A security researcher has positively identified an FBI affidavit for a search warrant ordering Google to crack open a screen-locked Android phone.
According to Christopher Soghoian, the accompanying application for a search warrant asks Google to: “provide law enforcement with any and all means of gaining access, including login and password information, password reset, and/or manufacturer default code (“PUK”), in order to obtain the complete contents of the memory” of a confiscated phone.
The above-mentioned smartphone was apparently seized from an individual named Dante Dears, who is allegedly a founding member of the “Pimpin’ Hoes Daily” street gang. The handset was seized on January 17, 2012, but its electronic “pattern lock” access controls apparently protected the device from FBI forensics.
As Soghoian points out, the affidavit is particularly interesting because it implies that the FBI is either unwilling or unable to use commercially available forensics tools or other hacking techniques to access the phone. Soghoian also points out that a mere warrant might not be enough to convince Google to unlock the phone.
“We do not know if Google has complied with the request,” Soghoian wrote in a security blog post. “Given that an unlocked smartphone will continue to receive text messages and new emails (transmitted after the device was first seized), one could reasonably argue that the government should have to obtain a wiretap order in order to unlock the phone.”
It should be noted that a recent report issued by Mountain View confirmed that the number of US government requests for data on Google users has increased by a startling 29% over the past 6 months.
According to the Internet search giant, various government agencies sent 5,950 criminal investigation requests for data on Google users and services from January – June 30, 2011, compared to 4,601 requests from July 1 – December 31 in 2010.
Google said it complied in some way with 93% of such requests, which included court orders and grand jury subpoenas. However, Mountain View was unable to report certain government requests, which were obviously not mentioned in the official tally. To be sure, the numbers do not include national security wiretaps and data requests (FISA warrants), which are approved by a secret court in D.C. to counter suspected spies and threats to national security.
Similarly, Google’s latest report does not divulge the number of National Security Letters sent to the company – as they are often used by the FBI in the context of drug and terrorism investigations.