Digital Forensics Poses Challenges for Texas Law Enforcement

No matter how far police methods advance, weighing which digital evidence they can collect and examine against a person's right to privacy presents a tricky hurdle.

by Jazmine Ulloa, Austin American-Statesman / June 15, 2015

(TNS) -- At the South Austin, Texas, home of George De La Cruz, a one-story house with baby blue trim and a concrete porch lined with potted plants, investigators found no body. No physical proof Julie Ann Gonzalez was killed.

Prosecutors took him to trial anyway, and, in April, persuaded jurors De La Cruz had slain his estranged wife and used her cellphone to fool everyone into thinking she ran away. His conviction was hailed as a huge victory for authorities, who had no eyewitnesses, no confessions, no DNA tests, none of the evidence typical in most murders.

Yet the mastermind behind the crime was portrayed as an unemployed 22-year-old who spent his days playing Call of Duty video games and who was angry about a looming divorce. How, then, did he skirt arrest for more than three years with just two days of texting and posting on her Myspace page?

Homicide detectives said the case was one of the most challenging they had seen. The state needed to wait to press charges until there was no doubt Gonzalez was not alive. Investigators had to stitch together the strands of data left by De La Cruz. And they had to present that highly technical information in a way a jury could follow and understand.

Digital forensics — the analysis of phones, tablets and other personal electronics for use in the courtroom — has been almost as revolutionary for criminal investigations as the advent of DNA testing. But local law enforcement agencies in Texas and nationwide face enormous challenges in gathering such evidence, complexity and cost among them. Meanwhile, the use of personal electronic devices has multiplied and the technology continues to rapidly evolve.

And, as in the case against De La Cruz, no matter how far police methods advance, weighing which digital evidence they can collect and examine against a person's right to privacy presents an even trickier hurdle.

"That has and always will be a constant struggle," said Hany Farid, a computer science professor at Dartmouth College. "Sometimes, there is a very clear-cut line. More often, it is a gray area."

A misleading trail

In March 2010, before social networks powered vast movements across the Middle East and Edward Snowden became a household name, Julie Ann Gonzalez had been a bubbly, young woman in love.

She was planning to move in with her new boyfriend, had bought a used gold Chevy Impala and had recently been promoted at the South Austin Walgreens where co-workers knew her as a responsible pharmacy technician. No one meant more to her than her daughter, Layla, then 2 years old.

But nearly two hours after she was last seen on March 26 of that year, status updates and blogs started appearing on her Myspace page, confusing her friends and family. The posts had little punctuation, and their colorful emoticons with funny facial expressions were at odds with their words of sadness. They ranged from the distraught to the innocuous, and seemed to capture Gonzalez in the midst of leaving everything behind.

"going away hate this bs want to run away," read the first missive, sent at 12:21 p.m. from her phone. "Mood: hate this bs."

"really happy for leaving austin I love this place and i miss my ay bay bay," said another written at 1:57 a.m. March 27. "Mood: amused."

Nearly 20 hours later, at 9:40 p.m., came the last: "Just wanted to say im okay and that people shouldnt worry about me and to stop worrying i want to enjoy my time

"Mood: adventurous"

On the witness stand and in interviews with the American-Statesman, officers said posts and various text messages from her phone steered them astray for about six weeks, leading them to believe the 21-year-old mother had fled the state with a man she just met named "James." Testimony exposed a missing persons unit that failed to spot crucial red flags and was slow to hand the case over to the homicide division, even though the new car she had loved to show off was found abandoned at another Walgreens. One seasoned detective went so far as to say he was "duped."

Yet as homicide investigators learned more about Gonzalez and her tumultuous marriage to De La Cruz, they realized she wouldn't have left Layla behind, especially not in his care. Although the troubled father had used technology to misdirect police, it would ultimately help catch him.

"It was his undoing," lead detective Rogelio Sanchez said in an interview.

Painstaking research

Within a year, officers gathered most of the phone, computer and financial records they would need to prove it had been De La Cruz behind the screen. But distilling the raw data and putting it all together to hold up before a grand jury took two more years. And even after De La Cruz, now 27, was indicted in September 2013, authorities continued to work on the digital evidence until his trial this spring.

During that time, software to analyze and display information became faster and more reliable. Forensic examiners were able to recover more types of files and to dig deeper into their contents, and the programs to convert their reports into formats jurors could understand, such as PDFs and JPEGs, became easier to use.

"It is not like opening up a book and reading it," said Senior Sgt. Rick Shirley, head of the forensics unit. "It is more like opening up a book in a different language most people do not understand."

Important technological shifts also took place during that time, Assistant District Attorney Gary Cobb said. Social media hit the mainstream and emerged as a powerful communication tool no longer only popular among teenagers. Cybersecurity rose as a national priority, and the more people became plugged in, the more their personal devices became part of their identity and the more they realized anyone could take that identity away.

"We as law enforcement officers, and the general public, now have a better overall understanding of technology," Cobb said. "Five years ago, we didn't give much thought to the fact that people can hack into your phone, your email and your social media accounts and pretend to be you."

By the time of De La Cruz's trial, detectives were able to point to cell tower data revealing Gonzalez's phone had stayed within the vicinity of her estranged husband's home and several of the places he visited in the days after she disappeared. They described how someone had accessed both her Myspace account and that of De La Cruz from the same Internet network near his friend's home, all within a span of seven minutes on March 31, 2010.

And they retrieved security footage and store receipts capturing De La Cruz shopping with her credit card. A wireless analyst even examined his Xbox system to show how he had stopped playing video games for nearly five hours on the day Gonzalez was last seen — "activity uncharacteristic of his device."

And, in an increasingly wired world, no trace of Gonzalez had been found, increasing the likelihood that she was dead.

De La Cruz, who once made national TV appearances in his defense, was convicted of murder and sentenced to life in prison. The whereabouts of Gonzalez's remains are still unknown.

'A constant battle'

Nearly every criminal investigation now has a digital component, whether it is pinpointing the location of a cellphone, analyzing financial transactions or identifying suspects from surveillance video.

But the computer forensics industry, which emerged in the late 1990s and started gaining traction among police agencies around 2004, is ever-changing and expensive, experts said. A weeklong training session offering a basic overview of digital evidence and how it can be used costs about $1,000 a day per officer.

Yet it can take a week to learn Android or Apple forensics alone, and every time developers release new versions of phones or tablets, authorities have new material to learn.

"From the standpoint of law enforcement, it is a constant battle to keep up," said Trent Leavitt, a partner at Decipher Forensics, which is based in Utah and owns the largest private computer forensics lab in the country.

Demand for digital analysis is often hard to meet. FBI regional forensic labs — which can perform phone, server and laptop examinations for Austin area police departments — have seen backlogs of six to nine months, Leavitt said. FBI officials say the demand for such services only continues to increase.

In Central Texas, law enforcement agencies more often rely on forensic labs at the larger police departments in Austin and Round Rock and on the Texas Department of Public Safety, based in Austin. The Austin Police Department over the past decade has expanded and upgraded its facility, which has served departments across the state and until last year had been as much as six months behind on examinations.

Austin police and city officials have invested up to $40,000 in training for five forensics examiners over a three-year period, and the detectives take further courses using federal funds, said Shirley, its head forensics officer.

Since Gonzalez disappeared, the equipment and software officers use has improved significantly. Analysis that used to take years can now be done in weeks to months. "You have to evolve as quickly on the investigative end as they are on the technology side," Shirley said.

Police should 'take it slow'

For detectives on the De La Cruz case, there was the issue of privacy, too.

Officers said they would've had little luck convincing a judge to allow them to examine electronics belonging to De La Cruz or Gonzalez when they initially found no proof of foul play.

Concerns about what investigators can confiscate have increased in the past two years amid revelations and debate over the National Security Agency surveillance program, legal experts said. But courts in everyday criminal cases have long grappled with that question as cellphones and other personal devices are increasingly interconnected and capturing more of people's lives.

The search warrant has the toughest standards for law enforcement officers seeking to obtain personal information, requiring them to show probable cause and to narrowly tailor the descriptions of the digital data and electronics they seek — a task becoming more complex, legal and computer forensics experts said. And the threshold was raised further last year when the U.S. Supreme Court ruled in a California case that it is unconstitutional for police to search the digital contents of a cellphone without a warrant after an arrest.

Cellphones and personal digital devices, the court found, are different from their analogues, such as address books and wallets, due to the sheer volume and type of sensitive personal records they can store — more than the nation's founders could have ever carried.

"We want police to take it slow, to have that high bar before they can rifle through your papers and invade your privacy," said Joe Hall, chief technologist for the nonprofit Center for Democracy and Technology in Washington.

©2015 Austin American-Statesman, Texas. Distributed by Tribune Content Agency, LLC.