Ottawa Law Enforcement and Reasonable Time for Mobile Phone Access
February 5, 2024
This essay is the work of a dumb dinobaby. No smart software required.
The challenge of mobile phones is that it takes time to access the data if a password is not available to law enforcement. As more mobiles are obtained from alleged bad actors, the more time is required. The backlog can be onerous because many law enforcement agencies have a limited number of cyber investigators and a specific number of forensic software licenses or specialized machines necessary to extract data from a mobile device.
Time is not on their side. The Ottawa Citizen reports, “Police Must Return Phones After 175 Million Passcode Guesses, Judge Says.” It is not actually about the number of guesses, but about how long investigators can retain suspects’ property. After several months trying to crack the passwords on one suspect’s phone, Ottawa police asked Ontario Superior Court Justice Ian Carter to allow them to retain the device for another two years. But even that was a long shot. Writer Andrew Duffy tells us:
“Ontario Superior Court Justice Ian Carter heard that police investigators tried about 175 million passcodes in an effort to break into the phones during the past year. The problem, the judge was told, is that more than 44 nonillion potential passcodes exist for each phone. To be more precise, the judge said, there are 44,012,666,865,176,569,775,543,212,890,625 potential alpha-numeric passcodes for each phone. It means, Carter said, that even though 175 million passcodes were attempted, those efforts represented ‘an infinitesimal number’ of potential answers.”
The article describes the brute-force dictionary attacks police had used so far and defines the term leetspeak for curious readers. Though investigators recently added the password-generating tool Mentalist to their arsenal, the judge determined their chances of breaking into the phone were too slim. We learn:
“In his ruling, Carter said the court had to balance the property rights of an individual against the state’s legitimate interest in preserving evidence in an investigation. The phones, he said, have no evidentiary value unless the police succeed in finding the right passcodes. ‘While it is certainly possible that they may find the needle in the next two years, the odds are so incredibly low as to be virtually non-existent,’ the judge wrote. ‘A detention order for a further six months, two years, or even a decade will not alter the calculus in any meaningful way.’ He denied the Crown’s application to retain the phones and ordered them returned or destroyed.”
The judge suggested investigators instead formally request more data from Google, which supplied the information that led to the warrants in the first place. Good idea, but techno feudal outfits are often not set up to handle a large number of often-complex requests. The result is that law enforcement is expected to perform certain tasks while administrative procedures and business processes slam on the brakes. One would hope that information about the reality of accessing mobile devices were better understood and supported.
Cynthia Murrell, February 5, 2024
Comments
Got something to say?
-
- Subscribe to Beyond Search
Feature archive
News archive
-
