PUBLIC SAFETY

It took two years for cops to crack the dead woman's phone. Here's how they got in.

Holly V. Hays Vic Ryckaert
IndyStar
The iPhone 6 Plus, at left, and iPhone 6 are displayed on Tuesday, Sept. 9, 2014, in Cupertino, Calif.

Related story:IMPD officer deleted messages from teen's cellphone after her suicide, police say

That any messages on the dead woman’s cellphone might be deleted wasn’t the only problem for Indianapolis Metropolitan Police investigators. It was that the phone itself had locked users out.

Failed attempts to guess the passcode had disabled the phone. Investigators wanted to know why IMPD Officer Francisco Olmos had handled the phone moments after the 18-year-old woman’s body was found with a self-inflicted gunshot.

Nearly two years later, investigators finally found out. Olmos had deleted dozens of messages, authorities allege in court documents. He now faces charges of obstruction of justice and digital trespassing in a case made possible only by technology advancements that allowed police to examine the phone.

As legal concerns swirl around digital privacy and police searches, another matter is taking place more behind the scenes. Cellphone makers wanting to ensure both privacy and security continually advance their technology while experts of another sort continually look for vulnerabilities to get inside the phones.

But these aren’t hackers. They’re digital forensics companies working with police.

A family's grief:'Today's events destroyed me': Slain IU educator's son tweets about losing father

Child abuse online:How sexual predators extort teens

Indy politics: Indianapolis council reduces Jeff Miller's authority as he faces child molestation charges   

"They are finding vulnerabilities, finding holes in the technology at the time, and exploiting them," said Arthur Salmon, cybersecurity program director at the College of Southern Nevada. 

'An electronic footprint'

Technology evolves much faster than the law, but Larry Landis, executive director of the Indiana Public Defender Council, said he expects prosecutors will be bringing more and more recovered and retrieved data into the courtrooms.

"Everything people do digitally, they should assume that never, ever goes away," Landis said. "There is going to be an electronic footprint in the sand somewhere."

The big question, Landis said, is whether the government has the legal right to access emails, texts and other digital communications.

"Maybe people feel more secure in their personal safety," Landis said, "but the trade-off is you are going to lose your expectation of privacy in electronic communications."

On Nov. 29 the U.S. Supreme Court heard its first digital privacy case in three decades. During the arguments, USA Today reported that a majority of the justices voiced their concerns that the government's ability to monitor people through their cellphones violates their privacy.

The case involved police obtaining location data of a suspect's cellphone from wireless carriers without a search warrant. Privacy groups fear such searches could extend to email and text messages, social media communications, Internet browsing histories and even data from Siri, Alexa and Fitbits.

Landis said the courts weigh the issues of privacy versus public safety every time a new technology emerges.

"That balancing has been going on for years," Landis said. "This just adds another dimension."

In the Olmos case, the cellphone was under the account of the dead woman’s father, and he provided the phone to investigators, according to court documents.

IMPD forensics experts could bypass a passcode but not the predicament that occurs when an iPhone is disabled. The phone was disabled after a police detective and family members tried to guess the passcode but failed.

Apple's guidelines for users to overcome a disabled phone is to reset the device, which erases its data.

In the Olmos case, digital forensics company Cellebrite Services had extracted the data itself by October 2016, but IMPD investigators still wanted to examine the phone to corroborate the findings and settings. A year later Cellebrite gained the ability to reverse the disabling feature.

Less than two months later Olmos was charged. Investigators found a host of deleted messages between Olmos, 31, and the 18-year-old woman. Olmos denied having an intimate relationship with the teen, court documents said. But why he deleted the messages is unclear.

“Part of what happened in the course of this investigation is the ever-evolving technology and the additional capability of accessing information,” Marion County Prosecutor Terry Curry told IndyStar.

“Without the ability to extract the information off of the young woman’s phone, there would have been no capability whatsoever to file this case.”

A complicated game

Cellphone makers and data extraction companies are in a cat-and-mouse game, said Kevin Edwards, a crime and technological analyst with the Seal Beach (Calif.) Police Department.

Once a company deciphers how to access certain data, a cellphone manufacturer will often take note and up the ante, making it increasingly difficult to find new workarounds as updated operating systems and devices are released. 

Edwards sees value in this kind of forensic technology, though. Access to these tools would allow law enforcement to revisit cellphones sitting in evidence lockers. It would allow investigators to access the previously inaccessible, to potentially close stalled cases. 

"As long as the agencies have the resources to employ those tools, I think there are a great deal of cases that can be solved as a result," he said. 

Electronic data doesn't disappear easily. 

"If there is something downloaded to your phone, even for a moment, it leaves an imprint," Edwards said. "That information can be saved." 

Jonathan Sorenson, professor and chairman of Butler University's computer science and software engineering department, likened the situation to cleaning dried-on ink off of a whiteboard. The faded messages are still there.

"It's merely a matter of scanning the memory looking for patterns remaining and interpreting the 'faded' writing," he said. 

Edwards said that while it is possible to completely delete a message or other information, doing so would require an enormous amount of work. Users would have to delete the message from both the sending and receiving devices and then from every server and cell tower the message would have passed through.

"There are just too many different places a message, a picture, an interaction on the internet goes,” Edwards said, “where an individual just can't.”

IndyStar reporter Ryan Martin contributed to this article. 

Call IndyStar reporter Holly Hays at (317) 444-6156. Follow her on Twitter: @hollyvhays.

Call IndyStar reporter Vic Ryckaert at (317) 444-2701. Follow him on Twitter: @vicryc.