Where phone hacking and big data solve crimes.
The cell phone at the police station contains evidence of a crime, but the phone is locked and the suspect won’t disclose the password. The case would stall but for the likes of Boris Vestfrid, a cyber forensics analyst.
Vestfrid takes the phone apart and attaches wires to the chips inside to extract data that will offer up key evidence in the case. He then reassembles the phone and returns it to the evidence room.
It’s just another day at New York City’s new state-of-the-art cyber-crime lab, where detectives and prosecutors strive to keep up with high tech criminals.
“No case is simple anymore because juries want to see analysis and expect CSI in the courtroom,” says Manhattan District Attorney Cyrus Vance, who oversees the sprawling operation that involves cops, computer talent, and an ever-growing roster of cases touched by cyber-crime.
In an exclusive tour of the new lab, Fortune got a glimpse of Law & Order in the digital age. The lab is Exhibit A in how America’s biggest city is embracing big data analytics and a dash of hacker culture to solve complex crimes. It also raises hard questions about how to balance these sophisticated crime-fighting tools with civil liberties.
Fortune’s special report offers a close up on the lab and what it means for the future of urban law enforcement.
Home of the Hackers
Inside the central room on the fourth floor of a stern-looking municipal building in downtown New York, Manhattan District Attorney Cyrus Vance runs his hand across the walls. The freshly painted partitions gleam ultra-white and shiny.
This is the office’s new cybercrime lab. Vance is standing at the nucleus of a passion project he began six years ago, which he is revealing only now for the first time. The walls of the room are coated in a film that serves as a dry erase board, allowing forensics investigators to mark up the surface with schematics and plans, Vance explains, withdrawing his palm. A palimpsest of a crime diagram from an earlier case remains.
“If you’re in a major metropolitan area with the trend of technology interfacing with crime, it’s this kind of dedication and resources that’s enabling us to do what the public expects us to do,” Vance says of the lab, which cost $10 million to construct (about $4 million from the city council and the rest from the rest from the proceeds of major settlement agreements).
“County prosecutors all over the country are hugely under-resourced,” Vance says, marveling at the hacker den. “What you’re seeing here is totally aberrational.”
The scale of the renovation is unusual. But Vance sees cybersecurity as a crime priority that is only going to expand. More and more investigations are connected to computers. The district attorney’s office estimates that more than a quarter of its 100,000 annual cases involve digital evidence, or data stored on devices. And that share is trending upward.
Vance is enamored with finer details of the lab space, such as the wall’s shimmering finish, but visitors turn their attention to the spectacular array of electronics contained within. Circuit boards, hard drives, wires, soldering irons, and phones of every make and model are strewn about eight workstations. At one desk, a map of Iraq hangs next to a 6-screen display that depicts an Apache helicopter fleeing the scene of a massive explosion, Mission Impossible-style. On another table squats a Ramsey Box, a shoebox-sized enclosure that cuts off a device’s cell signal to the outside world. Investigators stick their hands in glove-like fixtures to manipulate the devices inside, viewable through a porthole on the lid.
Even more eye-catching than the gizmos and gadgets is what looks like an old bank vault in the corner. The chamber is, in fact, a human-size Ramsey Box, a radio frequency-shielded room, also known as a Faraday cage. Metal-lined walls block wireless connections to devices brought inside. Various phone chargers sprout from an electrical outlet, a lifeline for devices soon to be unlocked. There’s even a sink, which required special installation to ensure no radio signals could escape or penetrate via its plumbing.
“It’s really important that the phone doesn’t get any signal,” says Brenda Fischer, chief of the cybercrime and identity theft bureau at the Manhattan DA’s office. Cutting off the signal prevents someone remotely changing data stored on the device, or wiping the memory—a trick that can easily thwart an investigation. As Fischer enters the vault, the microphone affixed to her black blazer’s lapel goes quiet. “That’s interesting—it kills your mic,” Fortune’s cameraman interrupts.
At the far end of the alcove, a fume hood allows investigators to handle biohazardous materials, such as blood-splattered phones. Previously, the Manhattan DA’s office had to bring electronics contaminated with bodily fluids to the New York Police Department’s forensics lab. No longer: “Now we hope to be able to swab devices for DNA,” Fischer says.
As Vance struts around the new digs, he’s clearly proud of the setup. (“My one regret is that it looked like a SoHo loft before the renovation,” he quips.) Vance greets each of the analysts on staff with a pat on the back, thanking them for their work—and their loyalty. Skills learned here are in high demand in rival federal agencies as well as the private sector, which can lure away workers with higher pay.
David Chan, the deputy director of the team and a former cryptographic technician in the military, is one who chose to stay. Chan joined the Manhattan DA’s office six years ago, back when the idea for a cybercrime lab was just hatching. He moved in with his unit just a few weeks ago. “Our government has allowed us to do things without all the red tape,” Chan says. “We’re able to push the envelope.”
“How’s the paint working?” Vance asks, eyeing a sketch drawn in red marker on the wall.
“Great,” Chan replies.
“We share ideas and brainstorm,” he adds. “No one knows everything—that’s the only way to do it.”
A Luxury Thief Caught by Data
Outside the central lab space, Tanya de Vulpillieres shows off three blown-up maps among a more familiar environment of cubicles and wood-paneled offices.
A cell site analyst, de Vulpillieres used the maps to plot the movements of a suspect after a late night robbery. Her posters display the whereabouts of an individual early on June 22, 2012, a cell phone number, and calls made between 1:55 a.m. and 3:39 a.m. The first map is a zoom-out view of the city while the other two are closeups near the location of the crime.
De Vulpillieres points at a lavender blue rectangle just south of Central Park. The area represents the scene of the crime: Bergdorf Goodman, a luxury department store on Fifth Avenue in midtown Manhattan.
“Can I interrupt here?” Vance chimes in.
“I don’t mean to be a nudge here,” he continues. “I don’t know if this is an open case or a closed case—”
De Vulpillieres assures him it’s closed. Vance nods. He gestures for her to resume.
On one map, a blue dot identifies the suspect’s house. Red dots indicate where cell towers triangulated the person’s location over the course of the morning. These points bear timestamps and coordinates, sign-posting the man’s journey. The person probably had no idea that his most personal of belongings, his cell phone, was snitching on him the whole time.
Despite the wealth of information that prosecutors can gather by requesting location and call records from telecom giants like AT&T (T) and Verizon (VZ), Vance argues it’s not enough for clinching cases. Jurors want to see definitive proof of crimes, and nothing seals the deal like having the content of the phones—text messages, photos, voicemails and so on. (And as discussed below, the rules for getting this sort of data are at the center of a contentious legal battle).
To create court exhibits, de Vulpillieres explains she routinely overlays maps with metadata, using simple tools like Microsoft Excel (MSFT) and ArcGIS, a mapping program. In many cases, prosecutors will take this information that shows suspects’ location and call activity, and then pair it with surveillance camera footage to prove their presence at a crime scene.
De Vulpillieres is an alum of the Federal Bureau of Investigation’s cell site analysis and survey team, or CAST. After graduating law school, she found that she enjoyed this kind of cartography more than her typical lawyerly duties.
The cell analysis unit where she works is just part of a 75-person investigator team at the lab, which employs powerful Palantir software among other tools as part of a larger data-driven crime intelligence strategy. The investigators also have a mobile unit, essentially a van outfitted with electronics gear, to bring its forensic tactics into the field. What the unit does not do, says Vance, is deploy “sting-rays”—controversial devices that mimic cell towers to trick phones into disclosing a suspect’s exact location—which have been used with little judicial oversight in other U.S. cities.
On the opposite side of the building, a squad of NYPD cops assist the office’s investigations. “I begged, borrowed, and stole a dozen detectives from the police department,” Vance says.
Down the hall, a unit of three undercover researchers crawl the dark web, infiltrating web forums, gathering intelligence, and building investigations from the top down. “They all speak Russian,” Fischer, the cyber bureau chief, notes.
Around the perimeter of the cybercrime lab, scores of attorneys put together cases to prosecute, often working from the ground up. An investigation could begin with a common street arrest involving, say, stolen credit cards. Or it could start with something more serious, like a homicide or a child pornography ring. Meanwhile, fourteen assistant district attorneys on staff work on longer-term investigations.
After de Vulpillieres finishes the presentation, she notes that the man whose ill-fated wanderings are on display lost the trial brought against him. The court convicted him of third degree burglary—breaking and entering with the intent to steal—and sent him to prison.
“What was his defense?” Vance asks.
De Vulpillieres pauses, searching for a summary. “It wasn’t me,” she responds.
“It was my phone that committed the crime!” exclaims Fischer with a heap of sarcasm.
Code Crackers vs. Unbreakable Encryption
Cy Vance groans.
He has a problem. Or more like 400 problems. The trouble comes in the form of hundreds of Apple devices that even the DA’s talented cyber team can’t crack.
Ever since fall 2014, when Apple (AAPL) introduced a new type of software called iOS 8, it has become basically impossible for anyone—including Apple itself—to obtain access to the contents of an iPhone or iPad without the owner’s permission.
For privacy activists, who fear digital surveillance has grown too pervasive, the new software and its unbreakable encryption is a blessing. It means Apple has created a way for consumers to shield their personal information from the prying eyes of hackers and spies.
Vance doesn’t see it that way. Since the change, he has been one of the country’s most outspoken critics of Apple’s encryption, arguing the company is thwarting law enforcement’s ability to investigate serious crimes. He points to a growing stack of devices that may contain key evidence in unsolved crimes, but that his detectives can’t open because of Apple’s new security feature.
Today the DA’s office has 423 of these inaccessible devices sitting in the evidence room. All are Apple products. The DA’s office declined to comment about whether it can access data on phones running the latest versions of Google’s Android operating system. Instead, Roxanne Leong, a spokesperson pointed Fortune to a recent report that suggests that Google’s (GOOG) new Lollipop 5.0 edition of Android software “plans to use default full-disk encryption” of the sort that makes Apple phones impenetrable. The report noted that the feature is available for people to turn on, including on certain Google-branded Nexus phones.
In Vance’s view, the new encryption tools amount in part to a marketing schtick in which the tech giants are using privacy as a pretext to dodge civic responsibility. He believes Apple and Google are no different than other companies, including telecom and automotive firms, that initially resisted regulation but came to work with governments.
“Why should Google or Apple be treated any differently than any other large, multinational company who’ve had to recognize the products they are developing are in fact being used by criminals and that society gives up a lot when they are inaccessible to law enforcement,” Vance says.
The debate over encryption came to a head last March when Apple and the FBI went to court over an iPhone belonging to a dead terrorist responsible for the San Bernardino massacre. The agency had sought an order to force Apple to write software to get around the encryption but, right before the trial, withdrew the request and said it had cracked the phone with help from a third-party contractor.
The episode raised the question of whether law enforcement agencies—including the Manhattan DA’s office—might be overstating the encryption problem. After all, if the FBI could get into the San Bernardino phone, other agencies could presumably do the same.
That argument, however, overlooks the fact that Apple and Google continue to introduce new software versions that are even more secure than before. Right now, it’s unclear if, and where, critical vulnerabilities in the latest iPhone might be hiding, and how much a law enforcement agency would have to pay to get them.
For Vance, the question of purchase price is a non-starter. He says the current system—in which law enforcement tries to break into industry’s products and pays for an exploit if its own hacking is unsuccessful—is “wrong-headed.”
He adds that, while large agencies like the FBI might be able to pay for hacks, this isn’t the case for many police departments across the country, which are grappling with what to do with a growing pile of phones that contain evidence of local crimes but are inaccessible to detectives.
Vance thinks the solution is for Congress to oblige tech companies to make the devices in such a way the companies can still access the content on them and, when necessary, supply that content to law enforcement. At a minimum, he says this should apply to “data at rest” on a device as opposed to access in real time.
Such a law would simplify the evidence-gathering process—and reduce the load on his lab—but also raise major civil liberties questions. Critics of proposed “back door” laws—which call for companies to build a secret way into phones and computers—fear such rules would be abused by police, and force citizens to surrender every detail of their digital lives. Vance downplays such worries, and argues judges will keep a tight leash on such searches.
“I’ve written a lot of warrants in my time,” says Vance. “Judges are not shy about identifying defects in a warrant because they don’t want their decisions to be scrutinized and to be found their judgment was wrong.”
As Vance, and the country, confront the thorny questions of how to balance legitimate law enforcement demands versus personal privacy, the analysts in New York’s confront digital crime in the way they know how—with soldering irons and software code and plenty of patience.
The arrival of the new Apple phones may have given the crooks a leg up for now but, in the never-ending contest between those who rely on codes and those who break them, it’s probably only a matter of time until the code-breakers catch up.
This story was updated at 3pm ET to clarify the source of funding for the lab as well as DA Vance’s recommendation for Congress.