Tuesday 20 March 2012

Judge grants FBI warrant to get Google to unlock pimp's cellphone

The FBI can't get into a pimp's Android phone—so it wants Google to hand over the keys.

In addition to accessing the phone, agents also want Google to turn over e-mail searches, Web searches, GPS tracking data, websites visited, and text messages. A federal judge has agreed. Hopefully, digital devices can make life hard out there for a pimp—but the case also reminds us just how much data smartphones generate on even innocuous users.

Pimpin' Hoes Daily

In 2005, San Diego's Dante Dears was sentenced to state prison for founding and running a group called "Pimpin' Hoes Daily" (PHD). The name wasn't braggadocio; it was mere description. Before Dears pled guilty in the middle of his 2005 trial, one minor female testified how Dears had recruited her out of a homeless shelter.

"He told me he was going to help take care of me and be there for me," she told the court. "He told me what to do and how to do it and said we would make money that way... I was tired of living on the streets."

Her $500 a night went straight to Dears, though, who "took care of her" in his own special way. As San Diego's Union Tribune reported, Dears found out the woman had spoken to a man who wanted to help her get off the streets. So Dears "beat her up in the back seat of his Cadillac and then forced her to get into the car's trunk, she testified. While in the trunk, she was driven from East Main Street in El Cajon to Hotel Circle in Mission Valley, she testified."

A local TV channel noted that the girl, only 15 at the time, was released in Hotel Circle, "bleeding and bruised." She left prostitution after the experience and went back to her mother.

Dears went to prison. When he got out in 2009, he quickly violated his parole on three separate occasions and went back to jail for a year and half. Upon his release in May 2011, an FBI informant says he saw Dears return to his old activities. Shackled with a GPS monitor, Dears had to stay off the streets, but he was allegedly able to continue his "telephone pimping" with the help of a Samsung Android phone.

On June 10, 2011, the FBI source met with Dears in his apartment in Chula Vista for nearly three hours. During that time, he watched Dears "taking several telephone calls where he discussed the night's prostitution activities. He also sent multiple text messages throughout the evening. Shortly after sending a message, a woman would arrive at the apartment and give Dears money.”

The FBI put the target under physical surveillance and observed him one night using the phone “frequently for a period of nearly 6 hours”—despite the fact that he had denied even owning a cell phone for months to his parole agent.

Confronted with the evidence, Dears said the phone belonged to his sister. He eventually turned it over to the state parole agent, but the FBI says Dears refused to unlock the device. (Dears had signed a waiver to his Fourth Amendment right search rights, so his home and property could be legally searched at any time without a court order. His parole conditions prevented him from doing anything to hide or lock digital files.)

The keys to the kingdom

The FBI, which didn't have the right to search the phone without a warrant, obtained one on February 13, 2012. They took the phone from the parole agent and sent it off to an FBI Regional Computer Forensics Lab in Southern California. There, technicians “attempted to gain access to the contents of the memory of the cellular telephone in question, but were unable to do so,” said the FBI. They were defeated by, of all things, Android's “pattern lock”—not always notable for its high security.

Technicians apparently mis-entered the pattern enough times to lock the phone, which could only be unlocked using the phone owner's Google account credentials. But Dears wasn't cooperating, and the FBI didn't have his credentials. So it was back to a judge with a new warrant application, filed on March 9, 2012. That application, which was apparently supposed to be sealed, was instead made public and was located today by security researcher Chris Soghoian.

In it, the FBI asks for a warrant to be served on Google. It wants to know:

  • The subscriber's name, address, Social Security number, account login and password

  • “All e-mail and personal contact list information on file for cellular telephone”

  • The times and duration of every webpage visited

  • All text messages sent and received from the phone, including photo and video messages

  • Any e-mail addresses or instant messenger accounts used on the phone

  • “Verbal and/or written instructions for overriding the ‘pattern lock’ installed on the” phone

  • All search terms, Internet history, and GPS data that Google has stored for the phone


  • Soghoian wonders about the legality of accessing a still-operational cell phone. "Given that an unlocked smartphone will continue to receive text messages and new emails (transmitted after the device was first seized), one could reasonably argue that the government should have to obtain a wiretap order in order to unlock the phone," he argues.

    But a US Magistrate Judge disagreed and granted the warrant the same day it was filed. Google has not yet responded to our questions about whether it routinely supplies law enforcement with the information necessary to unlock Android phones.

    Update: Google has provided us a general statement: "Like all law-abiding companies, we comply with valid legal process. Whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. If we believe a request is overly broad, we will seek to narrow it."

    No comments:

    Post a Comment