A SECURITY RESEARCHER has discovered that the US Federal Bureau of Investigation (FBI) is seeking a warrant to let it unlock an alleged gang member's phone.
Christopher Soghoian, a graduate fellow at the Center for Applied Cybersecurity Research, blogger and security researcher found the warrant application, and posted its details online.
"The application asks Google to: 'provide law enforcement with any and all means of gaining access, including login and password information, password reset, and/or manufacturer default code ('PUK'), in order to obtain the complete contents of the memory' of a seized phone," he says.
"The phone in question was seized from a gentleman named Dante Dears, a founding member of the 'Pimpin' Hoes Daily' street gang." Dears, presumably, has decided not to agree to hand over his details voluntarily.
An affidavit seen by Soghoian says that the phone was seized in January but so far has not yielded its treasures.
"Technicians at the FBI Regional Computer Forensics Lab (RCFL) were unable to get past the electronic 'pattern lock' access controls protecting the phone (apparently, entering multiple incorrect unlock sequences will lock the memory of the phone, which can then only be accessed by entering the user's Gmail username and password)," he added.
This means two things, says Soghoian. That the FBI in California can not crack a Gmail username and password, even with an array of tools at its disposal, and that there might be precedents for such requests to Google.
"It suggests that a warrant might be enough to get Google to unlock a phone. Presumably, this is not the first time that the FBI has requested Google unlock a phone, so one would assume that the FBI would request the right kind of order," he added.
We have asked Google to comment on whether it has handed over user details to law enforcement authorities after receiving warrants in the past.
Google told us that it would not comment on this case, but explained that it would comply with any legal process that came before it.
"We don't comment on specific cases. Like all law-abiding companies, we comply with valid legal process," said a spokesperson.
"Whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. If we believe a request is overly broad, we will seek to narrow it." µ
State of emergency declared. Curfew in place. Don't drink tap water
Before they're scrapped completely next year
Problematic password protection provision, probably