Coeur d'Alene Police among local law enforcement agencies using phone-hacking technology

Last week, the Inlander broke the news that the Spokane County Sheriff's Office discretely purchased technology that enables them to access password-protected cell phones — including iPhones. The tech, officially known as GrayKey, raises the hackles of privacy advocates who point to the potential for abuse.

But the Sheriff's Office isn't the only local agency using similar tech. The Coeur d'Alene Police Department has long utilized universal forensic extraction devices (UFEDs) like Cellebrite, Capt. Dave Hagar tells the Inlander. (The Israeli company behind the tech recently boasted that its UFED can "unlock and extract data from all iOS and high-end Android devices.")
"I know we have Cellebrite. We’ve transitioned through a couple, but I’m not sure of others," he says. "We do use cell phone forensics, either under consent or subject to a court order, but we use a couple different programs."

When asked how long the agency has been using UFEDs, Hagar says: "I’d say at least for the last five years."

Hagar is quick to stress that they usually use the tools either with the consent of the owner of a given phone or with a warrant. Rarely, he says, are the UFEDs used to brute-force entry into a phone.

"A lot of times it’s our victims that we have full cooperation [with]. It’s to forensically mine the data that’s on there, maybe we have the victim of a sex crime," he says. "I don’t think we use it that often for trying to unlock a locked phone. The vast majority of the time it’s to gain other types of evidence."

Sgt. Terry Preuninger, a spokesman for the Spokane Police Department, tells the Inlander that the agency has used Cellebrite in the past.

"We have used Cellebrite," he says. "There were guys that got trained on it."

But, like the Spokane County Sheriff's Office, Preuninger says that the department is reluctant to disclose details about its use of modern digital forensics technology. "If somebody knows what kind of access tools we have, they can then shop for systems that can defeat those," he says. "It literally is like entering into your residence. It's a private place that you own, we're seeking to open it up with a warrant or exigent circumstances to obtain evidence."

Local cops have joined numerous other law enforcement agencies across the country and world in using UFEDs to access evidence on password-protected cell phones. News reports show that state police in Maryland and Indiana moved to procure GrayKey, while the Indianapolis Metropolitan Police and the Miami-Dade County Police have made similar moves (the FBI have also reportedly expressed interest in the tech). Additionally, three different law enforcement agencies in the United Kingdom have bought licenses for GrayKey in recent years.

GrayKey in particular has gained significant profile for being in constant battle with tech companies to beat their phone security. GrayShift, the Atlanta-based firm behind GrayKey, will expose a vulnerability in Apple's iPhone software, prompting the tech firm to try to fix the issue.

"We’ve sen a very interesting cat-and-mouse game between the cell phone developers like Apple and Google and these companies," Andrew Crocker, a staff attorney with the Electronic Frontier Foundation, recently told the Inlander. "There is this cat-and-mouse game where the forensic tools will discover a particular vulnerability that allows them to circumvent security on the phone and developers will learn about it and fix it and the cycle repeats itself."