UPDATE: This post has been updated with additional information.
On Friday, January 20, thousands of protesters took to the streets of D.C. to disrupt Donald Trump’s inauguration festivities. A small fraction of them damaged property and threw projectiles at police in riot gear, who deployed flash-bang grenades, tear gas, and pepper spray on large crowds throughout the day. But according to CityLab’s observations of the demonstrations that morning, most of the roughly 230 people arrested—who included a number of legal observers, journalists, and medics—did not participate in such activities and were simply booked for being nearby.
After a day in jail, most of these individuals were charged with felonies for rioting and released, according to Jeffrey Light, an attorney to several of those arrested. But none have gotten back their phones, which the DC Metropolitan Police Department is holding as evidence for the duration of the court proceedings, Light says.
A screenshot provided to CityLab by Light suggests that police began mining information from the captured cellphones almost immediately after the arrests. The screenshot from the Gmail account of an individual who Light says was clearly marked as a medic (a volunteer who provides medical services during protests in case of clashes), shows account activity took place on the phone at 4:15 PM on January 21, well after it was taken into police possession:
Light says that police’s apparent decision to keep all arrestees’ phones is troublesome, given that many of those arrested were not part of the protests. “It is not as if they saw someone specifically filming something, and have a good idea there’s evidence on there,” says Light. “They are just across the board holding everyone’s phones, which is particularly concerning because there were reporters and lawyers in the crowd who have work product on their phones.”
It is unclear how police would search through the phones and what they would extract while doing so. If authorities, such as the FBI, are called in to help with this, a federal case, they may turn to controversial cellphone extraction devices, which can crack open locked cell phones and collect vast amounts of phone data, such as call logs, emails, social media messages, time stamped past location data, and even deleted texts and photos. These devices, and their accompanying software, could then be used to generate analysis of phone users’ social networks, maps of past locations, and communications’ timelines, exposing journalists’ sources, attorneys’ clients, and activists’ anti-Trump associates to further police surveillance.
In order to search locked cell phones, police would need to obtain a search warrant, unless they could prove there were emergency circumstances, according to Chris Conley, a policy analyst for the ACLU of Northern California. Light says he has not been informed of any warrants being issued for DC police to search through the phones, but an individual who was arrested on January 20 (and wishes to remain anonymous) told CityLab he heard police claiming they had obtained a warrant while they were being detained.
Rachel Reid, a spokesperson for the DC Metropolitan Police Department, said she did not have any knowledge of police phone tampering. Reid also said she could not confirm if the police had secured a search warrant to extract data from the phones, referring CityLab to the courts.
UPDATE: Alex Abdo speculated on Twitter that it could be “the mail app routinely checking for email.” It is difficult to confirm if the account activity was due to human activity or an update performed by the phone itself. Light says that police have kept both phones and cameras for “evidence,” which suggests to him that they are seeking to extract data from them.
@georgejoseph94 Is it possible that the activity was just the mail app routinely checking for email? Or is this necessarily a human?— Alex Abdo (@AlexanderAbdo) January 24, 2017
Fred Jennings, a cybercrime defense attorney at the firm Tor Ekeland, P.C. in New York, says that, regardless of whether the phone activity took place by human or automated action, the fact that activity was registered suggests some improper handling by authorities. While secured as evidence, mobile devices are supposed to be stowed in a signal-blocking Faraday bag to prevent them from being remotely wiped. "If it had been secured properly and placed in the bag to safeguard it, there'd be no way for it to ping the server," says Jennings.
Note: The original headline of this post has been changed to reflect new information.