What the Adams Indictment Teaches Us About Cellphone Evidence
By Nina Loshkajian
In reading the historic indictment of Mayor Adams, there are many points that may elicit shock and awe. How could such corruption happen right under our noses? How did he get away with it for so long? But it also raises more practical questions—how were prosecutors able to see deleted text messages? After all, the indictment alleges that Adams assured one of his co-conspirators that “he ‘always’ deleted her messages.” Unfortunately for him, this has seemingly backfired. Prosecutors will now use these messages, which he allegedly boasted of having deleted, including that very message in which he documents the practice, to prove his illicit activity and the fact that he knew what he was doing was wrong.
So how is this possible? The indictment is a good reminder of something defense lawyers and privacy professionals are constantly trying to tell their clients: just because you delete a message on your phone, that doesn’t mean it is gone forever.
While some of us may not have a deep well of sympathy for Mayor Adams’ messages being exposed in this particular case, given that the allegations against him are of bribery and corruption, it is important to remember that prosecutors use the same type of evidence everyday against individuals accused of other crimes. In the wake of the Dobbs decision, text messages in which people discuss abortion services have been used against them in court. Same goes for racial justice protestors surveilled by police.
There are a few ways prosecutors may have obtained the evidence cited in the Adams indictment. First, a message deleted on the sender’s phone may still be accessed from the recipient’s phone. In instances where a large group of people is coordinating together, it can be particularly hard to protect the privacy of communications.
Second, even assuming everyone involved deletes all messages on their devices, police may still be able to subpoena cell phone service providers for the contents of messages. Some companies hold on to this data for some specified period of time (this depends on the carrier and may be as short as a few days). If law enforcement can obtain a court order, they may have the ability to wiretap texts in real time or use a stingray or similar fake cell tower to intercept message content.
Police can also seek a warrant to seize and forensically examine the device. Even deleted messages could be accessible through this process of forensic inspection, potentially with the help of technologies such as Cellebrite which are able to extract data from phones and even disable passcodes. This is why Mayor Adams’ alleged attempt to change his phone password and then claim he had forgot the new one ultimately won’t be enough to hide his data.
Because of these vulnerabilities, many cybersecurity professionals will recommend everyone use messaging services that offer end-to-end encryption. End-to-end encryption protects content while in transit between sender and recipient, so the server never has access to decrypted data. As a result, attempts to get the data from the cellular provider or maker of the application will be futile – revealing only unreadable, jumbled characters. However, encryption’s ability to protect your privacy is limited, especially because the options available on the market range widely in what protections they offer. For example, while Signal enables end-to-end encryption by default, on WhatsApp and Telegram, users must turn it on—and then make sure the person or people on the other end also have it enabled. Even if end-to-end encryption is enabled by all parties, unless those messages are deleted, police can simply seize a phone, open the relevant application, and view the plain text messages. What’s more, advanced mobile forensic tools can are increasingly able to bypass encryption.
In light of all this, what can be done? The real moral of the story is pretty simple: don’t put anything in writing that you wouldn’t want to be displayed in a courtroom. But using messaging services with end-to-end encryption is still advised where you may be discussing a sensitive topic like attending a protest or visiting an abortion clinic or clinic providing gender-affirming care. And—to actually be on “the safe side”—never ever tell someone in a text message that you always delete their messages.
Loshkajian is a Staff Attorney at the Surveillance Technology Oversight Project.