Over 2,000 law enforcement agencies have iPhone encryption-breaking tools

A forensics tool from Cellebrite used to access iPhones and other smartphones

The long-running encryption debate has always centered around the idea that members of law enforcement were not able to acquire evidence from devices and services due to the use of encryption, necessitating requests for backdoors to be put in place. In a new report, it seems that the calls for backdoor access may not be needed at all.

According to a report by Washington nonprofit Upturn seen by the New York Times, it is claimed that at least 2,000 law enforcement agencies across all 50 states have tools to be able to access locked and encrypted smartphones. The information was determined by analyzing years of public records relating to the agencies and their investigations.

It is thought that at least 49 out of the 50 largest police departments in the United States have the tools to gain access, as well as a number of smaller towns and counties. For areas that do not own the tools, they often turn the smartphones over to state or federal crime labs that typically do have them.

These tools can take the form of GrayShift's GrayKey, a small device capable of unlocking secured iPhones. Federal law enforcement and local police departments have been buying the tool for a few years, paying tens of thousands of dollars for the hardware.

In cases where the tools don't do the job, the devices can be sent to services such as Cellebrite for unlocking. Invoices reveal Cellebrite charges around $2,000 per device unlock, and sold a premium tool to the Dallas Police Department for $150,000.

The ease of access to the tools has also emboldened law enforcement's use of the equipment, ranging from major crimes such as homicides and rape to lesser crimes, including instances of shoplifting. Such minor cases include warrants to search phones in Fort Worth concerning marijuana valued at approximately $220, as well as a fight at a McDonald's in Coon Rapids, Minn. over $70.

It is reckoned hundreds of thousands of smartphones have been searched over the last five years.

Despite the number of agencies possessing the tools and actively using them, some still find the existence of tough encryption to be a problem. The expense and the time it takes to unlock a device are still issues to law enforcement, with Manhattan district attorney Cyrus R. Vance Jr testifying to Congress in December 2019 "We may unlock it in a week, we may not unlock it for two years, or we may never unlock it."

The existence of the tools "have served as a kind of a safety valve for the encryption debate," Stanford University researcher Riana Pfefferkorn suggests, but it has changed what law enforcement demands. "Instead of saying 'We are unable to get into devices,' they now say 'we are unable to get into these devices expeditiously."

This need for speed of access has enabled law enforcement officials to continue calls for changes that would force companies like Apple and Google to add backdoors to their services, such as bills proposed in Congress to create such items.

In October, the US Department of Justice working with other "Five Eyes" nations issued a statement demanding the creation of backdoors, insisting they get created to "act against illegal content and activity effectively with no reduction in safety. In effect, the creation of a backdoor that only law enforcement could access that maintains security for everyone else.

Critics argue that the very creation of a backdoor weakens encryption as a whole, as bad actors would simply attack the backdoor as an easier point of access to the data.