The National Football League (NFL)’s recent decision to uphold the four-game suspension of New England Patriots quarterback Tom Brady touched off a national conversation about ethics, due process and the art of the forward pass. It also raised a discussion about the challenges of recovering old text messages.
At its core, the NFL’s rationale for the Brady suspension had less to do with a little air being released from footballs in last year’s AFC Championship Game and more to do with what Commissioner Roger Goodell perceived to be Brady’s attempts to obstruct the investigation by destroying his mobile phone. According to Goodell’s statement: “Mr. Brady’s direction that his cell phone [and its relevant evidence] be destroyed on or about March 6 is very troubling. Rather than simply failing to cooperate, Mr. Brady made a deliberate effort to ensure that investigators would never have access to information that he had been asked to produce.” Brady and the Patriots were furious, pointing out that Brady was fully cooperative and in fact had been instructed by his attorneys that he would never have to produce the phone for examination.
The fallout from this public feud between the NFL and one of its most dominant franchises has been curious to observe from my viewpoint as a former law enforcement investigator and current mobile forensics training professional. The Brady drama has surfaced four common myths about mobile forensics that are held by many people:
- Just take a hammer to it
- All phones have the same security protection
- Any text conversation in the airwaves can be retrieved
- No phone, no data
Lots of folks have taken to social media to express their conviction that it’s pretty simple to “destroy” a mobile phone, all you need to do is smash it with a sledgehammer or toss it in the fireplace. Well, not exactly. The key to our ability to recover data from a phone centers around whether we can salvage the memory chip inside that phone. Many of our clients are surprised to learn that we have some very sophisticated tools available to us now for extracting chips and reading them – we’ve uncovered hidden data from phones whose owners “destroyed” them by burning them in a fire, drowning them in the swimming pool and all sorts of violent attempts.
One phone manufacturer is pretty much the same as the next, right? Sorry, not true. Smart phones such as the Samsung model that Brady used are powered by the Android operating system, which has default settings that are vulnerable to forensic access. The same is true with phones that run on other mobile operating systems. However, the iOS used by Apple’s iPhone (and other mobile devices) is encrypted at a high level of data security, which makes acquiring data from these devices more of a challenge for investigators.
As any faithful viewer of TV crime shows can attest, once you hit send on a text message, it lives forever in the airwaves and can be obtained by court order any time. Eh, not anymore. That may have been true at one time, but it would now take miles and miles of servers to store the amount of text messages that are sent through just one mobile phone carrier each year; there is just way too much data out there for all texts to be retained. The largest mobile service providers only save text messages on their servers for a few days.
Interestingly, while one common myth is that text messages live forever in the air, it’s also a commonly held belief that the only way to recover data sent from a mobile phone is to recover the phone itself. Actually, if the matter involved is a criminal investigation (and it should be understood that was NOT the case with the Brady investigation), there are a number of strategies available that do not require access to the originating device. One option is to identify the phone numbers that were texted and then obtain a court order to collect the messages from the recipients’ phones. If the person of interest was using an email service to send messages, investigators can obtain a search warrant to access the servers of the email provider and retrieve the messages. And if the messages were being sent via third party “text messaging” application, law enforcement agencies can issue a search warrant to the service provider to access their servers.
The “Deflategate” drama made for some interesting headlines and will surely be revisited this fall when the NFL season kicks off and Tom Brady is not on the field. At the same time, it prompted a national conversation about deleted text messages, which showed there are a number of misconceptions in the general public with respect to mobile data collection.
With our state-of-the-art forensics tools, we can do more than most people realize. But we can’t make text messages appear out of thin air.