"Both local police and the FBI are seeking information about individuals who were 'actively instigating violence' in Washington, DC, on January 6," writes Ars Technica.

Then they speculate on which tools will be used to find them: While media organizations took thousands of photos police can use, they also have more advanced technologies at their disposal to identify participants, following what several other agencies have done in recent months... In November, The Washington Post reported that investigators from 14 local and federal agencies in the DC area have used a powerful facial recognition system more than 12,000 times since 2019.

Neither would an agency need actual photos or footage to track down any mob participant who was carrying a mobile phone. Law enforcement agencies have also developed a habit in recent years of using so-called geofence warrants to compel companies such as Google to provide lists of all mobile devices that appeared within a certain geographic area during a given time frame...

With all of that said, however, the DC Metropolitan Police and the FBI will probably need to look no further than a cursory Google search to identify many of the leaders of Wednesday's insurrection, as many of them took to social media both before and after the event to brag about it in detail. In short: you don't need fancy facial recognition tools to identify people who livestream their crimes.
Friday the Washington Post also cited "the countless hours of video — much of it taken by the rioters themselves and uploaded to social media" as a useful input for facial recognition software.

But in addition, they note that "The Capitol, more than most buildings, has a vast cellular and wireless data infrastructure of its own to make communications efficient in a building made largely of stone and that extends deep underground and has pockets of shielded areas. Such infrastructure, such as individual cell towers, can turn any connected phone into its own tracking device.

"Phone records make determining the owners of these devices trivially easy..."

An anonymous reader quotes a report from ZDNet: Singapore has confirmed its law enforcers will be able to access the country's COVID-19 contact tracing data to aid in their criminal investigations. To date, more than 4.2 million residents or 78% of the local population have adopted the TraceTogether contact tracing app and wearable token, which is one of the world's highest penetration rates. [...] In its efforts to ease privacy concerns, the Singapore government had stressed repeatedly that COVID-19 data would "never be accessed unless the user tests positive" for the virus and was contacted by the contact tracing team. Personal data such as unique identification number and mobile number also would be substituted by a random permanent ID and stored on a secured server.

However, the Singapore government now has confirmed local law enforcement will be able to access the data for criminal investigations. Under the Criminal Procedure Code, the Singapore Police Force can obtain any data and this includes TraceTogether data, according to Minister of State for Home Affairs, Desmond Tan. He was responding to a question posed during parliament Monday on whether the TraceTogether data would be used for criminal probes and the safeguards governing the use of such data. Tan said the Singapore government was the "custodian" of the contact tracing data and "stringent measures" had been established to safeguard the personal data. "Examples of these measures include only allowing authorized officers to access the data, using such data only for authorized purposes, and storing the data on a secured data platform," he said. He added that public officers who knowingly disclose the data without authorization or misuse the data may be fined up to SG$5,000 or jailed up to two years, or both.

Asked if police use of the data violated the TraceTogether privacy pledge, Tan said: "We do not preclude the use of TraceTogether data in circumstances where citizens' safety and security is or has been affected, and this applies to all other data as well." He noted that "authorized police officers" may invoke the Criminal Procedure Code to access TraceTogether data for such purposes as well as for criminal investigation, but this data would, otherwise, be used only for contact tracing and to combat the spread of COVID-19.

A few hours ago and after years of preparation, amendments to Japan's copyright law came into effect, aiming to criminalize those who download unlicensed manga, magazines, and academic texts from the Internet. From a report: While uploading pirated content has always been illegal, the new law is quite specific in that it criminalizes the downloading of unlicensed content. While that could take place in a simultaneous upload environment such as BitTorrent, it seems most likely that people will obtain content from websites instead. That presents some roadblocks to enforcement so we asked Ina how, from a technical perspective, will the authorities track, obtain evidence, and prosecute people who simply download content (comics, movies, music etc) to their machines but don't distribute? "The authorities shall use digital forensic technologies to track suspects' activities and collect evidence. The details of such technologies have not been publicly available," Masaharu Ina from Japan-based anti-piracy group CODA explained. "There are certain special units specialized in cyber crimes in each prefecture. For example, the Tokyo Metropolitan Police has its own Cyber Crime Control Unit. But the police do not investigate unless the person commits the crime repeatedly, intentionally and maliciously, i.e. innocent light downloaders shall not be prosecuted."

Bloomberg Editorial Board: Amid raging wildfires, rolling blackouts and a worsening coronavirus outbreak, it has not been a great year for California. Unfortunately, the state is also reeling from a manmade disaster: an exodus of thriving companies to other states. In just the past few months, Hewlett Packard Enterprise said it was leaving for Houston. Oracle said it would decamp for Austin. Palantir, Charles Schwab and McKesson are all bound for greener pastures. No less an information-age avatar than Elon Musk has had enough. He thinks regulators have grown "complacent" and "entitled" about the state's world-class tech companies. No doubt, he has a point. Silicon Valley's high-tech cluster has been the envy of the world for decades, but there's nothing inevitable about its success. As many cities have found in recent years, building such agglomerations is exceedingly hard, as much art as science. Low taxes, modest regulation, sound infrastructure and good education systems all help, but aren't always sufficient. Once squandered, moreover, such dynamism can't easily be revived. With competition rising across the U.S., the area's policy makers need to recognize the dangers ahead.

In recent years, San Francisco has seemed to be begging for companies to leave. In addition to familiar failures of governance -- widespread homelessness, inadequate transit, soaring property crime -- it has also imposed more idiosyncratic hindrances. Far from welcoming experimentation, it has sought to undermine or stamp out home-rental services, food-delivery apps, ride-hailing firms, electric-scooter companies, facial-recognition technology, delivery robots and more, even as the pioneers in each of those fields attempted to set up shop in the city. It tried to ban corporate cafeterias -- a major tech-industry perk -- on the not-so-sound theory that this would protect local restaurants. It created an "Office of Emerging Technology" that will only grant permission to test new products if they're deemed, in a city bureaucrat's view, to provide a "net common good." Whatever the merits of such meddling, it's hardly a formula for unbounded inventiveness.

These two traits -- poor governance and animosity toward business -- have collided calamitously with respect to the city's housing market. Even as officials offered tax breaks for tech companies to headquarter themselves downtown, they mostly refused to lift residential height limits, modify zoning rules or allow significant new construction to accommodate the influx of new workers. They then expressed shock that rents and home prices were soaring -- and blamed the tech companies. California's legislature has only made matters worse. A bill it enacted in 2019, ostensibly intended to protect gig workers, threatened to undo the business models of some of the state's biggest tech companies until voters granted them a reprieve in a November referendum. A new privacy law has imposed immense compliance burdens -- amounting to as much as 1.8% of state output in 2018 -- while conferring almost no consumer benefits. An 8.8% state corporate tax rate and 13.3% top income-tax rate (the nation's highest) haven't helped.

Amazon announced Wednesday that it's acquiring podcasting company Wondery, expanding its catalog of original audio content. From a report: As part of the deal, Wondery will join Amazon Music, the e-commerce giant's music streaming business. Amazon Music in September added podcasts to its platform, looking to carve out a share of the increasingly competitive podcasting market, in which Spotify, Apple and others have gained ground. Terms of the deal weren't disclosed. Wondery, founded in 2016, has produced some of the most popular podcasts in recent years, including true crime series like "Dirty John," "Dr. Death" and "Over My Dead Body." The podcast producer and network says it counts more than 10 million unique listeners each month. WSJ reported earlier this month that Amazon was valuing Wondery at over $300 million in advanced stages of talks before the acquisition.

A French judge has sentenced the founder of the now-defunct BTC-e cryptocurrency exchange to five years in prison and a fine of $121,000 for laundering funds for cybercriminals, including ransomware gangs, ZDNet France reported today. From the report: Alexander Vinnik, 41, a Russian national, dodged a bigger sentence after French prosecutors failed to prove that the BTC-e founder was directly involved in the creation and the distribution of Locky, a ransomware strain that was active in 2016 and 2017. "Mr. Vinnik, the court acquitted you of the offenses relating to the cyber-attacks linked to Locky, as well as the offenses of extortion and association to criminal activities, but finds you guilty of organized money laundering," the judge said when reading the sentence. innik was trialed in Paris this fall after a long and complicated legal battle. He was initially arrested in July 2017 while vacationing in a summer resort in northern Greece. He was taken into custody by Greek police under an international warrant issued by the US for his involvement in running BTC-e, a cryptocurrency exchange that Vinnik founded in 2011, together with fellow Russian national Aleksandr Bilyuchenko. US authorities said Vinnik operated BTC-e as a front company for a money-laundering operation, knowingly receiving funds from hacks and other forms of cybercrime and helping crooks cash out stolen funds into fiat currency.

In an eloquent essay, Scottish-American historian Niall Ferguson argues that "We are living through a monetary revolution so multifaceted that few of us comprehend its full extent." The technological transformation of the internet is driving this revolution. The pandemic of 2020 has accelerated it...

Covid-19 has been good for Bitcoin and for cryptocurrency generally. First, the pandemic accelerated our advance into a more digital word: What might have taken 10 years has been achieved in 10 months. People who had never before risked an online transaction were forced to try, for the simple reason that banks were closed. Second, and as a result, the pandemic significantly increased our exposure to financial surveillance as well as financial fraud. Both these trends have been good for Bitcoin....

What is happening is that Bitcoin is gradually being adopted not so much as means of payment but as a store of value. Not only high-net-worth individuals but also tech companies are investing. In July, Michael Saylor, the billionaire founder of MicroStrategy, directed his company to hold part of its cash reserves in alternative assets. By September, MicroStrategy's corporate treasury had purchased bitcoins worth $425 million. Square, the San Francisco-based payments company, bought bitcoins worth $50 million last month. PayPal just announced that American users can buy, hold and sell bitcoins in their PayPal wallets. This process of adoption has much further to run...

Some economists, such as my friend Ken Rogoff, welcome the demise of cash because it will make the management of monetary policy easier and organized crime harder. But it will be a fundamentally different world when all our payments are recorded, centrally stored, and scrutinized by artificial intelligence — regardless of whether it is Amazon's Jeff Bezos or China's Xi Jinping who can access our data... Rather than seeking to create a Chinese-style digital dollar, Joe Biden's nascent administration should recognize the benefits of integrating Bitcoin into the U.S. financial system — which, after all, was originally designed to be less centralized and more respectful of individual privacy than the systems of less-free societies.

A new bug in the PlayStation game Spider-Man: Miles Morales "turns Miles into various inanimate objects, including bricks, cardboard boxes, and even a trash can," reports GameSpot: Despite Miles' changed appearance, he can still perform many of his heroic antics, including web-swinging and beating up bad guys. It's an important lesson to all of us in these trying times: You might look like trash, but you can still do your job.
Today Engadget reports that the glitch even turns Spider-Man into a patio heater: If you've ever wanted to keep people toasty warm while fighting crime, now's your chance.

We've asked [the game's creator] Insomniac Games for comment, although it already tweeted that the hiccup was "equally embarrassing as it is heart-warming." Into the Spider-Verse's Phil Lord joked that the heater would find its way into the sequel if the team had "any self respect at all."

Crypto assets worth more than $4.2 billion have been seized by Chinese police during the massive PlusToken Ponzi scheme crackdown, according to a new court ruling. From a report: In a November 19 judgment made public on Thursday, the Jiangsu Yancheng Intermediate People's Court has detailed the breakdown for the first time of all the crypto assets seized by Chinese police related to the PlusToken case. A total of 194,775 BTC, 833,083 ETH, 1.4 million LTC, 27.6 million EOS, 74,167 DASH, 487 million XRP, 6 billion DOGE, 79,581 BCH, and 213,724 USDT have been seized by Chinese law enforcement from seven convicts during the crackdown. These assets, at today's prices, are worth over $4.2 billion in total. As part of the ruling, the court said "the seized digital currencies will be processed pursuant to laws and the proceeds and gains will be forfeited to the national treasury." However, the Yancheng Intermediate People's Court doesn't elaborate on how much of the seized crypto assets have been or will be "processed" or via what method exactly. The PlusToken criminal case was initially ruled on September 22 by a lower-level district court in the city of Yancheng in China's Jiangsu province.

An anonymous reader quotes a report from NBC News: Two notebooks written by the famed British naturalist Charles Darwin in 1837 and missing for years may have been stolen from the Cambridge University Library, according to curators who launched a public appeal Tuesday for information. The notebooks, estimated to be worth millions of dollars, include Darwin's celebrated "Tree of Life" sketch that the 19th-century scientist used to illustrate early ideas about evolution. Officials at the Cambridge University Library say the two notebooks have been missing since 2001, and it's now thought that they were stolen.

"I am heartbroken that the location of these Darwin notebooks, including Darwin's iconic 'Tree of Life' drawing, is currently unknown, but we're determined to do everything possible to discover what happened and will leave no stone unturned during this process," Jessica Gardner, the university librarian and director of library services, said in a statement. The lost manuscripts were initially thought to have been misplaced in the university's enormous archives, which house roughly 10 million books, maps and other objects. But an exhaustive search initiated at the start of 2020 -- the "largest search in the library's history," according to Gardner -- failed to turn up the notebooks and they are now being reported as stolen. Cambridge University officials said a police investigation is underway and the notebooks have been added to Interpol's database of stolen artworks.

Three Nigerians suspected of being part of a cybercrime group that targeted tens of thousands of victims around the world have been arrested today in Lagos, Nigeria's capital, Interpol reported. From a report: In a report disclosing its involvement in the investigation, security firm Group-IB said the three suspects are members of a cybercrime group they have been tracking since 2019 and which they have been tracking under the codename of TMT. Group-IB said the group primarily operated by sending out mass email spam campaigns containing files laced with malware. To send their email spam, the group used the Gammadyne Mailer and Turbo-Mailer email automation tools and then relied on MailChimp to track if a recipient victim opened their messages. The file attachments were laced with various strains of malware that granted hackers access to infected computers from where they focused on stealing credentials from browsers, email, and FTP clients.

India is not done banning Chinese apps. The world's second largest internet market, which has banned over 175 apps with links to the neighboring nation in recent months, said on Tuesday it was banning an additional 43 such apps. From a report: Like with the previous orders, India cited cybersecurity concerns to block these apps. "This action was taken based on the inputs regarding these apps for engaging in activities which are prejudicial to sovereignty and integrity of India, defence of India, security of state and public order," said India's IT Ministry in a statement. The ministry said it issued the order to block these apps "based on the comprehensive reports received from Indian Cyber Crime Coordination Center, Ministry of Home Affairs." The apps that have been banned include popular short video service Snack Video, which had surged to the top of the chart in recent months, as well as e-commerce app AliExpress, delivery app Lalamove, and shopping app Taobao Live. At this point, there doesn't appear to be any Chinese app left in the top 500 apps used in India.

A former Microsoft software engineer from Ukraine has been sentenced to nine years in prison for stealing more than $10 million in store credit from Microsoft's online store. Ars Technica reports: From 2016 to 2018, Volodymyr Kvashuk worked for Microsoft as a tester, placing mock online orders to make sure everything was working smoothly. The software automatically prevented shipment of physical products to testers like Kvashuk. But in a crucial oversight, it didn't block the purchase of virtual gift cards. So the 26-year-old Kvashuk discovered that he could use his test account to buy real store credit and then use the credit to buy real products.

At first, Kvashuk bought an Office subscription and a couple of graphics cards. But when no one objected to those small purchases, he grew much bolder. In late 2017 and early 2018, he stole millions of dollars worth of Microsoft store credit and resold it online for bitcoin, which he then cashed out using Coinbase. US prosecutors say he netted at least $2.8 million, which he used to buy a $160,000 Tesla and a $1.6 million waterfront home (his proceeds were less than the value of the stolen credit because he had to sell at a steep discount).

Kvashuk made little effort to cover his tracks for his earliest purchases. But as his thefts got bigger, he took more precautions. He used test accounts that had been created by colleagues for later thefts. This was easy to do because the testers kept track of test account credentials in a shared online document. He used throwaway email addresses and began using a virtual private networking service. Before cashing out the bitcoins, he sent them to a mixing service in an attempt to hide their origins. Kvashuk reported the bitcoin windfall to the IRS but claimed the bitcoins had been a gift from his father.

An anonymous reader quotes a report from the Electronic Frontier Foundation: This is not a drill. Red alert: The police surveillance center in Jackson, Mississippi, will be conducting a 45-day pilot program to live stream the Amazon Ring cameras of participating residents. Now, our worst fears have been confirmed. Police in Jackson, Mississippi, have started a pilot program that would allow Ring owners to patch the camera streams from their front doors directly to a police Real Time Crime Center. The footage from your front door includes you coming and going from your house, your neighbors taking out the trash, and the dog walkers and delivery people who do their jobs in your street. In Jackson, this footage can now be live streamed directly onto a dozen monitors scrutinized by police around the clock. Even if you refuse to allow your footage to be used that way, your neighbor's camera pointed at your house may still be transmitting directly to the police.

Only a few months ago, Jackson stood up for its residents, becoming the first city in the southern United States to ban police use of face recognition technology. Clearly, this is a city that understands invasive surveillance technology when it sees it, and knows when police have overstepped their ability to invade privacy. If police want to build a surveillance camera network, they should only do so in ways that are transparent and accountable, and ensure active resident participation in the process. If residents say "no" to spy cameras, then police must not deploy them. The choices you and your neighbors make as consumers should not be hijacked by police to roll out surveillance technologies. The decision making process must be left to communities.

An anonymous reader shares a report from the BBC: Facebook is being sued for failing to protect users' personal data in the Cambridge Analytica breach. The scandal involved harvested Facebook data of 87 million people being used for advertising during elections. Mass legal action is being launched against Facebook for misuse of information from almost one million users in England and Wales. Facebook said it has not received any documents regarding this claim. The group taking action -- Facebook You Owe Us -- follows a similar mass action law suit against Google. Google You Owe Us, led by former Which? director Richard Lloyd, is also active for another alleged mass data breach. Both represented by law firm Millberg London, the Google case is being heard in the Supreme Court in April next year.

The Facebook case will argue that by taking data without consent, the firm failed to meet their legal obligations under the Data Protection Act 1998. Representative claimant in the case Alvin Carpio said: "When we use Facebook, we expect that our personal data is being used responsibly, transparently, and legally. By failing to protect our personal information from abuse, we believe that Facebook broke the law. Paying less than 0.01% of your annual revenue in fines -- pocket change to Facebook -- is clearly a punishment that does not fit the crime. Apologizing for breaking the law is simply not enough. Facebook, you owe us honesty, responsibility and redress. We will fight to hold Facebook to account."

"Police often frame facial recognition as a necessary tool to solve the most heinous crimes, like terrorist attacks and violent assaults, but researchers have found that the technology is more frequently used for low-level offenses," reports CNET: In a recent court filing, the New York police department noted that it's turned to facial recognition in more than 22,000 cases in the last three years. "Even though the NYPD claims facial recognition is only used for serious crimes, the numbers tell a different story," said Albert Fox Cahn, the executive director of the Surveillance Technology Oversight Project. "As facial recognition continues to grow, it's being routinely deployed for everything from shoplifting to graffiti."

Asked for comment, an NYPD spokeswoman pointed to a 2019 opinion article by police commissioner James O'Neill titled "How Facial Recognition Makes You Safer." In the piece, O'Neill talked about how facial recognition had been used to make arrests in murder, robbery and rape cases, but he didn't disclose how often it was used for low-level crimes. The department's facial recognition policy, established in March, allows the technology to be used for any crime, no matter the severity. Without any limits, police have more frequently used the technology for petty thefts than the dangerous crimes, privacy advocates say. Before Amazon put a moratorium on police use of its Rekognition face-identifying software, the program was used in a $12 shoplifting case in Oregon in 2018...

Without any limits, police can use facial recognition however they please, and in many cases, arrested suspects don't even know that the flawed technology was used... Attorneys representing protesters in Miami didn't know that police used facial recognition in their arrests, according to an NBC Miami report. Police used facial recognition software in a $50 drug dealing case in Florida in 2016 but made no mention of it in the arrest report.
The article also notes that as recently as this Tuesday, Hoan Ton-That, the CEO of facial recognition startup Clearview AI "said it isn't the company's responsibility to make sure its technology is being properly used by its thousands of police partners.

"Though the company has its own guidelines, Ton-That said Clearview AI wouldn't be enforcing them, saying that 'it's not our job to set the policy as a tech company...'"

The Times of London reports: A gang of cyberexperts turned a former German military bunker into one of Europe's biggest hubs for the "dark web" and a superhighway for at least a quarter of a million offences, including drug trafficking and the falsification of identity papers, a court has been told.

Four people from the Netherlands, three Germans and a Bulgarian are accused of creating a digital safe haven in which criminals could operate with impunity.
Dutch News reports: Deals which were processed through the servers include drugs — with platforms such as Cannabis Road — which had millions of active users, the Telegraaf said on Tuesday. Other sites allowed people to order fake money and ID papers, and the bunker was also used to stage a bot attack on German telecom firm Deutsche Telekom, the paper said.

The investigation into the bunker took years of observation and phone tapping, culiminating in a raid involving 650 police officers in September 2019. .
Long-time Slashdot reader Qbertino writes: Prosecuters believe to have a case which is set to take 15 months until the end of 2021 simply due to the sheer mass of material they've gatherd to make a case. The defendants, which include adolescents at the time of crime, face up to 15 years in prison should they be convicted.
As recently as this June, the cyberbunker was still being contacted by several phishing sites, as well as thousands of bots looking for their old command and control server.

An anonymous reader quotes a report from Ars Technica: Russian state nationals accused of wielding life-threatening malware specifically designed to tamper with critical safety mechanisms at a petrochemical plant are now under sanction by the US Treasury Department. The attack drew considerable concern because it's the first known time hackers have used malware designed to cause death or injury, a prospect that may have actually happened had it not been for a lucky series of events. The hackers -- who have been linked to a Moscow-based research lab owned by the Russian government -- have also targeted a second facility and been caught scanning US power grids.

Now the Treasury Department is sanctioning the group, which is known as the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics or its Russian abbreviation TsNIIKhM. Under a provision in the Countering America's Adversaries Through Sanctions Act, or CAATSA, the US is designating the center for "knowingly engaging in significant activities undermining cybersecurity against any person, including a democratic institution, or government on behalf of the Government of the Russian Federation." Under the sanctions, all property of TsNIIKhM that is or has come within the possession of a US person is blocked, and US persons are generally prohibited from engaging in transactions with anyone in the group. What's more, any legal entity that's 50-percent or more owned by one of the center members is also blocked. Some non-US persons who engage in transactions with TsNIIKhM may be subject to sanctions.

Reader jkoebler writes: This is an in-depth, narrative investigation into Phantom Secure, a privacy-focused phone company that started selling locally to models and other VIPs, before eventually becoming a preferred network for serious, organized crime. One of Phantom's clients was the Sinaloa Cartel, according to a text message Phantom's owner Vincent Ramos sent to an associate included in court records.

The story follows how Phantom got set up, how it took over the world, and eventually how it got taken down by the FBI. It is the result of more than two years of reporting involving sources from the law enforcement, organized crime, and cybersecurity worlds. It features daring escapes from Las Vegas hotels, undercover agents, and a silver-plated AK-47 emblazoned with the Louis Vuitton logo.

At least 2,000 law enforcement agencies have tools to get into encrypted smartphones, according to new research, and they are using them far more than previously known. From a report: In a new Apple ad, a man on a city bus announces he has just shopped for divorce lawyers. Then a woman recites her credit card number through a megaphone in a park. "Some things shouldn't be shared," the ad says, "iPhone helps keep it that way." Apple has built complex encryption into iPhones and made the devices' security central to its marketing pitch. That, in turn, has angered law enforcement. Officials from the F.B.I. director to rural sheriffs have argued that encrypted phones stifle their work to catch and convict dangerous criminals. They have tried to force Apple and Google to unlock suspects' phones, but the companies say they can't. In response, the authorities have put their own marketing spin on the problem. Law enforcement, they say, is "going dark." Yet new data reveals a twist to the encryption debate that undercuts both sides: Law enforcement officials across the nation regularly break into encrypted smartphones.

That is because at least 2,000 law enforcement agencies in all 50 states now have tools to get into locked, encrypted phones and extract their data, according to years of public records collected in a report by Upturn, a Washington nonprofit that investigates how the police use technology. At least 49 of the 50 largest U.S. police departments have the tools, according to the records, as do the police and sheriffs in small towns and counties across the country, including Buckeye, Ariz.; Shaker Heights, Ohio; and Walla Walla, Wash. And local law enforcement agencies that don't have such tools can often send a locked phone to a state or federal crime lab that does. With more tools in their arsenal, the authorities have used them in an increasing range of cases, from homicides and rapes to drugs and shoplifting, according to the records, which were reviewed by The New York Times. Upturn researchers said the records suggested that U.S. authorities had searched hundreds of thousands of phones over the past five years. While the existence of such tools has been known for some time, the records show that the authorities break into phones far more than previously understood -- and that smartphones, with their vast troves of personal data, are not as impenetrable as Apple and Google have advertised. While many in law enforcement have argued that smartphones are often a roadblock to investigations, the findings indicate that they are instead one of the most important tools for prosecutions.