Special Agent Jonathan R. Cupina of the San Diego division is requesting the warrant to authorize Google to “provide law enforcement with any and all means of gaining access, including login and password information, password reset, and/or manufacturer default code” to the contents and memory of an alleged pimp’s Android phone.
The warrant request was filed March 9, 2012, and spotted by Christopher Soghoian of the Center for Applied Cybersecurity Research on his blog, slight paranoia.
The full 13-page request details the case of alleged pimp Dante Dears, who is a “founding member” of the Pimpin’ Hoes Daily gang.
Dears was initially released on parole in January 2009 after serving four years for his role as a founder of the gang, but he violated his parole on three occasions and served an additional 1.5 years in prison. He was finally released in May 2011, and has since been “communicating with a confidential human source who reported to the FBI on Dears’ continued human trafficking activities.”
On Jan. 11, 2011, the FBI saw Dears using a cellphone for “a period of nearly six hours,” despite having denied possessing a phone for months. Dears’ parole officer confronted him about the device Jan. 17, but Dears claimed it belonged to his sister.
He eventually relinquished the phone to the parole officer, but refused to allow him access to it — a direct violation of his parole. According to the warrant request, Dears signed a form that stated he would “not use any method to hide or prevent unauthorized users from viewing specific data or files; i.e., encryption, cryptography, steganography, compression, password protected files” and that he would provide his login/password info to his parole officer upon request.
So, because Dears refused to give up his password, the FBI needs Google’s help. Apparently, “despite multiple attempts by … technicians,” the FBI cannot crack Android’s super sophisticated code.
According to the warrant request:
“Failure to gain access to the cellular telephone’s memory was caused by an electronic ‘pattern lock’ programmed into the cellular telephone.”
Apparently, the FBI’s computer forensics lab is stumped by an Android pattern lock. The warrant asks for the subscriber’s name, address, Social Security number, account login information, all e-mail and contact list information, any e-mail addresses or instant messenger accounts used on the phone, saved search terms, webpage history, GPS data, all texts sent and received on the phone, and the times and duration of any webpages accessed on the phone between June 1, 2011, and Jan. 17, 2012.
Soghoian, in his analysis of the issue, mentions that there are a few reasons why this whole situation is noteworthy. He mentions the issue of the FBI’s apparent inability to crack an Android pattern lock — but he notes that it’s significant because the FBI is apparently “unable, or unwilling to use commercially available forensics tools or widely documented hardware-hacking techniques” to crack the phone and grab its data.
Soghoian’s commenters point out that the FBI’s inability to use hacking techniques may stem from their desire to use any found evidence in court.
When contacted by PCWorld, Google said it does not comment on individual cases, but offered up this general statement: “Like all law-abiding companies, we comply with valid legal process. Whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. If we believe a request is overly broad, we will seek to narrow it.”