Journalists have told CPJ that U.S. Customs and Border Protection agents have stopped them for electronic searches. In the photo, a CBP agent is pictured near Naco, Arizona on November 3, 2022. (John Moore/Getty Images via AFP)

Forensic tools open new front for using phone data to prosecute journalists

On April 13, police in Russia’s Khakassiya republic arrested Mikhail Afanasyev and seized his digital devices. Afanasyev, chief editor of the online magazine Novy Fokus, was detained based on an article about riot police in southern Siberia refusing to serve in Ukraine. He faces a possible 10-year prison sentence for spreading “false” information. 

It’s not surprising for authorities to take phones and computers into custody when they are investigating a journalist – in fact, it’s become routine. CPJ’s prison census, a snapshot of journalists in prison on December 1, 2022, lists examples from IranBelarusAzerbaijanTurkeyVietnam, and India, as well as Russia. 

Little is generally reported about what happens next. We don’t know what Russian authorities did with Afanasyev’s devices, for example. But we do know that widely available forensic tools have been used to examine journalists’ phones in order to convict them in Myanmar and search for their sources in Nigeria.

A law enforcement agent scrolling through a journalist’s unlocked phone is already a problematic scenario for press freedom. But this risk is supercharged by technology that can copy and search the entire content of phones and computers, sometimes even if they are locked. Like spyware, forensic tools can access everything on a phone or computer, but unlike spyware, such tools are in widespread, open usage in democracies as well as more repressive regimes. Their use has accelerated threats to the press while protections and public awareness lag behind.

“Mobile device forensics tools can recover deleted data, as well as lots of data that isn’t visible to the naked eye when scrolling,” Riana Pfefferkorn, a research scholar at Stanford Internet Observatory, which studies abuse in information technologies, said in an email. 

These tools are becoming ubiquitous in government agencies in countries like the United States and Australia – and they have been documented in many countries where those in power view independent journalism as a threat. In 2020, the head of Russia’s Investigative Committee said that law enforcement agencies had probed cellphones 26,000 times the previous year using data extraction tools produced by the Israel-based company Cellebrite. Citing human rights concerns, Cellebrite said in 2021 that it had stopped selling to Russia and Belarus, but Russian investigative agencies continued to reference the country’s products in official reports and training materials in 2022, according to Israeli newspaper Haaretz

Cellebrite, which says on its website that its offerings — designed to help catch criminals — are “trusted by over 6,700 federal, state and local public safety agencies and enterprises in over 140 countries,” is only the best known player in a large market; it purchased computer forensic firm Blackbag Technologies in 2020. In 2019, researcher Valentin Weber wrote for the U.S. nonprofit Open Technology Fund that Chinese officials had instructed local firm Meiya Pico to provide digital forensics training to countries participating in the Belt and Road Initiative, a trillion dollar project to promote trade by building ports and other infrastructure across Asia, Africa, and Europe.   

Forensic products differ from zero-click spyware like Pegasus, which CPJ recently called an existential threat to press freedom for providing states with the power to track journalists and their sources secretly and continuously by hacking into their phones. Spyware can penetrate remotely and invisibly, is deniable, and much more expensive

To operate a forensic tool, on the other hand, one needs physical access to a device. Journalists who surrender their phones and passcodes at a police station or checkpoint at least know they have been compromised, even if they have relinquished their devices under duress

But data extracted from a phone in a lab or police station can also be used against its owner.  

“The kinds of tools used by police are designed to extract and preserve content in a forensically sound way that will stand up in court,” said Pfefferkorn.

Legal safeguards have not caught up. In the U.S., Customs and Border Protection agents can access a database compiled from some travelers’ devices without a warrant, according to The Washington Post. Journalists have told CPJ that CBP officials have stopped them for electronic searches as they enter the country.  

Some U.S. jurisdictions protect unreported source material from seizure, but police still overreach. After San Francisco police took devices from freelancer Bryan Carmody and his fiancée in 2019, his tablet was returned to him with the passcode on a note stuck to the screen, he told CPJ at the time. Police agreed to delete information obtained from searching the devices following a challenge from his lawyers. 

As CPJ’s prison census shows, journalists elsewhere are often without any such recourse. The research is littered with examples of police seizing electronics from journalists’ family membersfreelancers whose livelihood may depend on their phones, or people in war zones, where devices are a communication lifeline. Once released, journalists may fear spyware has been implanted on their devices and be reluctant to use them, if they have even been returned. If the journalist remains behind bars, they run the risk that the material extracted from the device could be used during interrogations and in building specious criminal cases.  

Since digital forensics gives local law enforcement the ability to siphon off large volumes of data from individual targets’ phones, Steven Feldstein, a senior fellow at the Carnegie Endowment for International Peace who studies digital repression, sees significant overlap between spyware and forensics, and an equally pressing need for reform when it comes to monitoring and regulating the use of both. 

“It seems to me that law enforcement has made a distinction between the two, but I have questions as to whether that’s more artificial than real,” he said. “Given the impossibility of narrowly distinguishing what would be relevant to a particular law enforcement search…there’s a strong presumption against ever using these tools.”  

Until this viewpoint gains traction, authorities can use forensic tools to produce journalists’ own phones as witnesses against them. And journalists like Russia’s Afanasyev – along with the many others whose devices have been seized – are even more vulnerable to laws that make reporting the news a crime. 

See CPJ’s Digital Safety Kit