Under a deal with the Minnesota Department of Human Services, approved by St. Paul City Council in June, police officers have around-the-clock access to a controversial smartphone-hacking device called GrayKey. Under the joint-powers agreement, the St. Paul Police Department agreed to pay $7,000 a year for access to the device located in the digital forensics lab that DHS operates from its building at 444 Lafayette Road.
DHS also has deals to share access to the smartphone hacking and data-extraction device with the state departments of Commerce and Natural Resources, according to records obtained by the Pioneer Press. The state Department of Public Safety has its own GrayKey device, too.
These deals are the latest local examples of how GrayKey, which was created by the technology company GrayShift to crack cellphone encryption, is being used by an increasing number of law enforcement and state agencies. Police departments in Minnesota and around the nation also use a similar technology sold by a company called Cellebrite, which St. Paul police used previously.
GrayKey and Cellebrite are not just used to bypass encryption and hack into password-protected cellphones. They can be used to extract and analyze the enormous amount of data smartphones collect about users — everything from messages and web searches to location data.
Fast-moving technology
Law enforcement officials say these are essential tools in modern crime fighting. The websites of GrayKey and Cellebrite are filled with testimonials about how quickly the devices can obtain access to data and extract it.
“Anytime police are working on an investigation, a person’s cellphone may contain very critical evidence of a crime they are investigating,” said Jeff Potts, executive director of the Minnesota Chiefs of Police Association. He noted that a warrant or consent from the owner of the phone is almost always required for such a search.
Yet privacy advocates argue that because law enforcement agencies tend not to publicize the new tools they use, the public has little understanding about how they work. Often, that also means policymakers haven’t considered the implications of tools like GrayKey.
“The law cannot keep up with how fast technology is moving,” said Ben Feist, chief programs officer for the Minnesota chapter of the American Civil Liberties Union. “We believe there should be a modern expectation of privacy that is keeping pace with the digital world.”
But there is little legal precedent or specific rules in Minnesota when it comes to constitutional protections related to smartphones. Rich Neumeister, a citizen lobbyist who advocates on public records and privacy issues at the Capitol, says better guardrails are needed.
“We are talking about hacking,” Neumeister said of GrayKey. “There needs to be strong and proper legal authority. There needs to be high standards. There needs to be transparency and oversight.”
Who is using GrayKey?
It is unclear how many Minnesota police departments and state agencies are using smartphone forensic tools like GrayKey and Cellebrite. Potts, leader of the police chiefs association, didn’t have a definitive count, but said sharing agreements like the one St. Paul signed on to with DHS are not uncommon because the technology can be expensive.
A 2020 analysis by Upturn, which advocates for technology equity and justice, found in 2020 that more than 2,000 police agencies nationwide were using cellphone-hacking tools. The group found that since 2015, police had extracted data from hundreds of thousands of smartphones, often without a warrant.
Public records show the Minnesota Department of Public Safety has had contracts for GrayKey dating back to at least 2019. So far, the agency’s special investigative unit at the Bureau of Criminal Apprehension has spent nearly $355,000 on the device, licenses and software upgrades.
A Department of Public Safety spokeswoman said the bureau uses GrayKey “with a signed search warrant to unlock cell phones to further investigations during an AMBER Alert, missing persons cases, or violent or serious crimes.”
DHS agreed to pay GrayKey nearly $30,000 in 2023, public records show. The agency’s Office of Internal Control and Accountability uses the device on investigations it works on with other agencies, a spokesman said.
The state Department of Commerce agreed to pay $5,865 to DHS so its Commerce Fraud Bureau, which has 17 sworn officers, has access to GrayKey for investigations. The agency says it has used the tool since 2020.
The state Department of Natural Resources also agreed to pay $5,865 to DHS for access to GrayKey. A spokeswoman said it was needed for “complex criminal investigations into game and fish or other natural resource violations.”
The agency has used it twice since signing the sharing agreement in February.
At press time, the Ramsey and Hennepin county sheriff’s departments and Minneapolis police had not responded to records requests or questions about their use of GrayKey or Cellebrite.
How does GrayKey work?
John McDonald, who supervises the digital evidence lab for St. Paul police, said the information obtained with these devices is “vital to criminal investigations.” Not only does it allow police to unlock phones without a passcode, they can download the contents and search for data specific to investigations that can then be analyzed.
McDonald said only in rare circumstances, such as a missing child, would police use GrayKey without a warrant or the consent of a phone’s owner. He added that the device doesn’t necessarily work with every smartphone.
Michael Price, litigation director of the Fourth Amendment Center at the National Association of Criminal Defense Lawyers, said smartphone encryption first rose to national attention in 2015 when a San Bernardino, Calif., couple killed 14 people in a mass shooting. At the time, Apple refused to help federal law enforcement unlock one of the shooter’s iPhones and agents reportedly turned to hackers for help.
After that incident, Cellebrite and later GrayKey began being used by federal law enforcement and large police departments. Smartphone markers like Apple regularly update their encryption software and, in turn, cellphone forensics firms work to break it.
“It’s been a real game of cat and mouse,” Price said.
GrayKey claims it can crack a phone’s passcode often in an hour or less. Price says the newer the phone and the more complicated the passcode, the longer it takes for these tools to gain access.
What are the legal protections?
Price agrees that the law really hasn’t caught up to the digital age. Most legal cases involving Fourth Amendment rights to unreasonable searches and Fifth Amendment rights against self-incrimination date to a time before everyone had a smartphone in their pocket.
There’s just one Minnesota case dealing directly with the issue. The state Supreme Court ruled in 2018 that it was not a Fifth Amendment violation to require burglary suspect Matthew Diamond to provide a fingerprint to open his cellphone.
The case is now routinely cited in search warrants that authorize police to access to suspects’ smartphones using biometrics such as fingerprints or facial scans.
But passcodes are different, Price says. So far, courts have found a distinction between biometrics, which act like a physical key, and passcodes that a person memorizes like the combination to a safe.
“Revealing a (passcode) on a phone is like revealing something inside your mind,” Price said. “That would violate the Fifth Amendment.”
With a warrant, police can always crack the safe or smartphone and that’s why tools like GrayKey and Cellebrite have become so popular.
What are the concerns?
While a search warrant or a person’s consent is typically required in order for police to access a smartphone and download its contents, there are still plenty of legal and privacy concerns involved.
William Ward, the state public defender with the Minnesota Board of Public Defense, says police often gain access to everything on a suspect’s phone when only limited information is related to what is being investigated. That could expose a lot of other private information that is irrelevant to the approved search.
“I’m not so sure the courts who sign off on these warrants know exactly what is being downloaded,” Ward said.
Sen. Ron Latz, DFL-St. Louis Park, who chairs the Senate Judiciary and Public Safety Committee and is an attorney, said it was unclear to him whether the plain view doctrine would apply to smartphone searches. The doctrine allows police to pursue crimes unrelated to their initial search if evidence is in “plain view” when a warrant is executed.
“You worry about whether you end up reeking havoc in people’s lives when it is not appropriate,” Latz said.
There are also concerns about how the data extracted by police is stored, who has access to it and how long it is kept. St. Paul police say data is “turned into our property room and is retained per the courts’ evidence retention policy.”
Sen. Warren Limmer, R-Maple Grove, the Republican lead on the judiciary and public safety committee, said it was important that policymakers understand the tools that police use and that there are proper constitutional protections in place.
“It is vitally important that accountability is formally established,” Limmer said. “It can’t just be willy-nilly and used on a whim.”
Limmer and Latz agree the Legislature should hold informational hearings to learn more about the cellphone forensic tools used by law enforcement. The Legislative Commission on Data Practices and Personal Data Privacy seems like the appropriate forum, the senators said.
The commission has not held or scheduled a hearing since January 2022.
© 2023 MediaNews Group, Inc. Distributed by Tribune Content Agency, LLC.
