STE WILLIAMS

Federal prosecutors are creating a cloud-based database full of personal data extracted from the locked phones of Trump protesters arrested on Inauguration day.

They want to make the data available to the lawyers of 214 defendants accused of felony rioting. According to court papers (PDF) prosecutors filed on Wednesday, the Feds are seeking an order from the court that would prohibit the defense lawyers from copying or sharing the information unless it’s relevant to defend their clients.

On the day of the arrests, January 20, prosecutors claim that more than 200 protesters marched through the heart of Washington DC, causing more than $100,000 in damage. The protesters shattered store windows, set fire to a limo, and hurled projectiles at police in riot gear, who responded with flash-bang grenades, tear gas and pepper spray.

Police arrested what they said were about 230 people who rioted or incited to riot. Not all of those arrested were protesters: rather, sweeping arrests during the inauguration parade indiscriminately targeted rioters, protesters, medics, lawyers and journalists alike.

Police seized the phones of more than 100 of those arrested. Although all of the devices were locked, the government is now in the process of extracting data from the phones and “expects to be in a position to produce all of the data from the searched Rioter Cell Phones in the next several weeks,” according to the filing.

Police also turned to Facebook to mine data about the protesters: subpoenas for account information were being served on Facebook within a week of the arrests, and one arrestee’s Gmail account showed account activity from his or her mobile device while it was in police possession.

The government plans to put each defendant’s extracted phone data in a separate folder on a portal called USAfx. Through that portal, every defendant’s lawyer will be able to access every other defendant’s phone data.

Granted, the prosecutors said, this dump will contain a lot of irrelevant and private data. It will include photos, videos, medical data, and identifying information “that should not be further disseminated,” the government says.

Of course, the government says, the lawyers will check out their own client’s data. And yes, the government expects that they’ll check out other defendants’ personal data, too, as they plan a defense strategy that could pull in associated evidence.

And that gets us to the point of the filing: it’s a request for a protective order that would keep defense lawyers from copying and disseminating the private phone data from defendants besides their own clients… unless it’s relevant to preparing a defense, that is.

If there’s one thing this case makes crystal clear, it’s that the authorities’ success in getting past Apple encryption goes well beyond the prolonged battle over the unlocking of Syed Farook’s iPhone following the San Bernardino shootings.

The government got past Apple’s encryption with the help of an unnamed third party.

Besides the government’s success in breaking into the terrorist’s phone, there are cellphone extraction devices that can be used to crack the locked devices and to extract data including deleted call histories and text messages, as well as data collected by the phone and apps that the user is unaware is being collected, as The Intercept has reported.

As Forbes notes, police have other tools that they can use to pull information from devices, regardless of what operating system they’re running, as well as partners they can call on to hack the devices.

For one, there’s the Cellebrite Physical Analyzer tool to search a phone’s contents. In some, but not all, cases, the courts have decided that law enforcement requires reasonable suspicion to use such a tool.

In the case of the Trump protesters, government officials said they have search warrants to extract data from the phones.

If encryption precludes using a tool like Cellebrite’s, there are partners who can give decryption a go. Forbes cited Mitre Corporation, classified as a Federally Funded Research and Development Center, which is often relied on by government agencies to search mobile devices.

Then again, police could have simply forced those arrested to unlock their phones with their fingerprints. Courts have generally found forced fingerprint biometric unlocking more acceptable than forcing password disclosure (though that’s not stopping Pennsylvania from keeping a child abuse suspect locked up indefinitely until he hands over his password).

Buzzfeed reports that at least one defense lawyer, Christopher Mutimer, plans to oppose government efforts to pull clumps of Trump protesters in for joint trials, which he said “creates a danger of wrongful convictions based on guilt by association.”

Buzzfeed also reports that some defendants have filed motions to dismiss the charges against them, arguing that the indictments aren’t specific enough in tying individuals to particular acts of rioting.

Others argue that the Justice Department has a conflict of interest and should be disqualified, given that the protests were against Trump and he’s now the head of the executive branch. The government hasn’t yet responded to either type of motion.

Arraignments are scheduled through early April. Follow-up hearings will start in mid-April. At that point, the judge will likely consider evidence-related issues and motions.

Follow @NakedSecurity
Follow @LisaVaas

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/D0uVnObYEMQ/