Digital forensic evidence is increasingly becoming a part of military criminal defense. The use of digital evidence is now present in nearly every case that we are involved in. It is also one area where potential clients may have the most questions.
In the military, when you are first suspected of a crime the command will often order you to go to Army CID, NCIS, or OSI. This initial interview usually catches people by surprise. Nearly everyone carries their cell-phone on their person just about 100% of the time.
Law enforcement will often use the initial interview as an opportunity to pressure the suspect into consenting to a search. Or, law enforcement will keep the phone. Individuals who do not have their phone at the initial interview are at an advantage.
In the military, digital forensic evidence from the alleged victim and suspect is often treated differently. With the alleged victim, she (almost always) is given the option of providing her cell-phone data. Sometimes alleged victims will consent to a full digital extraction, sometimes they allow law enforcement to take photos of the phone and text messages, sometimes they refuse and provide screenshots of the evidence they want to provide. Regardless, law enforcement is going to cherry pick the data they want from the alleged victim.
With suspects, the situation is the opposite. Expect law enforcement to attempt a full extraction of any data on any topic they can obtain. Here are some frequently asked questions:
1. Do I have to provide my cell-phone to military law enforcement? The short answer is that we would not recommend ever consenting to a search of your digital world - computers, phones, cameras. If law enforcement wants to seize a phone, the 4th Amendment, US Constitution requires them to obtain a warrant. The process of getting a warrant is really not that difficult. However, most current digital products have very robust encryption packages. It is becoming increasingly difficult for law enforcement to access the data without permission.
The purpose of refusing consent - from a defense lawyers perspective - is to help us retain as much control as possible over how the data is being used.
2. What happens to my phone or computer after law enforcement seizes it? CID, NCIS, and OSI all have special agents trained in data extraction. Most offices locally have software systems that allows them to extract data when they have the password. Most of the offices use company called Cellbrite. If you provide the password, they simply plug the device in and extract the data.
If they do not have the passcode, they may have to send the device off for further testing. There is a tremendous backlog right now. We presently have a case pending where the phone and computer was sent for extraction in September 2016. It took approximately 5 months for law enforcement to start work on extracting the data. The queue is that long.
3. Do I have to provide my passcode? This is a question that is becoming increasingly important. At the moment, the answer is no. Law enforcement will be desperate for your passcode. It makes their job significantly easier. It is a question that is becoming the subject of appellate litigation. We have seen civilian cases where people have been ordered to provide fingerprints. There seems to be some body of law that says that you can be ordered to provide a fingerprint. Military courts have not really provided much guidance yet on the intersection of the 4th Amendment and digital forensics.
There is a powerful argument - from a security standpoint - for turning off biometrics. That is probably the best way to protect your data from all possible sources of capture. It is also probably smart to set your phone to wipe data after a certain number of attempts. This is just common sense prudence to protect you from identify theft and other sources of data theft.
4. How long will they keep my phone? If you give your phone or computer to law enforcement, they will keep it at least until the end of the case. Sometimes that can drag out for over a year if the case goes to trial. If the case is resolved, there is a process for requesting a return of the evidence.
5. How will law enforcement use the data? Prosecutors are looking for the following types of evidence:
- Direct evidence of the suspected offense - text messages, photos, videos, etc.
- Geo-location data. We have seen cases where they attempted to track the location of the phone at particular times.
- Data from applications. Facebook, Snapchat, Instagram, etc.
- Viewing contacts and contact history.
- Email data.
- Web search history.
6. Is the defense able to access the phone? This is the most difficult part of handling digital forensic evidence. Often, the client has personal knowledge of helpful evidence that is contained a digital device. Accessing that helpful information can be a challenge. It usually requires us to request that the government pay for a digital forensic expert. If the client has the ability afford their own, that helps. A simple data extraction is usually a few hundred dollars. Our firm typically uses Atlantic Digital Forensics. Then there is a process for having an image of the phone or the phone itself to the digital forensic company for extraction.
Sometimes, the client may have data located in the cloud. Early in the case we want to examine all sources of data history.
7. Can military law enforcement access iPhone data without the passcode? When a client calls us with this question, we usually want to know the make and model of the phone. We can then talk to an expert on digital forensics and determine the level of difficulty law enforcement will have.
Last year, very famously, the FBI had difficulty hacking into an Apple iPhone 5c, model A1532, running IOS 9. A court nearly ordered Apple to assist the FBI. It made national news until a civilian firm was able to hack into the phone.
Bottom line. If you have a case involving digital forensic information, the smart play is to consult an expert.