Under: 4th amendment, forensic search, oregon, phone search, warrants Companies: apple 21 CommentsLeave a Comment If you liked this post, you may also be interested in... * Court Says There's Nothing Unconstitutional About Warrantless Seizures, Searches Of An Immigration Lawyer's Phone * You Can't Do Mass Deportations Without Mass Domestic Surveillance And ICE Is Already Exploring Its Options * Sixth Circuit Tosses Evidence After Cop Can't Find One Credible Reason For Extending A Traffic Stop * Texas Ballot Measure Decriminalizes Marijuana Possession, Says 'Odor Of Marijuana' Is No Longer Probable Cause * Seventh Circuit Again Says Long-Term Pole Camera Surveillance Isn't Unconstitutional * * * * * * * * * * * * * * * * * * * * * Rate this comment as insightful Rate this comment as funny You have rated this comment as insightful You have rated this comment as funny Flag this comment as abusive/trolling/spam You have flagged this comment The first word has already been claimed The last word has already been claimed Lightbulb icon Laughing icon Flag icon Lightbulb icon Laughing icon Comments on "Federal Court Says Dismantling A Phone To Install Firmware Isn't A 'Search,' Even If Was Done To Facilitate A Search" Subscribe: RSS Leave a comment * Filter comments in by Time * Filter comments as Threaded * Filter only comments rated Insightful * Filter only comments rated funny LOL * Filter only comments that are Unread 21 Comments Collapse all replies [d3f2d17313]Anonymous Coward says: December 4, 2024 at 12:32 pm I see it was an iPhone 6, which is vulnerable to the checkm8 exploit. That's probably how they hacked it. Any phone XS or newer is safe, for now... Reply View in chronology Make this comment the first word Make this comment the last word [cc892543fb]Anonymous Coward says: December 4, 2024 at 1:14 pm "Seized 52 devices." USB memory devices, most likely bulking up the numbers. Reply View in chronology Make this comment the first word Make this comment the last word [24354e3a71]Anonymous Coward says: December 4, 2024 at 1:26 pm Think about those extensions: 1) if the cops had other examples of child porn (52 devices, remember? By the process of elimination, 50 of them were accessible.), what additional value would be derived from cracking the remaining two devices? 50 examples of CSM gets you a lighter sentence than 51? Were they looking for incriminating material for OTHER crimes (despite the search warrant)? 2) if the cops did not have evidence of CSM from elsewhere, what was their basis for extending the search warrant? "Trust us, judge, the Truth is Out There!" Collapse replies (1) Reply View in chronology Make this comment the first word Make this comment the last word Threaded [2] [1be2b96354]Anonymous Coward says: December 5, 2024 at 11:05 am Re: It's important to recover any information regarding victims so they can be identified and removed from abusive environments Reply View in chronology Make this comment the first word Make this comment the last word [user-default]McKay (profile) says: December 4, 2024 at 1:42 pm Where do you draw the line? We're not going to search your house, but we are going to put cameras inside your house. That's not a violation of the Fourth amendment. That's not an illegal search until we turn the cameras on. Reply View in chronology Make this comment the first word Make this comment the last word [user-default]Shannon Vanshoon (profile) says: December 4, 2024 at 1:44 pm Ah... I can't help but wonder: if they had 52 total devices they seized from the defendant, what could possibly be on the phone and tablet that would further add to what they already had? This more feels like the usual nonsense of police going completely insane because they know they can get away with it. Collapse replies (1) Reply View in chronology Make this comment the first word Make this comment the last word Threaded [2] [user-default]BernardoVerda (profile) says: December 4, 2024 at 3:47 pm Re: Perhaps it was about proving possession/ownership/knowledge of the contents? IANAL, but it seems to me that the suspect might be able to argue the authorities couldn't prove that those were his usb sticks, nor that he actually knew what was on them, but for his own, personal iPhone, denying ownership of, agency, and knowledge of the contents of, that phone would be a vastly more difficult argument. Reply View in chronology Make this comment the first word Make this comment the last word [68bd6d580f]Anonymous Coward says: December 4, 2024 at 2:10 pm If they had found nothing, would the guy even get his phone back, because its no longer his phone its there's. Or perhaps they would just give back the shell and battery. Reply View in chronology Make this comment the first word Make this comment the last word [user-default]DanK (profile) says: December 4, 2024 at 2:27 pm If dismantling is ok when it isn't the search, where does it stop? If they want to search your office, but your office has a locked door, could they dismantle your door and then claim the room was open and unlocked? They weren't interested in your door... They gained no information from your door... But suddenly your desk was accessible. Reply View in chronology Make this comment the first word Make this comment the last word [user-default]billyfromcali (profile) says: December 4, 2024 at 2:34 pm If I was a defense lawyer I'd argue that this device is no longer a 1:1 copy and that it has been modified. I remember when it came out that Graykey and others were using vulnerabilities to break into iPhones and other devices and that it had to rewrite code and lawyers were arguing that the device is no longer an untainted, clean version of what it was. No matter how small the changes, THERE ARE CHANGES. Think about when DNA or other fluids are taken or photographed how the room has to be sterile and the samples. Why are computer forensics any different? I'd argue that the govt has made changes to the source and corrupted the "sample" and "evidence" Collapse replies (2) Reply View in chronology Make this comment the first word Make this comment the last word Threaded [2] [fdd686ffef]Anonymous Coward says: December 4, 2024 at 7:42 pm Re: Ha, it isn't any different, since time out of mind, evidence collection, processing, analysis, and summary (including testimony) has been between sketchy and shady af. Reply View in chronology Make this comment the first word Make this comment the last word Threaded [2] [1ca9ac4c3a]Anon says: December 5, 2024 at 11:54 am Re: Would this apply to the iPad though? It seems to me that one of the major goals of regaining access to the phone was so that it could be used to unlock the iPad Reply View in chronology Make this comment the first word Make this comment the last word [8f34405c76]Anonymous Coward says: December 4, 2024 at 2:57 pm If I put a camera in your house, it's not illegal until I look at the feed. Reply View in chronology Make this comment the first word Make this comment the last word [c4a968144f]Anonymous Coward says: December 4, 2024 at 2:59 pm "I didn't murder him your honor! I was just putting him to sleep by force!" Reply View in chronology Make this comment the first word Make this comment the last word [dc877833ae]Anonymous Coward says: December 4, 2024 at 3:15 pm I'm leaning toward the government on this one. 1) Unless they were just farting around and/or trying to drag things out for a quick plea, it seems appropriate for them to have to go back to a judge every 6 months or so to allow the judge to decide whether in this specific situation, an extension should be granted. 2) They found a way to resurrect the phone, and then stopped and got a warrant to search. That's the way judicial oversight is supposed to work. They still need to prove that the evidence obtained is truly from this device and not altered by the repair, but if they can do that, they have a good method here. Collapse replies (1) Reply View in chronology Make this comment the first word Make this comment the last word Threaded [2] [f0fd2cfab8]Anonymous Coward says: December 4, 2024 at 7:47 pm Re: i wouldn't argue the procedure is necessarily bad, but there must be something about it given that they chose to delay, and chose not to inform the court in any warrant applications or otherwise. The real issue is how much leeway and forgiveness they get for anything. i don't want to hear about 1 year + of exigent circumstances. Reply View in chronology Make this comment the first word Make this comment the last word [d7f0928b0c]Anonymous Coward says: December 4, 2024 at 3:52 pm I think a better analogy is that they kicked in his door but didn't enter the house to search. Reply View in chronology Make this comment the first word Make this comment the last word [user-default]Designerfx (profile) says: December 4, 2024 at 4:42 pm uhhh so cracking a safe isn't a search? that's probably the closest thing I could think of Collapse replies (1) Reply View in chronology Make this comment the first word Make this comment the last word Threaded [2] [e84d2582b9]Anonymous Coward says: December 5, 2024 at 4:42 am Re: It sounds like the cops had possession of the "safe", but couldn't open it for a long time, so they kept asking for warrant extensions. Then, they finally found a "locksmith" that managed to open it by hacking the safe's circuit board. If read like that, the hacking of the iPhone seems reasonable, but I'd still question the rubber-stamping of the warrant extensions. I do have my personal reservations about phones and the justice system's lack of tech knowledge, but this whole case seems reasonable . I'm welcome to arguments for the contrary. Reply View in chronology Make this comment the first word Make this comment the last word [f1639e5b26]Anonymous Coward says: December 5, 2024 at 5:50 am Hey, United States District Court for the District of Oregon, installing a firewall to improve security isn't 'improving security' even if it's done to improve security. Do you realize how ridiculous your argument is yet? Reply View in chronology Make this comment the first word Make this comment the last word [user-default]A92E0A (profile) says: December 5, 2024 at 11:25 am Can't agree with the court First, kudos to the author and most commenters for discussing the topic at hand, the search (or not) without regard to the CSAM. Almost no such article ever gets written without "So... you support CSAM? What's wrong with you!!??" I cannot agree that altering a thing to facilitate a search of it is not a search itself. We can all agree that the act of searching, in general, usually involves "moving things that block my view", such as lifting up the couch cushion to look for lost keys. Say the police want to search my house but can't because it's a welded-shut steel box. Is it permissible to send my house out to a contractor who replaces my steel roof, floors, and walls with clear plexiglass, then sends it back to the police, who then get a search warrant and start looking around? No. Because "changing things around so we can see" are the very first steps of the search, as in this case. IOW, fixing the electronics were the first steps of an actual search, not done simply to "facilitate a later search." Reply View in chronology Make this comment the first word Make this comment the last word --------------------------------------------------------------------- [] says: Add Your Comment Cancel reply Your email address will not be published. Required fields are marked * Have a Techdirt Account? Sign in now. Want one? Register here Name [ ] Email [ ] [ ]Subscribe to the Techdirt Daily newsletter URL [ ] Subject [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] Comment * [ ] Comment Options: (*)Use markdown. ( )Use plain text. Make this the ( )First Word or ( )Last Word.(*)No thanks. (get credits or sign in to see balance) what's this? What's this? Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop >> [Post Comment][Preview] [ ] [ ] [ ] [ ] [ ] [ ] [ ] D[ ] Elon Musk Should Be Shouting About The Florida And Texas Social Media Laws (But Are You Surprised That He's Not?) Techdirt Podcast Episode 407: Brendan Carr Is A Threat To Free Speech Follow Techdirt Techdirt Daily Newsletter [ ] [Subscribe] Ctrl-Alt-Speech A weekly news podcast from Mike Masnick & Ben Whitelaw Subscribe now to Ctrl-Alt-Speech >> Essential Reading The Techdirt Greenhouse Read the latest posts: * Winding Down Our Latest Greenhouse Panel: The Lessons Learned From SOPA/PIPA * From The Revolt Against SOPA To The EU's Upload Filters * Did We Miss Our Best Chance At Regulating The Internet? Read All >> --------------------------------------------------------------------- Trending Posts * Federal Court Says Dismantling A Phone To Install Firmware Isn't A 'Search,' Even If Was Done To Facilitate A Search * Mass Puppycide Ends Career Of Tennessee Deputy Who Probably Never Should Have Been A Cop * It's Time To Get Ready For The Public Domain Game Jam Techdirt Deals Techdirt Insider Discord The latest chatter on the Techdirt Insider Discord channel... Loading... Become an Insider! Recent Stories Thursday 13:34 FTC Joins CFPB In Finally Taking Aim At Data Brokers As Trumpism Looms (0) 11:08 LA Times Owner To Personally Review Opinion Headlines To Avoid Offending Elon Musk (26) 11:03 Daily Deal: Microsoft Office Professional Plus 2019 for Windows (0) 09:29 Court Says There's Nothing Unconstitutional About Warrantless Seizures, Searches Of An Immigration Lawyer's Phone (14) 05:33 CFPB To Crack Down On Data Broker Financial Data Sales. Assuming It Survives Trumpism. (9) Wednesday 19:43 Mass Puppycide Ends Career Of Tennessee Deputy Who Probably Never Should Have Been A Cop (15) 15:41 Square Enix Appears To Be Using The DMCA Takedown Process To Silence Criticism (12) 13:29 Techdirt Podcast Episode 407: Brendan Carr Is A Threat To Free Speech (9) 11:48 Federal Court Says Dismantling A Phone To Install Firmware Isn't A 'Search,' Even If Was Done To Facilitate A Search (21) 09:27 Elon Musk Should Be Shouting About The Florida And Texas Social Media Laws (But Are You Surprised That He's Not?) (20) More arrow x Email This Story This feature is only available to registered users. You can register here or sign in to use it. Tools & Services * Twitter * Facebook * RSS * Podcast * Research & Reports Company * About Us * Advertising Policies * Privacy Contact * Help & Feedback * Media Kit * Sponsor / Advertise More * Copia Institute * Insider Shop * Support Techdirt Techdirt Brought to you by Floor64 Proudly powered by WordPress. Hosted by Pressable. [Got it] This site, like most other sites on the web, uses cookies. For more information, see our privacy policy