Immigration and Customs Enforcement (“ICE”) searches mobile devices while carrying out law enforcement activities, potentially subjecting millions to searches inside its claimed enforcement authority 100 miles from the border into the interior. Over the last few years, ICE tested devices made by multiple providers of mobile forensic technology. Contracts between ICE and Cellebrite Mobile Synchronization (“Cellebrite”) in the last 10 years value at over $10.7 million, and from April through July 2018, ICE contracted with Cellebrite for over $1.6 million in “Computer Storage Device Manufacturing.” Cellebrite offers a suite of products in its Universal Forensic Extraction Devices (UFED) line, which allow users to “bypass pattern, password or PIN locks,” decrypt, extract, and analyze “live, hidden and even deleted data from smartphones, feature phones, tablets, players, GPS devices, SIM cards, smart watches, mass storage devices, drones and more.” These tools include Cellebrite’s UFED Cloud Analyzer, which can extract private information – even without assistance from the owner – from users cloud-based accounts, such as Facebook, Gmail, iCloud, Dropbox, and WhatsApp.
United States Customs and Border Patrol (“CBP”) also conducts cell phone searches. Border agents inspected 30,200 devices in FY 2017, increasing of nearly 60 percent from 2016.
Little is known about ICE’s use of mobile forensics technology, including the types of data searchable, the frequency of searches, or the procedures in place to determine whether or how a search should be conducted.
There are significant privacy and civil liberties implications of the federal government’s use of mobile forensic software at the border and in the interior. Mobile forensic technology has the ability to access and analyze the vast amounts of data that are kept on mobile devices. Although millions of dollars in government funds have been spent by ICE to obtain this technology, the substance of the contracts, the training required to access the technology, policies and procedures regulating its use, and privacy and civil liberties assessments have not been released to the public. With the use of this technology by other border control agencies dramatically increasing, the public has a right to know what data is accessible, as well as, how and to what extent it is protected.