The Timing of Computer Search Warrants When It Takes the Government Several Years To Guess The Password
In a decision handed on Friday, United States v. Kopankov, the U.S. District Court for the Northern District of California (Jacqueline Scott Corley, J.) suppressed the fruits of a computer warrant search because it took the government too much time to bypass the device's encryption. Specifically, the magistrate judge who issued the warrant had imposed an extra limit on the warrant requiring the government to forensically search the seized computer quickly, and to request extensions from the court asking for more time if it needed longer. But the government could not bypass the encryption on the computer — an Apple iPhone X — other than by trying a "brute force" attack to guess all the possible passwords. The government did get one extension giving it more time. But it ended up taking three years for the brute force attack to guess the correct password. By that time, the extension had itself expired.
In the new ruling, Judge Corley suppresses the fruits of the search because the brute force attack did not succeed until after the extension had expired. Specifically, the government mirrored the decrypted device (generating a copy to be searched) before applying for another search warrant to search the device. Judge Corley concludes that the mirroring was a warrantless search that requires suppression of the evidence found on the warrant.
