Phone Cracking Software Popular Among Local Police Agencies

This week, Governing’s Future of Security looks at police use of smartphone decryption tools, ransomware legislation and election hacking fears.

iPhone in business hand
Welcome to the Future of Security. Let’s get started:

Local law enforcement agencies have access to phone-cracking software. This revelation came to light as Attorney General William Barr has pressured Apple to unlock and release data from two iPhones belonging to a Saudi Air Force lieutenant who shot and killed people at a Pensacola, Fla., base in December. 

Apple has resisted these types of requests from federal, state and city police. However, local law enforcement agencies have turned to third-party software firms to unlock and access encrypted data from mobile devices at relatively low cost, according to OneZero, a Medium publication, which contacted 50 agencies and found that “law enforcement in at least 11 states spent over $4 million in the last decade on devices and software designed to get around passwords and access information stored on phones.”

Lawmakers go after ransomware.
The extortion software attacks seem to be everywhere these days, but there’s been little action on the legislative front to deal with the problem. Now, that’s beginning to change. The state of Maryland has a new bill that would criminalize the possession of ransomware if a person intends to use it maliciously. According to reporting by GT’s* Lucas Ropek, “Senate Bill 30, introduced in January by Sen. Susan C. Lee, D-Montgomery, would make possession of the malware a misdemeanor, punishable by up to 10 years in prison and a $10,000 fine. The bill makes exceptions for researchers who may be using the malware to better understand how it works.”

Was Baltimore a wake-up call? The legislation follows last year’s devastating attack on Maryland’s largest city that is estimated to have cost more than $18 million, a combination of lost or delayed revenue and direct costs to restore systems. 

The law’s impact is questionable. Ropek reports that “given the anonymous nature of most cybercrime, there are some very obvious limitations to what this law could accomplish. Ransomware — which is already illegal to possess in a number of states, including Michigan, Wyoming and California — ravaged cities and towns across the country last year, but in most cases the culprits never went to prison or were even publicly identified.”

In other security news:

Washington state officials question mobile voting plans. A King County, Wash., plan, which went into effect earlier this week, allows voters to cast ballots through a touchscreen device in the race for King Conservation District Board of Supervisors. But at least one state lawmaker has called mobile-device voting an “unacceptable risk.”

Amid hacking fears, key caucus states to use app for results. Two of the first three states to vote in the Democratic presidential race will use new mobile apps to gather results from thousands of caucus sites — technology intended to make counting easier but that raises concerns of hacking or glitches, according to the Associated Press.

*Government Technology is Governing's sister publication.

Tod is the managing editor of Governing and the contributing editor of our sister publication, Government Technology. He was previously the editor of Public CIO, e.Republic’s award-winning publication for IT executives in the public sector, and is the author of several books on information management.