Mobile devices are the latest front in the techno-war between cops and internet predators, according to police officers who work in Canadian child exploitation units.
“Mobile phones represent everything a person would want in a device,” said Det. Const. Joel Bautista, a Saskatoon police officer who also works with the province’s Internet Child Exploitation Unit. “The majority of our offenders are using mobile handsets.”
Offenders love iPhones, according to Bautista, because on a strictly practical level, they’re a mobile porn Fort Knox. They represent some of the most highly advanced communication technology, while being relatively easy to use but challenging to crack into — and the company making them tends to protect its customers’ privacy.
Cracking the code
Apple’s mobile devices offer four- or six-digit password combinations, depending on the age of the phone. That’s between 10,000 and one million possible combinations.
With the brute computing power available to police IT departments, that in itself would not be an insurmountable challenge. Police systems can run upwards of 100,000 possible password combinations per second, churning away for days, weeks and months.
But there’s a catch.
When an iPhone is locked, a user gets 10 tries at the combination. After the tenth unsuccessful try, erasing all of the data on the phone becomes an option.
Sgt. Stephen Camp, who heads Alberta’s Internet Child Exploitation Unit, said that the mobile devices pose challenges to investigators around the world.
“For the small percentage of people involved in criminality, including the egregious offences of child rape, this would be a great tool to have,” he said.
Bautista said this shift by predators to mobile devices is about five years in the making.
The key is the “robust” encryption offered by the handheld devices. This is not an elaborate software package that a user needs to download, install and maintain — it’s how they come out of the box.
It used to be that a predator would have to have some basic computer skills to start downloading porn and stay under the radar. They’d have to know how their machine worked, find the right software, load it onto the computer and keep it updated.
On an iPhone, this is all automatic. And although Apple may be setting the encryption standard, Bautista said Android devices are fast falling into line.
“A lot of these mobile handset companies, if you want to say, are progressing toward an Apple-like crypto-engine. I think it will be a continual cat-and-mouse game.”
Larger privacy issues
This back and forth between police and predators creates thorny privacy issues for individuals, companies, governments and law enforcement.
What happens, say, when police seize a suspect’s device but cannot crack the password? Is there a legal basis to compel the company to breach the security on one of its own products?
David Williams, an associate professor of marketing at the University of Saskatchewan, said there’s a disconnect between the law and technology.
“There’s always a lag and technology’s always ahead of law enforcement, or the laws that were applied don’t quite fit,” he said.
“They’re not perfectly built — that’s always been the case for lots of technologies. It’s never going to be an open and shut case.”
Apple, for instance, comes down squarely on the side of its customers.
The company won’t do interviews, referring instead to its website.
I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.’ – Tim Cook, Apple CEO
The website says Apple has never unlocked iPhones for law enforcement in the past. For devices running the iPhone operating systems prior to iOS 8 and under a lawful court order, the company has extracted data from an iPhone.
“We regularly receive law enforcement requests for information about our customers and their Apple devices. In fact, we have a dedicated team that responds to these requests 24/7. We also provide guidelines on our website for law enforcement agencies so they know exactly what we are able to access and what legal authority we need to see before we can help them,” the website says.
“Hackers and cybercriminals are always looking for new ways to defeat our security, which is why we keep making it stronger.”
Under a section called “Apple Values,” chief executive officer Tim Cook says: “I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.”
Saskatoon’s Bautista said police have an ongoing relationship with Apple.
“Even though Apple can’t, per se, decrypt an iPhone for us, or Apple won’t be able to provide certain services, we still want to continue on with our relationship with Apple,” he said.
“In the past, Apple has helped us on certain situations, especially things pertaining to questions we may have once maybe we’ve gotten into a certain device.”
‘Never going to be able to save a child’
Camp from Alberta’s I.C.E. unit said police understand the privacy issues, and why it’s important to individuals and companies.
But he said that people must understand that that comes at a steep cost.
“Numerous times, we’re never going to get into the phone and we’re never going to be able to save a child because privacy and the companies’ bottom line which is: privacy is going to engage the consumership to come to us,” he said.
Bautista added that one of the saving graces for investigators is the human element. The most sophisticated computer security in the world is no use when the device’s passcode is written on a Post-it note pinned to a bulletin board.
There are also instances when police raid a suspect’s home and catch the suspect online. They’re then able to get into the devices and take control of the system.
But Bautista admitted this is a rare gift to investigators.
“It’s rare to have phone in my hand, or an investigator’s hand, that has no lock feature,” he said.