Officials seized Trump protesters’ cell phones, cracked their passwords, and are now attempting to use the contents to convict them of conspiracy to riot at the presidential inauguration.
Prosecutors have indicted over 200 people on felony riot charges for protests in Washington, D.C. on January 20 that broke windows and damaged vehicles. Some defendants face up to 75 years in prison, despite little evidence against them. But a new court filing reveals that investigators have been able to crack into at least eight defendants’ locked cell phones.
Now prosecutors want to use the internet history, communications, and pictures they extracted from the phones as evidence against the defendants in court.
Evidence against the defendants has been scant from the moment of their arrest. As demonstrators, journalists, and observers marched through the city, D.C. police officers channelled hundreds of people into a narrow, blockaded corner, where they carried out mass arrests of everyone in the area. Some of those people, including a journalist and two allegedly peaceful protesters, are now suing for wrongful arrest.
Police also seized more than 100 cell phones from “defendants and other un-indicted arrestees,” prosecutors disclosed in a March filing. “All of the Rioter Cell Phones were locked, which requires more time-sensitive efforts to try to obtain the data,” prosecutors noted in the filing.
But a July 21 court document shows that investigators were successful in opening the locked phones. The July 21 filing moved to enter evidence from eight seized phones, six of which were “encrypted” and two of which were not encrypted. A Department of Justice representative confirmed that “encrypted” meant additional privacy settings beyond a lock screen.
For the six encrypted phones, investigators were able to compile “a short data report which identifies the phone number associated with the cell phone and limited other information about the phone itself,” the filing says. But investigators appear to have bypassed the lock on the two remaining phones to access the entirety of their contents.
Prosecutors moved to use a wealth of information from the phones as evidence, including the phones’ “call detail records,” “SMS or MMS messages,” “contact logs/email logs,” “chats or other messaging applications,” “website search history and website history,” and “images or videos,” so long as the data related to January 20, the protest, or other people suspected to have been involved in the protest.
The owners of the two unencrypted phones were likely using a password, Fred Jennings, a cybercrime and privacy attorney said. But the security measures weren’t enough.
“The two phones where they had a laundry list of data they were able to get, I think it’s a fair assumption that those phones may have had a lock screen enabled, but were not using any sort of full-disk encryptions,” Jennings told The Daily Beast.
If investigators were able to crack the phones’ passwords within their department or through a contract, they would not necessarily have to file any additional court documents, Jennings said.
Police appear to have begun searching at least one phone within a day of its seizure, CityLab reported in January. At 4:15 pm, the day after the arrests, one defendant received a Google alert that their Gmail account had been accessed while the phone was in police possession, that person’s lawyer told CityLab. Jennings said next-day phone access by law enforcement was “unusual to see,” but not entirely out of the pale.
“For best practices for digital discovery, there usually is a delay between time of seizure and searching or attempting to decrypt phones. More as a practical matter,” Jennings said. “To do intake of forensic digital discovery correctly, you need some specialized equipment and some specialized training and knowledge. It usually takes some time to get those individuals on hand. It’s possible it’s a higher priority here, this inauguration being a pretty high-profile event.”
The exact contents of the two unencrypted phones—or whether prosecutors will attempt to introduce evidence from other cracked phones—is unclear. In March, prosecutors said they had collected hundreds of hours of video from seized phones, which would show evidence of defendants’ participation in the riot.
But Mark Goldstone, a lawyer representing six of the accused said the footage is less than damning.
"Here's your client at the beginning of the march, wearing black clothes and goggles, your client could have left but did not, and here is your client at the end, in the police kettle," Goldstone said in a March conference call with 15 other defense attorneys, Esquire reported.
One of the more than 200 defendants has pleaded guilty to riot charges after being named extensively in a superseding indictment. But the case against most defendants is less clear; in the superseding indictment, prosecutors accuse hundreds defendants of conspiracy to riot, based on “overt acts” as banal as chanting anti-capitalist slogans or wearing dark clothing.
If prosecutors were ready to stake their case on the color of a defendant’s jacket, the personal information on demonstrators’ phones could be a treasure trove for a case otherwise absent, at least so far, of other evidence.